probleme avec mozilla firefoxRésolu/Fermé

Question

Bonjour,
 
depuis quelques jours, j'ai des petits soucis avec firefox...par moment il ouvre des fenêtres publicitaires ou par moment il plante carrément et ce ferme... j'ai vérifier que la case "bloquer les fenêtres pop up" était bien coché dans outils et j'ai effectuer des anti-virus mais rien ne change.... je me permet donc de vous faire parvenir un rapport hijacktis car je dois avouer être arriver au bout de mes compétences....

Logfile of HijackThis v1.99.1
Scan saved at 21:04:03, on 11/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
C:\WINDOWS\system32	askmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\VIDEOCEAN 1\Bureau\hijackthis-1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66017
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: toox.com Toolbar - {a841a1c1-4687-4285-89fe-e9df6c5ed4c6} - C:\Program Files	oox.com	btoo1.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent	bP2P1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {3C95DAED-EE5C-4783-82C0-D99999B5B0BB} - (no file)
O2 - BHO: DNSEred - {55756cea-62ac-1a32-0e1f-faa0fdf76869} - C:\WINDOWS\system32\iednser.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: trueads - {84af9ad1-8fc7-1a0f-e657-9bc5b92b6cff} - C:\WINDOWS\system32
stB.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9d29dcdd-8a68-7cc8-d35e-62df18086a58} - (no file)
O2 - BHO: trueads search enhancer - {A0F4A990-B803-0383-77F6-A4387DEFA1F8} - C:\WINDOWS\system32\ctkwemfrfw.dll
O2 - BHO: toox.com Toolbar - {a841a1c1-4687-4285-89fe-e9df6c5ed4c6} - C:\Program Files	oox.com	btoo1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: (no name) - {BA98AA71-A42D-4A06-B991-75CB1B28352E} - (no file)
O2 - BHO: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent	bP2P1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - (no file)
O2 - BHO: (no name) - {D4C2DF15-51EB-49E9-88C1-A8FDB852AF5a} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: toox.com Toolbar - {a841a1c1-4687-4285-89fe-e9df6c5ed4c6} - C:\Program Files	oox.com	btoo1.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: (no name) - {196C3A46-4758-433D-A600-802C804AF39C} - (no file)
O3 - Toolbar: P2P Torrent Toolbar - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent	bP2P1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\VIDEOCEAN 1\Application Data\Dealio\kb127es\DealioSearch.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b934f0efc4d44aaa89d047f81fadc842
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b934f0efc4d44aaa89d047f81fadc842
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Groom - {66F83792-DAE1-4823-8F20-ADA94B33A4FF} - C:\Program Files\Toox\Groom\Groom.exe (HKCU)
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (file missing) (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (file missing) (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://angiedu62200.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://ww11.commandondemand.com/eval/cod/cabs/cssweb.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://p2pi.mine.nu:1444/activex/AMC.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-bb1d910906c85616.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

merci par avance a ceux qui prendront le temps de lire ceci...;)

verni29 · Answer

Bonsoir, 

Commence par ceci .

Télécharge Toolbar-S&D sur ton Bureau : 
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 

* Lance l'installation du programme en exécutant le fichier téléchargé. 
* Double-clique sur le raccourci de Toolbar-S&D. 
* Sélectionne la langue puis valide. 
* Choisis maintenant l'option 1 . Patiente jusqu'à la fin de la recherche. 
* Copie/colle le contenu du rapport qui va s’afficher.
Si tu ne le trouves pas, il est situé à C:\TB.txt .

A+

Lyonnais92 · Answer

Bonjour,

Toolbar infectée.

Bonne suite.
@+
Avez vous une sauvegarde de vos données personnelles ?
Même si Windows ne démarre plus, nous savons encore les sauver. Ne formatez pas !

ardillon62 · Answer

re bonjour et merci pour la rapidité de votre réponse. J'ai donc téléchargé le lien de verni et voici le rapport....

 -----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 2800+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : VIDEOCEAN 1 ( Administrator )
   BOOT : Normal boot
   Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
   Firewall  : ZoneAlarm Firewall 7.0.483.000 (Activated)
   C:\ (Local Disk) - NTFS - Total:76 Go (Free:8 Go)
   D:\ (CD or DVD)
   E:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [1] ( 11/05/2009|21:28 )

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ules
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\alerts.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\alerts_over.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\alerts_rec.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\alerts_rec_over.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\chevron-small.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\DealioSearch.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\deals-leftcap.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\deal_report.jpg
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\ebay_login.jpg
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\err_mainwindow.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\err_toolbar.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\global_scripts.js
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\headerbgthin.jpg
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\highlight-bg.png
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\logo.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\logo_over.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\man_toolbar.css
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\man_toolbar.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\man_toolbar.js
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\man_toolbarl.js
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\post-this-deal.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\post-this-deal_over.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\scripts.js
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\scroller.js
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\search-chevron.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\search-chevron_over.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\search_bg_blink.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\separator.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\settings.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\settings_over.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127es\yahoo-search.png
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ules\index.76.35
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.10.76
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.109.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.110.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.12.52
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.13.58
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.130.58
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.135.50
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.153.44
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.155.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.156.49
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.16.60
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.161.52
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.178.66
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.184.55
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.188.52
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.189.45
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.196.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.198.56
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.199.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.200.53
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.201.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.202.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.203.71
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.205.62
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.213.71
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.214.49
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.215.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.216.67
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.217.67
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.218.52
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.219.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.220.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.221.57
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.222.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.223.68
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.226.68
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.227.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.228.62
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.229.76
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.23.63
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.239.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.24.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.240.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.241.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.242.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.243.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.244.63
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.245.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.247.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.248.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.249.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.250.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.251.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.252.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.253.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.254.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.255.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.256.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.257.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.279.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.28.58
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.282.75
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.283.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.284.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.289.67
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.290.62
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.291.61
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.296.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.297.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.304.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.307.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.308.75
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.31.47
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.310.46
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.311.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.315.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.316.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.317.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.318.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.319.49
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.32.48
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.334.44
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.335.60
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.336.44
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.337.44
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.338.75
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.339.47
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.34.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.340.47
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.341.47
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.349.50
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.35.48
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.350.50
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.351.51
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.352.54
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.353.51
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.354.51
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.357.62
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.358.52
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.359.52
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.360.53
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.361.54
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.362.68
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.363.58
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.364.54
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.365.53
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.367.56
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.368.58
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.369.55
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.370.56
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.371.56
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.372.57
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.373.55
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.375.56
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.376.57
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.377.55
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.378.65
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.384.58
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.386.71
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.387.59
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.388.59
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.389.59
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.390.60
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.391.60
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.392.60
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.393.60
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.394.60
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.396.61
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.397.61
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.398.60
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.399.60
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.403.61
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.404.63
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.405.61
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.406.61
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.407.76
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.408.63
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.409.61
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.412.62
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.413.62
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.414.62
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.415.62
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.416.62
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.417.62
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.418.62
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.419.62
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.420.62
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.421.62
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.423.63
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.424.63
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.425.63
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.426.63
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.427.63
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.428.65
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.429.63
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.430.63
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.432.65
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.433.64
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.434.65
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.435.64
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.436.76
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.437.64
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.438.71
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.439.71
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.440.75
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.442.73
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.443.73
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.444.73
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.445.68
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.446.69
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.450.67
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.451.67
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.452.68
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.453.68
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.454.69
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.456.69
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.457.75
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.458.70
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.459.70
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.460.69
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.462.74
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.463.69
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.464.70
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.465.68
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.468.70
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.469.70
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.470.70
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.471.73
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.472.70
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.478.74
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.479.73
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.480.68
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.481.71
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.482.74
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.49.67
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.50.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.500.71
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.501.74
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.502.71
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.51.69
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.52.72
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.520.76
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.521.76
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.522.76
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.53.51
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.531.76
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.532.75
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.534.75
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.54.47
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.55.45
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.56.69
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.57.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.58.47
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.593.76
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.595.76
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.63.57
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.66.47
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.70.75
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127ulesules.1.71.43
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\dod_cache.xml
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_1436_1540_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_1740_1684_1.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_1740_1684_3.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_1872_2560_1.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_192_2640_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_192_2844_57.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_1976_1256_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2144_5096_3.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2224_2976_1.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2388_3116_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2404_2056_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2436_1828_8.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2436_3492_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2496_1876_11.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2496_2164_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2496_2620_3.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2536_1496_1.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2536_1496_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2596_4564_1.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2596_4564_3.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2608_2816_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2608_3576_8.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2640_620_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2708_2848_8.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2708_960_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2728_2692_1.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2728_2692_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2788_3468_3.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_308_3160_3.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_3328_2316_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_3328_2484_1.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_3328_2484_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_3368_4164_1.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_3368_4164_3.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_3436_3280_1.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_3436_3280_3.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_348_3636_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_352_2208_1.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_352_2208_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_356_172_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_356_3400_8.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_3844_3244_1.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_3844_3244_3.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_392_3952_1.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_392_3952_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_3932_1960_1.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_3932_1960_3.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_4012_652_1.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_4012_652_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_4792_4796_3.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_5048_1204_1.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_5172_5124_1.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_5172_5124_3.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_6024_5396_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_636_3392_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_824_644_1.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_832_3824_1.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_832_3824_5.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_840_3284_1.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_840_3284_5.html
   C:\Program Files\Dealio
   C:\Program Files\Dealio\DealioAU.exe
   C:\Program Files\Dealio\kb127
   C:\Program Files\Dealio\SearchSettingsKit.exe
   C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
   C:\Program Files\Dealio\kb127\Dealio.dll
   C:\Program Files\Dealio\kb127\DealioRes409.dll
   C:\Program Files\Dealio\kb127es
   C:\Program Files\Dealio\kb127esDN
   C:\Program Files\Dealio\kb127ules
   C:\Program Files\Dealio\kb127	emp
   C:\Program Files\Dealio\kb127es\alerts.gif
   C:\Program Files\Dealio\kb127es\alerts_over.gif
   C:\Program Files\Dealio\kb127es\alerts_rec.gif
   C:\Program Files\Dealio\kb127es\alerts_rec_over.gif
   C:\Program Files\Dealio\kb127es\chevron-small.gif
   C:\Program Files\Dealio\kb127es\DealioSearch.html
   C:\Program Files\Dealio\kb127es\deals-leftcap.gif
   C:\Program Files\Dealio\kb127es\deal_report.jpg
   C:\Program Files\Dealio\kb127es\ebay_login.jpg
   C:\Program Files\Dealio\kb127es\err_mainwindow.html
   C:\Program Files\Dealio\kb127es\err_toolbar.html
   C:\Program Files\Dealio\kb127es\global_scripts.js
   C:\Program Files\Dealio\kb127es\headerbgthin.jpg
   C:\Program Files\Dealio\kb127es\highlight-bg.png
   C:\Program Files\Dealio\kb127es\logo.gif
   C:\Program Files\Dealio\kb127es\logo_over.gif
   C:\Program Files\Dealio\kb127es\man_toolbar.css
   C:\Program Files\Dealio\kb127es\man_toolbar.html
   C:\Program Files\Dealio\kb127es\man_toolbar.js
   C:\Program Files\Dealio\kb127es\man_toolbarl.js
   C:\Program Files\Dealio\kb127es\post-this-deal.gif
   C:\Program Files\Dealio\kb127es\post-this-deal_over.gif
   C:\Program Files\Dealio\kb127es\scripts.js
   C:\Program Files\Dealio\kb127es\scroller.js
   C:\Program Files\Dealio\kb127es\search-chevron.gif
   C:\Program Files\Dealio\kb127es\search-chevron_over.gif
   C:\Program Files\Dealio\kb127es\search_bg_blink.gif
   C:\Program Files\Dealio\kb127es\separator.gif
   C:\Program Files\Dealio\kb127es\settings.gif
   C:\Program Files\Dealio\kb127es\settings_over.gif
   C:\Program Files\Dealio\kb127es\yahoo-search.png
   C:\Program Files\Dealio\kb127esDN\bottom.gif
   C:\Program Files\Dealio\kb127esDN\chevron_down.gif
   C:\Program Files\Dealio\kb127esDN\chevron_up.gif
   C:\Program Files\Dealio\kb127esDN\close.gif
   C:\Program Files\Dealio\kb127esDN\deskbar.css
   C:\Program Files\Dealio\kb127esDN\deskbar.js
   C:\Program Files\Dealio\kb127esDN\dispatch_helper.js
   C:\Program Files\Dealio\kb127esDN\ebay_compatible.jpg
   C:\Program Files\Dealio\kb127esDN\logo.gif
   C:\Program Files\Dealio\kb127esDN\logo_chevron_bkg.gif
   C:\Program Files\Dealio\kb127esDN\losing.gif
   C:\Program Files\Dealio\kb127esDN\lost.gif
   C:\Program Files\Dealio\kb127esDN\man_deskbar.html
   C:\Program Files\Dealio\kb127esDN\menu_arrow.gif
   C:\Program Files\Dealio\kb127esDN\menu_check.gif
   C:\Program Files\Dealio\kb127esDN
o_image.gif
   C:\Program Files\Dealio\kb127esDN\prod_img.gif
   C:\Program Files\Dealio\kb127esDN\search_chevron.gif
   C:\Program Files\Dealio\kb127esDN\spacer.gif
   C:\Program Files\Dealio\kb127esDN	extfield_bkg.gif
   C:\Program Files\Dealio\kb127esDN	op.gif
   C:\Program Files\Dealio\kb127esDN\unknown.gif
   C:\Program Files\Dealio\kb127esDN\winning.gif
   C:\Program Files\Dealio\kb127esDN\won.gif
   C:\Program Files\Dealio\kb127ules\index.76.35
   C:\Program Files\Dealio\kb127ulesules.1.10.76
   C:\Program Files\Dealio\kb127ulesules.1.109.43
   C:\Program Files\Dealio\kb127ulesules.1.110.43
   C:\Program Files\Dealio\kb127ulesules.1.12.52
   C:\Program Files\Dealio\kb127ulesules.1.13.58
   C:\Program Files\Dealio\kb127ulesules.1.130.58
   C:\Program Files\Dealio\kb127ulesules.1.135.50
   C:\Program Files\Dealio\kb127ulesules.1.153.44
   C:\Program Files\Dealio\kb127ulesules.1.155.43
   C:\Program Files\Dealio\kb127ulesules.1.156.49
   C:\Program Files\Dealio\kb127ulesules.1.16.60
   C:\Program Files\Dealio\kb127ulesules.1.161.52
   C:\Program Files\Dealio\kb127ulesules.1.178.66
   C:\Program Files\Dealio\kb127ulesules.1.184.55
   C:\Program Files\Dealio\kb127ulesules.1.188.52
   C:\Program Files\Dealio\kb127ulesules.1.189.45
   C:\Program Files\Dealio\kb127ulesules.1.196.43
   C:\Program Files\Dealio\kb127ulesules.1.198.56
   C:\Program Files\Dealio\kb127ulesules.1.199.43
   C:\Program Files\Dealio\kb127ulesules.1.200.53
   C:\Program Files\Dealio\kb127ulesules.1.201.43
   C:\Program Files\Dealio\kb127ulesules.1.202.43
   C:\Program Files\Dealio\kb127ulesules.1.203.71
   C:\Program Files\Dealio\kb127ulesules.1.205.62
   C:\Program Files\Dealio\kb127ulesules.1.213.71
   C:\Program Files\Dealio\kb127ulesules.1.214.49
   C:\Program Files\Dealio\kb127ulesules.1.215.43
   C:\Program Files\Dealio\kb127ulesules.1.216.67
   C:\Program Files\Dealio\kb127ulesules.1.217.67
   C:\Program Files\Dealio\kb127ulesules.1.218.52
   C:\Program Files\Dealio\kb127ulesules.1.219.43
   C:\Program Files\Dealio\kb127ulesules.1.220.43
   C:\Program Files\Dealio\kb127ulesules.1.221.57
   C:\Program Files\Dealio\kb127ulesules.1.222.43
   C:\Program Files\Dealio\kb127ulesules.1.223.68
   C:\Program Files\Dealio\kb127ulesules.1.226.68
   C:\Program Files\Dealio\kb127ulesules.1.227.43
   C:\Program Files\Dealio\kb127ulesules.1.228.62
   C:\Program Files\Dealio\kb127ulesules.1.229.76
   C:\Program Files\Dealio\kb127ulesules.1.23.63
   C:\Program Files\Dealio\kb127ulesules.1.239.43
   C:\Program Files\Dealio\kb127ulesules.1.24.43
   C:\Program Files\Dealio\kb127ulesules.1.240.43
   C:\Program Files\Dealio\kb127ulesules.1.241.43
   C:\Program Files\Dealio\kb127ulesules.1.242.43
   C:\Program Files\Dealio\kb127ulesules.1.243.43
   C:\Program Files\Dealio\kb127ulesules.1.244.63
   C:\Program Files\Dealio\kb127ulesules.1.245.43
   C:\Program Files\Dealio\kb127ulesules.1.247.43
   C:\Program Files\Dealio\kb127ulesules.1.248.43
   C:\Program Files\Dealio\kb127ulesules.1.249.43
   C:\Program Files\Dealio\kb127ulesules.1.250.43
   C:\Program Files\Dealio\kb127ulesules.1.251.43
   C:\Program Files\Dealio\kb127ulesules.1.252.43
   C:\Program Files\Dealio\kb127ulesules.1.253.43
   C:\Program Files\Dealio\kb127ulesules.1.254.43
   C:\Program Files\Dealio\kb127ulesules.1.255.43
   C:\Program Files\Dealio\kb127ulesules.1.256.43
   C:\Program Files\Dealio\kb127ulesules.1.257.43
   C:\Program Files\Dealio\kb127ulesules.1.279.43
   C:\Program Files\Dealio\kb127ulesules.1.28.58
   C:\Program Files\Dealio\kb127ulesules.1.282.75
   C:\Program Files\Dealio\kb127ulesules.1.283.43
   C:\Program Files\Dealio\kb127ulesules.1.284.43
   C:\Program Files\Dealio\kb127ulesules.1.289.67
   C:\Program Files\Dealio\kb127ulesules.1.290.62
   C:\Program Files\Dealio\kb127ulesules.1.291.61
   C:\Program Files\Dealio\kb127ulesules.1.296.43
   C:\Program Files\Dealio\kb127ulesules.1.297.43
   C:\Program Files\Dealio\kb127ulesules.1.304.43
   C:\Program Files\Dealio\kb127ulesules.1.307.43
   C:\Program Files\Dealio\kb127ulesules.1.308.75
   C:\Program Files\Dealio\kb127ulesules.1.31.47
   C:\Program Files\Dealio\kb127ulesules.1.310.46
   C:\Program Files\Dealio\kb127ulesules.1.311.43
   C:\Program Files\Dealio\kb127ulesules.1.315.43
   C:\Program Files\Dealio\kb127ulesules.1.316.43
   C:\Program Files\Dealio\kb127ulesules.1.317.43
   C:\Program Files\Dealio\kb127ulesules.1.318.43
   C:\Program Files\Dealio\kb127ulesules.1.319.49
   C:\Program Files\Dealio\kb127ulesules.1.32.48
   C:\Program Files\Dealio\kb127ulesules.1.334.44
   C:\Program Files\Dealio\kb127ulesules.1.335.60
   C:\Program Files\Dealio\kb127ulesules.1.336.44
   C:\Program Files\Dealio\kb127ulesules.1.337.44
   C:\Program Files\Dealio\kb127ulesules.1.338.75
   C:\Program Files\Dealio\kb127ulesules.1.339.47
   C:\Program Files\Dealio\kb127ulesules.1.34.43
   C:\Program Files\Dealio\kb127ulesules.1.340.47
   C:\Program Files\Dealio\kb127ulesules.1.341.47
   C:\Program Files\Dealio\kb127ulesules.1.349.50
   C:\Program Files\Dealio\kb127ulesules.1.35.48
   C:\Program Files\Dealio\kb127ulesules.1.350.50
   C:\Program Files\Dealio\kb127ulesules.1.351.51
   C:\Program Files\Dealio\kb127ulesules.1.352.54
   C:\Program Files\Dealio\kb127ulesules.1.353.51
   C:\Program Files\Dealio\kb127ulesules.1.354.51
   C:\Program Files\Dealio\kb127ulesules.1.357.62
   C:\Program Files\Dealio\kb127ulesules.1.358.52
   C:\Program Files\Dealio\kb127ulesules.1.359.52
   C:\Program Files\Dealio\kb127ulesules.1.360.53
   C:\Program Files\Dealio\kb127ulesules.1.361.54
   C:\Program Files\Dealio\kb127ulesules.1.362.68
   C:\Program Files\Dealio\kb127ulesules.1.363.58
   C:\Program Files\Dealio\kb127ulesules.1.364.54
   C:\Program Files\Dealio\kb127ulesules.1.365.53
   C:\Program Files\Dealio\kb127ulesules.1.367.56
   C:\Program Files\Dealio\kb127ulesules.1.368.58
   C:\Program Files\Dealio\kb127ulesules.1.369.55
   C:\Program Files\Dealio\kb127ulesules.1.370.56
   C:\Program Files\Dealio\kb127ulesules.1.371.56
   C:\Program Files\Dealio\kb127ulesules.1.372.57
   C:\Program Files\Dealio\kb127ulesules.1.373.55
   C:\Program Files\Dealio\kb127ulesules.1.375.56
   C:\Program Files\Dealio\kb127ulesules.1.376.57
   C:\Program Files\Dealio\kb127ulesules.1.377.55
   C:\Program Files\Dealio\kb127ulesules.1.378.65
   C:\Program Files\Dealio\kb127ulesules.1.384.58
   C:\Program Files\Dealio\kb127ulesules.1.386.71
   C:\Program Files\Dealio\kb127ulesules.1.387.59
   C:\Program Files\Dealio\kb127ulesules.1.388.59
   C:\Program Files\Dealio\kb127ulesules.1.389.59
   C:\Program Files\Dealio\kb127ulesules.1.390.60
   C:\Program Files\Dealio\kb127ulesules.1.391.60
   C:\Program Files\Dealio\kb127ulesules.1.392.60
   C:\Program Files\Dealio\kb127ulesules.1.393.60
   C:\Program Files\Dealio\kb127ulesules.1.394.60
   C:\Program Files\Dealio\kb127ulesules.1.396.61
   C:\Program Files\Dealio\kb127ulesules.1.397.61
   C:\Program Files\Dealio\kb127ulesules.1.398.60
   C:\Program Files\Dealio\kb127ulesules.1.399.60
   C:\Program Files\Dealio\kb127ulesules.1.403.61
   C:\Program Files\Dealio\kb127ulesules.1.404.63
   C:\Program Files\Dealio\kb127ulesules.1.405.61
   C:\Program Files\Dealio\kb127ulesules.1.406.61
   C:\Program Files\Dealio\kb127ulesules.1.407.76
   C:\Program Files\Dealio\kb127ulesules.1.408.63
   C:\Program Files\Dealio\kb127ulesules.1.409.61
   C:\Program Files\Dealio\kb127ulesules.1.412.62
   C:\Program Files\Dealio\kb127ulesules.1.413.62
   C:\Program Files\Dealio\kb127ulesules.1.414.62
   C:\Program Files\Dealio\kb127ulesules.1.415.62
   C:\Program Files\Dealio\kb127ulesules.1.416.62
   C:\Program Files\Dealio\kb127ulesules.1.417.62
   C:\Program Files\Dealio\kb127ulesules.1.418.62
   C:\Program Files\Dealio\kb127ulesules.1.419.62
   C:\Program Files\Dealio\kb127ulesules.1.420.62
   C:\Program Files\Dealio\kb127ulesules.1.421.62
   C:\Program Files\Dealio\kb127ulesules.1.423.63
   C:\Program Files\Dealio\kb127ulesules.1.424.63
   C:\Program Files\Dealio\kb127ulesules.1.425.63
   C:\Program Files\Dealio\kb127ulesules.1.426.63
   C:\Program Files\Dealio\kb127ulesules.1.427.63
   C:\Program Files\Dealio\kb127ulesules.1.428.65
   C:\Program Files\Dealio\kb127ulesules.1.429.63
   C:\Program Files\Dealio\kb127ulesules.1.430.63
   C:\Program Files\Dealio\kb127ulesules.1.432.65
   C:\Program Files\Dealio\kb127ulesules.1.433.64
   C:\Program Files\Dealio\kb127ulesules.1.434.65
   C:\Program Files\Dealio\kb127ulesules.1.435.64
   C:\Program Files\Dealio\kb127ulesules.1.436.76
   C:\Program Files\Dealio\kb127ulesules.1.437.64
   C:\Program Files\Dealio\kb127ulesules.1.438.71
   C:\Program Files\Dealio\kb127ulesules.1.439.71
   C:\Program Files\Dealio\kb127ulesules.1.440.75
   C:\Program Files\Dealio\kb127ulesules.1.442.73
   C:\Program Files\Dealio\kb127ulesules.1.443.73
   C:\Program Files\Dealio\kb127ulesules.1.444.73
   C:\Program Files\Dealio\kb127ulesules.1.445.68
   C:\Program Files\Dealio\kb127ulesules.1.446.69
   C:\Program Files\Dealio\kb127ulesules.1.450.67
   C:\Program Files\Dealio\kb127ulesules.1.451.67
   C:\Program Files\Dealio\kb127ulesules.1.452.68
   C:\Program Files\Dealio\kb127ulesules.1.453.68
   C:\Program Files\Dealio\kb127ulesules.1.454.69
   C:\Program Files\Dealio\kb127ulesules.1.456.69
   C:\Program Files\Dealio\kb127ulesules.1.457.75
   C:\Program Files\Dealio\kb127ulesules.1.458.70
   C:\Program Files\Dealio\kb127ulesules.1.459.70
   C:\Program Files\Dealio\kb127ulesules.1.460.69
   C:\Program Files\Dealio\kb127ulesules.1.462.74
   C:\Program Files\Dealio\kb127ulesules.1.463.69
   C:\Program Files\Dealio\kb127ulesules.1.464.70
   C:\Program Files\Dealio\kb127ulesules.1.465.68
   C:\Program Files\Dealio\kb127ulesules.1.468.70
   C:\Program Files\Dealio\kb127ulesules.1.469.70
   C:\Program Files\Dealio\kb127ulesules.1.470.70
   C:\Program Files\Dealio\kb127ulesules.1.471.73
   C:\Program Files\Dealio\kb127ulesules.1.472.70
   C:\Program Files\Dealio\kb127ulesules.1.478.74
   C:\Program Files\Dealio\kb127ulesules.1.479.73
   C:\Program Files\Dealio\kb127ulesules.1.480.68
   C:\Program Files\Dealio\kb127ulesules.1.481.71
   C:\Program Files\Dealio\kb127ulesules.1.482.74
   C:\Program Files\Dealio\kb127ulesules.1.49.67
   C:\Program Files\Dealio\kb127ulesules.1.50.43
   C:\Program Files\Dealio\kb127ulesules.1.500.71
   C:\Program Files\Dealio\kb127ulesules.1.501.74
   C:\Program Files\Dealio\kb127ulesules.1.502.71
   C:\Program Files\Dealio\kb127ulesules.1.51.69
   C:\Program Files\Dealio\kb127ulesules.1.52.72
   C:\Program Files\Dealio\kb127ulesules.1.520.76
   C:\Program Files\Dealio\kb127ulesules.1.521.76
   C:\Program Files\Dealio\kb127ulesules.1.522.76
   C:\Program Files\Dealio\kb127ulesules.1.53.51
   C:\Program Files\Dealio\kb127ulesules.1.531.76
   C:\Program Files\Dealio\kb127ulesules.1.532.75
   C:\Program Files\Dealio\kb127ulesules.1.534.75
   C:\Program Files\Dealio\kb127ulesules.1.54.47
   C:\Program Files\Dealio\kb127ulesules.1.55.45
   C:\Program Files\Dealio\kb127ulesules.1.56.69
   C:\Program Files\Dealio\kb127ulesules.1.57.43
   C:\Program Files\Dealio\kb127ulesules.1.58.47
   C:\Program Files\Dealio\kb127ulesules.1.593.76
   C:\Program Files\Dealio\kb127ulesules.1.595.76
   C:\Program Files\Dealio\kb127ulesules.1.63.57
   C:\Program Files\Dealio\kb127ulesules.1.66.47
   C:\Program Files\Dealio\kb127ulesules.1.70.75
   C:\Program Files\Dealio\kb127ulesules.1.71.43
   C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\4_elements16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\alabama_smith16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\call_of_atlantis16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\fairy_island16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\ice_cream_craze_tycoon16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jewel_quest_solitaire_316x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\kids.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mortimer_beckett_spooky_manor16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mystery_legends_sleepy_hollow16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
ewGames.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\onload
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\orchard16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle_hero16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sunshine_acres16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar	he_enchanting_islands16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar	he_hidden_object_show_216x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar	he_mushroom_age16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar	rial.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\wmc2_FR16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\womens_murder_club_fr16x16.gif
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\onload\loading.gif
   C:\Program Files\GamesBar
   C:\Program Files\GamesBar\Localization2-French.ini
   C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar
   C:\Program Files\Multi_Media
   C:\Program Files\P2P_Torrent
   C:\Program Files\P2P_Torrent\INSTALL.LOG
   C:\Program Files\P2P_Torrent\P2P_TorrentToolbarHelper.exe
   C:\Program Files\P2P_Torrent	bP2P1.dll
   C:\Program Files\P2P_Torrent	bP2P_.dll
   C:\Program Files\P2P_Torrent	oolbar.cfg
   C:\Program Files\P2P_Torrent\UNWISE.EXE
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Search Settings
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Search Settings\kb127
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Search Settings\kb127es
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\Search Settings\kb127	emp
   C:\Program Files\Search Settings
   C:\Program Files\Search Settings\kb127
   C:\Program Files\Search Settings\SearchSettings.exe
   C:\Program Files\Search Settings\kb127es
   C:\Program Files\Search Settings\kb127\SearchSettings.dll
   C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
   C:\Program Files\Search Settings\kb127	emp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\---Yahoo.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\01net.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\1px_dark.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\1px_green.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\1px_white.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\a.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\amazon.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\an.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\arrowB.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\arrowT.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\arrow_down.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\arrow_red.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\arrow_red2.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\arrow_up.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\autofill.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\avstate.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\b.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\background2.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\bgmeteo_results.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\bg_pub.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\bg_ttl.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\bn.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\bottom.png
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\bottom_left.png
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\bottom_right.png
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\btn_close.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\btn_minus.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\btn_moreforecast.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\c.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\canalblog.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\cn.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\d.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\dictionary2.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\dn.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\DownloadCOM.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\dropdown.css
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\ErrorLog.txt
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\f.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_argentine.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_australia.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_brazil.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_canada.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_china.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_france.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_germany.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_greece.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_hongkong.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_india.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_indonesia.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_italy.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_japan.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_korea.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_mexico.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_netherlands.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_spain.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_sweeden.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_taiwan.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_uk.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_usa.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\fn.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\g.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\gaming.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\gn.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\gograph.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred0.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred0_5.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred1.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred1_5.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred2.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred2_5.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred3.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred3_5.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred4.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred4_5.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred5.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\help.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\hideremove.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\highlight.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\hn.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_aquarius.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_aries.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_cancer.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_capricorn.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_gemini.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_leo.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_libra.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_pisces.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_sagittarius.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_scorpio.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_taurus.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_virgo.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\i.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\IEtab1_7d.zip
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\in.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\ipsearch.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\j.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\jn.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\k.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\kn.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\l.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\left.png
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\ln.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\loading.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\login.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\logo.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar
.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt192337031
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt47055031
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt65407968
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar
ew02.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar
ews.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar
ews.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar
n.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\o.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\on.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\p.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\pestscanimg.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\pixsy.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\pn.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\popup_off.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\popup_on.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\popup_ona.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\p_yahoo.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\q.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\qn.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbarelatedlinks.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbareport.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbaright.png
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbarn.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbarss.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbarss.xsl
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbarss1.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbarsslib.js
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbarssmenu1_7a.zip
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\s.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\search.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\search_fr.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\security.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt117867546
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt118552562
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt12162546
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt12162609
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt138934828
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt145568250
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt177169921
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt35010703
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt782703
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt90752437
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\siteinfo.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\slider.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sn.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\spacer.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\stars-red1.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\stars-red2.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\stars-red3.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\stars-red4.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\stars-red5.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\storage.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	abdataV3.js
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	ablib.js
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	abwelcome_en.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	abwelcome_fr.html
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	ab_icon.png
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	echnorati.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	hes_search.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	n.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	ools.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	op.png
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	op_left.png
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	op_right.png
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	ranslate.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\u.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\un.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\utf8.js
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\v.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\vmlib.js
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\vn.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\w.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\web.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\web_fr.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\wikipedia.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\wn.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\x.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\xp_close_small.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\yahoo.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\yahoo_search.gif
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\YouTube.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\z.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\zn.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\zoom.bmp
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php101141484
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php101675625
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php104784937
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php106723781
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php110542593
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php113940734
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php145568546
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php17480875
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php18589562
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php18654859
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php20033359
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php24184531
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php4456453
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php44657609
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php460078
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php47156328
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php47219703
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php51805265
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php51952796
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php52277281
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php54041312
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php55233078
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php55374953
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php61341703
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php61611046
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php61721515
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php61792453
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php67255906
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php67387109
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php76481687
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php78522968
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php84545312
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php84545890
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php84810593
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php87236968
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php90320718
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php90328718
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php90330031
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php90331375
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php90705578
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php95594500
   C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile\searchdataV3.php97119125
   C:\WINDOWS\iun6002.exe

   -----------\  Extensions

   (VIDEOCEAN 1) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
   (VIDEOCEAN 1) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
   (VIDEOCEAN 1) - {a841a1c1-4687-4285-89fe-e9df6c5ed4c6} => toox.com
   (VIDEOCEAN 1) - {ecdee021-0d17-467f-a1ff-c7a115230949} => free-downloads.net


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="https://www.google.com/?gws_rd=ssl"
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
   "CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=66017"


   --------------------\  Recherche d'autres infections

   C:\WINDOWS\system32\sCcbJRqr.ini
   C:\WINDOWS\system32\sCcbJRqr.ini2
   [b]==> VUNDO <==/b
 
   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\VIDEOC~1\Favoris\Jeux Cherche  Recherche de crack fr hospital tycoon.url



   1 - "C:\ToolBar SD\TB_1.txt" - 11/05/2009|21:33 - Option : [1]

verni29 · Answer

J'aurais du te demander de passer directement l'option 2 pour nettoyer. :-)/

1/ Relance Toolbar-S&D en double-cliquant sur le raccourci. 

choisis l'option "2" puis valide en appuyant sur "Entrée".
Ne ferme pas la fenêtre lors de la suppression.

Un nouveau rapport sera généré, poste son contenu ici.

2/ Il y a pas mal de ménage à faire sur ton PC ( traces de norton, optimisation ... ).

poste moi un nouveau rapport Hijackthis.

A+

ardillon62 · Answer

voici le second rapport...je dois avouer être épater par la rapidité  que vous mettez pour arriver a interpréter un tel pavé


-----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 2800+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : VIDEOCEAN 1 ( Administrator )
   BOOT : Normal boot
   Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
   Firewall  : ZoneAlarm Firewall 7.0.483.000 (Activated)
   C:\ (Local Disk) - NTFS - Total:76 Go (Free:8 Go)
   D:\ (CD or DVD)
   E:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [2] ( 11/05/2009|21:46 )

   -----------\ SUPPRESSION

   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio\kb127
   Supprime! - C:\Program Files\Dealio\DealioAU.exe
   Supprime! - C:\Program Files\Dealio\kb127
   Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
   Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\4_elements16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\alabama_smith16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\call_of_atlantis16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\fairy_island16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\ice_cream_craze_tycoon16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jewel_quest_solitaire_316x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\kids.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mortimer_beckett_spooky_manor16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mystery_legends_sleepy_hollow16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
ewGames.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\onload
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\orchard16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle_hero16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sunshine_acres16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar	he_enchanting_islands16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar	he_hidden_object_show_216x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar	he_mushroom_age16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar	rial.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\wmc2_FR16x16.gif
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\womens_murder_club_fr16x16.gif
   Supprime! - C:\Program Files\GamesBar\Localization2-French.ini
   Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar
   Supprime! - C:\Program Files\P2P_Torrent\INSTALL.LOG
   Supprime! - C:\Program Files\P2P_Torrent\P2P_TorrentToolbarHelper.exe
   Supprime! - C:\Program Files\P2P_Torrent	bP2P1.dll
   Supprime! - C:\Program Files\P2P_Torrent	bP2P_.dll
   Supprime! - C:\Program Files\P2P_Torrent	oolbar.cfg
   Supprime! - C:\Program Files\P2P_Torrent\UNWISE.EXE
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\Search Settings\kb127
   Supprime! - C:\Program Files\Search Settings\kb127
   Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\---Yahoo.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\01net.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\1px_dark.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\1px_green.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\1px_white.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\a.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\amazon.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\an.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\arrowB.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\arrowT.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\arrow_down.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\arrow_red.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\arrow_red2.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\arrow_up.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\autofill.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\avstate.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\b.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\background2.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\bgmeteo_results.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\bg_pub.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\bg_ttl.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\bn.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\bottom.png
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\bottom_left.png
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\bottom_right.png
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\btn_close.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\btn_minus.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\btn_moreforecast.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\c.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\canalblog.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\cn.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\d.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\dictionary2.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\dn.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\downfile
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\DownloadCOM.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\dropdown.css
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\ErrorLog.txt
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\f.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_argentine.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_australia.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_brazil.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_canada.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_china.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_france.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_germany.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_greece.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_hongkong.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_india.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_indonesia.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_italy.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_japan.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_korea.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_mexico.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_netherlands.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_spain.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_sweeden.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_taiwan.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_uk.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\flag_usa.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\fn.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\g.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\gaming.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\gn.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\gograph.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred0.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred0_5.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred1.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred1_5.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred2.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred2_5.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred3.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred3_5.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred4.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred4_5.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\graphred5.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\help.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\hideremove.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\highlight.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\hn.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_aquarius.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_aries.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_cancer.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_capricorn.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_gemini.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_leo.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_libra.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_pisces.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_sagittarius.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_scorpio.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_taurus.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\h_virgo.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\i.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\IEtab1_7d.zip
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\in.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\ipsearch.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\j.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\jn.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\k.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\kn.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\l.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\left.png
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\ln.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\loading.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\login.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\logo.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar
.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt192337031
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt47055031
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt65407968
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar
ew02.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar
ews.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar
ews.html
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar
n.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\o.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\on.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\p.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\pestscanimg.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\pixsy.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\pn.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\popup_off.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\popup_on.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\popup_ona.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\p_yahoo.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\q.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\qn.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbarelatedlinks.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbareport.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbaright.png
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbarn.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbarss.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbarss.xsl
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbarss1.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbarsslib.js
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbarssmenu1_7a.zip
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\s.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\search.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\search_fr.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\security.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt117867546
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt118552562
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt12162546
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt12162609
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt138934828
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt145568250
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt177169921
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt35010703
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt782703
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sinfo.txt90752437
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\siteinfo.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\slider.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\sn.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\spacer.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\stars-red1.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\stars-red2.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\stars-red3.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\stars-red4.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\stars-red5.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\storage.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	abdataV3.js
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	ablib.js
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	abwelcome_en.html
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	abwelcome_fr.html
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	ab_icon.png
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	echnorati.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	hes_search.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	n.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	ools.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	op.png
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	op_left.png
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	op_right.png
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar	ranslate.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\u.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\un.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\utf8.js
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\v.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\vmlib.js
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\vn.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\w.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\web.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\web_fr.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\wikipedia.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\wn.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\x.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\xp_close_small.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\yahoo.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\yahoo_search.gif
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\YouTube.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\z.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\zn.bmp
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar\zoom.bmp
   Supprime! - C:\WINDOWS\iun6002.exe
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\Dealio
   Supprime! - C:\Program Files\Dealio
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
   Supprime! - C:\Program Files\GamesBar
   Supprime! - C:\Program Files\Multi_Media
   Supprime! - C:\Program Files\P2P_Torrent
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\Search Settings
   Supprime! - C:\Program Files\Search Settings
   Supprime! - C:\DOCUME~1\VIDEOC~1\APPLIC~1\VMNToolbar

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  Extensions

   (VIDEOCEAN 1) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
   (VIDEOCEAN 1) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
   (VIDEOCEAN 1) - {a841a1c1-4687-4285-89fe-e9df6c5ed4c6} => toox.com
   (VIDEOCEAN 1) - {ecdee021-0d17-467f-a1ff-c7a115230949} => free-downloads.net


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="https://www.google.com/?gws_rd=ssl"
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Start Page"="https://www.msn.com/fr-fr/"
   "CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=66017"


   --------------------\  Recherche d'autres infections

   C:\WINDOWS\system32\sCcbJRqr.ini
   C:\WINDOWS\system32\sCcbJRqr.ini2
   [b]==> VUNDO <==/b
 
   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\VIDEOC~1\Favoris\Jeux Cherche  Recherche de crack fr hospital tycoon.url



   1 - "C:\ToolBar SD\TB_1.txt" - 11/05/2009|21:33 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 11/05/2009|21:52 - Option : [2]

   -----------\  Fin du rapport a 21:52:46,73

encore mille merci pour votre aide ;)

verni29 · Answer

OK, 

poste le rapport Hijackthis.

A+

ardillon62 · Answer

voici le nouveau rapport hijackthis : 


Logfile of HijackThis v1.99.1
Scan saved at 22:08:31, on 11/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
C:\WINDOWS\system32	askmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\VIDEOCEAN 1\Bureau\hijackthis-1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66017
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: toox.com Toolbar - {a841a1c1-4687-4285-89fe-e9df6c5ed4c6} - C:\Program Files	oox.com	btoo1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {3C95DAED-EE5C-4783-82C0-D99999B5B0BB} - (no file)
O2 - BHO: DNSEred - {55756cea-62ac-1a32-0e1f-faa0fdf76869} - C:\WINDOWS\system32\iednser.dll
O2 - BHO: trueads - {84af9ad1-8fc7-1a0f-e657-9bc5b92b6cff} - C:\WINDOWS\system32
stB.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9d29dcdd-8a68-7cc8-d35e-62df18086a58} - (no file)
O2 - BHO: trueads search enhancer - {A0F4A990-B803-0383-77F6-A4387DEFA1F8} - C:\WINDOWS\system32\ctkwemfrfw.dll
O2 - BHO: toox.com Toolbar - {a841a1c1-4687-4285-89fe-e9df6c5ed4c6} - C:\Program Files	oox.com	btoo1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: (no name) - {BA98AA71-A42D-4A06-B991-75CB1B28352E} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - (no file)
O2 - BHO: (no name) - {D4C2DF15-51EB-49E9-88C1-A8FDB852AF5a} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: toox.com Toolbar - {a841a1c1-4687-4285-89fe-e9df6c5ed4c6} - C:\Program Files	oox.com	btoo1.dll
O3 - Toolbar: (no name) - {196C3A46-4758-433D-A600-802C804AF39C} - (no file)
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b934f0efc4d44aaa89d047f81fadc842
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b934f0efc4d44aaa89d047f81fadc842
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Groom - {66F83792-DAE1-4823-8F20-ADA94B33A4FF} - C:\Program Files\Toox\Groom\Groom.exe (HKCU)
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (file missing) (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (file missing) (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://angiedu62200.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://ww11.commandondemand.com/eval/cod/cabs/cssweb.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://p2pi.mine.nu:1444/activex/AMC.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-bb1d910906c85616.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

verni29 · Answer

on va déjà un peu nettoyer le rapport Hijacthis mais il reste encore beaucoup de barres d'outils et de BHO à nettoyer.
Prends ton temps. Fais exactement ce qui est demandé.

1/ Lance Hijackthis et tu choisis " Do a system scan only ".
Tu sélectionnes les lignes suivantes :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66017 
O2 - BHO: (no name) - {3C95DAED-EE5C-4783-82C0-D99999B5B0BB} - (no file) 
O2 - BHO: (no name) - {9d29dcdd-8a68-7cc8-d35e-62df18086a58} - (no file) 
O2 - BHO: (no name) - {BA98AA71-A42D-4A06-B991-75CB1B28352E} - (no file) 
O2 - BHO: (no name) - {CFC4F59B-A2DA-4e12-B337-52A4F871E10C} - (no file)
O2 - BHO: (no name) - {D4C2DF15-51EB-49E9-88C1-A8FDB852AF5a} - (no file) 
O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file) 
O3 - Toolbar: (no name) - {196C3A46-4758-433D-A600-802C804AF39C} - (no file) 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) 
9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (file missing) (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (file missing) (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (file missing) (HKCU) 
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) 

Tu choisis l'option " Fixchecked" en bas de la page.

2/ Télécharge Random's System Information Tool (RSIT) de random/random et enregistre le sur ton Bureau. 
http://images.malwareremoval.com/random/RSIT.exe 

Double-clique sur " RSIT.exe " pour le lancer . 
dans la fenêtre qui va s’ouvrir choisis  2 months pour l'option "List files/folders created ..." , 
 cliques ensuite sur " Continue " pour lancer l'analyse ... 

Si la dernière version de HijackThis n'est pas trouvée sur ton PC, RSIT la téléchargera et te demandera d'accepter la licence. 

Attends jusqu’à la fin de l’analyse.
deux rapports vont être generés. 

Poste en deux messages le contenu de " log.txt " et info.txt  dans la barre des taches.

Si tu ne les trouves pas,les rapports sont sauvegardés dans le dossier  C:\rsit.

A+

ardillon62 · Answer

voici le premier rapport que tu m'as demandé...

Logfile of random's system information tool 1.06 (written by random/random)
Run by VIDEOCEAN 1 at 2009-05-11 22:36:54
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 9 GB (12%) free of 78 GB
Total RAM: 1023 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:09, on 11/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
C:\WINDOWS\system32	askmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\VIDEOCEAN 1\Bureau\hijackthis-1\HijackThis.exe
C:\Documents and Settings\VIDEOCEAN 1\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files	rend micro\VIDEOCEAN 1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: toox.com Toolbar - {a841a1c1-4687-4285-89fe-e9df6c5ed4c6} - C:\Program Files	oox.com	btoo1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.7.4.dll
O2 - BHO: DNSEred - {55756cea-62ac-1a32-0e1f-faa0fdf76869} - C:\WINDOWS\system32\iednser.dll
O2 - BHO: trueads - {84af9ad1-8fc7-1a0f-e657-9bc5b92b6cff} - C:\WINDOWS\system32
stB.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: trueads search enhancer - {A0F4A990-B803-0383-77F6-A4387DEFA1F8} - C:\WINDOWS\system32\ctkwemfrfw.dll
O2 - BHO: toox.com Toolbar - {a841a1c1-4687-4285-89fe-e9df6c5ed4c6} - C:\Program Files	oox.com	btoo1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: toox.com Toolbar - {a841a1c1-4687-4285-89fe-e9df6c5ed4c6} - C:\Program Files	oox.com	btoo1.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b934f0efc4d44aaa89d047f81fadc842
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b934f0efc4d44aaa89d047f81fadc842
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Groom - {66F83792-DAE1-4823-8F20-ADA94B33A4FF} - C:\Program Files\Toox\Groom\Groom.exe (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://angiedu62200.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://ww11.commandondemand.com/eval/cod/cabs/cssweb.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://p2pi.mine.nu:1444/activex/AMC.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-bb1d910906c85616.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

ardillon62 · Answer

et le second qui as suivi....

info.txt logfile of random's system information tool 1.06 2009-05-11 22:37:15

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Fichiers communs\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\MAGIX\Speed2_burnR_mxcdr\unwise.exe
-->C:\WINDOWS\system32\msiuins.exe
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
40 polices pour l'école-->C:\logecole\40_polices_ecole\desinst_40_polices.exe
9Giga Disque v1.10.0-->"C:\Program Files\SFR\9Giga Disque\unins000.exe"
9Giga Synchro v2.9.2-->"C:\Program Files\SFR\9Giga Synchro\unins000.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Antidote RX v3-->MsiExec.exe /X{A474EA56-5DBD-4181-8230-806A4762EA7F}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AVS DVDMenu Editor 1.2.1.19-->"C:\Program Files\Fichiers communs\AVSMedia\AVS DVDMenu Editor\unins000.exe"
AXIS Media Control-->rundll32 "C:\Program Files\Axis Communications\AXIS Media Control\AxisMediaControl.dll",UninstallMe
BitComet 0.91-->C:\Program Files\BitComet\uninst.exe
BroadJump Client Foundation-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
CA Yahoo! Anti-Spy (remove only)-->"C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Combat Wings-->"C:\Program Files\City Interactive\Combat Wings\Uninstall.exe" "C:\Program Files\City Interactive\Combat Wings\install.log"
Command On Demand for Command Software-->rundll32 advpack.dll,LaunchINFSection C:\csscod\uninst.inf,DefaultUninstall
Contextual Application Trueads-->C:\WINDOWS\system32\a2bba580-aa5e-ebdb-ede6-cd60ccfb5190.exe
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
Cross+A (Français)-->C:\Program Files\CrossAFr\uninstall.exe
CyberLink PhotoNow-->"C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall
CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
CyberLink PowerDVD 9-->"C:\Program Files\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall
CyberLink PowerDVD 9-->"C:\Program Files\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall
Dealio Toolbar 3.4-->MsiExec.exe /X{6105648C-0C3C-481D-8C11-1F4952D6FB53}
Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}
Disciples: Sacred Lands-->C:\PROGRA~1\STRATE~1\DISCIP~1\UNWISE.EXE C:\PROGRA~1\STRATE~1\DISCIP~1\INSTALL.LOG
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Domain Name Helper Adzgalore-->C:\WINDOWS\system32\AdzgaloreDNHelper-uninstall.exe
DVD Ripper 4-->C:\Program Files\Xilisoft\DVD Ripper 4\Uninstall.exe
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}
Firebird SQL Server - MAGIX Edition-->C:\Program Files\MAGIX\Common\Database\unwise.exe
FLV Knife 0.0.0003-->"C:\Program Files\FLVKnife\unins000.exe"
Free Video Dub version 1.3-->"C:\Program Files\DVDVideoSoft\Free Video Dub\unins000.exe"
free-downloads.net Toolbar-->C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Généalogie pour les Nuls-->"C:\Program Files\Anuman Interactive\Généalogie pour les Nuls\unins000.exe"
Généatique 2007-->"C:\Program Files\Geneatique2007\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GTK+ 2.10.13 runtime environment-->"C:\Program Files\Fichiers communs\GTK\2.0\setup\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files	rend micro\HijackThis.exe" /uninstall
iPassConnect-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6FFA58-F491-11D3-8951-000000013879}\setup.exe" 
iTunes-->MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java 2 Runtime Environment, SE v1.4.0_03-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC1E4C93-C1E7-11D6-9D10-00010240CE95}\Setup.exe" Anytext
Java 2 Runtime Environment, SE v1.4.2_13-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142130}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Jet Storm: Combats de haut vol-->"C:\Program Files\City Interactive\Jet Storm\Uninstall.exe" "C:\Program Files\City Interactive\Jet Storm\install.log"
KC Softwares KFK-->"C:\Program Files\KC Softwares\KFK\unins000.exe"
K-Lite Mega Codec Pack 4.7.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
La Toolbar MEDIADICO-->MsiExec.exe /I{67E131AE-6F62-4091-9567-55DE59130825}
Labtec WebCam-->MsiExec.exe /I{58E653BE-BD68-4D68-BB2E-3AE1B925AAD0}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Les Sims™ 2 Double Deluxe-->C:\Program Files\EA GAMES\Les Sims 2 Double Deluxe\EAUninstall.exe
LimeWire 5.1.2-->"C:\Program Files\LimeWire\uninstall.exe"
Livre Album Fuji Photo-->"C:\Program Files\Livre Album Fuji Photo\unins000.exe"
Ma-Config.com-->MsiExec.exe /X{06526E3A-92DD-4F45-90CD-902953F1A8D2}
Mafia Game-->C:\WINDOWS\system32\MafiaSetup.exe
MAGIX Screenshare 4.3.6.1987 (F)-->C:\Program Files\MAGIX\PCVisit\unwise.exe
Maya l'Abeille - Une Surprise formidable !-->C:\Emme\Maya2fr\UNWISE.EXE C:\Emme\Maya2fr\INSTALL.LOG
Medal of Honor débarquement allié-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x40c 
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Metacafe-->C:\Program Files\Metacafe\uninstaller.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft MSDN 2005 Express - FRA-->C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - FRA\install.exe
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Publisher 98-->C:\Program Files\Microsoft Office\Office\Install\Install.exe /m
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{480DBB60-F0B6-45F2-B26F-1A2E11197791}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{3F59A7E0-BC01-4435-9E93-C7D7015C21DA}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{1F24E48F-7692-4E89-8784-68DD4D2712A0}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{A30179B7-997A-4D47-AA43-57AE59A9C78B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual Web Developer 2005 Express - FRA-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Web Developer 2005 Express Edition - FRA\setup.exe
Microsoft Visual Web Developer 2005 Express Edition - FRA-->MsiExec.exe /X{C9301CC8-66FD-4040-9C9B-B850E8DFA70A}
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MpcStar 2.1-->C:\Program Files\MpcStar\uninst.exe
MSI Live Update 3-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Live Update 3\Uninst.isu"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{97AA1F3C-DD64-4AA6-AEC5-F8F9F4CC21C5}
Navigation par onglets (Windows Live Toolbar)-->MsiExec.exe /X{E916E61F-DE9D-4EAF-91E1-CEB50016326A}
NVIDIA Drivers-->C:\WINDOWS\system32
vudisp.exe UninstallGUI
ooVoo-->"C:\Program Files\InstallShield Installation Information\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\setup.exe" -runfromtemp -l0x040c -removeonly
OpenOffice.org 2.3 Language Pack (Français)-->MsiExec.exe /I{E17146DC-DD09-4DE1-AB1F-DAFCD5D59E4A}
OpenOffice.org 2.4-->MsiExec.exe /I{1E0FF527-971B-4BBF-83D1-987E8DEE437D}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Outils Club Internet-->"C:\Program Files\Club-Internet\Assistance\OutilsCI\uninstall.exe"
P2P_Torrent Toolbar-->C:\PROGRA~1\P2P_TO~1\UNWISE.EXE C:\PROGRA~1\P2P_TO~1\INSTALL.LOG
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC Booster-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}\setup.exe" -l0x40c  -removeonly
PDF-XChange 3-->"C:\Program Files\Tracker Software\PDF-XChange 3\unins000.exe"
PhotoFiltre Studio-->"C:\Documents and Settings\VIDEOCEAN 1\Mes documents\PhotoFiltre Studio\Uninst.exe"
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Labtec\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Protectis-->"C:\Program Files\Protectis\unins000.exe"
QuickTime-->MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0
Savescreen-->"C:\Program Files\Savescreen\Uninstall.exe"
Search Assistant Trueads-->C:\WINDOWS\system32\ctkwemfrfw.dll-uninst.exe
Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SFR - Kit de connexion-->C:\Program Files\SFR\Kit\uninstall.exe
SFR - Media Center-->C:\Program Files\SFR\Media Center\uninstall.exe
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
StarOffice 8-->MsiExec.exe /I{009D5105-14DB-4FF9-A9DA-EC28C88472D7}
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
The Longest Journey-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0280F0D8-1542-4DAA-913C-8529E2A3835D}\Setup.exe" 
toox.com Toolbar-->C:\PROGRA~1	oox.com\UNWISE.EXE C:\PROGRA~1	oox.com\INSTALL.LOG
Trillian-->C:\Program Files\Trillian	rillian.exe /uninstall
Uninstall 1.0.0.0-->"C:\Program Files\Fichiers communs\DVDVideoSoft\unins000.exe"
VIA Audio Driver Setup Program-->RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -y-f"C:\PROGRA~1\VIAudioi\SBASetup\Uninst.isu"
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar-->C:\Program Files\Windows Live Toolbar\UnInstall.exe {DE56FE92-9AD5-4DCB-9111-DDDF73EA5E5E}
Windows Live Toolbar-->MsiExec.exe /X{DE56FE92-9AD5-4DCB-9111-DDDF73EA5E5E}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
yWriter2-->"C:\Program Files\yWriter2\unins000.exe"
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Avira AntiVir PersonalEdition Classic
FW: ZoneAlarm Firewall

======System event log======

Computer Name: POSTE1
Event Code: 7036
Message: Le service Google Software Updater est entré dans l'état : arrêté.

Record Number: 456
Source Name: Service Control Manager
Time Written: 20090327103138.000000+060
Event Type: Informations
User: 

Computer Name: POSTE1
Event Code: 7036
Message: Le service Google Software Updater est entré dans l'état : en cours d'exécution.

Record Number: 455
Source Name: Service Control Manager
Time Written: 20090327102955.000000+060
Event Type: Informations
User: 

Computer Name: POSTE1
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Google Software Updater.

Record Number: 454
Source Name: Service Control Manager
Time Written: 20090327102932.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: POSTE1
Event Code: 7036
Message: Le service Google Software Updater est entré dans l'état : arrêté.

Record Number: 453
Source Name: Service Control Manager
Time Written: 20090327100754.000000+060
Event Type: Informations
User: 

Computer Name: POSTE1
Event Code: 7036
Message: Le service Google Software Updater est entré dans l'état : en cours d'exécution.

Record Number: 452
Source Name: Service Control Manager
Time Written: 20090327100652.000000+060
Event Type: Informations
User: 

=====Application event log=====

Computer Name: POSTE1
Event Code: 4097
Message: Le service AntiVir a été arrêté!

Record Number: 40658
Source Name: Avira AntiVir
Time Written: 20090303101242.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: POSTE1
Event Code: 4100
Message: Impossible de charger le moteur !
Code d'erreur : 5

Record Number: 40657
Source Name: Avira AntiVir
Time Written: 20090303101241.000000+060
Event Type: erreur
User: AUTORITE NT\SYSTEM

Computer Name: POSTE1
Event Code: 4113
Message: AntiVir a détecté dans le fichier
C:\Documents and Settings\VIDEOCEAN 1\Local Settings\Temporary Internet Files\Content.IE5\0450GTFM\search[1].htm
un code suspect avec la désignation 'HEUR/HTML.Malware'!

Record Number: 40656
Source Name: Avira AntiVir
Time Written: 20090303022328.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: POSTE1
Event Code: 1005
Message: Windows Installer a initié un redémarrage système afin de terminer ou de continuer la configuration de  'Apple Mobile Device Support'.

Record Number: 40655
Source Name: MsiInstaller
Time Written: 20090228153452.000000+060
Event Type: Informations
User: POSTE1\VIDEOCEAN 1

Computer Name: POSTE1
Event Code: 11707
Message: Produit : Apple Mobile Device Support -- L'installation s'est terminée correctement.

Record Number: 40654
Source Name: MsiInstaller
Time Written: 20090228153452.000000+060
Event Type: Informations
User: POSTE1\VIDEOCEAN 1

=====Security event log=====

Computer Name: POSTE1
Event Code: 849
Message: Une application générait une erreur d'exception lorsque le Pare-feu Windows a démarré.



Origine de la stratégie : Stratégie locale

Profil utilisé : Standard

Nom : Skype

Chemin d'accès : C:\Program Files\Skype\Phone\Skype.exe

État : Activé

Étendue : Tous les sous-réseaux

Record Number: 104737
Source Name: Security
Time Written: 20090423063318.000000+120
Event Type: Succès de l'audit
User: AUTORITE NT\SYSTEM

Computer Name: POSTE1
Event Code: 849
Message: Une application générait une erreur d'exception lorsque le Pare-feu Windows a démarré.



Origine de la stratégie : Stratégie locale

Profil utilisé : Standard

Nom : Serveur de partage Media Center (Player SFR)

Chemin d'accès : C:\Program Files\SFR\Media Center\httpd\httpd.exe

État : Activé

Étendue : 172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0

Record Number: 104736
Source Name: Security
Time Written: 20090423063318.000000+120
Event Type: Succès de l'audit
User: AUTORITE NT\SYSTEM

Computer Name: POSTE1
Event Code: 849
Message: Une application générait une erreur d'exception lorsque le Pare-feu Windows a démarré.



Origine de la stratégie : Stratégie locale

Profil utilisé : Standard

Nom : RealPlayer

Chemin d'accès : C:\Program Files\Real\RealPlayerealplay.exe

État : Activé

Étendue : Tous les sous-réseaux

Record Number: 104735
Source Name: Security
Time Written: 20090423063318.000000+120
Event Type: Succès de l'audit
User: AUTORITE NT\SYSTEM

Computer Name: POSTE1
Event Code: 849
Message: Une application générait une erreur d'exception lorsque le Pare-feu Windows a démarré.



Origine de la stratégie : Stratégie locale

Profil utilisé : Standard

Nom : Pinnacle VideoSpin

Chemin d'accès : C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe

État : Activé

Étendue : Tous les sous-réseaux

Record Number: 104734
Source Name: Security
Time Written: 20090423063318.000000+120
Event Type: Succès de l'audit
User: AUTORITE NT\SYSTEM

Computer Name: POSTE1
Event Code: 849
Message: Une application générait une erreur d'exception lorsque le Pare-feu Windows a démarré.



Origine de la stratégie : Stratégie locale

Profil utilisé : Standard

Nom : umi

Chemin d'accès : C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe

État : Activé

Étendue : Tous les sous-réseaux

Record Number: 104733
Source Name: Security
Time Written: 20090423063318.000000+120
Event Type: Succès de l'audit
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\PROGRA~1\MICROS~3\Office;C:\Program Files\Fichiers communs\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"LANG"=fr
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------
merci pour ta patience...

verni29 · Answer

OK, j'analyse les rapports.
Cela va prendre un peu de temps.
Réponse dans une bonne demi-heure.

A

verni29 · Answer

Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau. 
http://oldtimer.geekstogo.com/OTMoveIt3.exe

# Double-clique sur OTMoveIt.exe pour le lancer. 
# Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous  Paste Instructions for Items to be Moved. 

begin copying here :

:Processes
explorer.exe

:Services
oreans32
a0z6g5tw

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55756cea-62ac-1a32-0e1f-faa0fdf76869}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84af9ad1-8fc7-1a0f-e657-9bc5b92b6cff}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A0F4A990-B803-0383-77F6-A4387DEFA1F8}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a841a1c1-4687-4285-89fe-e9df6c5ed4c6}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a841a1c1-4687-4285-89fe-e9df6c5ed4c6}] 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] 
"{BA98AA71-A42D-4A06-B991-75CB1B28352E}"=-
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=hex(7):6d,73,76,31,5f,30,00,00  

:Files
C:\WINDOWS\system32\iednser.dll 
C:\WINDOWS\system32
stB.dll
C:\WINDOWS\system32\ctkwemfrfw.dll
C:\Program Files	oox.com	btoo1.dll 
C:\WINDOWS\system32\a2bba580-aa5e-ebdb-ede6-cd60ccfb5190.exe 
C:\WINDOWS\system32\ctkwemfrfw.dll-uninst.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


# Clique sur MoveIt! pour lancer la suppression. Le résultat apparaitra dans le cadre "Results".
# Le PC va redémarrer pour supprimer les fichiers.
# après le redémarrage, un rapport va s'ouvrir. 
# Copie/Colle le contenu du rapport dans ton prochain message.

Note : Si tu ne trouves plus le rapport,c'est un fichier .log qui se trouve en C:\_OTMoveIt\MovedFiles.

A+

ardillon62 · Answer

voici le rapport avec otmoveit3....



Error: Unable to interpret <begin copying here :> in the current context!
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver oreans32 stopped successfully.
Service\Driver oreans32 deleted successfully.
Service\Driver a0z6g5tw not found.
Service\Driver key a0z6g5tw deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55756cea-62ac-1a32-0e1f-faa0fdf76869}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84af9ad1-8fc7-1a0f-e657-9bc5b92b6cff}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A0F4A990-B803-0383-77F6-A4387DEFA1F8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a841a1c1-4687-4285-89fe-e9df6c5ed4c6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a841a1c1-4687-4285-89fe-e9df6c5ed4c6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{BA98AA71-A42D-4A06-B991-75CB1B28352E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA98AA71-A42D-4A06-B991-75CB1B28352E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4F07DA45-8170-4859-9B5F-037EF2970034} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F07DA45-8170-4859-9B5F-037EF2970034}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\"authentication packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
========== FILES ==========
C:\WINDOWS\system32\iednser.dll unregistered successfully.
C:\WINDOWS\system32\iednser.dll moved successfully.
C:\WINDOWS\system32
stB.dll unregistered successfully.
C:\WINDOWS\system32
stB.dll moved successfully.
C:\WINDOWS\system32\ctkwemfrfw.dll unregistered successfully.
C:\WINDOWS\system32\ctkwemfrfw.dll moved successfully.
C:\Program Files	oox.com	btoo1.dll unregistered successfully.
C:\Program Files	oox.com	btoo1.dll moved successfully.
C:\WINDOWS\system32\a2bba580-aa5e-ebdb-ede6-cd60ccfb5190.exe moved successfully.
C:\WINDOWS\system32\ctkwemfrfw.dll-uninst.exe moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\VIDEOCEAN 1\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_53c.dat scheduled to be deleted on reboot.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_4fc.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\ZLT061d2.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\ZLT06cf3.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05112009_231756

Files moved on Reboot...
File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_53c.dat not found!
File C:\WINDOWS	emp\Perflib_Perfdata_4fc.dat not found!
C:\WINDOWS	emp\ZLT061d2.TMP moved successfully.
C:\WINDOWS	emp\ZLT06cf3.TMP moved successfully.

j'espere ne pas avoir étais trop long a te répondre ;)

verni29 · Answer

Non, 

Aucun problème.

Je te mets des consignes. Cela prend assez de temps.
Tu peux très bien les faire demain.

Tu télécharges MalwareBytes. 
http://www.malwarebytes.org/mbam/program/mbam-setup.exe 

Tu l'installes. Choisis les options par défaut. 
# A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’éxecuter .
# Accepte. Après la, mise à jour, le logiciel va s’ouvrir. 

# Dans l’onglet Recherche, sélectionne Exécuter un examen complet. 
# Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur. 
# Clique sur lancer l’examen. 

# A la fin de la recherche, comme il est demandé, clique sur afficher les résultats.
# Si des infections sont trouvées, clique sur Supprimer la sélection. 
Tu postes le rapport dans ton prochain message.

Si tu ne retrouves pas le rapport, ouvre MalwareBytes et regarde dans l’onglet  Rapport/logs. Il y est. Clique dessus et choisir ouvrir. 

A+

ardillon62 · Answer

je l'ai lancer et j'attends le rapport pour te le poster ;)

verni29 · Answer

Une fois terminé le scan Malwarebytes, poste moi le rapport évidemment et également un rapport Hijackthis.

A+

ardillon62 · Answer

bonjour,

voici le rapport malwarebytes

la base de données: 2110
Windows 5.1.2600 Service Pack 3

12/05/2009 07:57:44
mbam-log-2009-05-12 (07-57-44).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 243875
Temps écoulé: 4 hour(s), 38 minute(s), 3 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 13

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adzgalorednhelper (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\FLVKnife\FLVKnife.exe (Spyware.Banker) -> Quarantined and deleted successfully.
C:\VundoFix Backups\eutclveg.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\hpylsmyw.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\mufvnqam.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adzgalore-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\28f483bc-a24d-1dc5-e78d-4c9518c5afe4.dll (Adware.Yoog) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components
sdnser.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AdzgaloreDNHelper-uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMcb2a17a1.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMcb2a17a1.txt (Trojan.Vundo) -> Quarantined and deleted successfully.Malwarebytes' Anti-Malware 1.36
Version de

ardillon62 · Answer

et un nouveau rapport hijackthis....

Logfile of HijackThis v1.99.1
Scan saved at 09:15:33, on 12/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32	askmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\VIDEOCEAN 1\Bureau\hijackthis-1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: toox.com Toolbar - {a841a1c1-4687-4285-89fe-e9df6c5ed4c6} - C:\Program Files	oox.com	btoo1.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: toox.com Toolbar - {a841a1c1-4687-4285-89fe-e9df6c5ed4c6} - C:\Program Files	oox.com	btoo1.dll (file missing)
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b934f0efc4d44aaa89d047f81fadc842
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b934f0efc4d44aaa89d047f81fadc842
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Groom - {66F83792-DAE1-4823-8F20-ADA94B33A4FF} - C:\Program Files\Toox\Groom\Groom.exe (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://angiedu62200.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://ww11.commandondemand.com/eval/cod/cabs/cssweb.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://p2pi.mine.nu:1444/activex/AMC.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-bb1d910906c85616.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

verni29 · Answer

Le rapport de Malwarebytes montre des traces d'infections ( Lop, Yoog, EORezo ).
Il va falloir passer d'autres outils pour nettoyer tout cela ( on lesz enlevera tous à la fin :-) ).

On va vérifier pour l'infection Lop  et Yoog :

1/ L'infection Lop se propage via des bannières de publicités sur des pages Webs ou en installant certains logiciels comme : 
* BitDownload 
* BitGrabber 
* BitRoll 
* MessengerPlus! 3 sous le nom de sponsors 
* Messenger Plus! Live sous le nom de sponsors 
* NetPumper 
* TorrentQ 
* Torrent101

Télécharge LopS&D. 
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 

Installe le logiciel. 
# Une icône va apparaitre sur le bureau. Double clique dessus pour lancer le logiciel 
# Tu choisis la langue et l'option 1 pour effectuer la recherche. 
# A la fin de la recherche, un rapport LopR.txt apparait.
Copie le contenu de ce rapport dans ton prochain message.

Note : Il se trouve en C:\LopR.txt. 

2/ Télécharge Yoog_Fix de Batch_Man sur ton Bureau.
http://batchdhelus.open-web.fr/programme/Yoog_Fix.exe

# Ferme ton navigateur si il est ouvert.
# Double-clique dessus et choisis l'option 1 ( Recherche )
# Attend que le scan se fasse, un rapport va s'ouvrir.

Poste le dans ta prochaine réponse.

Note : S'il ne s'ouvre pas le rapport est à la racine de ton disque sous le nom de Yoog_Fix.txt

A+

ardillon62 · Answer

voila le rapport lop... 

  --------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 2800+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : VIDEOCEAN 1 ( Administrator )
   BOOT : Normal boot
   Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
   Firewall  : ZoneAlarm Firewall 7.0.483.000 (Activated)
   C:\ (Local Disk) - NTFS - Total:76 Go (Free:8 Go)
   D:\ (CD or DVD)
   E:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [1] ( 12/05/2009| 9:41 )
 
   --------------------\  Listing des dossiers dans APPLIC~1

   [10/09/2005|08:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

   [03/03/2009|11:25] C:\DOCUME~1\ADMINI~1.POS\APPLIC~1\Microsoft

   [12/02/2009|16:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\1A181
   [01/04/2009|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [10/03/2007|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
   [11/07/2007|14:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aliasworlds
   [26/08/2007|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [24/02/2007|00:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [06/01/2008|16:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
   [03/03/2009|13:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
   [02/07/2007|09:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
   [30/03/2008|19:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Awem
   [24/02/2007|18:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
   [10/09/2007|23:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
   [13/03/2009|14:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
   [13/04/2009|00:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
   [25/04/2007|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ENJOY Plus!
   [31/07/2008|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EscapeTheMuseum
   [03/10/2007|12:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Exetender
   [08/11/2008|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FarmFrenzy2
   [26/12/2007|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FloodLightGames
   [02/08/2008|10:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreshGames
   [02/01/2009|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fugazo
   [05/08/2008|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse
   [13/01/2009|16:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [11/05/2009|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
   [12/08/2008|21:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HiddenSecretsNightmare
   [21/03/2009|00:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
   [27/07/2008|10:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intenium
   [12/08/2008|11:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
   [03/03/2009|13:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
   [07/07/2008|19:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
   [28/12/2008|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
   [27/07/2008|02:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
   [11/05/2009|23:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [18/03/2007|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
   [12/09/2008|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Metacafe
   [26/12/2007|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [01/03/2007|01:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
   [21/02/2007|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
   [21/02/2007|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs
   [23/10/2008|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MythPeople
   [25/05/2007|21:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1
7-89-o9-3r-4t-r9
   [22/12/2007|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
   [03/11/2007|20:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NeptunesAdve
   [27/06/2007|17:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1
View_Profiles
   [10/06/2008|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Once Dog Dupe Amok
   [06/07/2008|20:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
   [06/07/2008|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle VideoSpin
   [14/04/2009|00:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
   [22/04/2009|09:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayPond
   [05/03/2009|22:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Playrix Entertainment
   [21/06/2007|09:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PY_Software
   [31/12/2008|13:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
   [07/01/2009|16:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RealArcade
   [24/04/2007|18:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Runic
   [24/01/2009|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
   [08/02/2009|20:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SFR
   [18/03/2009|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [14/03/2009|10:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
   [30/07/2008|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
   [02/10/2008|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
   [19/06/2007|10:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
   [12/05/2009|08:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [06/09/2007|13:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
   [19/08/2008|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
   [06/07/2008|20:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VideoSpin
   [12/10/2008|14:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Vso
   [30/04/2009|22:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WebcamMax
   [23/08/2006|15:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [04/11/2006|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
   [05/10/2008|20:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
   [01/04/2007|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

   [01/12/2007|16:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [26/07/2008|21:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
   [04/09/2007|00:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
   [06/01/2008|16:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [05/05/2008|03:06] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
   [10/09/2005|13:35] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

   [31/01/2008|20:10] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Adobe
   [17/07/2006|16:28] C:\DOCUME~1\VIDEOC~1\APPLIC~1\AdobeAUM
   [16/06/2007|16:58] C:\DOCUME~1\VIDEOC~1\APPLIC~1\AdobeUM
   [11/03/2007|20:40] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Ahead
   [27/02/2007|17:27] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Apple Computer
   [04/10/2007|08:00] C:\DOCUME~1\VIDEOC~1\APPLIC~1\AVG7
   [29/12/2008|21:13] C:\DOCUME~1\VIDEOC~1\APPLIC~1\AVS4YOU
   [16/06/2007|12:20] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Beep Industries
   [15/01/2008|02:55] C:\DOCUME~1\VIDEOC~1\APPLIC~1\BitTorrent
   [29/10/2008|02:13] C:\DOCUME~1\VIDEOC~1\APPLIC~1\BloodTies
   [04/05/2009|15:26] C:\DOCUME~1\VIDEOC~1\APPLIC~1\CamfrogWEB
   [09/05/2009|14:14] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Canneverbe_Limited
   [30/01/2008|00:33] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Cross+A
   [13/03/2009|14:22] C:\DOCUME~1\VIDEOC~1\APPLIC~1\CyberLink
   [09/05/2008|18:26] C:\DOCUME~1\VIDEOC~1\APPLIC~1\DAEMON Tools
   [14/10/2008|23:34] C:\DOCUME~1\VIDEOC~1\APPLIC~1\DivX
   [20/09/2007|00:56] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Druide
   [13/03/2009|22:25] C:\DOCUME~1\VIDEOC~1\APPLIC~1\dvdcss
   [11/02/2009|12:22] C:\DOCUME~1\VIDEOC~1\APPLIC~1\funkitron
   [14/07/2007|14:30] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Gaijin Ent
   [28/02/2009|13:38] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Gamelab
   [19/10/2008|12:00] C:\DOCUME~1\VIDEOC~1\APPLIC~1\GamesCafe
   [17/06/2007|13:49] C:\DOCUME~1\VIDEOC~1\APPLIC~1\G‚n‚atique2007
   [14/07/2008|03:28] C:\DOCUME~1\VIDEOC~1\APPLIC~1\GetRightToGo
   [07/01/2008|00:33] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Google
   [02/09/2007|22:55] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Grammatica
   [30/08/2007|01:58] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Greyfirst
   [22/06/2007|11:28] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Help
   [19/04/2009|09:56] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Identities
   [17/11/2008|19:21] C:\DOCUME~1\VIDEOC~1\APPLIC~1\InfraRecorder
   [22/03/2007|02:11] C:\DOCUME~1\VIDEOC~1\APPLIC~1\ItsLabel
   [22/04/2007|14:51] C:\DOCUME~1\VIDEOC~1\APPLIC~1\iWin
   [23/08/2007|20:14] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Jasc
   [31/01/2009|21:12] C:\DOCUME~1\VIDEOC~1\APPLIC~1\JewelMatch2
   [26/03/2007|19:18] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Leadertech
   [10/05/2009|15:39] C:\DOCUME~1\VIDEOC~1\APPLIC~1\LimeWire
   [11/04/2008|13:43] C:\DOCUME~1\VIDEOC~1\APPLIC~1\LogMeIn Rescue
   [19/08/2006|16:57] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Macromedia
   [28/12/2008|16:52] C:\DOCUME~1\VIDEOC~1\APPLIC~1\MAGIX
   [11/05/2009|23:56] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Malwarebytes
   [10/10/2007|21:23] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Media Player Classic
   [15/07/2008|02:57] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Metacafe
   [02/05/2008|12:49] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Microsoft
   [05/04/2008|20:24] C:\DOCUME~1\VIDEOC~1\APPLIC~1\mIRC
   [21/02/2007|20:48] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Motive
   [31/08/2008|20:37] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Mozilla
   [25/03/2007|17:09] C:\DOCUME~1\VIDEOC~1\APPLIC~1\MSNInstaller
   [22/12/2007|11:41] C:\DOCUME~1\VIDEOC~1\APPLIC~1\NCH Swift Sound
   [18/03/2008|23:00] C:\DOCUME~1\VIDEOC~1\APPLIC~1\ooVoo Details
   [28/04/2009|11:53] C:\DOCUME~1\VIDEOC~1\APPLIC~1\OpenOffice.org2
   [01/04/2008|21:31] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Opera
   [25/07/2008|14:02] C:\DOCUME~1\VIDEOC~1\APPLIC~1\PC Tools
   [07/04/2009|18:53] C:\DOCUME~1\VIDEOC~1\APPLIC~1\PlayFirst
   [29/06/2008|00:39] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Real
   [25/03/2007|04:57] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Screenshot Sender
   [21/12/2008|12:29] C:\DOCUME~1\VIDEOC~1\APPLIC~1\SecondLife
   [25/10/2008|19:31] C:\DOCUME~1\VIDEOC~1\APPLIC~1\SecuROM
   [13/01/2009|22:25] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Skip-Bo
   [11/05/2009|09:38] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Skype
   [18/03/2009|11:25] C:\DOCUME~1\VIDEOC~1\APPLIC~1\skypePM
   [18/04/2009|19:10] C:\DOCUME~1\VIDEOC~1\APPLIC~1\SpinTop Games
   [12/05/2009|09:08] C:\DOCUME~1\VIDEOC~1\APPLIC~1\StarOffice8
   [04/09/2008|01:33] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Studio-Scrap
   [23/03/2007|09:34] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Sun
   [10/09/2005|12:37] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Symantec
   [05/06/2008|16:18] C:\DOCUME~1\VIDEOC~1\APPLIC~1\TaoUSign
   [18/03/2008|22:42] C:\DOCUME~1\VIDEOC~1\APPLIC~1	eamspeak2
   [24/03/2009|19:25] C:\DOCUME~1\VIDEOC~1\APPLIC~1\TeamViewer
   [02/10/2008|22:58] C:\DOCUME~1\VIDEOC~1\APPLIC~1\TuneUp Software
   [18/08/2008|19:48] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Ulead Systems
   [19/06/2007|16:23] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Uniblue
   [02/01/2009|23:03] C:\DOCUME~1\VIDEOC~1\APPLIC~1\ViquaSoft
   [05/03/2009|03:47] C:\DOCUME~1\VIDEOC~1\APPLIC~1\vlc
   [15/10/2008|10:07] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Vso
   [30/04/2009|22:55] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Webcammax
   [06/11/2007|10:30] C:\DOCUME~1\VIDEOC~1\APPLIC~1\XINEK
   [20/04/2009|10:25] C:\DOCUME~1\VIDEOC~1\APPLIC~1\YoudaGames
   [19/04/2009|09:56] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Zylom
   [19/04/2009|09:57] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Zylom DressUpRush
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [12/05/2009 08:08][--a------] C:\WINDOWS	asks\Google Software Updater.job
   [12/05/2009 09:00][--a------] C:\WINDOWS	asks\Maintenance en 1 clic.job
   [07/05/2009 23:51][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [12/05/2009 08:07][--ah-----] C:\WINDOWS	asks\SA.DAT
   [05/08/2004 14:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [25/02/2008|00:14] C:\Program Files\AbiSuite2
   [01/04/2009|10:52] C:\Program Files\Adobe
   [25/07/2008|02:22] C:\Program Files\Ahead
   [06/04/2008|09:42] C:\Program Files\Alcohol Soft
   [03/06/2007|09:18] C:\Program Files\Anuman Interactive
   [04/09/2008|14:33] C:\Program Files\Apple Software Update
   [13/08/2008|13:32] C:\Program Files\Audacity
   [13/03/2007|13:37] C:\Program Files\AVI DivX MPEG to DVD Converter & Burner
   [26/07/2008|02:09] C:\Program Files\Avira
   [03/01/2009|17:12] C:\Program Files\AVS4YOU
   [21/06/2007|12:37] C:\Program Files\Axis Communications
   [28/12/2008|16:24] C:\Program Files\BitComet
   [15/03/2009|17:20] C:\Program Files\BitComet Acceleration Patch
   [25/10/2008|19:29] C:\Program Files\Boonty
   [25/10/2008|19:30] C:\Program Files\BoontyGames
   [22/12/2007|11:36] C:\Program Files\Brighter Child
   [21/02/2007|20:02] C:\Program Files\BroadJump
   [06/06/2008|08:43] C:\Program Files\BSD Concept
   [25/02/2009|22:58] C:\Program Files\CA Yahoo! Anti-Spy
   [15/01/2008|02:26] C:\Program Files\CCleaner
   [09/05/2009|14:12] C:\Program Files\CDBurnerXP
   [19/01/2009|19:11] C:\Program Files\Circle Developement
   [28/12/2008|03:02] C:\Program Files\City Interactive
   [07/11/2008|19:58] C:\Program Files\Club-Internet
   [24/05/2008|22:01] C:\Program Files\Codemasters
   [05/11/2007|22:18] C:\Program Files\CoffeeCup Software
   [06/09/2007|21:15] C:\Program Files\Common Files
   [09/09/2005|18:53] C:\Program Files\ComPlus Applications
   [06/04/2008|09:45] C:\Program Files\Conduit
   [30/01/2008|00:33] C:\Program Files\CrossAFr
   [14/03/2009|10:41] C:\Program Files\CyberLink
   [10/05/2008|10:31] C:\Program Files\DAEMON Tools
   [10/05/2008|10:31] C:\Program Files\DAEMON Tools Lite
   [10/09/2005|13:55] C:\Program Files\Data-Concept
   [05/03/2009|00:16] C:\Program Files\DivX
   [13/08/2007|22:02] C:\Program Files\D-Tools
   [05/07/2008|13:57] C:\Program Files\DVDVideoSoft
   [14/01/2009|21:45] C:\Program Files\EA GAMES
   [18/03/2009|16:48] C:\Program Files\Fichiers communs
   [12/05/2009|07:57] C:\Program Files\FLVKnife
   [06/05/2008|08:25] C:\Program Files\free-downloads.net
   [17/06/2007|13:45] C:\Program Files\Geneatique2007
   [08/02/2009|01:32] C:\Program Files\Google
   [04/09/2007|00:54] C:\Program Files\Grisoft
   [06/06/2008|08:51] C:\Program Files\Heredis 8
   [03/02/2008|11:48] C:\Program Files\inKline Global
   [29/04/2009|22:34] C:\Program Files\InstallShield Installation Information
   [22/04/2009|21:53] C:\Program Files\Internet Explorer
   [17/12/2007|03:11] C:\Program Files\iPass
   [17/01/2008|15:45] C:\Program Files\iPod
   [17/01/2008|15:45] C:\Program Files\iTunes
   [23/08/2007|20:12] C:\Program Files\Jasc Software Inc
   [03/04/2009|08:55] C:\Program Files\Java
   [04/07/2008|17:32] C:\Program Files\KC Softwares
   [20/03/2009|11:22] C:\Program Files\K-Lite Codec Pack
   [11/03/2007|14:34] C:\Program Files\LAventure
   [14/04/2009|00:11] C:\Program Files\LimeWire
   [28/02/2007|14:18] C:\Program Files\Livre Album Fuji Photo
   [21/06/2007|14:27] C:\Program Files\Logitech
   [07/07/2008|19:31] C:\Program Files\ma-config.com
   [26/03/2007|19:39] C:\Program Files\Macrogaming
   [25/01/2009|12:49] C:\Program Files\Mafia
   [28/12/2008|20:54] C:\Program Files\MAGIX
   [10/10/2007|20:50] C:\Program Files\Ma‹do Production
   [11/05/2009|23:56] C:\Program Files\Malwarebytes' Anti-Malware
   [23/04/2009|06:21] C:\Program Files\Messenger
   [19/01/2009|19:11] C:\Program Files\Messenger Plus! Live
   [25/03/2007|17:05] C:\Program Files\MessengerPlus! 3
   [30/06/2008|08:21] C:\Program Files\Metacafe
   [29/04/2009|22:34] C:\Program Files\Micro Application
   [10/05/2007|03:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [09/09/2005|18:56] C:\Program Files\microsoft frontpage
   [23/08/2007|13:28] C:\Program Files\Microsoft Office
   [19/03/2009|07:33] C:\Program Files\Microsoft SQL Server
   [03/05/2008|17:48] C:\Program Files\Microsoft SQL Server Compact Edition
   [01/03/2007|01:39] C:\Program Files\Microsoft Visual Studio 8
   [01/03/2007|01:49] C:\Program Files\Microsoft.NET
   [23/11/2007|09:07] C:\Program Files\Motive(2)
   [12/09/2008|22:17] C:\Program Files\Motive(3)
   [22/04/2009|21:53] C:\Program Files\Movie Maker
   [12/05/2009|09:00] C:\Program Files\Mozilla Firefox
   [10/10/2007|21:21] C:\Program Files\MpcStar
   [10/09/2005|12:21] C:\Program Files\MSI
   [25/03/2007|17:08] C:\Program Files\MSN
   [09/09/2005|18:52] C:\Program Files\MSN Gaming Zone
   [03/07/2007|16:54] C:\Program Files\MSXML 4.0
   [28/03/2007|03:05] C:\Program Files\MSXML 6.0
   [22/12/2007|11:41] C:\Program Files\NCH Swift Sound
   [22/04/2009|21:21] C:\Program Files\NetMeeting
   [27/01/2008|22:40] C:\Program Files\Netscape
   [27/04/2009|16:47] C:\Program Files\Oberon Media
   [09/09/2005|18:52] C:\Program Files\Online Services
   [18/07/2008|02:32] C:\Program Files\Ontrack
   [28/04/2009|19:32] C:\Program Files\ooVoo
   [04/06/2008|15:38] C:\Program Files\OpenOffice.org 2.4
   [02/08/2008|10:26] C:\Program Files\orange
   [22/04/2009|21:21] C:\Program Files\Outlook Express
   [25/07/2008|02:59] C:\Program Files\Panda Security
   [25/02/2009|22:58] C:\Program Files\Phototool
   [28/09/2008|06:17] C:\Program Files\Picasa2
   [18/06/2007|09:35] C:\Program Files\Protectis
   [17/06/2007|13:45] C:\Program Files\ProtectisModeles
   [10/06/2008|13:13] C:\Program Files\Publication Web
   [25/02/2009|23:00] C:\Program Files\QuickTime
   [29/06/2008|00:35] C:\Program Files\Real
   [25/05/2007|21:39] C:\Program Files\ReflexiveArcade
   [14/07/2008|03:36] C:\Program Files\Replay Converter
   [11/05/2009|09:38] C:\Program Files\Savescreen
   [25/12/2008|04:13] C:\Program Files\SecondLife
   [09/09/2005|18:54] C:\Program Files\Services en ligne
   [26/03/2007|22:22] C:\Program Files\Setup Files
   [08/02/2009|23:49] C:\Program Files\SFR
   [19/08/2007|14:11] C:\Program Files\Siber Systems
   [18/03/2009|16:49] C:\Program Files\Skype
   [10/05/2008|10:42] C:\Program Files\SlySoft
   [29/12/2008|23:08] C:\Program Files\SmartSound Software
   [14/08/2007|14:53] C:\Program Files\solarus
   [14/04/2009|00:11] C:\Program Files\SpeedFan
   [11/05/2009|11:37] C:\Program Files\Spyware Doctor
   [25/02/2009|22:58] C:\Program Files\Steam
   [20/11/2008|18:20] C:\Program Files\Strategy First
   [25/07/2008|14:43] C:\Program Files\Sun
   [22/03/2009|11:33] C:\Program Files\TeamViewer
   [04/03/2009|19:46] C:\Program Files\Toox
   [11/05/2009|23:18] C:\Program Files	oox.com
   [17/06/2007|13:46] C:\Program Files\Tracker Software
   [11/05/2009|22:37] C:\Program Files	rend micro
   [12/04/2009|21:16] C:\Program Files\Trillian
   [14/01/2009|22:45] C:\Program Files\Ubi Soft
   [14/01/2009|22:33] C:\Program Files\Ubisoft
   [18/08/2008|19:45] C:\Program Files\Ulead Systems
   [09/09/2005|19:04] C:\Program Files\Uninstall Information
   [27/03/2007|00:03] C:\Program Files\VIAudioi
   [28/02/2007|11:40] C:\Program Files\VideoLAN
   [30/10/2007|02:07] C:\Program Files\Virtools
   [05/11/2007|22:24] C:\Program Files\Visicom Media
   [15/10/2008|10:07] C:\Program Files\VSO
   [05/05/2008|19:57] C:\Program Files\Windows Live
   [03/05/2008|17:50] C:\Program Files\Windows Live Favorites
   [03/05/2008|17:51] C:\Program Files\Windows Live Toolbar
   [28/06/2007|10:00] C:\Program Files\Windows Media Components
   [27/02/2007|19:46] C:\Program Files\Windows Media Connect 2
   [22/04/2009|21:21] C:\Program Files\Windows Media Player
   [22/04/2009|21:21] C:\Program Files\Windows NT
   [09/09/2005|18:54] C:\Program Files\WindowsUpdate
   [29/06/2007|13:37] C:\Program Files\WinRAR
   [09/09/2005|18:56] C:\Program Files\xerox
   [11/03/2007|16:15] C:\Program Files\Xilisoft
   [14/04/2009|00:11] C:\Program Files\Yahoo!
   [11/06/2007|10:37] C:\Program Files\yWriter2
   [27/07/2008|02:49] C:\Program Files\Zone Labs
   [20/04/2009|10:07] C:\Program Files\Zylom Games

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [01/04/2009|10:56] C:\Program Files\Fichiers communs\Adobe
   [12/05/2009|09:08] C:\Program Files\Fichiers communs\Akamai
   [26/08/2007|11:02] C:\Program Files\Fichiers communs\Apple
   [03/01/2009|17:12] C:\Program Files\Fichiers communs\AVSMedia
   [24/02/2007|18:29] C:\Program Files\Fichiers communs\BOONTY Shared
   [13/03/2009|14:12] C:\Program Files\Fichiers communs\CyberLink
   [09/09/2007|17:43] C:\Program Files\Fichiers communs\Designer
   [11/05/2008|07:49] C:\Program Files\Fichiers communs\DirectX
   [05/07/2008|13:57] C:\Program Files\Fichiers communs\DVDVideoSoft
   [20/07/2007|17:27] C:\Program Files\Fichiers communs\GTK
   [31/03/2006|17:33] C:\Program Files\Fichiers communs\InstallShield
   [23/03/2007|09:33] C:\Program Files\Fichiers communs\Java
   [21/06/2007|14:26] C:\Program Files\Fichiers communs\Labtec
   [28/12/2008|16:47] C:\Program Files\Fichiers communs\MAGIX Shared
   [06/03/2009|09:55] C:\Program Files\Fichiers communs\Microsoft Shared
   [21/02/2007|20:06] C:\Program Files\Fichiers communs\Motive
   [09/09/2005|18:54] C:\Program Files\Fichiers communs\MSSoap
   [10/03/2007|22:00] C:\Program Files\Fichiers communs\Nero
   [02/08/2008|10:26] C:\Program Files\Fichiers communs\Oberon Media
   [09/09/2005|20:41] C:\Program Files\Fichiers communs\ODBC
   [29/06/2008|00:36] C:\Program Files\Fichiers communs\Real
   [01/05/2008|20:58] C:\Program Files\Fichiers communs\Scanner
   [09/09/2005|20:41] C:\Program Files\Fichiers communs\SpeechEngines
   [16/07/2008|00:51] C:\Program Files\Fichiers communs\SWF Studio
   [19/06/2007|10:51] C:\Program Files\Fichiers communs\Symantec Shared
   [22/04/2009|21:21] C:\Program Files\Fichiers communs\System
   [20/12/2007|14:36] C:\Program Files\Fichiers communs\WindowsLiveInstaller
   [29/06/2008|00:36] C:\Program Files\Fichiers communs\xing shared

   --------------------\  Process

   ( 45 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Once Dog Dupe Amok
   C:\Program Files\Circle Developement
 
   --------------------\  Verification du Registre

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 

   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-05-12 09:47:46
   Windows 5.1.2600 Service Pack 3 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 46
 
   --------------------\  Recherche d'autres infections

   C:\WINDOWS\system32\sCcbJRqr.ini
   C:\WINDOWS\system32\sCcbJRqr.ini2
   [b]==> VUNDO <==/b
 
   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\VIDEOC~1\Favoris\Jeux Cherche  Recherche de crack fr hospital tycoon.url


   [F:5][D:3]-> C:\DOCUME~1\VIDEOC~1\LOCALS~1\Temp
   [F:1][D:0]-> C:\DOCUME~1\VIDEOC~1\Cookies
   [F:6][D:4]-> C:\DOCUME~1\VIDEOC~1\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 12/05/2009| 9:58 - Option : [1]

   --------------------\  Fin du rapport a  9:58:42

ardillon62 · Answer

et le rapport yoog-fix...

Yoog_Fix 2.02 de Batch_Man 
Debut a 10:06 le 12/05/2009 
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
Internet Explorer 6.0.2900.5512 
Mozilla Firefox 3.0.10 (fr) 
Avira GmbH 8.0.1.30  (Activated) 
Check Point, LTD. 7.0.483.000  (Activated) 

C:\ [Fixed] - NTFS - (Total:78152 Mo/Free:907 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Option [1] 2 Recherche 

+---------------\ Processus cachés/bloqués

1628	-Locked- vsmon.exe
2648	-Locked- zlclient.exe

+---------------\ Recherche

----------\ Recherche de fichiers

C:\Documents and Settings\VIDEOCEAN 1\Application Data\Mozilla\Firefox\Profiles\zh7uz1hs.default\searchplugins\Yoog Search.xml FOUND! 

----------\ Recherche dans prefs.js

prefs.js [VIDEOCEAN 1 - zh7uz1hs.default] user_pref("browser.search.defaultenginename", "Yoog Search"); 
prefs.js [VIDEOCEAN 1 - zh7uz1hs.default] user_pref("browser.search.defaulturl", "http://www27.yoog.com/search.php?q="); 
prefs.js [VIDEOCEAN 1 - zh7uz1hs.default] user_pref("browser.search.selectedEngine", "Yoog Search"); 
prefs.js [VIDEOCEAN 1 - zh7uz1hs.default] user_pref("keyword.URL", "http://www27.yoog.com/search.php?q="); 

user.js [VIDEOCEAN 1 - zh7uz1hs.default] user_pref("browser.search.defaultenginename", "Yoog Search"); 
user.js [VIDEOCEAN 1 - zh7uz1hs.default] user_pref("browser.search.defaulturl", "http://www27.yoog.com/search.php?q="); 
user.js [VIDEOCEAN 1 - zh7uz1hs.default] user_pref("browser.search.selectedEngine", "Yoog Search"); 
user.js [VIDEOCEAN 1 - zh7uz1hs.default] user_pref("keyword.URL", "http://www27.yoog.com/search.php?q="); 

----------\ Recherche dans le registre

[HKEY_USERS\S-1-5-21-1214440339-854245398-725345543-1004\..\SearchScopes],@DefaultScope={afdbddaa-5d3f-42ee-b79c-185a7020515b} 
[HKEY_USERS\S-1-5-21-1214440339-854245398-725345543-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] @DisplayName=Yoog Search 
[HKCU\..\SearchScopes],@DefaultScope={afdbddaa-5d3f-42ee-b79c-185a7020515b} 
[HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] @DisplayName=Yoog Search 
 
----------\ Infections associées possibles 
 
 
----------\ Suspects ( PAS FORCEMENT INFECTIEUX )
 
 
+---> Registre 
 
 
+---> Fichiers 
 


+---------------\Analyse complémentaire
 
+---------\ Tâches planifiées 
 
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\Google Software Updater.job
C:\WINDOWS\Tasks\Maintenance en 1 clic.job
 
----------\ Analyse de Firefox 
 
[C:\Documents and Settings\VIDEOCEAN 1\..\prefs.js] browser.startup.homepage: http://msn.fr 
[C:\Documents and Settings\VIDEOCEAN 1\..\prefs.js] browser.startup.homepage: http://msn.fr 
[C:\Documents and Settings\VIDEOCEAN 1\..\prefs.js] browser.search.selectedEngine: Yoog Search 
[C:\Documents and Settings\VIDEOCEAN 1\..\prefs.js] browser.search.defaultenginename: Yoog Search 
 
----------\ Extensions Firefox 
 
[User: VIDEOCEAN 1 (zh7uz1hs.default)] - C:\Documents and Settings\VIDEOCEAN 1\Application Data\Mozilla\Firefox\Profiles\zh7uz1hs.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949} 
[User: VIDEOCEAN 1 (zh7uz1hs.default)] - C:\Documents and Settings\VIDEOCEAN 1\Application Data\Mozilla\Firefox\Profiles\zh7uz1hs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} 
[User: VIDEOCEAN 1 (zh7uz1hs.default)] - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} 
[User: VIDEOCEAN 1 (zh7uz1hs.default)] - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} 
[User: VIDEOCEAN 1 (zh7uz1hs.default)] - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} 
[User: VIDEOCEAN 1 (zh7uz1hs.default)] - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} 
[User: VIDEOCEAN 1 (zh7uz1hs.default)] - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} 
[User: VIDEOCEAN 1 (zh7uz1hs.default)] - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} 
[User: VIDEOCEAN 1 (zh7uz1hs.default)] - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} 
[User: VIDEOCEAN 1 (zh7uz1hs.default)] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff 
[User: VIDEOCEAN 1 (zh7uz1hs.default)] - C:\Documents and Settings\VIDEOCEAN 1\Application Data\Mozilla\Firefox\Profiles\zh7uz1hs.default\extensions\OberonGameHost@OberonGames.com 
[User: VIDEOCEAN 1 (zh7uz1hs.default)] - C:\Documents and Settings\VIDEOCEAN 1\Application Data\Mozilla\Firefox\Profiles\zh7uz1hs.default\extensions\OberonGameHost@OberonGames.com 
[User: VIDEOCEAN 1 (zh7uz1hs.default)] - C:\Documents and Settings\VIDEOCEAN 1\Application Data\Mozilla\Firefox\Profiles\zh7uz1hs.default\extensions\{a841a1c1-4687-4285-89fe-e9df6c5ed4c6} 
[User: VIDEOCEAN 1 (zh7uz1hs.default)] - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} 
 
----------\ Plugins de recherche 
 
[10/09/2006 13:35|1516] - C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml: Amazon.fr - Recherche Amazon.fr: https://www.amazon.fr/ 
[28/09/2008 09:10|757] - C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml: eBay France - eBay - EnchÃ¨res en ligne: http://search.ebay.fr/ 
[16/04/2008 06:08|1706] - C:\Program Files\Mozilla Firefox\searchplugins\google.xml: Google - Google Search: https://www.google.com/ 
[10/09/2006 13:35|748] - C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml: MediaDICO - Les Dictionnaires Mediadico: http://www.dictionnaire-mediadico.com/dictionnaires.asp 
[29/03/2008 15:59|1426] - C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml: WikipÃ©dia (fr) - WikipÃ©dia, l'encyclopÃ©die libre: https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche 
[12/09/2006 20:49|652] - C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml: Yahoo - Recherche Yahoo: https://fr.search.yahoo.com/ 
 
----------\ Listing  de dossiers 
 
[24/04/2009 02:39 | --a------ | 348547 bytes] C:\Program Files\Mozilla Firefox\Components\browser.xpt 
[24/04/2009 08:48 | --a------ | 23032 bytes] C:\Program Files\Mozilla Firefox\Components\browserdirprovider.dll 
[24/04/2009 08:48 | --a------ | 134648 bytes] C:\Program Files\Mozilla Firefox\Components\brwsrcmp.dll 
[11/05/2009 12:25 | --a------ | 144322 bytes] C:\Program Files\Mozilla Firefox\Components\compreg.dat 
[29/04/2009 16:34 | --a------ | 422400 bytes] C:\Program Files\Mozilla Firefox\Components\ctkwemfrfw.dll 
[29/06/2008 00:36 | --a------ | 6789 bytes] C:\Program Files\Mozilla Firefox\Components
ppl3260.xpt 
[27/04/2005 16:14 | --a------ | 415 bytes] C:\Program Files\Mozilla Firefox\Components
pscriptable.xpt 
[05/12/2005 22:31 | --a------ | 343 bytes] C:\Program Files\Mozilla Firefox\Components
sIMozAxPlugin.xpt 
[16/07/2008 01:18 | --a------ | 2394 bytes] C:\Program Files\Mozilla Firefox\Components
sIQTScriptablePlugin.xpt 
[26/09/2006 13:03 | --a------ | 140 bytes] C:\Program Files\Mozilla Firefox\Components
sIZylomPlugin.xpt 
[29/06/2008 00:35 | --a------ | 556 bytes] C:\Program Files\Mozilla Firefox\Components
sJSRealPlayerPlugin.xpt 
[11/05/2009 12:25 | --a------ | 97425 bytes] C:\Program Files\Mozilla Firefox\Components\xpti.dat 
[14/10/2008 21:43 | d-------- | 0 bytes] C:\Program Files\Mozilla Firefox\plugins\Microsoft.VC80.CRT 
[10/04/2007 18:21 | --a------ | 163256 bytes] C:\Program Files\Mozilla Firefox\plugins
p-mswmp.dll 
[07/08/2007 14:35 | --a------ | 49152 bytes] C:\Program Files\Mozilla Firefox\plugins
p32dsw.dll 
[09/03/2009 05:19 | --a------ | 410984 bytes] C:\Program Files\Mozilla Firefox\plugins
pdeploytk.dll 
[16/09/2008 02:11 | --a------ | 1335600 bytes] C:\Program Files\Mozilla Firefox\plugins
pdivx32.dll 
[16/09/2008 02:11 | --a------ | 1607 bytes] C:\Program Files\Mozilla Firefox\plugins
pdivx32.xpt 
[16/09/2008 02:12 | --a------ | 98304 bytes] C:\Program Files\Mozilla Firefox\plugins
pDivxPlayerPlugin.dll 
[21/09/2006 17:29 | --------- | 135227 bytes] C:\Program Files\Mozilla Firefox\plugins
pExentCtl.dll 
[21/09/2006 17:27 | --------- | 249 bytes] C:\Program Files\Mozilla Firefox\plugins
pIExentCtl.xpt 
[05/12/2005 22:31 | --a------ | 114688 bytes] C:\Program Files\Mozilla Firefox\plugins
pmozax.dll 
[24/04/2009 08:48 | --a------ | 65528 bytes] C:\Program Files\Mozilla Firefox\plugins
pnul32.dll 
[14/10/2008 21:33 | --a------ | 95600 bytes] C:\Program Files\Mozilla Firefox\plugins
ppdf32.dll 
[29/06/2008 00:36 | --a------ | 144984 bytes] C:\Program Files\Mozilla Firefox\plugins
ppl3260.dll 
[27/04/2005 22:10 | --a------ | 102400 bytes] C:\Program Files\Mozilla Firefox\plugins
pracplug.dll 
[29/06/2008 00:36 | --a------ | 8192 bytes] C:\Program Files\Mozilla Firefox\plugins
prjplug.dll 
[29/06/2008 00:35 | --a------ | 94208 bytes] C:\Program Files\Mozilla Firefox\plugins
prpjplug.dll 
[25/03/2009 11:42 | --a------ | 114688 bytes] C:\Program Files\Mozilla Firefox\plugins
pzylomgamesplayer.dll 
[16/09/2008 02:12 | --a------ | 297 bytes] C:\Program Files\Mozilla Firefox\plugins
sIDivxPlayerPlugin.xpt 
[07/08/2007 14:04 | --a--c--- | 1144 bytes] C:\Program Files\Mozilla Firefox\plugins\ShockwavePlugin.class 
[30/03/2007 11:43 | --a------ | 149569 bytes] C:\Program Files\Mozilla Firefox\plugins\WMP Firefox Plugin License.rtf 
[30/03/2007 11:43 | --a------ | 3352 bytes] C:\Program Files\Mozilla Firefox\plugins\WMP Firefox Plugin RelNotes.txt 
 
----------\ Analyse d'Internet Explorer 
 
HKEY_CURRENT_USER\..\Internet Explorer,Start Page: https://www.google.com/?gws_rd=ssl   
HKEY_CURRENT_USER\..\Internet Explorer,Search Page: https://www.google.com/?gws_rd=ssl   
HKEY_CURRENT_USER\..\Internet Explorer,SearchAssistant: http://www.google.com/toolbar/ie8/sidebar.html   
HKEY_LOCAL_MACHINE\..\Internet Explorer,Search Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch   
HKEY_LOCAL_MACHINE\..\Internet Explorer,Start Page: https://www.msn.com/fr-fr/   
HKEY_LOCAL_MACHINE\..\Internet Explorer,Default_Search_URL: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch   
HKEY_LOCAL_MACHINE\..\Internet Explorer,CustomizeSearch: https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm   
HKEY_LOCAL_MACHINE\..\Internet Explorer,SearchAssistant: https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm   
 
----------\ Browser Helper Object 
 
BHO: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60},@SANS NOM=BitComet ClickCapture 
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E},@SANS NOM=Google Dictionary Compression sdch 
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C},@SANS NOM=JQSIEStartDetectorImpl  
 
----------\ SearchScopes 
 
[HKEY_USERS\S-1-5-21-1214440339-854245398-725345543-1004\..\SearchScopes],@DefaultScope={afdbddaa-5d3f-42ee-b79c-185a7020515b} 
[HKEY_USERS\S-1-5-21-1214440339-854245398-725345543-1004\..\SearchScopes\{436D7E76-5267-4D8E-AB04-CC7EDFA4584C}],@DisplayName=P2P_Torrent Customized Web Search 
[HKEY_USERS\S-1-5-21-1214440339-854245398-725345543-1004\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}],@DisplayName=DAEMON Search 
[HKEY_USERS\S-1-5-21-1214440339-854245398-725345543-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}],@DisplayName=Yoog Search 
[HKCU\..\SearchScopes],@DefaultScope={afdbddaa-5d3f-42ee-b79c-185a7020515b} 
[HKCU\..\SearchScopes\{436D7E76-5267-4D8E-AB04-CC7EDFA4584C}],@DisplayName=P2P_Torrent Customized Web Search 
[HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}],@DisplayName=DAEMON Search 
[HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}],@DisplayName=Yoog Search 
 
----------\ Extensions 
 
@xpsp3res.dll,-20001 : %windir%\Network Diagnostic\xpnetdiag.exe - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}  
Windows Messenger: C:\Program Files\Messenger\msmsgs.exe - {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}  

+--------------- Fin à 10h 08min

verni29 · Answer

OK, 

1/ Relance le logiciel LopS&D.

# Choisis l'option 3 pour supprimer l'infection.
# A la fin du nettoyage, un rapport LopR.txt apparait.

Tu posteras ce rapport dans le prochain message.

Note :  Il se trouve également en C:\LopR.txt. 

2/ Relance Yoog_Fix de Batch_Man

# choisis l'option 2 ( Suppression )
# Attend que la suppression se finisse.
# Ensuite appuis sur une touche, un rapport s'ouvre.

Poste-le dans ta prochaine réponse.

A+

ardillon62 · Answer

voici le rapport "lop" apres l'option 3 

  --------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 2800+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : VIDEOCEAN 1 ( Administrator )
   BOOT : Normal boot
   Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
   Firewall  : ZoneAlarm Firewall 7.0.483.000 (Activated)
   C:\ (Local Disk) - NTFS - Total:76 Go (Free:8 Go)
   D:\ (CD or DVD)
   E:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [3] ( 12/05/2009|10:24 )


   \\\\\\\\\\\\\\\ SUPPRESSION

   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Once Dog Dupe Amok
   Supprime! - C:\Program Files\Circle Developement
 
   \\\\\\\\\\\\\\\ 

 
   --------------------\  Listing des dossiers dans APPLIC~1

   [10/09/2005|08:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

   [03/03/2009|11:25] C:\DOCUME~1\ADMINI~1.POS\APPLIC~1\Microsoft

   [12/02/2009|16:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\1A181
   [01/04/2009|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [10/03/2007|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
   [11/07/2007|14:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aliasworlds
   [26/08/2007|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [24/02/2007|00:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [06/01/2008|16:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
   [03/03/2009|13:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
   [02/07/2007|09:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
   [30/03/2008|19:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Awem
   [24/02/2007|18:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
   [10/09/2007|23:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
   [13/03/2009|14:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
   [13/04/2009|00:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
   [25/04/2007|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ENJOY Plus!
   [31/07/2008|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EscapeTheMuseum
   [03/10/2007|12:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Exetender
   [08/11/2008|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FarmFrenzy2
   [26/12/2007|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FloodLightGames
   [02/08/2008|10:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreshGames
   [02/01/2009|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fugazo
   [05/08/2008|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse
   [13/01/2009|16:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [11/05/2009|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
   [12/08/2008|21:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HiddenSecretsNightmare
   [21/03/2009|00:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HipSoft
   [27/07/2008|10:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intenium
   [12/08/2008|11:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
   [03/03/2009|13:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
   [07/07/2008|19:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
   [28/12/2008|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
   [27/07/2008|02:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
   [11/05/2009|23:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [18/03/2007|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
   [12/09/2008|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Metacafe
   [26/12/2007|20:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [01/03/2007|01:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
   [21/02/2007|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
   [21/02/2007|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MotiveSysIDs
   [23/10/2008|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MythPeople
   [25/05/2007|21:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1
7-89-o9-3r-4t-r9
   [22/12/2007|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
   [03/11/2007|20:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NeptunesAdve
   [27/06/2007|17:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1
View_Profiles
   [06/07/2008|20:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
   [06/07/2008|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle VideoSpin
   [14/04/2009|00:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
   [22/04/2009|09:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayPond
   [05/03/2009|22:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Playrix Entertainment
   [21/06/2007|09:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PY_Software
   [31/12/2008|13:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
   [07/01/2009|16:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RealArcade
   [24/04/2007|18:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Runic
   [24/01/2009|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
   [08/02/2009|20:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SFR
   [18/03/2009|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [14/03/2009|10:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
   [30/07/2008|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
   [02/10/2008|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
   [19/06/2007|10:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
   [12/05/2009|08:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [06/09/2007|13:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
   [19/08/2008|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
   [06/07/2008|20:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VideoSpin
   [12/10/2008|14:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Vso
   [30/04/2009|22:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WebcamMax
   [23/08/2006|15:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [04/11/2006|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
   [05/10/2008|20:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
   [01/04/2007|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

   [01/12/2007|16:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [26/07/2008|21:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
   [04/09/2007|00:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
   [06/01/2008|16:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [05/05/2008|03:06] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
   [10/09/2005|13:35] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

   [31/01/2008|20:10] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Adobe
   [17/07/2006|16:28] C:\DOCUME~1\VIDEOC~1\APPLIC~1\AdobeAUM
   [16/06/2007|16:58] C:\DOCUME~1\VIDEOC~1\APPLIC~1\AdobeUM
   [11/03/2007|20:40] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Ahead
   [27/02/2007|17:27] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Apple Computer
   [04/10/2007|08:00] C:\DOCUME~1\VIDEOC~1\APPLIC~1\AVG7
   [29/12/2008|21:13] C:\DOCUME~1\VIDEOC~1\APPLIC~1\AVS4YOU
   [16/06/2007|12:20] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Beep Industries
   [15/01/2008|02:55] C:\DOCUME~1\VIDEOC~1\APPLIC~1\BitTorrent
   [29/10/2008|02:13] C:\DOCUME~1\VIDEOC~1\APPLIC~1\BloodTies
   [04/05/2009|15:26] C:\DOCUME~1\VIDEOC~1\APPLIC~1\CamfrogWEB
   [09/05/2009|14:14] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Canneverbe_Limited
   [30/01/2008|00:33] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Cross+A
   [13/03/2009|14:22] C:\DOCUME~1\VIDEOC~1\APPLIC~1\CyberLink
   [09/05/2008|18:26] C:\DOCUME~1\VIDEOC~1\APPLIC~1\DAEMON Tools
   [14/10/2008|23:34] C:\DOCUME~1\VIDEOC~1\APPLIC~1\DivX
   [20/09/2007|00:56] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Druide
   [13/03/2009|22:25] C:\DOCUME~1\VIDEOC~1\APPLIC~1\dvdcss
   [11/02/2009|12:22] C:\DOCUME~1\VIDEOC~1\APPLIC~1\funkitron
   [14/07/2007|14:30] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Gaijin Ent
   [28/02/2009|13:38] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Gamelab
   [19/10/2008|12:00] C:\DOCUME~1\VIDEOC~1\APPLIC~1\GamesCafe
   [17/06/2007|13:49] C:\DOCUME~1\VIDEOC~1\APPLIC~1\G‚n‚atique2007
   [14/07/2008|03:28] C:\DOCUME~1\VIDEOC~1\APPLIC~1\GetRightToGo
   [07/01/2008|00:33] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Google
   [02/09/2007|22:55] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Grammatica
   [30/08/2007|01:58] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Greyfirst
   [22/06/2007|11:28] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Help
   [19/04/2009|09:56] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Identities
   [17/11/2008|19:21] C:\DOCUME~1\VIDEOC~1\APPLIC~1\InfraRecorder
   [22/03/2007|02:11] C:\DOCUME~1\VIDEOC~1\APPLIC~1\ItsLabel
   [22/04/2007|14:51] C:\DOCUME~1\VIDEOC~1\APPLIC~1\iWin
   [23/08/2007|20:14] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Jasc
   [31/01/2009|21:12] C:\DOCUME~1\VIDEOC~1\APPLIC~1\JewelMatch2
   [26/03/2007|19:18] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Leadertech
   [10/05/2009|15:39] C:\DOCUME~1\VIDEOC~1\APPLIC~1\LimeWire
   [11/04/2008|13:43] C:\DOCUME~1\VIDEOC~1\APPLIC~1\LogMeIn Rescue
   [19/08/2006|16:57] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Macromedia
   [28/12/2008|16:52] C:\DOCUME~1\VIDEOC~1\APPLIC~1\MAGIX
   [11/05/2009|23:56] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Malwarebytes
   [10/10/2007|21:23] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Media Player Classic
   [15/07/2008|02:57] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Metacafe
   [02/05/2008|12:49] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Microsoft
   [05/04/2008|20:24] C:\DOCUME~1\VIDEOC~1\APPLIC~1\mIRC
   [21/02/2007|20:48] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Motive
   [31/08/2008|20:37] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Mozilla
   [25/03/2007|17:09] C:\DOCUME~1\VIDEOC~1\APPLIC~1\MSNInstaller
   [22/12/2007|11:41] C:\DOCUME~1\VIDEOC~1\APPLIC~1\NCH Swift Sound
   [18/03/2008|23:00] C:\DOCUME~1\VIDEOC~1\APPLIC~1\ooVoo Details
   [28/04/2009|11:53] C:\DOCUME~1\VIDEOC~1\APPLIC~1\OpenOffice.org2
   [01/04/2008|21:31] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Opera
   [25/07/2008|14:02] C:\DOCUME~1\VIDEOC~1\APPLIC~1\PC Tools
   [07/04/2009|18:53] C:\DOCUME~1\VIDEOC~1\APPLIC~1\PlayFirst
   [29/06/2008|00:39] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Real
   [25/03/2007|04:57] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Screenshot Sender
   [21/12/2008|12:29] C:\DOCUME~1\VIDEOC~1\APPLIC~1\SecondLife
   [25/10/2008|19:31] C:\DOCUME~1\VIDEOC~1\APPLIC~1\SecuROM
   [13/01/2009|22:25] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Skip-Bo
   [11/05/2009|09:38] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Skype
   [18/03/2009|11:25] C:\DOCUME~1\VIDEOC~1\APPLIC~1\skypePM
   [18/04/2009|19:10] C:\DOCUME~1\VIDEOC~1\APPLIC~1\SpinTop Games
   [12/05/2009|09:59] C:\DOCUME~1\VIDEOC~1\APPLIC~1\StarOffice8
   [04/09/2008|01:33] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Studio-Scrap
   [23/03/2007|09:34] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Sun
   [10/09/2005|12:37] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Symantec
   [05/06/2008|16:18] C:\DOCUME~1\VIDEOC~1\APPLIC~1\TaoUSign
   [18/03/2008|22:42] C:\DOCUME~1\VIDEOC~1\APPLIC~1	eamspeak2
   [24/03/2009|19:25] C:\DOCUME~1\VIDEOC~1\APPLIC~1\TeamViewer
   [02/10/2008|22:58] C:\DOCUME~1\VIDEOC~1\APPLIC~1\TuneUp Software
   [18/08/2008|19:48] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Ulead Systems
   [19/06/2007|16:23] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Uniblue
   [02/01/2009|23:03] C:\DOCUME~1\VIDEOC~1\APPLIC~1\ViquaSoft
   [05/03/2009|03:47] C:\DOCUME~1\VIDEOC~1\APPLIC~1\vlc
   [15/10/2008|10:07] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Vso
   [30/04/2009|22:55] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Webcammax
   [06/11/2007|10:30] C:\DOCUME~1\VIDEOC~1\APPLIC~1\XINEK
   [20/04/2009|10:25] C:\DOCUME~1\VIDEOC~1\APPLIC~1\YoudaGames
   [19/04/2009|09:56] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Zylom
   [19/04/2009|09:57] C:\DOCUME~1\VIDEOC~1\APPLIC~1\Zylom DressUpRush
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [12/05/2009 08:08][--a------] C:\WINDOWS	asks\Google Software Updater.job
   [12/05/2009 10:00][--a------] C:\WINDOWS	asks\Maintenance en 1 clic.job
   [07/05/2009 23:51][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [12/05/2009 08:07][--ah-----] C:\WINDOWS	asks\SA.DAT
   [05/08/2004 14:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [25/02/2008|00:14] C:\Program Files\AbiSuite2
   [01/04/2009|10:52] C:\Program Files\Adobe
   [25/07/2008|02:22] C:\Program Files\Ahead
   [06/04/2008|09:42] C:\Program Files\Alcohol Soft
   [03/06/2007|09:18] C:\Program Files\Anuman Interactive
   [04/09/2008|14:33] C:\Program Files\Apple Software Update
   [13/08/2008|13:32] C:\Program Files\Audacity
   [13/03/2007|13:37] C:\Program Files\AVI DivX MPEG to DVD Converter & Burner
   [26/07/2008|02:09] C:\Program Files\Avira
   [03/01/2009|17:12] C:\Program Files\AVS4YOU
   [21/06/2007|12:37] C:\Program Files\Axis Communications
   [28/12/2008|16:24] C:\Program Files\BitComet
   [15/03/2009|17:20] C:\Program Files\BitComet Acceleration Patch
   [25/10/2008|19:29] C:\Program Files\Boonty
   [25/10/2008|19:30] C:\Program Files\BoontyGames
   [22/12/2007|11:36] C:\Program Files\Brighter Child
   [21/02/2007|20:02] C:\Program Files\BroadJump
   [06/06/2008|08:43] C:\Program Files\BSD Concept
   [25/02/2009|22:58] C:\Program Files\CA Yahoo! Anti-Spy
   [15/01/2008|02:26] C:\Program Files\CCleaner
   [09/05/2009|14:12] C:\Program Files\CDBurnerXP
   [28/12/2008|03:02] C:\Program Files\City Interactive
   [07/11/2008|19:58] C:\Program Files\Club-Internet
   [24/05/2008|22:01] C:\Program Files\Codemasters
   [05/11/2007|22:18] C:\Program Files\CoffeeCup Software
   [06/09/2007|21:15] C:\Program Files\Common Files
   [09/09/2005|18:53] C:\Program Files\ComPlus Applications
   [06/04/2008|09:45] C:\Program Files\Conduit
   [30/01/2008|00:33] C:\Program Files\CrossAFr
   [14/03/2009|10:41] C:\Program Files\CyberLink
   [10/05/2008|10:31] C:\Program Files\DAEMON Tools
   [10/05/2008|10:31] C:\Program Files\DAEMON Tools Lite
   [10/09/2005|13:55] C:\Program Files\Data-Concept
   [05/03/2009|00:16] C:\Program Files\DivX
   [13/08/2007|22:02] C:\Program Files\D-Tools
   [05/07/2008|13:57] C:\Program Files\DVDVideoSoft
   [14/01/2009|21:45] C:\Program Files\EA GAMES
   [18/03/2009|16:48] C:\Program Files\Fichiers communs
   [12/05/2009|07:57] C:\Program Files\FLVKnife
   [06/05/2008|08:25] C:\Program Files\free-downloads.net
   [17/06/2007|13:45] C:\Program Files\Geneatique2007
   [08/02/2009|01:32] C:\Program Files\Google
   [04/09/2007|00:54] C:\Program Files\Grisoft
   [06/06/2008|08:51] C:\Program Files\Heredis 8
   [03/02/2008|11:48] C:\Program Files\inKline Global
   [29/04/2009|22:34] C:\Program Files\InstallShield Installation Information
   [22/04/2009|21:53] C:\Program Files\Internet Explorer
   [17/12/2007|03:11] C:\Program Files\iPass
   [17/01/2008|15:45] C:\Program Files\iPod
   [17/01/2008|15:45] C:\Program Files\iTunes
   [23/08/2007|20:12] C:\Program Files\Jasc Software Inc
   [03/04/2009|08:55] C:\Program Files\Java
   [04/07/2008|17:32] C:\Program Files\KC Softwares
   [20/03/2009|11:22] C:\Program Files\K-Lite Codec Pack
   [11/03/2007|14:34] C:\Program Files\LAventure
   [14/04/2009|00:11] C:\Program Files\LimeWire
   [28/02/2007|14:18] C:\Program Files\Livre Album Fuji Photo
   [21/06/2007|14:27] C:\Program Files\Logitech
   [07/07/2008|19:31] C:\Program Files\ma-config.com
   [26/03/2007|19:39] C:\Program Files\Macrogaming
   [25/01/2009|12:49] C:\Program Files\Mafia
   [28/12/2008|20:54] C:\Program Files\MAGIX
   [10/10/2007|20:50] C:\Program Files\Ma‹do Production
   [11/05/2009|23:56] C:\Program Files\Malwarebytes' Anti-Malware
   [23/04/2009|06:21] C:\Program Files\Messenger
   [19/01/2009|19:11] C:\Program Files\Messenger Plus! Live
   [25/03/2007|17:05] C:\Program Files\MessengerPlus! 3
   [30/06/2008|08:21] C:\Program Files\Metacafe
   [29/04/2009|22:34] C:\Program Files\Micro Application
   [10/05/2007|03:02] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [09/09/2005|18:56] C:\Program Files\microsoft frontpage
   [23/08/2007|13:28] C:\Program Files\Microsoft Office
   [19/03/2009|07:33] C:\Program Files\Microsoft SQL Server
   [03/05/2008|17:48] C:\Program Files\Microsoft SQL Server Compact Edition
   [01/03/2007|01:39] C:\Program Files\Microsoft Visual Studio 8
   [01/03/2007|01:49] C:\Program Files\Microsoft.NET
   [23/11/2007|09:07] C:\Program Files\Motive(2)
   [12/09/2008|22:17] C:\Program Files\Motive(3)
   [22/04/2009|21:53] C:\Program Files\Movie Maker
   [12/05/2009|10:09] C:\Program Files\Mozilla Firefox
   [10/10/2007|21:21] C:\Program Files\MpcStar
   [10/09/2005|12:21] C:\Program Files\MSI
   [25/03/2007|17:08] C:\Program Files\MSN
   [09/09/2005|18:52] C:\Program Files\MSN Gaming Zone
   [03/07/2007|16:54] C:\Program Files\MSXML 4.0
   [28/03/2007|03:05] C:\Program Files\MSXML 6.0
   [22/12/2007|11:41] C:\Program Files\NCH Swift Sound
   [22/04/2009|21:21] C:\Program Files\NetMeeting
   [27/01/2008|22:40] C:\Program Files\Netscape
   [27/04/2009|16:47] C:\Program Files\Oberon Media
   [09/09/2005|18:52] C:\Program Files\Online Services
   [18/07/2008|02:32] C:\Program Files\Ontrack
   [28/04/2009|19:32] C:\Program Files\ooVoo
   [04/06/2008|15:38] C:\Program Files\OpenOffice.org 2.4
   [02/08/2008|10:26] C:\Program Files\orange
   [22/04/2009|21:21] C:\Program Files\Outlook Express
   [25/07/2008|02:59] C:\Program Files\Panda Security
   [25/02/2009|22:58] C:\Program Files\Phototool
   [28/09/2008|06:17] C:\Program Files\Picasa2
   [18/06/2007|09:35] C:\Program Files\Protectis
   [17/06/2007|13:45] C:\Program Files\ProtectisModeles
   [10/06/2008|13:13] C:\Program Files\Publication Web
   [25/02/2009|23:00] C:\Program Files\QuickTime
   [29/06/2008|00:35] C:\Program Files\Real
   [25/05/2007|21:39] C:\Program Files\ReflexiveArcade
   [14/07/2008|03:36] C:\Program Files\Replay Converter
   [11/05/2009|09:38] C:\Program Files\Savescreen
   [25/12/2008|04:13] C:\Program Files\SecondLife
   [09/09/2005|18:54] C:\Program Files\Services en ligne
   [26/03/2007|22:22] C:\Program Files\Setup Files
   [08/02/2009|23:49] C:\Program Files\SFR
   [19/08/2007|14:11] C:\Program Files\Siber Systems
   [18/03/2009|16:49] C:\Program Files\Skype
   [10/05/2008|10:42] C:\Program Files\SlySoft
   [29/12/2008|23:08] C:\Program Files\SmartSound Software
   [14/08/2007|14:53] C:\Program Files\solarus
   [14/04/2009|00:11] C:\Program Files\SpeedFan
   [11/05/2009|11:37] C:\Program Files\Spyware Doctor
   [25/02/2009|22:58] C:\Program Files\Steam
   [20/11/2008|18:20] C:\Program Files\Strategy First
   [25/07/2008|14:43] C:\Program Files\Sun
   [22/03/2009|11:33] C:\Program Files\TeamViewer
   [04/03/2009|19:46] C:\Program Files\Toox
   [11/05/2009|23:18] C:\Program Files	oox.com
   [17/06/2007|13:46] C:\Program Files\Tracker Software
   [11/05/2009|22:37] C:\Program Files	rend micro
   [12/04/2009|21:16] C:\Program Files\Trillian
   [14/01/2009|22:45] C:\Program Files\Ubi Soft
   [14/01/2009|22:33] C:\Program Files\Ubisoft
   [18/08/2008|19:45] C:\Program Files\Ulead Systems
   [09/09/2005|19:04] C:\Program Files\Uninstall Information
   [27/03/2007|00:03] C:\Program Files\VIAudioi
   [28/02/2007|11:40] C:\Program Files\VideoLAN
   [30/10/2007|02:07] C:\Program Files\Virtools
   [05/11/2007|22:24] C:\Program Files\Visicom Media
   [15/10/2008|10:07] C:\Program Files\VSO
   [05/05/2008|19:57] C:\Program Files\Windows Live
   [03/05/2008|17:50] C:\Program Files\Windows Live Favorites
   [03/05/2008|17:51] C:\Program Files\Windows Live Toolbar
   [28/06/2007|10:00] C:\Program Files\Windows Media Components
   [27/02/2007|19:46] C:\Program Files\Windows Media Connect 2
   [22/04/2009|21:21] C:\Program Files\Windows Media Player
   [22/04/2009|21:21] C:\Program Files\Windows NT
   [09/09/2005|18:54] C:\Program Files\WindowsUpdate
   [29/06/2007|13:37] C:\Program Files\WinRAR
   [09/09/2005|18:56] C:\Program Files\xerox
   [11/03/2007|16:15] C:\Program Files\Xilisoft
   [14/04/2009|00:11] C:\Program Files\Yahoo!
   [11/06/2007|10:37] C:\Program Files\yWriter2
   [27/07/2008|02:49] C:\Program Files\Zone Labs
   [20/04/2009|10:07] C:\Program Files\Zylom Games

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [01/04/2009|10:56] C:\Program Files\Fichiers communs\Adobe
   [12/05/2009|10:08] C:\Program Files\Fichiers communs\Akamai
   [26/08/2007|11:02] C:\Program Files\Fichiers communs\Apple
   [03/01/2009|17:12] C:\Program Files\Fichiers communs\AVSMedia
   [24/02/2007|18:29] C:\Program Files\Fichiers communs\BOONTY Shared
   [13/03/2009|14:12] C:\Program Files\Fichiers communs\CyberLink
   [09/09/2007|17:43] C:\Program Files\Fichiers communs\Designer
   [11/05/2008|07:49] C:\Program Files\Fichiers communs\DirectX
   [05/07/2008|13:57] C:\Program Files\Fichiers communs\DVDVideoSoft
   [20/07/2007|17:27] C:\Program Files\Fichiers communs\GTK
   [31/03/2006|17:33] C:\Program Files\Fichiers communs\InstallShield
   [23/03/2007|09:33] C:\Program Files\Fichiers communs\Java
   [21/06/2007|14:26] C:\Program Files\Fichiers communs\Labtec
   [28/12/2008|16:47] C:\Program Files\Fichiers communs\MAGIX Shared
   [06/03/2009|09:55] C:\Program Files\Fichiers communs\Microsoft Shared
   [21/02/2007|20:06] C:\Program Files\Fichiers communs\Motive
   [09/09/2005|18:54] C:\Program Files\Fichiers communs\MSSoap
   [10/03/2007|22:00] C:\Program Files\Fichiers communs\Nero
   [02/08/2008|10:26] C:\Program Files\Fichiers communs\Oberon Media
   [09/09/2005|20:41] C:\Program Files\Fichiers communs\ODBC
   [29/06/2008|00:36] C:\Program Files\Fichiers communs\Real
   [01/05/2008|20:58] C:\Program Files\Fichiers communs\Scanner
   [09/09/2005|20:41] C:\Program Files\Fichiers communs\SpeechEngines
   [16/07/2008|00:51] C:\Program Files\Fichiers communs\SWF Studio
   [19/06/2007|10:51] C:\Program Files\Fichiers communs\Symantec Shared
   [22/04/2009|21:21] C:\Program Files\Fichiers communs\System
   [20/12/2007|14:36] C:\Program Files\Fichiers communs\WindowsLiveInstaller
   [29/06/2008|00:36] C:\Program Files\Fichiers communs\xing shared

   --------------------\  Process

   ( 45 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-05-12 10:33:02
   Windows 5.1.2600 Service Pack 3 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 46
 
   --------------------\  Recherche d'autres infections

   C:\WINDOWS\system32\sCcbJRqr.ini
   C:\WINDOWS\system32\sCcbJRqr.ini2
   [b]==> VUNDO <==/b
 
   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\VIDEOC~1\Favoris\Jeux Cherche  Recherche de crack fr hospital tycoon.url


   [F:15][D:4]-> C:\DOCUME~1\VIDEOC~1\LOCALS~1\Temp
   [F:1][D:0]-> C:\DOCUME~1\VIDEOC~1\Cookies
   [F:6][D:4]-> C:\DOCUME~1\VIDEOC~1\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 12/05/2009| 9:58 - Option : [1]
   2 - "C:\Lop SD\LopR_2.txt" - 12/05/2009|10:41 - Option : [3]

   --------------------\  Fin du rapport a 10:41:14

ardillon62 · Answer

et pour yoog-fix en option 2 ... il se ferme seul sans avoir donné de rapport :(

verni29 · Answer

Ouvre le poste de travail.
Il y a un rapport en C:\Yoog_Fix.txt 
poste-le.

On va voir si l'outil a généré ou pas un rapport.
Sinon, il faudra faire le nettoyage manuellement.

A+

ardillon62 · Answer

voila dans poste de travail il y avait effectivement un rapport ;)


Yoog_Fix 2.02 de Batch_Man 
Debut a 10:55 le 12/05/2009 
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
Internet Explorer 6.0.2900.5512 
Mozilla Firefox 3.0.10 (fr) 
Avira GmbH 8.0.1.30  (Activated) 
Check Point, LTD. 7.0.483.000  (Activated) 

C:\ [Fixed] - NTFS - (Total:78152 Mo/Free:897 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Option 1 [2] Suppression  

+---------------\ Suppression


----------\ Suppression dans de fichiers


----------\ Suppression dans prefs.js et user.js


----------\ Suppression dans le registre


----------\ Fichiers temporaires

loloetseb · Answer

;)

verni29 · Answer

Télécharge AD-Remover sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

Tu te déconnectes du net et ferme toutes les applications en cours.

    * Double-clique sur AD-R.exe et installe-le.
    * Double-clique sur le raccourci crée sur le bureau.
    *  Au menu principal, choisis l'option "A" pour effectuer une recherche les traces de certains logiciels installés sur ton PC.

Un rapport Va apparaitre. Poste le contenu dans ton prochain message. 

A+

ardillon62 · Answer

voila le rapport "ad remover"...


------- LOGFILE OF AD-REMOVER 1.1.3.7 | ONLY XP/VISTA -------

Updated by C_XX on 11/05/2009 at 16:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

Start at: 13:20:05, 12/05/2009 | Boot mode: Normal Boot
Option: Scan | Executed from: C:\Program Files\Ad-remover\
Operating System: Microsoft® Windows XP™  Service Pack 3 (version 5.1.2600)
Computer Name: POSTE1
Current User: VIDEOCEAN 1 - Administrator
Drive(s): 
- C:\  (File System: NTFS)

(!) ---- C:\Documents and Settings\Administrateur\Ntuser.dat Loaded as: 'HKU\Administrateur'
(!) ---- C:\Documents and Settings\Administrateur.POSTE1\Ntuser.dat Loaded as: 'HKU\Administrateur.POSTE1'

============ Known Adwares Found ============

.
HKCR\SearchSettings.BHO
HKCR\SearchSettings.BHO.1
HKCU\Software\AppDataLow\HavingFunOnline
HKLM\Software\Classes\SearchSettings.BHO
HKLM\Software\Classes\SearchSettings.BHO.1
HKLM\Software\Conduit
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
HKCR\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082} 
HKLM\Software\Classes\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082} 
HKCR\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} 
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} 
HKCR\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} 
HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288} 
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} 
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} 
.
C:\Program Files\Conduit
C:\Documents and Settings\VIDEOCEAN 1\Application Data\Mozilla\Firefox\Profiles\zh7uz1hs.default\EBSuggestHistory
C:\Documents and Settings\VIDEOCEAN 1\Application Data\Mozilla\Firefox\Profiles\zh7uz1hs.default\searchplugins\conduit.xml
C:\WINDOWS\Prefetch\AU_.EXE-33BD152C.pf

+-----------------| Eorezo Elements Found:

HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
.

+-----------------| It's TV Elements Found:

HKCU\Software\ItsLabel
HKLM\Software\ItsLabel
HKU\S-1-5-21-1214440339-854245398-725345543-1004\Software\ItsLabel
.
C:\Documents and Settings\VIDEOCEAN 1\Application Data\ItsLabel

+-----------------| Sweetim Elements Found:

HKCU\Software\SWEETIE
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\Program Files\Macrogaming

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.10 ----

ProfilePath: zh7uz1hs.default (VIDEOCEAN 1)
.
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://msn.fr");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.10");
.
(Prefs.js) Found: user_pref("CT1098640.CTPBaseServerUrl", "hxxp://services.conduit.com/");
(Prefs.js) Found: user_pref("CT1098640.Server", "hxxp://users.conduit.com");
(Prefs.js) Found: user_pref("CT1638723.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
(Prefs.js) Found: user_pref("CT1638723.CTPBaseServerUrl", "hxxp://grouping.services.conduit.com/");
(Prefs.js) Found: user_pref("CT1638723.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1638723&SearchSource=2&q=");
(Prefs.js) Found: user_pref("CT1638723.Server", "hxxp://users.conduit.com");

---- Internet Explorer Version 6.0.2900.5512 ----

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start Page: hxxp://google.com/

[HKEY_USERS\S-1-5-21-1214440339-854245398-725345543-1004\..\Internet Explorer\Main]

Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start Page: hxxp://google.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

=========== Suspicious ==========

C:\Documents and Settings\VIDEOCEAN 1\.housecall6.6\patch.exe
[218736 Byte(s)|--a------|26/05/2008 09:46|HashMD5: b9a80ba0083fb8196f8ca0bef053ea4e |CRC32: 12c79c8b]


+---------------------------------------------------------------------------+

4883 Byte(s) - C:\Ad-Report-Scan-12.05.2009.log

1 File(s) - C:\Program Files\Ad-remover\BACKUP
0 File(s) - C:\Program Files\Ad-remover\QUARANTINE

End at: 14:05:45 | 12/05/2009
.
+-----------------| E.O.F
.

verni29 · Answer

1/ Relance AD-Remover.

# Tu choisis l'option B ( Clean ).
# Sur la fenêtre qui s'ouvre, tape 1 pour supprimer les Known Adwares Found

Après nettoyage, un rapport va s'ouvrir.

2/ Recommence cette manip de nettoyage en choisissant les options :
- 2 pour EoRezo
- 3 pour IT's TV
- 4 POUR SweetIM

Puis poste le dernier rapport qui s'ouvrira.

A+

ardillon62 · Answer

voici le rapport ad-remover après suppression:



------- LOGFILE OF AD-REMOVER 1.1.3.7 | ONLY XP/VISTA -------

Updated by C_XX on 11/05/2009 at 16:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

**** LIMITED TO ****

Known Adwares
Eorezo
It's TV
Sweetim

********************

Start at: 17:02:13, 12/05/2009 | Boot mode: Normal Boot
Option: Clean | Executed from: C:\Program Files\Ad-remover\
Operating System: Microsoft® Windows XP™  Service Pack 3 (version 5.1.2600)
Computer Name: POSTE1
Current User: VIDEOCEAN 1 - Administrator
Drive(s): 
- C:\  (File System: NTFS)

(!) ---- C:\Documents and Settings\Administrateur\Ntuser.dat Loaded as: 'HKU\Administrateur'
(!) ---- C:\Documents and Settings\Administrateur.POSTE1\Ntuser.dat Loaded as: 'HKU\Administrateur.POSTE1'

(!) ---- IE start pages/Tabs reset

============ Known Adwares Deleted ============

.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
HKCR\SearchSettings.BHO
HKCR\SearchSettings.BHO.1
HKCU\Software\AppDataLow\HavingFunOnline
HKLM\Software\Conduit
HKCR\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}
HKCR\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
HKCR\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
.
C:\Program Files\Conduit
C:\Documents and Settings\VIDEOCEAN 1\Application Data\Mozilla\Firefox\Profiles\zh7uz1hs.default\EBSuggestHistory
C:\Documents and Settings\VIDEOCEAN 1\Application Data\Mozilla\Firefox\Profiles\zh7uz1hs.default\searchplugins\conduit.xml
C:\WINDOWS\Prefetch\AU_.EXE-33BD152C.pf

+-----------------| Eorezo Elements Deleted :

HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
.

+-----------------| It's TV Elements Deleted :

HKCU\Software\ItsLabel
HKLM\Software\ItsLabel
.
C:\Documents and Settings\VIDEOCEAN 1\Application Data\ItsLabel

+-----------------| Sweetim Elements Deleted :

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKCU\Software\SWEETIE
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\Program Files\Macrogaming

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.



+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.10 ----

ProfilePath: zh7uz1hs.default (VIDEOCEAN 1)
.
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://msn.fr");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.10");
.
(Prefs.js) Removed: user_pref("CT1098640.CTPBaseServerUrl", "hxxp://services.conduit.com/"); 
(Prefs.js) Removed: user_pref("CT1098640.Server", "hxxp://users.conduit.com"); 
(Prefs.js) Removed: user_pref("CT1638723.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); 
(Prefs.js) Removed: user_pref("CT1638723.CTPBaseServerUrl", "hxxp://grouping.services.conduit.com/"); 
(Prefs.js) Removed: user_pref("CT1638723.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1638723&SearchSource=2&q="); 
(Prefs.js) Removed: user_pref("CT1638723.Server", "hxxp://users.conduit.com"); 

---- Internet Explorer Version 6.0.2900.5512 ----

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-1214440339-854245398-725345543-1004\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

=========== Suspicious ==========

C:\Documents and Settings\VIDEOCEAN 1\.housecall6.6\patch.exe
[218736 Byte(s)|--a------|26/05/2008 09:46|HashMD5: b9a80ba0083fb8196f8ca0bef053ea4e |CRC32: 12c79c8b]


+---------------------------------------------------------------------------+

5013 Byte(s) - C:\Ad-Report-Clean-12.05.2009.log
5100 Byte(s) - C:\Ad-Report-Scan-12.05.2009.log

20 File(s) - C:\Program Files\Ad-remover\BACKUP
2 File(s) - C:\Program Files\Ad-remover\QUARANTINE

End at: 17:49:20 | 12/05/2009
.
+-----------------| E.O.F
.

verni29 · Answer

OK, 

Ton PC commence à être plus propre.
Il ne reste plus que quelques fichiers infectieux.

1/ Lance Hijackthis et tu choisis " Do a system scan only ".
Tu sélectionnes les lignes suivantes :

R3 - URLSearchHook: toox.com Toolbar - {a841a1c1-4687-4285-89fe-e9df6c5ed4c6} - C:\Program Files	oox.com	btoo1.dll (file missing) 
O3 - Toolbar: toox.com Toolbar - {a841a1c1-4687-4285-89fe-e9df6c5ed4c6} - C:\Program Files	oox.com	btoo1.dll (file missing) 

Tu choisis l'option " Fixchecked" en bas de la page.

2/ As-tu besoin de toutes ces barres d'outil ? Google TooBar, mediaco, Windows live ToolBar.
Tu peux si tu le désires en enlever certaines dans le panneau de configuration --> Ajout/supp de programmes.

3/ Il reste un outil à passer car il y a encore des fichiers d'une infection Vundo.
C'est un outil puissant que je ne te conseille pas d'utiliser sans l'aide d'un helper.

Tu vas télécharger ComBoFix et enregistre le sur ton bureau ( important pour la suite )
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

# Désactive les protections résidentes de ton ordinateur ( antivirus, antispyware et parefeu )
# Branche tes différents supports amovibles ( clés USB, disque dur externe ) sans les ouvrir.

# Lance Combofix.exe et suis les invites.
# Il te sera demandé d’installer la console de récupération.
Important. Fais le absolument.

Il est possible que ComBoFix redémarre l’ordinateur pour supprimer certains fichiers. 

# Une fois le scan fini, un rapport va apparaitre.

Copie/colle ce rapport dans ta prochaine réponse.

Note : Si tu ne le trouves pas, il est à C:\ComboFix.txt.

A+

verni29 · Answer

1/ Relance OTMoveIT3.

# Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous  Paste Instructions for Items to be Moved.

:Files
c:\windows\S42E87F54.tmp 
c:\windows\Internet Logs\xDB??.tmp  

# clique sur MoveIt! pour lancer la suppression. 
# Le résultat apparaitra dans le cadre "Results". 
# Copie/colle le résultat dans ton prochain message.

le rapport ( fichier .log ) est également situé dans C:\_OTMoveIt\MovedFiles.

2/ Poste un  dernier rapport Hijacthis.

A+

ardillon62 · Answer

voici le rapport otmoveit 3 ... 

:\windows\S42E87F54.tmp moved successfully.
c:\windows\Internet Logs\xDB1.tmp moved successfully.
c:\windows\Internet Logs\xDB10.tmp moved successfully.
c:\windows\Internet Logs\xDB11.tmp moved successfully.
c:\windows\Internet Logs\xDB12.tmp moved successfully.
c:\windows\Internet Logs\xDB13.tmp moved successfully.
c:\windows\Internet Logs\xDB14.tmp moved successfully.
c:\windows\Internet Logs\xDB15.tmp moved successfully.
c:\windows\Internet Logs\xDB16.tmp moved successfully.
c:\windows\Internet Logs\xDB17.tmp moved successfully.
c:\windows\Internet Logs\xDB18.tmp moved successfully.
c:\windows\Internet Logs\xDB19.tmp moved successfully.
c:\windows\Internet Logs\xDB1A.tmp moved successfully.
c:\windows\Internet Logs\xDB1B.tmp moved successfully.
c:\windows\Internet Logs\xDB1C.tmp moved successfully.
c:\windows\Internet Logs\xDB1D.tmp moved successfully.
c:\windows\Internet Logs\xDB1E.tmp moved successfully.
c:\windows\Internet Logs\xDB1F.tmp moved successfully.
c:\windows\Internet Logs\xDB2.tmp moved successfully.
c:\windows\Internet Logs\xDB20.tmp moved successfully.
c:\windows\Internet Logs\xDB21.tmp moved successfully.
c:\windows\Internet Logs\xDB3.tmp moved successfully.
c:\windows\Internet Logs\xDB4.tmp moved successfully.
c:\windows\Internet Logs\xDB5.tmp moved successfully.
c:\windows\Internet Logs\xDB6.tmp moved successfully.
c:\windows\Internet Logs\xDB7.tmp moved successfully.
c:\windows\Internet Logs\xDB8.tmp moved successfully.
c:\windows\Internet Logs\xDB9.tmp moved successfully.
c:\windows\Internet Logs\xDBA.tmp moved successfully.
c:\windows\Internet Logs\xDBB.tmp moved successfully.
c:\windows\Internet Logs\xDBC.tmp moved successfully.
c:\windows\Internet Logs\xDBD.tmp moved successfully.
c:\windows\Internet Logs\xDBE.tmp moved successfully.
c:\windows\Internet Logs\xDBF.tmp moved successfully.
 
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05122009_211150





et un rapport hijacthis:

Logfile of HijackThis v1.99.1
Scan saved at 21:19:57, on 12/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\VIDEOCEAN 1\Bureau\hijackthis-1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b934f0efc4d44aaa89d047f81fadc842
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b934f0efc4d44aaa89d047f81fadc842
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Groom - {66F83792-DAE1-4823-8F20-ADA94B33A4FF} - C:\Program Files\Toox\Groom\Groom.exe (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://angiedu62200.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://ww11.commandondemand.com/eval/cod/cabs/cssweb.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://p2pi.mine.nu:1444/activex/AMC.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-bb1d910906c85616.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

verni29 · Answer

1/ Tu passes l'outil suivant pour nettoyer ce qu'il reste de Norton Antivirus.
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924 

2/ Mets à jour ton système pour éviter d'avoir des failles de sécurité.

--> Mets à jour Acrobat Reader. Il est la cible d'attaques et il est important d'avoir la dernière version sur son PC.
https://get2.adobe.com/fr/reader/otherversions/

--> Même si tu n'utilises pas Internet Explorer, fais la mise à jour pour d'éventuelles utilisations du logiciel ( mises à jour ... )

Télécharges IE7 et installe-le.
https://www.pcastuces.com/logitheque/default.htm

--> Télécharge JavaRa de PaulMcLain et Fred De Vries.
https://javara.fr.malavida.com/

    * Click droit sur l'archive JavaRa.zip et extraire sur le bureau.
    *  Un dossier sera crée. L'ouvrir et double-cliquer sur JavaRa.exe pour le lancer
    * Choisis la langue ( français )

Une fenêtre va s'ouvrir ou tu auras le choix entre mettre à jour et supprimer les anciennes versions de Java.

- Mise à jour :

    * clique sur Recherche de mise à jour et choisis l'option Mettre à jour via jucheck.exe .
    * Il te sera précisé si il existe ou pas de nouvelle version à installer sur ton PC.
    * Si oui, clique sur Installer puis suis les invites.

Note : Si  tu n'y arrives pas avec cette option, choisis l'autre Mettre à jour via le site Internet de Sun  ou alors sur le site suivant https://www.java.com/fr/download/manual.jsp

- Suppression des anciennes versions :

    * Relance JavaRa.exe s'il le faut et choisis Effacer les anciennes versions
    * Suis les invites.
    * Il te sera précisé de la suppression les versions trouvées et supprimées

Un rapport sera crée. Poste-le.

A+

ardillon62 · Answer

voila les mises a jour ont étaient faites et voici le rapport de java:


JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue May 12 22:32:54 2009

Found and removed: C:\Program Files\Java\j2re1.4.0_03

Found and removed: C:\Program Files\Java\j2re1.4.2_13

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_04

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142130}

Found and removed: C:\WINDOWS\system32\plugincpl140_03.cpl

Found and removed: SOFTWARE\Classes\JavaSoft.JavaBeansBridge

Found and removed: SOFTWARE\Classes\JavaSoft.JavaBeansBridge.1

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaw.Exe

Found and removed: SOFTWARE\Classes\JavaPlugin.140_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.0_03

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_04

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_04

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_04

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610004

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160040}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC1E4C93-C1E7-11D6-9D10-00010240CE95}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142130}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D411203

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D411203

Found and removed: SOFTWARE\Classes\JavaPlugin.142_13

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_13

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_13

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_13

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\JavaPlugin.142_13

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_04

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_04

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_04\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_02\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_04\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_07\bin\

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue May 12 22:34:55 2009

------------------------------------

Finished reporting.

loloetseb · Answer

;)

verni29 · Answer

On termine.

1) On va enlever les logiciels qui ont été utilisés..
Télécharge ToolsCleaner .sur le bureau
http://pc-system.fr/

Double-clique sur ToolsCleaner2.exe --> Recherche --> Suppression.
Il est possible que ton bureau disparaisse.

Fais un copier/coller du rapport qui se trouve dans C:\TCleaner.txt.

2/ Tu vas utiliser CCleaner. 
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner 

utilise les fonctions nettoyeur et registre. 

3) Il est préférable maintenant que ton PC est propre de nettoyer la restauration système  et de créer un point propre pour une utilisation ultérieure.

Les points de restauration : 

-  Panneau de configuration --> Système --> Restauration du système 

cocher " Désactiver la restauration .... " ( si elle est cochée sinon la décocher -- >  valider -- > cocher )
Une fenêtre va s’ouvrir pour t’avertir que les poins de restauration existants seront supprimés.
Accepte.

Décoche ensuite « Désactiver la restauration .... » pour réactiver la restauration système

- Tu vas recréer un point de restauration propre.

Pour recréer un point de restauration :
Démarrer --> Programmes --> Accessoires --> Outils système --> Restauration système
Choisis "Créer un point de restauration". Suis les invites.

--------------------------------------------------------------------------------------------------------

Ton PC est propre.
Tu as remarqué le nombre de logiciels , toolbars qu'on avait désinstallé.
Sois un peu plus prudent dans ton surf.

Une lecture : projet antimalwares : https://www.malekal.com/fichiers/projetantimalwares/prevention-protection.pdf

---------------------------------------------------------------------------------------------------------

/!\ Tu peux aussi dénoncer ton infection /!\ 
http://www.malwarecomplaints.info/phpBB3/viewforum.php?f=10

Lis l'article suivant pour t'aider dans la démarche : http://www.malekal.com/malwarecomplaints.html
Pour ton cas, choisis l'infection vundo.

-----------------------------------------------------------------------------------------------------------

Peux-tu mettre le sujet en résolu ? Merci.

En te souhaitant bonne lecture et bon surf.

Salut.

ardillon62 · Answer

mille merci pour ton aide et le partage de tes connaissances... 

je te post le rapport de toolscleaner :

[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

--> Recherche: 

C:\VundoFix.txt: trouvé !
C:\Combofix.txt: trouvé !
C:\lopR.txt: trouvé !
C:\TB.txt: trouvé !
C:\Yoog_Fix.txt: trouvé !
C:\SDFIX: trouvé !
C:\Lop SD: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Yoog_Fix: trouvé !
C:\Documents and Settings\VIDEOCEAN 1\Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\VIDEOCEAN 1\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\VIDEOCEAN 1\Bureau\Ad-remover.lnk: trouvé !
C:\Documents and Settings\VIDEOCEAN 1\Bureau\ToolBarSD.exe: trouvé !
C:\Documents and Settings\VIDEOCEAN 1\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\VIDEOCEAN 1\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\VIDEOCEAN 1\Bureau\Yoog_Fix.exe: trouvé !
C:\Documents and Settings\VIDEOCEAN 1\Bureau\hijackthis-1\HijackThis.exe: trouvé !
C:\Documents and Settings\VIDEOCEAN 1\Bureau\hijackthis-1\hijackthis.log: trouvé !
C:\Documents and Settings\VIDEOCEAN 1\Menu Démarrer\Programmes\Ad-remover: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Ad-remover\BACKUP\Ad-R.exe: trouvé !
C:\Program Files	rend micro\HijackThis.exe: trouvé !
C:\Program Files	rend micro\hijackthis.log: trouvé !
C:\Yoog_Fix\Yoog_Fix.exe: trouvé !

---------------------------------
--> Suppression: 

C:\Documents and Settings\VIDEOCEAN 1\Bureau\LopSD.exe: supprimé !
C:\Documents and Settings\VIDEOCEAN 1\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\VIDEOCEAN 1\Bureau\Ad-remover.lnk: supprimé !
C:\Documents and Settings\VIDEOCEAN 1\Bureau\ToolBarSD.exe: supprimé !
C:\Documents and Settings\VIDEOCEAN 1\Bureau\hijackthis-1\HijackThis.exe: supprimé !
C:\Program Files\Ad-remover\BACKUP\Ad-R.exe: supprimé !
C:\Program Files	rend micro\HijackThis.exe: supprimé !
C:\VundoFix.txt: supprimé !
C:\Combofix.txt: supprimé !
C:\lopR.txt: supprimé !
C:\TB.txt: supprimé !
C:\Yoog_Fix.txt: supprimé !
C:\Documents and Settings\VIDEOCEAN 1\Bureau\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\VIDEOCEAN 1\Bureau\Rsit.exe: supprimé !
C:\Documents and Settings\VIDEOCEAN 1\Bureau\Yoog_Fix.exe: supprimé !
C:\Documents and Settings\VIDEOCEAN 1\Bureau\hijackthis-1\hijackthis.log: supprimé !
C:\Program Files	rend micro\hijackthis.log: supprimé !
C:\Yoog_Fix\Yoog_Fix.exe: supprimé !
C:\SDFIX: supprimé !
C:\Lop SD: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
C:\Yoog_Fix: supprimé !
C:\Documents and Settings\VIDEOCEAN 1\Menu Démarrer\Programmes\Ad-remover: supprimé !
C:\Program Files\Ad-remover: supprimé !

Probleme avec mozilla firefox

39 réponses

Discussions similaires

Newsletters