Bonjour, depuis une semaine environ, mon ordi rame à mort, mes données de l'ordi: intel celeron M processor 370, 60 GB HDD, 512 mb DDR2; je n'y connais pas grand chose en informatique mais pouvez vous m'aider à résoudre cette lenteur très pénible que ce soit pour ouvrir des fichiers, internet, lire des videos (le son et les images beuguent)....etc, j'ai nettoyer les disques, défragmenter mais cétait très très long vu que l'ordi ramait (plus de 24 heures), analyser avec antivir, spybot, ad aware et ça rame toujours autant !!! mes disques durs ne sont pas pleins, et j'ai fait le tri dans les fichiers à virer, merci pour vos conseils de maitre, à très vite

Ordi qui rame

Réponse 1 / 23

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
25 mai 2009 à 10:15

Salut,

Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.

* Double-clique sur RSIT.exe afin de lancer RSIT.

* Clique sur Continue à l'écran Disclaimer.

* Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés %systemroot%\rsit

francis76
25 mai 2009 à 21:14

ok , j'ai réalisé les manoeuvres, voila les 2 fichiers:

info.txt logfile of random's system information tool 1.06 2009-05-25 21:00:13

======Uninstall list======

-->C:\Program Files\DialMessenger/uninstall.exe
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer French Guide Link\Uninst.isu"
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x40c /cont -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x40c -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eManager for Notebook-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Acer ePowerManagement-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x40c
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Acrobat.com-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adidas-Polar_Athletes Screen Saver-->C:\WINDOWS\system32\Adidas-Polar_Athletes.scr /u
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Arcade 3.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoStudio 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}\setup.exe" -l0x40c -uninst
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bibliorom-->"C:\Program Files\Microsoft Référence\Bibliorom\Setup\install.exe"
Bluesoleil2.6.0.8 Release 070517-->MsiExec.exe /X{438BB9B4-65FE-4626-91D9-A8F57B18001D}
Canon Camera Support Core Library-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1036
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DSLR 5 for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 5 for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{36C65B50-37BA-4467-AAD5-0523EFDF6F62}
Canon EOS Kiss_N REBEL_XT 350D Pilote WIA -->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4} /l1036
Canon i850-->C:\WINDOWS\system32\CNMCP4b.exe "-PRINTERNAMECanon i850" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i850 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i850 Installer\Inst2\cnmi040c.dll"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{5B03B93F-1B32-4509-9CA6-4BB33E9987EF}
Canon Internet Library for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D0E8C34D-19D2-49FD-A900-88DEB788FF86}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}
Canon Utilities Digital Photo Professional 2.0-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{17BF3045-AB1D-4048-8356-6C584B83565E} /l1036
Canon Utilities EOS Capture 1.5-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
Canon ZoomBrowser EX (F)-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CanoScan Toolbox 4.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x40c anything
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Coeur-->"C:\Program Files\Coeur\unins000.exe"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
EPSON CardMonitor-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\SETUP.EXE" -l0x40c uninst
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\Setup.exe" -l0x40c -UnInstall
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON PhotoQuicker3.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x40c uninst
EPSON PhotoStarter3.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\SETUP.EXE" -l0x40c uninst
EPSON PRINT Image Framer Tool2.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x40c anything
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x40c Uninstall
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
Favorit-->"c:\documents and settings\francois\local settings\application data\seaem.exe" -uninstall
FlashDiskManager V4.01-->"C:\Program Files\FlashDiskManager\uninstall.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
K-Lite Codec Pack 2.70 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Launch Manager V1.0.8.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\Setup.exe" -l0x40c
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Manual CanoScan 3000,3000F-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E088AC54-7379-4C8F-A8B6-D2381E5A1172}\setup.exe" -l0x40c
Messenger Plus! Live & Sponsor (CiD)-->"D:\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 CD-ROM 2-->MsiExec.exe /I{0004040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{9085040C-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mozilla Firefox (1.5)-->C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (fr)"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NTI Backup NOW! 4-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1036 BUN4
NTI CD & DVD-Maker-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
OmniPage SE-->MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
Orange - Logiciels Internet-->C:\Program Files\OrangeHSS\installation\core\Installgui.exe -u
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PIF DESIGNER2.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}\SETUP.EXE" -l0x40c anything
PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
ScanToWeb-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoftV90 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025\HXFSETUP.EXE -U -IVEN_8086&DEV_266D&SUBSYS_006A1025
Sony Picture Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x40c /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x40c UNINSTALL -removeonly
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
VideoLAN VLC media player 0.8.6c-->D:\VLC\uninstall.exe
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Vuze Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Vuze-->C:\Program Files\Vuze\uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic

======System event log======

Computer Name: FRANCOISPC
Event Code: 4377
Message: Le correctif Windows XP KB960803 a été installé.

Record Number: 1932982
Source Name: NtServicePack
Time Written: 20090417165400.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: FRANCOISPC
Event Code: 19
Message: Installation réussie : Windows a installé la mise à jour suivante : Mise à jour de sécurité pour Windows XP (KB923561)

Record Number: 1932981
Source Name: Windows Update Agent
Time Written: 20090417165356.000000+120
Event Type: Informations
User:

Computer Name: FRANCOISPC
Event Code: 4377
Message: Le correctif Windows XP KB923561 a été installé.

Record Number: 1932980
Source Name: NtServicePack
Time Written: 20090417165355.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: FRANCOISPC
Event Code: 18
Message: Prêt pour l'installation : les mises à jour suivantes ont été téléchargées et sont prêtes pour l'installation. L'installation de ces mises à jour est actuellement planifiée pour le ?samedi ?18 ?avril ?2009 à 03:00 :
- Mise à jour de sécurité pour Windows XP (KB923561)
- Mise à jour de sécurité pour Windows XP (KB960803)
- Mise à jour de sécurité pour Windows XP (KB952004)
- Mise à jour de sécurité pour Windows XP (KB956572)
- Outil de suppression de logiciels malveillants Windows - avril 2009 (KB890830)
- Mise à jour de sécurité cumulative pour Internet Explorer 7 pour Windows XP (KB963027)
- Mise à jour de sécurité pour Windows XP (KB961373)
- Mise à jour de sécurité pour Windows XP (KB959426)

Record Number: 1932979
Source Name: Windows Update Agent
Time Written: 20090417164526.000000+120
Event Type: Informations
User:

Computer Name: FRANCOISPC
Event Code: 18
Message: Prêt pour l'installation : les mises à jour suivantes ont été téléchargées et sont prêtes pour l'installation. L'installation de ces mises à jour est actuellement planifiée pour le ?samedi ?18 ?avril ?2009 à 03:00 :
- Mise à jour de sécurité pour Windows XP (KB923561)
- Mise à jour de sécurité pour Windows XP (KB960803)
- Mise à jour de sécurité pour Windows XP (KB952004)
- Mise à jour de sécurité pour Windows XP (KB956572)
- Outil de suppression de logiciels malveillants Windows - avril 2009 (KB890830)
- Mise à jour de sécurité cumulative pour Internet Explorer 7 pour Windows XP (KB963027)
- Mise à jour de sécurité pour Windows XP (KB961373)

Record Number: 1932978
Source Name: Windows Update Agent
Time Written: 20090417164526.000000+120
Event Type: Informations
User:

=====Application event log=====

Computer Name: FRANCOISPC
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur FRANCOISPC\Francois alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.

Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

Record Number: 5865
Source Name: Userenv
Time Written: 20071023173135.000000+120
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: FRANCOISPC
Event Code: 4096
Message: The AntiVir service has been started successfully!

Record Number: 5864
Source Name: H+BEDV AntiVir
Time Written: 20071023172739.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: FRANCOISPC
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 5863
Source Name: SecurityCenter
Time Written: 20071023172736.000000+120
Event Type: Informations
User:

Computer Name: FRANCOISPC
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur FRANCOISPC\Francois alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.

Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

Record Number: 5862
Source Name: Userenv
Time Written: 20071021181828.000000+120
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: FRANCOISPC
Event Code: 1
Message: Mise à jour automatique du certificat racine tierce partie réussie : Objet : <CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US> Empreinte digitale Sha1 : <4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5>

Record Number: 5861
Source Name: crypt32
Time Written: 20071021115358.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\;
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Francois at 2009-05-25 20:59:21
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 6 GB (24%) free of 27 GB
Total RAM: 502 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:08, on 25/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbWeatherOnTray.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Francois\Local Settings\Temporary Internet Files\Content.IE5\049RADSU\RSIT[1].exe
C:\Program Files\trend micro\Francois.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {44F27C0A-1149-7B9A-CCBD-9F091034EC3D} - C:\DOCUME~1\Francois\APPLIC~1\PROGRA~1\base show.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [SNCT511] C:\WINDOWS\vsnct511.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\471~1.0\SBInst.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NI.UERSV_0001_N68M0602] "C:\Documents and Settings\Francois\Local Settings\Temporary Internet Files\Content.IE5\GZIJ2LM5\ErrorSafeScannerInstall_fr[1].exe" -nag
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SEE.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB003" /M "Stylus CX3600"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [second load] C:\DOCUME~1\Francois\APPLIC~1\IDOLSU~1\DrvWay.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [seaem] "c:\documents and settings\francois\local settings\application data\seaem.exe" seaem
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - http://ssl-tb.sitadelle.com/...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{43F93F86-888D-472D-BAC2-2957B93A564F}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32\tazth.dll (file missing)
O22 - SharedTaskScheduler: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32\tazth.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158 > francis76
26 mai 2009 à 09:16

Ton log est incomplet, mais j'ai trouvé des infections, on aurra du travail ^^

Télécharge Toolbar S&D ( de Eric_71/Team IDN )

Laisse le te guider pendant l'installation ..

!! Déconnecte toi et ferme toutes tes applications en cours le temps de la manipe !!

▶ choisis F puis valide.

▶ Tapes sur 2 ( nettoyage ) puis tape sur [Entrée].

*La recherche commence*

▶ Ne touche a rien pendant le scan

▶ Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse

NOTE:
Le rapport est sauvegardé ici -> C:\TB.txt

************************************************************
Rends toi sur ce site :

https://www.virustotal.com/gui/

Copie ce qui suit et colles le dans l'espace pour la recherche ( ou clique sur "parcourir" et va jusqu'au fichier demandé ) :

C:\WINDOWS\system32\tazth.dll

Clique sur Send File ( = " Envoyer le fichier " ).

Un rapport va s'élaborer ligne à ligne.

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta prochaine réponse ...

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )

@+

francis76 > fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011
28 mai 2009 à 09:48

salut,

dsl d'étre si tardif pour les réponses mais je n'arrive pas à envoyer de message par rapport aux infos que tu m'as donné, ça fé 2 fois que j'essaie d'envoyer les fichiers mais le message échoue à l'envoie (erreur sur la page apparemment),

j'envoie ce message sur un autre ordi, j'essaie de te renvoie les infos en question,

a +

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158 > francis76
1 juil. 2009 à 15:52

Après un mois et quelque ... tu es toujours la ?

francis76 > fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011
1 juil. 2009 à 18:57

oui toujours là, j'ai relancé l'affaire mais pas de solutions à mon pb à part rajouter de la ram sur mon ordi d'après d'autres internautes,

j'avais bien reéalisé tes conseils mais l'analyse d'un fichier n'a pas pu aboutir car je ne l'avais pas trouvé.

sinon pas de nouvelles depuis, si tu peux me redonner des infos, pas de soucis,

a plus

francis76

Réponse 2 / 23

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
1 juil. 2009 à 22:07

Re
Fais toolbar s&d (voir en haut)

poste un nouveau log RSIT , car tu es infecté ..

francis76
2 juil. 2009 à 18:41

voila les infos,

le rapport toolbar et log rsit:

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Francois ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 0.0.0.0 (Activated)
C:\ (Local Disk) - FAT32 - Total:26 Go (Free:5 Go)
D:\ (Local Disk) - FAT32 - Total:26 Go (Free:16 Go)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 02/07/2009|18:30 )

-----------\\ Recherche de Fichiers / Dossiers ...

[Service] ASKService
[Service] ASKUpgrade
C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Cache
C:\Program Files\AskBarDis\bar\History
C:\Program Files\AskBarDis\bar\Settings\AskLogo.ico
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AskBarDis\bar\bin\AskTBApp.exe
C:\Program Files\AskBarDis\bar\bin\AskSplash.exe
C:\Program Files\AskBarDis\bar\Cache\files.ini
C:\Program Files\AskBarDis\bar\Cache\00DEFFF3
C:\Program Files\AskBarDis\bar\Cache\00DF0320
C:\Program Files\AskBarDis\bar\Cache\00DF05CF.bin
C:\Program Files\AskBarDis\bar\Cache\00DF08FC.bin
C:\Program Files\AskBarDis\bar\Cache\00DF0AB1.bin
C:\Program Files\AskBarDis\bar\Cache\00DF0C67.bin
C:\Program Files\AskBarDis\bar\Cache\00DF0EA9.bin
C:\Program Files\AskBarDis\bar\Cache\00DF10AC.bin
C:\Program Files\AskBarDis\bar\Cache\00DF134C.bin
C:\Program Files\AskBarDis\bar\History\search
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\IESkins
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\Wallpaper
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\eskin
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\HostOL
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\HostOI
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Bidz.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Games.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hide.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hotmail.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Mails.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bingo.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_categorize.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_comparison.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-Mails.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-people.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_fastutilities.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_favorites.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hotbarcom.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hsskin.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jobsearch.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_new.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_premium.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_reun.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_ringtones.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchfor.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchgo.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_weather.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_yellowpages.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Top7_theweb.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ads.cdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans.idx
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans1.dat
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\business_promo.htm
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\components.cdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_1000.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_2000.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_3000.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bar.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_logos.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_other.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\default.cdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-def-511724-9595.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-t1-bg.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium-hotbar-premium.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium.cdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar_promo.htm
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\icons2.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords.idx
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords1.dat
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\layout.cdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\linkpathlegal.txt
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\s_icons_buttons.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sales_buttons.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\t2_bg.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\top7.cdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\tsd_bg.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.txt
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\linkpathlegal.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\layout.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_1000.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_2000.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_3000.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_logos.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_other.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_weather.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\tsd_bg.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\t2_bg.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\s_icons_buttons.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\progress.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\email-t1-bg.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bar.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar1.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sales_buttons.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\business_promo.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hotbar_promo.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords1.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\BtnTrans.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\BtnTrans1.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\default.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\icons2.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\top7.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\ads.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hotbar-premium.xip
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Bidz.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Games.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Hide.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Hotmail.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Mails.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bingo.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_categorize.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_comparison.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_explorer-Mails.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_explorer-people.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_fastutilities.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_favorites.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_hotbarcom.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_hsskin.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jobsearch.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_new.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_premium.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_reun.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_ringtones.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_searchfor.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_searchgo.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_weather.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_yellowpages.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Top7_theweb.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\ads.cdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\btntrans.idx
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\btntrans1.dat
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\business_promo.htm
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\components.cdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_1000.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_2000.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_3000.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bar.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bbar1.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_logos.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_other.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_weather.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\default.cdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\email-def-511724-9595.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\email-t1-bg.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar-premium-hotbar-premium.mnu
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar-premium.cdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar_promo.htm
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\icons2.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords.idx
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords1.dat
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\layout.cdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\linkpathlegal.txt
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\progress.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\s_icons_buttons.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\sales_buttons.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\t2_bg.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\top7.cdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\tsd_bg.res
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2884323.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\domains.txt
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ustat
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\hstat
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ASPL1.dat
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1394575.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1005433.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1418656.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1383356.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\550843.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1384393.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\747332.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1065003.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2899601.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\3420491.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1396621.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1055531.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1385382.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1817352.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\3442556.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1054344.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\972425.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2896152.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1384287.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2722385.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1401220.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1824521.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2399451.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1035224.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2572187.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1489755.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\789685.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\978544.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\846700.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\57048.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1391092.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\548063.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\121938.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1405914.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2016586.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\693187.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\3436451.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\3423454.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\880604.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1389071.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1386004.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1393134.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1504966.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\499863.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1387273.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1388096.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\566217.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\554943.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2259681.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2790710.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2691339.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\480930.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2101289.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2487528.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\625004.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1056126.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\423362.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\407824.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1043399.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2070254.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1070510.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1384138.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1391571.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\642059.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\21353.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\948597.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1387597.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\877979.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1455090.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\610695.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\499982.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\665775.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1038680.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\600583.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2462722.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1496959.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\33048.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\476544.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\162832.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2824905.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1974772.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1397534.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1386161.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2069897.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\541974.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2841924.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1049051.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\698191.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1387611.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1386481.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\819382.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1387864.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\175641.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1383577.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2082650.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\69015.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\263477.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1042804.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1852206.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\120513.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1057642.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2365060.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1386887.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\48657.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1401899.sdf
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ustat\334c.dat
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\678506
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\5358
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\32171
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\91224
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\6539
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\658742
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\3009
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\40766
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\73905
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\704972
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\68021
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\6304
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\23923
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\67564
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\526389
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\23928
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\650179
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\34123
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\598613
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\528235
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\641647
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\2672
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\45833
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\18721
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\703336
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\86379
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\251949
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\223385
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\29115
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\57904
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\707001
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\4385
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\80670
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\707408
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\710723
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\28383
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\710839
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\92573
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705234
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\29338
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705355
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\641659
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\710726
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705243
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44228
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\130921
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\652424
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\30455
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\20570
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\711415
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\93921
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\87770
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\673474
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\684514
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44303
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\451283
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44313
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\61207
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\4442
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705035
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\148687
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\51166
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\59283
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\361427
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\52253
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\35000
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\392888
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\64484
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705153
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\9313
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\34140
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705078
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\19624
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\667275
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705393
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\91551
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44293
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\11891
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\64703
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\29135
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\7521
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\13546
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\396771
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705343
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705314
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705076
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\251549
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705161
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\445700
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\81293
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\39897
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\15473
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\31262
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\36735
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\27414
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705438
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\244692
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\24625
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\69201
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705238
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\708601
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\223130
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\1058
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\66274
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\69769
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\708401
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\712598
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\41980
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705226
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705461
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\27505
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\64404
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\19650
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\54469
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\704963
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\704975
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\624438
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\704979
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705022
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\79972
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705170
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\628262
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\66836
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\704990
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705282
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705338
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705407
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\2903
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705374
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705428
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705345
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\623694
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705216
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\673732
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\32242
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705215
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705181
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\703600
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705060
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\20266
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\708631
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\603824
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\710858
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\3677
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705402
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705388
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705409
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705311
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\711335
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\706853
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\706852
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\64944
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\624085
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\55865
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\67831
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\69019
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\12776
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\25839
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\41940
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\26185
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\523291
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\82180
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\71254
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\28185
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\683065
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\98015
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\50037
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705435
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\704983
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705232
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\688368
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705239
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\82011
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705395
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\297253
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705127
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705396
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705394
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705124
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705133
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705129
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\67226
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44878
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705156
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\43907
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\17025
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\34237
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\80193
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\63264
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705401
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705308
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\29642
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\91231
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\6586
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\9805
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\41421
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\59234
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\82139
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\32075
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\98325
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\82145
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\83706
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705150
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\691552
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\708643
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\90358
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\52625
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\711393
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\42916
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\64515
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\9836
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\11431
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\65424
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\99658
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\26134
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\52968
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\46159
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\87439
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\29512
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\28812
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\9875
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\711231
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\896
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\31638
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\639510
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\628264
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\25509
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\83209
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\83211
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\2021
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\83210
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\93110
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\69866
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\27503
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\59844
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\371665
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\258537
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\52335
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\34186
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\61837
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\87387
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\91204
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\64646
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\56815
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\97524
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\97499
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\607711
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44300
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\20299
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\26664
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705113
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44458
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\6873
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\685568
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\43638
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\34267
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\49444
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\51174
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\29547
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\83226
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\634486
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\654471
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\24905
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\90375
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\598707
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\41999
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\696893
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\617075
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705206
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\634670
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\706579
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\78788
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\624121
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\623821
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\688162
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\653927
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\605882
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\182864
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\90271
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\27515
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\705063
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\707856
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\64763
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\25306
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\54473
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\639392
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\16700
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\41952
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\494328
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\7887
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\7946
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\83732
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\29683
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\28147
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\69361
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\28207
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\72932
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\1424
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\79977
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\35006
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\79989
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\1370
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\72123
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\611476
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\611492
C:\DOCU

Réponse 3 / 23

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
3 juil. 2009 à 14:59

Fais toolbar s&d option 2 (si le rapport es trop lent , dépose le ICI et colle le lien obtenu

Et refais un nouveau log RSIT ..

@+ ^^

francis76
3 juil. 2009 à 17:21

excuse pour toolbar je croyais qu'il fallait faire "recherche",

voila pour l'option 2 "supression" le rapport :

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Francois ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 0.0.0.0 (Activated)
C:\ (Local Disk) - FAT32 - Total:26 Go (Free:5 Go)
D:\ (Local Disk) - FAT32 - Total:26 Go (Free:16 Go)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 03/07/2009|17:09 )

-----------\\ SUPPRESSION

Supprime! - [Service] ASKService
Supprime! - [Service] ASKUpgrade
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\v3.0
Supprime! - C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\IESkins
Supprime! - C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\Wallpaper
Supprime! - C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility\eskin
Supprime! - C:\Program Files\SpamBlockerUtility\Bin
Supprime! - C:\Program Files\SpamBlockerUtility\SpamBlockerUtility.log
Supprime! - C:\Program Files\AskBarDis
Supprime! - C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlockerUtility
Supprime! - C:\Program Files\SpamBlockerUtility

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ Extensions

(Francois) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr"
"Search Page"="https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Default_Page_URL"="https://www.msn.com/fr-fr"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

--------------------\\ Recherche d'autres infections

C:\DOCUME~1\Francois\LOCALS~1\APPLIC~1\seaem.dat
C:\DOCUME~1\Francois\LOCALS~1\APPLIC~1\seaem_nav.dat
C:\DOCUME~1\Francois\LOCALS~1\APPLIC~1\seaem_navps.dat
[b]==> EGDACCESS <==/b

--------------------\\ ROGUES ..

C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlocker

1 - "C:\ToolBar SD\TB_1.txt" - 26/05/2009|19:36 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 26/05/2009|20:03 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 27/05/2009|20:19 - Option : [1]
4 - "C:\ToolBar SD\TB_4.txt" - 02/07/2009|18:32 - Option : [1]
5 - "C:\ToolBar SD\TB_5.txt" - 03/07/2009|17:12 - Option : [2]

-----------\\ Fin du rapport a 17:12:00,59

le rapport log :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Francois at 2009-07-03 17:16:26
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 6 GB (22%) free of 27 GB
Total RAM: 502 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:00, on 03/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Francois\Local Settings\Temporary Internet Files\Content.IE5\RJ12FQSI\RSIT[1].exe
C:\Program Files\trend micro\Francois.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {44F27C0A-1149-7B9A-CCBD-9F091034EC3D} - C:\DOCUME~1\Francois\APPLIC~1\PROGRA~1\base show.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [SNCT511] C:\WINDOWS\vsnct511.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NI.UERSV_0001_N68M0602] "C:\Documents and Settings\Francois\Local Settings\Temporary Internet Files\Content.IE5\GZIJ2LM5\ErrorSafeScannerInstall_fr[1].exe" -nag
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SEE.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB003" /M "Stylus CX3600"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [second load] C:\DOCUME~1\Francois\APPLIC~1\IDOLSU~1\DrvWay.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [seaem] "c:\documents and settings\francois\local settings\application data\seaem.exe" seaem
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - http://ssl-tb.sitadelle.com/...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{43F93F86-888D-472D-BAC2-2957B93A564F}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32\tazth.dll (file missing)
O22 - SharedTaskScheduler: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32\tazth.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

Réponse 4 / 23

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
3 juil. 2009 à 17:26

Toujours infecté ...

**********************************************************
********************* Option 1 (Recherche) *********************
**********************************************************

Télécharge FindyKill (Merci a Chiquitine29 ,C_XX)

▶ Lance l'installation avec les paramètres par défaut

▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectés (!) sans les ouvrir (!)

▶ Double clic sur le raccourci FindyKill sur ton bureau

▶ Choisissez F pour Français puis pressez Entrée

▶ Au menu principal,choisis l'option 1 (Recherche)

▶ Poste le rapport FindyKill.txt

Note: le rapport FindyKill.txt est sauvegardé a la racine du disque

*********************************************************************

francis76
3 juil. 2009 à 17:39

et je suis infecté jusqu'à quel niveau...? c'est grave docteur..., bon sérieusement,

bon voila les infos pour findykill:

############################## | FindyKill V6.001 |

# User : Francois (Administrateurs) # FRANCOISPC
# Update on 30/06/09 by Chiquitine29 & C_XX
# Start at: 17:31:19 | 03/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Intel(R) Celeron(R) M processor 1.50GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | (!) Outdated ]
# AV : Avira AntiVir PersonalEdition Classic 7.0.1.75
[ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 7.0.3.61
[ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]

# C:\ # Disque fixe local # 26,51 Go (5,79 Go free) [ACER] # FAT32
# D:\ # Disque fixe local # 26,91 Go (16,2 Go free) [ACERDATA] # FAT32
# E:\ # Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Registre Startup |

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC"
HKCU_Main: "Start Page"="https://www.msn.com/fr-fr"
HKCU_Main: "Secondary Start Pages"=hex(7):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,\
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Francois"
HKLM_logon: "AltDefaultUserName"="Francois"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: preload=C:\Windows\RUNXMLPL.exe
HKLM_Run: IgfxTray=C:\WINDOWS\system32\igfxtray.exe
HKLM_Run: HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
HKLM_Run: SoundMan=SOUNDMAN.EXE
HKLM_Run: SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
HKLM_Run: SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM_Run: LaunchAp="C:\Program Files\Launch Manager\LaunchAp.exe"
HKLM_Run: PowerKey="C:\Program Files\Launch Manager\PowerKey.exe"
HKLM_Run: LManager="C:\Program Files\Launch Manager\HotkeyApp.exe"
HKLM_Run: CtrlVol="C:\Program Files\Launch Manager\CtrlVol.exe"
HKLM_Run: LMgrOSD="C:\Program Files\Launch Manager\OSDCtrl.exe"
HKLM_Run: Wbutton="C:\Program Files\Launch Manager\Wbutton.exe"
HKLM_Run: EPM-DM=c:\acer\epm\epm-dm.exe
HKLM_Run: ePowerManagement=C:\Acer\ePM\ePM.exe boot
HKLM_Run: IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
HKLM_Run: MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
HKLM_Run: PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM_Run: PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM_Run: PCMService="C:\Program Files\Arcade\PCMService.exe"
HKLM_Run: eRecoveryService=C:\Windows\System32\Check.exe
HKLM_Run: SNCT511=C:\WINDOWS\vsnct511.exe
HKLM_Run: WeatherOnTray=C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbWeatherOnTray.exe
HKLM_Run: SpySpotter System Defender=C:\Program Files\SpySpotter3\Defender.exe -startup
HKLM_Run: LogitechVideoRepair=C:\Program Files\Logitech\Video\ISStart.exe
HKLM_Run: Omnipage=C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
HKLM_Run: NI.UERSV_0001_N68M0602="C:\Documents and Settings\Francois\Local Settings\Temporary Internet Files\Content.IE5\GZIJ2LM5\ErrorSafeScannerInstall_fr[1].exe" -nag
HKLM_Run: avgnt="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKLM_Run: EPSON Stylus DX4000 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SEE.tmp" /EF "HKLM"
HKLM_Run: ImgTask=C:\WINDOWS\Imgtask.exe
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: EPSON Stylus CX3600 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
HKLM_Run: EPSON Stylus CX3600 Series (Copie 1)=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB003" /M "Stylus CX3600"
HKLM_Run: ORAHSSSessionManager=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM_Run: Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
HKCU_Run: second load=C:\DOCUME~1\Francois\APPLIC~1\IDOLSU~1\DrvWay.exe
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: seaem="c:\documents and settings\francois\local settings\application data\seaem.exe" seaem

################## | Fichiers # Dossiers infectieux |

Présent ! C:\WINDOWS\system32\autorun.ini

################## | C:\Documents and Settings\Francois\Temporary Internet Files |

################## | All Drives ... |

Présent ! D:\autorun.inf

################## | Registre # Clés Run infectieuses |

################## | Registre # Mountpoints2 |

HKCU\...\Explorer\MountPoints2\{37e58578-ac05-11dc-8a96-0014a42772d6}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{9a5209c6-dc19-11dd-8c19-0014a42772d6}\Shell\Auto\Command
HKCU\...\Explorer\MountPoints2\{9a5209c6-dc19-11dd-8c19-0014a42772d6}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{d848e714-5992-11dd-8b8f-001167716b82}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{de52edd8-31be-11da-8677-0014a42772d6}\Shell\Auto\Command
HKCU\...\Explorer\MountPoints2\{de52edd8-31be-11da-8677-0014a42772d6}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{f5001f68-8f9d-11db-892a-0014a42772d6}\Shell\AutoRun\Command

################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK

# Mode sans echec : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | Cracks / Keygens / Serials |

################## | ! Fin du rapport # FindyKill V6.001 ! |

en attente de la nouvelle consultation,
merci doc,

Réponse 5 / 23

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
3 juil. 2009 à 17:43

Tu n'est pas vraiment infecté ... :)

On continue ....

**********************************************************
********************* Option 2 (Nettoyage) *********************
**********************************************************

▶ Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, carte SD, etc...) sans les ouvrir.

▶ Double-clique sur le raccourci FindyKill situé sur ton Bureau (Sous Vista, il faut faire un clic droit sur le raccourci de FindyKill et choisir Exécuter en tant qu'administrateur).

▶ Choisis F pour Français puis presse Entrée.

▶ Au menu principal, choisis l'option 2 (Suppression)

▶ Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

Puis poste un nouveau log RSIT pour le controlle ...

++

francis76
3 juil. 2009 à 18:57

c'était long cette analyse ....

au fait j'utilise une clé USB mais que je n'ai pas là, sinon pas de disque dur externe, etc,

voila les rapports :

############################## | FindyKill V6.001 |

# User : Francois (Administrateurs) # FRANCOISPC
# Update on 30/06/09 by Chiquitine29 & C_XX
# Start at: 17:51:17 | 03/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Intel(R) Celeron(R) M processor 1.50GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | (!) Outdated ]
# AV : Avira AntiVir PersonalEdition Classic 7.0.1.75
[ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 7.0.3.61
[ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]

# C:\ # Disque fixe local # 26,51 Go (5,78 Go free) [ACER] # FAT32
# D:\ # Disque fixe local # 26,91 Go (16,2 Go free) [ACERDATA] # FAT32
# E:\ # Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\WINDOWS\system32\autorun.ini

################## | C:\Documents and Settings\Francois\Temporary Internet Files |

################## | All Drives ... |

Supprimé ! D:\autorun.inf

################## | Autres ... |

################## | Registre # Clés Run infectieuses |

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{37e58578-ac05-11dc-8a96-0014a42772d6}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{9a5209c6-dc19-11dd-8c19-0014a42772d6}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{d848e714-5992-11dd-8b8f-001167716b82}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{de52edd8-31be-11da-8677-0014a42772d6}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{f5001f68-8f9d-11db-892a-0014a42772d6}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[03/07/2009 17:48|--a------|5372] - C:\aaw7boot.log
[25/03/2007 13:39|--a------|115208] - C:\SNCT511.RAW
[15/10/2004 11:41|---hs----|512] - C:\BOOTSECT.DOS
[05/08/2004 05:00|-rahs----|4952] - C:\Bootfont.bin
[01/09/2008 09:56|-rahs----|252240] - C:\ntldr
[05/08/2004 05:00|-rahs----|47564] - C:\NTDETECT.COM
[25/09/2005 16:55|-rahs----|216] - C:\boot.ini
[08/07/2005 16:33|-rahs----|65] - C:\PRELOAD.AAA
[06/07/2005 19:40|--a------|4] - C:\wps.dat
[06/07/2005 19:50|--a------|167] - C:\bcmwl5.log
[08/07/2005 16:33|-rahs----|65] - C:\PRELOAD.REV
[22/07/2005 10:27|--ahs----|609] - C:\PATCH.REV
[11/04/2007 18:25|--a------|0] - C:\rollback.ini
[||] - C:\hiberfil.sys
[19/11/2006 12:15|--a------|183] - C:\LogiSetup.log
[03/07/2009 17:12|--a------|3182] - C:\TB.txt
[03/07/2009 18:41|--a------|4000] - C:\FindyKill.txt
[25/09/2005 12:52|-rahs----|0] - C:\MSDOS.SYS
[25/09/2005 12:52|-rahs----|0] - C:\IO.SYS
[||] - C:\pagefile.sys
[03/03/2006 13:07|--a------|2624] - C:\NEW.STA
[03/10/2006 11:01|--a------|16277288] - D:\Install_Messenger.exe
[13/04/2008 19:34|--a------|28672] - D:\setupSNK.exe

################## | Vaccination |

# C:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# D:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.

################## | Etat / Services / Informations |

# Mode sans echec : OK

# Affichage des fichiers cachés : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | PEH ... |

################## | Cracks / Keygens / Serials |

################## | ! Fin du rapport # FindyKill V6.001 ! |

l'autre raport logrsit

Logfile of random's system information tool 1.06 (written by random/random)
Run by Francois at 2009-07-03 18:53:42
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 7 GB (27%) free of 27 GB
Total RAM: 502 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:07, on 03/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Francois\Local Settings\Temporary Internet Files\Content.IE5\IQHBEVAG\RSIT[1].exe
C:\Program Files\trend micro\Francois.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {44F27C0A-1149-7B9A-CCBD-9F091034EC3D} - C:\DOCUME~1\Francois\APPLIC~1\PROGRA~1\base show.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [SNCT511] C:\WINDOWS\vsnct511.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NI.UERSV_0001_N68M0602] "C:\Documents and Settings\Francois\Local Settings\Temporary Internet Files\Content.IE5\GZIJ2LM5\ErrorSafeScannerInstall_fr[1].exe" -nag
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SEE.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB003" /M "Stylus CX3600"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [second load] C:\DOCUME~1\Francois\APPLIC~1\IDOLSU~1\DrvWay.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [seaem] "c:\documents and settings\francois\local settings\application data\seaem.exe" seaem
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - http://ssl-tb.sitadelle.com/...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{43F93F86-888D-472D-BAC2-2957B93A564F}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O21 - SSODL: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32\tazth.dll (file missing)
O22 - SharedTaskScheduler: gaonic - {f31aee4a-1530-4fef-8537-79c6973bff9a} - C:\WINDOWS\system32\tazth.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

Réponse 6 / 23

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
4 juil. 2009 à 20:48

Salut ,

Désolé pour l'absence ; je suis occupé ces jours la ...

On continue .. ;)

Tu as un infection Navipromo ,

Fais ceci S.T.P:

Télécharge Navilog1

▶ Ensuite double clique sur Navilog1.exe pour lancer l'installation
.
▶ Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

▶ Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix,3 ou 4 sans notre avis/accord)

▶ Patiente jusqu'au message :
****** Scan terminé le ..... ******

▶ Appuie sur une touche comme demandé, le bloc notes va s'ouvrir.

▶ Copie-colle l'intégralité dans une réponse. Referme le bloc notes

NOTE: Le rapport est en outre sauvegardé à la racine du disque (cleannavi.txt)

==============================================================

Télécharge SmitFraudFix:

Recherche:

▶ Double clique sur SmitfraudFix.exe

▶ Tape 1 et et valide par Entrée

▶ A la fin du processus du scan, Un rapport s'ouvre, copie-colle son contenu a ta prochaine réponse.

NOTE: Le rapport se trouve à la racine du disque système

Tutoriel smitfraudfix

Nettoyage

Démarre en mode sans échec : https://www.informatruc.com

▶ Double clique sur SmitfraudFix.exe

▶ Tape 2 et et valide par Entrée

▶ A la fin du processus du scan, Un rapport s'ouvre, copie-colle son contenu a ta prochaine reponse.

NOTE: Le rapport se trouve à la racine du disque système

tutoriel SmitFraudFix

Puis colle un nouveau log RSIT pour l'analyse ...

A+ :)

francis76
6 juil. 2009 à 22:42

salut doc,

voila les rapports, pas sure d'avoir bien réalisé le mode sans echec..., à toi de voir,

Fix Navipromo version 4.0.0 commencé le 06/07/2009 à 21:45:39,53

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 19.06.2009 à 20h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Francois ( Administrator )
BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition Classic 0.0.0.0 (Activated)

C:\ (Local Disk) - FAT32 - Total:26 Go (Free:7 Go)
D:\ (Local Disk) - FAT32 - Total:26 Go (Free:16 Go)
E:\ (CD or DVD)

Recherche exécutée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur

C:\Documents and Settings\Francois\locals~1\applic~1\seaem.dat supprimé !
C:\Documents and Settings\Francois\locals~1\applic~1\seaem_nav.dat supprimé !
C:\Documents and Settings\Francois\locals~1\applic~1\seaem_navps.dat supprimé !

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Francois\locals~1\Temp effectué !

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !

C:\WINDOWS\Tasks\ADD24E2291A5C54A.job trouvé ! Infection Lop possible non traitée par cet outil !

*** Scan terminé le 06/07/2009 à 22:00:17,79 ***

SmitFraudFix v2.423

Rapport fait à 22:20:45,96, 06/07/2009
Executé à partir de C:\Documents and Settings\Francois\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Francois\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Francois

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Francois\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Francois\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\FRANCOIS\FAVORIS

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\PowerCodec\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f31aee4a-1530-4fef-8537-79c6973bff9a}"="gaonic"

[HKEY_CLASSES_ROOT\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}\InProcServer32]
@="C:\WINDOWS\system32\tazth.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}\InProcServer32]
@="C:\WINDOWS\system32\tazth.dll"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau Broadcom 802.11g - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{43F93F86-888D-472D-BAC2-2957B93A564F}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{43F93F86-888D-472D-BAC2-2957B93A564F}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{43F93F86-888D-472D-BAC2-2957B93A564F}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{43F93F86-888D-472D-BAC2-2957B93A564F}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{43F93F86-888D-472D-BAC2-2957B93A564F}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{43F93F86-888D-472D-BAC2-2957B93A564F}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

SmitFraudFix v2.423

Rapport fait à 22:27:12,78, 06/07/2009
Executé à partir de C:\Documents and Settings\Francois\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f31aee4a-1530-4fef-8537-79c6973bff9a}"="gaonic"

[HKEY_CLASSES_ROOT\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}\InProcServer32]
@="C:\WINDOWS\system32\tazth.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f31aee4a-1530-4fef-8537-79c6973bff9a}\InProcServer32]
@="C:\WINDOWS\system32\tazth.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\Program Files\PowerCodec\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau Broadcom 802.11g - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{43F93F86-888D-472D-BAC2-2957B93A564F}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{43F93F86-888D-472D-BAC2-2957B93A564F}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{43F93F86-888D-472D-BAC2-2957B93A564F}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{43F93F86-888D-472D-BAC2-2957B93A564F}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{43F93F86-888D-472D-BAC2-2957B93A564F}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{43F93F86-888D-472D-BAC2-2957B93A564F}: NameServer=212.27.53.252,212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

le rapport logrsit

Logfile of random's system information tool 1.06 (written by random/random)
Run by Francois at 2009-07-06 22:35:21
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 7 GB (27%) free of 27 GB
Total RAM: 502 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:35:45, on 06/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Francois\Local Settings\Temporary Internet Files\Content.IE5\2XZR49B7\RSIT[1].exe
C:\Program Files\trend micro\Francois.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {44F27C0A-1149-7B9A-CCBD-9F091034EC3D} - C:\DOCUME~1\Francois\APPLIC~1\PROGRA~1\base show.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [SNCT511] C:\WINDOWS\vsnct511.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NI.UERSV_0001_N68M0602] "C:\Documents and Settings\Francois\Local Settings\Temporary Internet Files\Content.IE5\GZIJ2LM5\ErrorSafeScannerInstall_fr[1].exe" -nag
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SEE.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB003" /M "Stylus CX3600"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [second load] C:\DOCUME~1\Francois\APPLIC~1\IDOLSU~1\DrvWay.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - http://ssl-tb.sitadelle.com/...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{43F93F86-888D-472D-BAC2-2957B93A564F}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

Réponse 7 / 23

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
6 juil. 2009 à 22:50

Re ,
et au faite ce virus , c grave?

-> Oui .... ; - )

================================================================

Télécharge LopS&D (de Team IDN/Eric71)

▶ Double-clique sur Lop S&D.exe afin de lancer l'installation,

▶ (!) Désactive les protections résidentes : Antivirus, anti-spyware, etc... pour que l'outil puisse s'exécuter correctement. (!)

▶ Puis double-clique sur le raccourci Lop S&D présent sur le Bureau,

▶ Sélectionner la langue souhaitée , puis choisir l'option 2 (nettoyage)

▶ A l'issue du scan, le bloc notes va s'ouvrir avec le résultat du nettoyage, copie - colle les résultats a ta prochaine réponse.

NOTE: Le rapport se trouve dans: C:\LopR.txt

Ensuite :

Si vous etes sous vista: désactivez l'UAC

Télécharge SDFix de andymanchesta:

Laisse le te guider...

• Aprés l'installation ,redémarre en mode sans échec

• Sous XP: fais un double clique sur: C:\SDFix\RunThis.bat
Sous Vista: fais un clic droit sur C:\SDFix\RunThis.bat et choisis "exécuter en tant qu'administrateur"

• Appuye sur la touche Y pour commencer le processus de nettoyage.

Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

• Appuie sur une touche pour redémarrer le PC.

• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

Si SDfix ne se lance pas (ça arrive)
* Démarrer->Exécuter
* Copie/colle ceci dans la fenêtre :

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

* patiente le temps du scan...

un tutoriel si besoin

Puis poste un nouveau log RSIT , et attends pr la suite ...

++

francis76
7 juil. 2009 à 20:49

ok merci pour les infos, voila la suite, tout s'est bien passé;

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Francois ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 0.0.0.0 (Activated)
C:\ (Local Disk) - FAT32 - Total:26 Go (Free:7 Go)
D:\ (Local Disk) - FAT32 - Total:26 Go (Free:16 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 07/07/2009|17:16 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\WINDOWS\Tasks\ADD24E2291A5C54A.job
Supprime! - C:\DOCUME~1\FRANCOIS\APPLIC~1\IdolSupport\gywjkupe.exe
Supprime! - C:\DOCUME~1\FRANCOIS\APPLIC~1\IdolSupport\gjlypmah.exe
Supprime! - C:\DOCUME~1\FRANCOIS\APPLIC~1\IdolSupport\nedxykhk.exe
Supprime! - C:\DOCUME~1\FRANCOIS\APPLIC~1\IdolSupport\ohyuvzmn.exe
Supprime! - C:\DOCUME~1\FRANCOIS\APPLIC~1\IdolSupport\oibsbhrn.exe
Supprime! - C:\DOCUME~1\FRANCOIS\APPLIC~1\IdolSupport
Supprime! - C:\Program Files\IdolSupport

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[15/10/2004|12:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[15/10/2004|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[24/05/2009|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{83C91755-2546-441D-AC40-9A6B4B860800}
[09/10/2008|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[26/09/2006|16:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
[08/02/2009|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[05/01/2008|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
[14/12/2005|22:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Boldnurbmp3flaw
[31/12/2007|13:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
[27/10/2006|12:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[24/05/2009|16:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[25/02/2009|18:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[15/10/2004|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[16/03/2007|20:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NtiDvdCopy
[01/05/2008|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[20/09/2005|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
[24/02/2006|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[21/01/2006|11:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[06/12/2005|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[28/01/2006|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[28/01/2006|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
[17/09/2005|23:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[26/10/2008|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[08/08/2006|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/02/2007|10:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[22/11/2007|23:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[15/10/2004|11:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[20/04/2009|18:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[15/10/2004|11:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[22/09/2005|12:33] C:\DOCUME~1\FRANCOIS\APPLIC~1\Adobe
[22/09/2005|12:38] C:\DOCUME~1\FRANCOIS\APPLIC~1\AdobeUM
[28/01/2006|12:20] C:\DOCUME~1\FRANCOIS\APPLIC~1\Arcsoft
[01/12/2006|16:07] C:\DOCUME~1\FRANCOIS\APPLIC~1\Azureus
[28/01/2006|12:18] C:\DOCUME~1\FRANCOIS\APPLIC~1\Canon
[31/12/2007|13:43] C:\DOCUME~1\FRANCOIS\APPLIC~1\Creative
[17/09/2005|23:57] C:\DOCUME~1\FRANCOIS\APPLIC~1\CyberLink
[06/01/2008|14:13] C:\DOCUME~1\FRANCOIS\APPLIC~1\dvdcss
[27/10/2006|12:32] C:\DOCUME~1\FRANCOIS\APPLIC~1\Google
[05/12/2005|14:34] C:\DOCUME~1\FRANCOIS\APPLIC~1\Help
[15/10/2004|12:05] C:\DOCUME~1\FRANCOIS\APPLIC~1\Identities
[28/01/2006|12:11] C:\DOCUME~1\FRANCOIS\APPLIC~1\InterTrust
[18/12/2005|20:49] C:\DOCUME~1\FRANCOIS\APPLIC~1\Lavasoft
[22/09/2005|11:25] C:\DOCUME~1\FRANCOIS\APPLIC~1\Macromedia
[03/03/2006|16:28] C:\DOCUME~1\FRANCOIS\APPLIC~1\Media Player Classic
[15/10/2004|11:51] C:\DOCUME~1\FRANCOIS\APPLIC~1\Microsoft
[20/09/2005|18:41] C:\DOCUME~1\FRANCOIS\APPLIC~1\Microsoft Web Folders
[12/08/2008|18:37] C:\DOCUME~1\FRANCOIS\APPLIC~1\Mozilla
[06/01/2009|18:46] C:\DOCUME~1\FRANCOIS\APPLIC~1\MP-Manager
[17/03/2006|18:37] C:\DOCUME~1\FRANCOIS\APPLIC~1\MSNInstaller
[03/10/2006|11:28] C:\DOCUME~1\FRANCOIS\APPLIC~1\programsite
[20/12/2007|17:27] C:\DOCUME~1\FRANCOIS\APPLIC~1\Real
[28/01/2006|12:14] C:\DOCUME~1\FRANCOIS\APPLIC~1\ScanSoft
[21/01/2006|11:50] C:\DOCUME~1\FRANCOIS\APPLIC~1\Skype
[13/03/2008|18:19] C:\DOCUME~1\FRANCOIS\APPLIC~1\skypePM
[14/12/2008|12:21] C:\DOCUME~1\FRANCOIS\APPLIC~1\Smart Panel
[05/01/2008|11:16] C:\DOCUME~1\FRANCOIS\APPLIC~1\Sony Corporation
[16/11/2005|20:14] C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlocker
[01/12/2006|16:05] C:\DOCUME~1\FRANCOIS\APPLIC~1\Sun
[17/09/2005|23:52] C:\DOCUME~1\FRANCOIS\APPLIC~1\Symantec
[02/06/2008|21:29] C:\DOCUME~1\FRANCOIS\APPLIC~1\TaoUSign
[14/06/2008|18:53] C:\DOCUME~1\FRANCOIS\APPLIC~1\U3
[20/12/2007|08:00] C:\DOCUME~1\FRANCOIS\APPLIC~1\vlc

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[11/06/2009 10:00][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[07/07/2009 16:59][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[17/09/2005|23:39] C:\Program Files\acer
[06/07/2005|20:04] C:\Program Files\Acer Inc
[06/07/2005|20:03] C:\Program Files\Adobe
[26/09/2006|16:43] C:\Program Files\AntiVir PersonalEdition Classic
[17/09/2005|23:38] C:\Program Files\Arcade
[28/01/2006|12:11] C:\Program Files\ArcSoft
[06/01/2006|18:58] C:\Program Files\Canon
[21/10/2007|12:18] C:\Program Files\Coeur
[27/03/2006|09:33] C:\Program Files\Common Files
[15/10/2004|11:58] C:\Program Files\ComPlus Applications
[06/07/2005|19:59] C:\Program Files\CONEXANT
[31/12/2007|13:35] C:\Program Files\Creative
[06/07/2005|20:03] C:\Program Files\CyberLink
[07/12/2005|20:20] C:\Program Files\directx
[09/07/2007|21:49] C:\Program Files\epson
[15/10/2004|11:52] C:\Program Files\Fichiers communs
[05/01/2008|11:59] C:\Program Files\FlashDiskManager
[28/09/2007|22:37] C:\Program Files\Free
[27/10/2006|12:31] C:\Program Files\Google
[06/07/2005|19:50] C:\Program Files\InstallShield Installation Information
[06/07/2005|19:51] C:\Program Files\Intel
[15/10/2004|11:58] C:\Program Files\Internet Explorer
[05/01/2008|11:25] C:\Program Files\IVT Corporation
[01/12/2006|16:01] C:\Program Files\Java
[29/01/2006|11:21] C:\Program Files\Kerio
[03/03/2006|21:45] C:\Program Files\K-Lite Codec Pack
[06/07/2005|20:00] C:\Program Files\Launch Manager
[24/05/2009|16:09] C:\Program Files\Lavasoft
[19/11/2006|12:14] C:\Program Files\Logitech
[15/10/2004|11:57] C:\Program Files\Messenger
[22/03/2009|15:40] C:\Program Files\Microsoft
[13/05/2007|03:03] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[15/10/2004|12:01] C:\Program Files\microsoft frontpage
[17/09/2005|23:42] C:\Program Files\Microsoft Office
[25/09/2005|12:53] C:\Program Files\Microsoft R‚f‚rence
[22/03/2009|15:48] C:\Program Files\Microsoft Silverlight
[22/11/2007|23:34] C:\Program Files\Microsoft SQL Server Compact Edition
[22/03/2009|15:43] C:\Program Files\Microsoft Sync Framework
[20/09/2005|18:46] C:\Program Files\Microsoft Visual Studio
[17/09/2005|23:42] C:\Program Files\Microsoft Works
[15/10/2004|11:58] C:\Program Files\Movie Maker
[12/08/2008|18:37] C:\Program Files\Mozilla Firefox
[15/10/2004|11:57] C:\Program Files\MSN
[15/10/2004|11:57] C:\Program Files\MSN Gaming Zone
[15/11/2006|03:01] C:\Program Files\MSXML 4.0
[06/07/2009|21:44] C:\Program Files\Navilog1
[15/10/2004|11:58] C:\Program Files\NetMeeting
[06/07/2005|20:01] C:\Program Files\NewTech Infosystems
[15/10/2004|11:57] C:\Program Files\Online Services
[26/12/2008|15:42] C:\Program Files\OrangeHSS
[15/10/2004|11:58] C:\Program Files\Outlook Express
[01/05/2008|20:44] C:\Program Files\QuickTime
[06/01/2007|10:48] C:\Program Files\Real
[03/12/2006|12:15] C:\Program Files\Samsung
[28/01/2006|12:13] C:\Program Files\ScanSoft
[26/12/2008|15:43] C:\Program Files\Securitoo
[15/10/2004|11:59] C:\Program Files\Services en ligne
[24/10/2007|21:14] C:\Program Files\Skype
[26/10/2008|11:57] C:\Program Files\Smart Panel
[20/09/2005|18:43] C:\Program Files\Snapshot Viewer
[05/01/2008|11:08] C:\Program Files\Sony
[06/12/2005|16:58] C:\Program Files\Spybot - Search & Destroy
[06/07/2005|19:58] C:\Program Files\Synaptics
[25/05/2009|20:59] C:\Program Files\trend micro
[15/10/2004|12:05] C:\Program Files\Uninstall Information
[01/04/2006|15:41] C:\Program Files\VirtualDJ
[08/02/2009|18:58] C:\Program Files\Vuze
[10/08/2007|22:11] C:\Program Files\Windows Live
[22/03/2009|15:40] C:\Program Files\Windows Live SkyDrive
[05/05/2007|20:00] C:\Program Files\Windows Media Connect 2
[15/10/2004|11:57] C:\Program Files\Windows Media Player
[15/10/2004|11:57] C:\Program Files\Windows NT
[15/10/2004|11:59] C:\Program Files\WindowsUpdate
[19/10/2005|20:48] C:\Program Files\WinRAR
[15/10/2004|12:01] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[22/09/2005|12:33] C:\Program Files\Fichiers communs\Adobe
[09/10/2008|22:51] C:\Program Files\Fichiers communs\Adobe AIR
[20/09/2005|18:46] C:\Program Files\Fichiers communs\Designer
[26/12/2008|15:41] C:\Program Files\Fichiers communs\France Telecom
[08/02/2009|18:58] C:\Program Files\Fichiers communs\i4j_jres
[06/07/2005|19:50] C:\Program Files\Fichiers communs\InstallShield
[07/12/2005|20:17] C:\Program Files\Fichiers communs\Logitech
[15/10/2004|11:52] C:\Program Files\Fichiers communs\Microsoft Shared
[15/10/2004|11:58] C:\Program Files\Fichiers communs\MSSoap
[06/07/2005|20:02] C:\Program Files\Fichiers communs\muvee Technologies
[06/07/2005|20:01] C:\Program Files\Fichiers communs\NewTech Infosystems
[15/10/2004|11:52] C:\Program Files\Fichiers communs\ODBC
[06/01/2007|10:48] C:\Program Files\Fichiers communs\Real
[28/01/2006|12:14] C:\Program Files\Fichiers communs\ScanSoft Shared
[15/10/2004|11:58] C:\Program Files\Fichiers communs\Services
[13/03/2008|18:18] C:\Program Files\Fichiers communs\Skype
[15/10/2004|11:52] C:\Program Files\Fichiers communs\SpeechEngines
[17/09/2005|23:52] C:\Program Files\Fichiers communs\Symantec Shared
[15/10/2004|11:58] C:\Program Files\Fichiers communs\System
[22/03/2009|15:34] C:\Program Files\Fichiers communs\Windows Live
[22/11/2007|23:30] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 54 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 17:19:21
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlocker

[F:2][D:4]-> C:\DOCUME~1\Francois\LOCALS~1\Temp
[F:22][D:0]-> C:\DOCUME~1\Francois\Cookies
[F:222][D:24]-> C:\DOCUME~1\Francois\LOCALS~1\TEMPOR~1\content.IE5
[F:4][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 07/07/2009|17:20 - Option : [2]

--------------------\\ Fin du rapport a 17:20:19

[b]SDFix: Version 1.240 /b
Run by Francois on 07/07/2009 at 19:29

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services /b:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files /b:

No Trojan Files Found

Removing Temp Files

[b]ADS Check /b:

[b]Final Check /b:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 19:45:38
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services /b:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS"
"D:\\eMule\\emule.exe"="D:\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Vuze\\Azureus.exe"="C:\\Program Files\\Vuze\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[b]Remaining Files /b:

[b]Files with Hidden Attributes /b:

Wed 6 Jul 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Wed 6 Jul 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Wed 6 Jul 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Wed 6 Jul 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Wed 6 Jul 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Thu 29 Sep 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 29 Sep 2005 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv19.bak"
Sat 5 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 14 Jun 2007 22,641,152 ...H. --- "C:\Documents and Settings\Francois\Application Data\Microsoft\Word\~WRL1535.tmp"
Tue 23 Oct 2007 3,350,528 A..H. --- "C:\Documents and Settings\Francois\Application Data\U3\temp\Launchpad Removal.exe"

[b]Finished!/b

le rapport logrsit:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Francois at 2009-07-07 20:45:14
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 7 GB (26%) free of 27 GB
Total RAM: 502 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45:52, on 07/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Francois\Local Settings\Temporary Internet Files\Content.IE5\2XZR49B7\RSIT[1].exe
C:\Program Files\trend micro\Francois.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {44F27C0A-1149-7B9A-CCBD-9F091034EC3D} - C:\DOCUME~1\Francois\APPLIC~1\PROGRA~1\base show.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [SNCT511] C:\WINDOWS\vsnct511.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NI.UERSV_0001_N68M0602] "C:\Documents and Settings\Francois\Local Settings\Temporary Internet Files\Content.IE5\GZIJ2LM5\ErrorSafeScannerInstall_fr[1].exe" -nag
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SEE.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB003" /M "Stylus CX3600"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - http://ssl-tb.sitadelle.com/...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{43F93F86-888D-472D-BAC2-2957B93A564F}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

Réponse 8 / 23

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
7 juil. 2009 à 23:27

Salut ,

Il ya certaines parties qui m'inquiète sur tes rapports ...

Mais bon ... on avance bien ... :-))

On continue donc ...

=============================================================

Désinstalle AD-Aware , car il ne sert rien ...

Ensuite :

Désactiver le TeaTimer de Spybot (Merci à Nico)

Pour désactiver le TeaTimer :
=> Ouvrir Spybot S&D
=> Dans le menu "Mode", sélectionner le mode avancé.
=> Une fenêtre demande confirmation cliquer sur "oui".
=> Une fois le mode avancé actif, ouvrir l'onglet "Outils".
=> Cliquer sur Résident.
=> La partie Résident comporte deux lignes qui sont normalement cochées :
*Résident "SDHelper" (bloqueur de téléchargements nuisibles pour Internet Explorer) actif.

* Résident "TeaTimer" (Protection des réglages système fondamentaux) actif.

=> Décocher la ligne TeaTimer.
=> Redémarrer Spybot (le fermer et le réouvrir)
=> Retourner dans le menu Résident et vérifier qu'il soit bien désactivé.

Ensuite :

Si vous êtes sous Vista Désactivez l'UAC

Télécharge OTM (Old Timer) sur ton bureau:

---> Sous XP: Double-clique sur OTM.exe afin de le lancer.
Sous Vista: fais un clic droit sur OTM et choisis "exécuter en tant qu'administrateur"

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:Processes
explorer.exe
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44F27C0A-1149-7B9A-CCBD-9F091034EC3D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"preload"=-
"SNCT511"=-
"WeatherOnTray"=-
"SpySpotter System Defender"=-
"NI.UERSV_0001_N68M0602"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"second load"=-
:Files
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlocker
C:\Windows\RUNXMLPL.exe
C:\WINDOWS\system32\tmp.txt
:Commands
[start explorer]
[emptytemp]
[purity]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTM.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

Ensuite :

Télécharge Rooter de l'équipe IDN sur ton bureau :

! Déconnecte toi d'internet et ferme toutes applications en cours !

* Exécute Rooter et laisse travailler l'outil .

* Une fois terminé, poste le rapport obtenu pour analyse ...

Ensuite :

Télécharge MalwareBytes' Anti-Malware

▶ Tu l'installe; le programme va se mettre a jour automatiquement

▶ Une fois a jour, le programme va se lancer; clic sur l'onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression"

▶ Clique maintenant sur l'onglet recherche et coche la case : "exécuter un examen rapide".

▶ Puis clic sur "rechercher".

▶ Laisse le scanner le PC...

▶ Si des éléments on été trouvés --> clic sur "afficher les résultats", puis sur supprimer la sélection. afin de détruire les éléments infectés.

▶ Si il t´es demandé de redémarrer --> clic sur "YES".

▶ A la fin un rapport va s´ouvrir; sauvegarde le de manière a le retrouver en vu de le poster sur le forum.

▶ Copie et colle le rapport S.T.P.

** Note: les rapport sont aussi rangé dans l'onglet Rapport/Log

================================================================

Puis poste un nouveau log RSIT et attends pr la suite ... ^^'

++

francis76
9 juil. 2009 à 18:19

SALUT, dsl mais peu eu le temps de me consacrer à l'ordi,

tout s'est bien passé, sauf pour le rapport OTM qui ne s'est pas fait, lors de l'analyse j'avais un écran vide et impossible de faire qqchose donc obliger de redémarrer l'ordi et donc pas de rapport,

sinon voila le reste des infos:

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2397
Windows 5.1.2600 Service Pack 3

09/07/2009 17:59:21
mbam-log-2009-07-09 (17-59-21).txt

Type de recherche: Examen rapide
Eléments examinés: 90306
Temps écoulé: 19 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 40
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\sbcoresrv.coreservices (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sbcoresrv.coreservices.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sbcoresrv.lfgax (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sbcoresrv.lfgax.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sbhostol.mailanim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sbhostol.mailanim.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sbhostol.webmailsend (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sbhostol.webmailsend.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sbinstie.sbinstobj (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sbinstie.sbinstobj.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sbsrv.coreservices (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sbsrv.coreservices.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sbtoolbar.htmlmenuui (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sbtoolbar.htmlmenuui.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sbtoolbar.toolbarctl (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sbtoolbar.toolbarctl.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spamblockerconfig.application (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spamblockerconfig.application.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spamblockerutility.commband (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spamblockerutility.commband.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spamblockerutility.sbmain (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spamblockerutility.sbmain.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00b498e3-0543-4624-8fde-1caf89a80550} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{460ac4db-b0de-4626-a0f0-175dd84dcb9b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9882035-7745-47c7-8d5e-c11178f9c553} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e678cbdc-d022-41f5-ab21-c43dfd9dfc3e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ea232a0a-46f8-4d44-a30b-50321518a828} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31a59636-0fa3-4a56-954d-db7ad02840d8} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3fa917b9-df69-477f-9e4f-b60d929de79f} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178f3fb-2560-458f-bdee-631e2fe0dfe4} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spam Blocker (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\SbHostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\spamblockerutility 4.7.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Extensions\spam blocker for ms outlook (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit (Hijack.Regedit) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\documents and settings\Francois\Application Data\SpamBlocker (Adware.Hotbar) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\documents and settings\Default User\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Francois\results.txt (Malware.Trace) -> Quarantined and deleted successfully.

er le logrsit:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Francois at 2009-07-09 18:14:42
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 7 GB (26%) free of 27 GB
Total RAM: 502 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:15:15, on 09/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Francois\Local Settings\Temporary Internet Files\Content.IE5\2XZR49B7\RSIT[1].exe
C:\Program Files\trend micro\Francois.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {44F27C0A-1149-7B9A-CCBD-9F091034EC3D} - C:\DOCUME~1\Francois\APPLIC~1\PROGRA~1\base show.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [SNCT511] C:\WINDOWS\vsnct511.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NI.UERSV_0001_N68M0602] "C:\Documents and Settings\Francois\Local Settings\Temporary Internet Files\Content.IE5\GZIJ2LM5\ErrorSafeScannerInstall_fr[1].exe" -nag
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SEE.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB003" /M "Stylus CX3600"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - http://ssl-tb.sitadelle.com/...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{43F93F86-888D-472D-BAC2-2957B93A564F}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Réponse 9 / 23

francis76
9 juil. 2009 à 18:28

j'avais oublié le rapport rooter:

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 13 Stepping 8, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 1.5 (fr)
.
C:\ [Fixed-FAT32] .. ( Total:26 Go - Free:6 Go )
D:\ [Fixed-FAT32] .. ( Total:26 Go - Free:16 Go )
E:\ [CD_Rom]
.
Scan : 09:59.06
Path : C:\Documents and Settings\Francois\Local Settings\Temporary Internet Files\Content.IE5\3HDLXGP1\Rooter[1].exe
User : Francois ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (696)
______ \??\C:\WINDOWS\system32\csrss.exe (760)
______ \??\C:\WINDOWS\system32\winlogon.exe (784)
______ C:\WINDOWS\system32\services.exe (836)
______ C:\WINDOWS\system32\lsass.exe (848)
______ C:\WINDOWS\system32\svchost.exe (996)
______ C:\WINDOWS\system32\svchost.exe (1064)
______ C:\WINDOWS\System32\svchost.exe (1100)
______ C:\WINDOWS\system32\svchost.exe (1136)
______ C:\WINDOWS\system32\svchost.exe (1264)
______ C:\WINDOWS\system32\svchost.exe (1332)
______ C:\WINDOWS\system32\spoolsv.exe (1584)
______ C:\WINDOWS\system32\svchost.exe (1664)
______ C:\Acer\eManager\anbmServ.exe (1696)
______ C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (1716)
______ C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (1744)
______ C:\WINDOWS\System32\svchost.exe (1764)
______ C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (1812)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (1860)
______ C:\WINDOWS\system32\svchost.exe (1912)
______ C:\WINDOWS\System32\alg.exe (688)
______ C:\WINDOWS\Explorer.EXE (756)
______ C:\WINDOWS\system32\igfxtray.exe (988)
______ C:\WINDOWS\system32\hkcmd.exe (1004)
______ C:\WINDOWS\SOUNDMAN.EXE (620)
______ C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (324)
______ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (1908)
______ C:\Program Files\Launch Manager\LaunchAp.exe (632)
______ C:\Program Files\Launch Manager\PowerKey.exe (528)
______ C:\Program Files\Launch Manager\HotkeyApp.exe (1528)
______ C:\Program Files\Launch Manager\OSDCtrl.exe (680)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (248)
______ C:\Program Files\Launch Manager\Wbutton.exe (980)
______ C:\acer\epm\epm-dm.exe (1500)
______ C:\Program Files\Arcade\PCMService.exe (800)
______ C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (2052)
______ C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe (2100)
______ C:\Program Files\QuickTime\qttask.exe (2192)
______ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE (2232)
______ C:\Program Files\Search Settings\SearchSettings.exe (2400)
______ C:\WINDOWS\system32\ctfmon.exe (2420)
______ C:\Program Files\Messenger\msmsgs.exe (2540)
______ C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe (3080)
______ C:\Program Files\acer\eRecovery\Monitor.exe (3148)
______ C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (3184)
______ C:\Program Files\Windows Live\Messenger\msnmsgr.exe (3648)
______ C:\Program Files\Windows Live\Contacts\wlcomm.exe (2812)
______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (2864)
______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (3088)
______ C:\Program Files\Windows Live\Toolbar\wltuser.exe (3316)
______ C:\Documents and Settings\Francois\Local Settings\Temporary Internet Files\Content.IE5\3HDLXGP1\Rooter[1].exe (3584)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:2623832064)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:2623864320 | Length:28484144640)
\Device\Harddisk0\Partition0 (Start_Offset:31108008960 | Length:28903633920)
\Device\Harddisk0\Partition3 (Start_Offset:31108041216 | Length:28903601664)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\DOCUME~1\Francois\APPLIC~1\SpamBlocker
[b]==> Rogues <==/b
.
----------------------\\ Scan completed at 09:59.38
.
C:\Rooter$\Rooter_1.txt - (09/07/2009 | 09:59.38)

Réponse 10 / 23

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
10 juil. 2009 à 14:17

Salut :)

Sa n'as pas fonctionné ...

De + tu viens d'installer une merde . !!!!!!!!!!!!!!!!!!!!!!!!

La prochaine fois , lis attentivement et décoche les éléments proposés , ansi que les toolbar quand tu installes un programme !!! , il ne font qu'alourdir ton navigateur ....

Plus d'info sur les toolbars

1-Réessaye OTM comme en haut , mais en déconnectant d'internet et en fermant toutes les prg en cours ....

Puis :

**********************************************************
********************* Option S (Recherche) *********************
**********************************************************

2- Télécharge AD-Remover ( de C_XX ) sur ton bureau :

! Déconnecte toi et ferme toutes applications en cours !

• Double clique sur "AD-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

• Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

• Au menu principal choisis l'option "S" et tape sur [entrée] .

• Laisse travailler l'outil et ne touche à rien ...

--> Poste le rapport qui apparait à la fin , sur le forum ... <--

Notes:

1- Le rapport est sauvegardé aussi sous C:\Ad-report-scan.log
2- "Process.exe", une composante de l'outil, est détecté par certains antivirus :
(AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Aide (Recherche)

**********************************************************
********************* Option L (Nettoyage) *********************
**********************************************************
3-
! Déconnecte toi et ferme toutes applications en cours !

• Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

• Au menu principal choisis l'option "L" et tape sur [entrée] .

• Laisse travailler l'outil et ne touche à rien ...

--> Poste le rapport qui apparait à la fin , sur le forum ... <--

Notes:

1- Le rapport est sauvegardé aussi sous C:\Ad-report-clean.log
2- "Process.exe", une composante de l'outil, est détecté par certains antivirus :
(AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Aide en images (Nettoyage)

4- fais une MAJ et scan rapide avec Malwarebytes , et un nouveau log RSIT pour l'analyse ....

@++

francis76
11 juil. 2009 à 09:57

salut,

le probleme c'est que je n'ai rien installé sur mon ordi depuis que tu me guides pour le virus, et je ne sais pas pourquoi mais j'ai plein de toollbar qui se sont affichées et je sais pas d'où ça sort !! en plus l'ordi rame de plus en plus au démarrage,

je suis absent qq jours, je n'ai pas mon ordi sur moi, je transmets tes infos demandés dès que je suis de retour

merci quand même !

Réponse 11 / 23

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
11 juil. 2009 à 11:22

oki .. j'attends :)

@+

francis76
23 juil. 2009 à 23:19

salut de retour sur l'ordi,

alors concernant OTM, ça n'a pas marché comme tu souhaitais, lorsque je copie colle le contenu dans la fenetre, l'ordi se ferme et il n'y a plus rien a l'écran... ça l'a déja fait la première fois,

pour les autres rapports, voila les résultats,

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 19:51:48, 23/07/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: FRANCOISPC | Utilisateur actuel: Francois
.
Administrateur: Administrateur
Administrateur: Francois
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité *Desactive*
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
HKCR\SearchSettings.BHO
HKCR\SearchSettings.BHO.1
HKCU\Software\AppDataLow\software\Dealio
HKLM\Software\Classes\SearchSettings.BHO
HKLM\Software\Classes\SearchSettings.BHO.1
HKLM\Software\Dealio
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}
HKLM\Software\Search Settings
HKU\S-1-5-21-3883549307-3166849312-3284258596-1005\Software\Appdatalow\Software\Dealio
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
.
C:\DOCUME~1\Francois\APPLIC~1\Dealio
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
C:\DOCUME~1\Francois\APPLIC~1\Search Settings
C:\Program Files\Dealio Toolbar
C:\Program Files\Search Settings
C:\WINDOWS\Installer\873d7a.msi
C:\WINDOWS\Installer\873d81.msi
C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-30EFBC20.pf
.
============== Scan additionnel ==============
.

* Mozilla FireFox Version 1.5 *

Nom du profil: bw429yy2.default (Francois)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google");
(Prefs.js) user_pref("browser.search.selectedEngine", "Google");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
.
.

* Internet Explorer Version 8.0.6001.18702 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
3793 Octet(s) - C:\Ad-Report-SCAN.log
.
17 Fichier(s) - C:\DOCUME~1\Francois\LOCALS~1\Temp
5 Fichier(s) - C:\WINDOWS\Temp
.
0 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 20:25:03 | 23/07/2009
.
============== E.O.F ==============
.

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 21:08:52, 23/07/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: FRANCOISPC | Utilisateur actuel: Francois
.
Administrateur: Administrateur
Administrateur: Francois
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité *Desactive*
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\SearchSettings.BHO
HKCR\SearchSettings.BHO.1
HKCU\Software\AppDataLow\software\Dealio
HKLM\Software\Dealio
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}
HKLM\Software\Search Settings
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
.
C:\DOCUME~1\Francois\APPLIC~1\Dealio\temp
C:\DOCUME~1\Francois\APPLIC~1\Dealio\res
C:\DOCUME~1\Francois\APPLIC~1\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
C:\DOCUME~1\Francois\APPLIC~1\Dealio\res\widgets.xml
C:\DOCUME~1\Francois\APPLIC~1\Dealio
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome.manifest
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome.manifest.dev
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf.bak
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf.de-DE
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf.es-ES
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf.fr-FR
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf.it-IT
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome\ajtoolbar.jar
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\ask.gif
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\ask.src
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\contents.rdf
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\snipit.js
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\config.dat.bak
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\config.dat
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\manifest.mf
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\zigbert.rsa
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\zigbert.sf
C:\DOCUME~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\bw429yy2.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
C:\DOCUME~1\Francois\APPLIC~1\Search Settings\kb128
C:\DOCUME~1\Francois\APPLIC~1\Search Settings\kb128\temp
C:\DOCUME~1\Francois\APPLIC~1\Search Settings\kb128\temp\ws-14446.log
C:\DOCUME~1\Francois\APPLIC~1\Search Settings\kb128\temp\ws-14447.log
C:\DOCUME~1\Francois\APPLIC~1\Search Settings\kb128\temp\ws-14448.log
C:\DOCUME~1\Francois\APPLIC~1\Search Settings
C:\Program Files\Dealio Toolbar\Res
C:\Program Files\Dealio Toolbar\WidgiHelper.exe
C:\Program Files\Dealio Toolbar\SearchSettingsKit.exe
C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
C:\Program Files\Dealio Toolbar\config.ini
C:\Program Files\Dealio Toolbar\Res\amazon.gif
C:\Program Files\Dealio Toolbar\Res\apple.gif
C:\Program Files\Dealio Toolbar\Res\barnes.gif
C:\Program Files\Dealio Toolbar\Res\bestbuy.gif
C:\Program Files\Dealio Toolbar\Res\dealio_logo.gif
C:\Program Files\Dealio Toolbar\Res\dealio_logo_hover.gif
C:\Program Files\Dealio Toolbar\Res\ebay.gif
C:\Program Files\Dealio Toolbar\Res\icon_settings.gif
C:\Program Files\Dealio Toolbar\Res\macys.gif
C:\Program Files\Dealio Toolbar\Res\newegg.gif
C:\Program Files\Dealio Toolbar\Res\overstock.gif
C:\Program Files\Dealio Toolbar\Res\search_amazon.gif
C:\Program Files\Dealio Toolbar\Res\search-button.gif
C:\Program Files\Dealio Toolbar\Res\search-button-hover.gif
C:\Program Files\Dealio Toolbar\Res\search-chevron.gif
C:\Program Files\Dealio Toolbar\Res\search-chevron-hover.gif
C:\Program Files\Dealio Toolbar\Res\search_dealio.gif
C:\Program Files\Dealio Toolbar\Res\search_ebay.gif
C:\Program Files\Dealio Toolbar\Res\search_yahoo.gif
C:\Program Files\Dealio Toolbar\Res\separator.gif
C:\Program Files\Dealio Toolbar\Res\target.gif
C:\Program Files\Dealio Toolbar\Res\walmart.gif
C:\Program Files\Dealio Toolbar\Res\widgets.xml
C:\Program Files\Dealio Toolbar
C:\Program Files\Search Settings\kb128
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb128\res
C:\Program Files\Search Settings\kb128\temp
C:\Program Files\Search Settings\kb128\SearchSettings.dll
C:\Program Files\Search Settings\kb128\SearchSettingsRes409.dll
C:\Program Files\Search Settings
C:\WINDOWS\Installer\873d7a.msi
C:\WINDOWS\Installer\873d81.msi
C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-30EFBC20.pf

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.

* Mozilla FireFox Version 1.5 *

Nom du profil: bw429yy2.default (Francois)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google");
(Prefs.js) user_pref("browser.search.selectedEngine", "Google");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
.
.

* Internet Explorer Version 8.0.6001.18702 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
4107 Octet(s) - C:\Ad-Report-SCAN.log
9121 Octet(s) - C:\Ad-Report-CLEAN.log
.
8 Fichier(s) - C:\DOCUME~1\Francois\LOCALS~1\Temp
0 Fichier(s) - C:\WINDOWS\Temp
.
18 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
47 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 21:43:09 | 23/07/2009
.
============== E.O.F ==============
.

Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2421
Windows 5.1.2600 Service Pack 3

23/07/2009 23:10:42
mbam-log-2009-07-23 (23-10-42).txt

Type de recherche: Examen rapide
Eléments examinés: 88596
Temps écoulé: 15 minute(s), 32 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

et le logrsit:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Francois at 2009-07-23 23:12:26
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 7 GB (28%) free of 27 GB
Total RAM: 502 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:12:43, on 23/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Francois\Local Settings\Temporary Internet Files\Content.IE5\2XZR49B7\RSIT[1].exe
C:\Program Files\trend micro\Francois.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {44F27C0A-1149-7B9A-CCBD-9F091034EC3D} - C:\DOCUME~1\Francois\APPLIC~1\PROGRA~1\base show.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [SNCT511] C:\WINDOWS\vsnct511.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NI.UERSV_0001_N68M0602] "C:\Documents and Settings\Francois\Local Settings\Temporary Internet Files\Content.IE5\GZIJ2LM5\ErrorSafeScannerInstall_fr[1].exe" -nag
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SEE.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB003" /M "Stylus CX3600"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - http://ssl-tb.sitadelle.com/...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{43F93F86-888D-472D-BAC2-2957B93A564F}: NameServer = 212.27.53.252,212.27.54.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Réponse 12 / 23

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
24 juil. 2009 à 10:51

Re ,

Télécharge OTL de OLDTimer et enregistre le sur ton Bureau.

▶ Double clic sur OTL.exe pour le lancer.

Double clic sur OTL.exe pour le lancer.

Copie la liste qui se trouve en gras ci-dessous, et colle-la dans la zone sous Customs Scans/Fixes

:Processes
explorer.exe
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44F27C0A-1149-7B9A-CCBD-9F091034EC3D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"preload"=-
"SNCT511"=-
"WeatherOnTray"=-
"SpySpotter System Defender"=-
"NI.UERSV_0001_N68M0602"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"second load"=-
:Files
C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlocker
C:\Windows\RUNXMLPL.exe
C:\WINDOWS\system32\tmp.txt
:Commands
[start explorer]
[emptytemp]
[purity]
[reboot]

Clique sur RunFix pour lancer la suppression.

Poste le rapport.

===========

francis76
24 juil. 2009 à 19:27

dsl, mais lorsque je veux telecharger OTL, il m'affiche un message d'erreur, et lorsque je copie colle le contenu malgré ce message d'erreur, ça fait pareil que OTM, il n'y a plus rien qui s'affiche à l'écran et je suis obligé d'éteindre mon ordi manuellement pour qu'il redémarre correctement.
en plus OTL ne s'affiche pas sur le bureau (à cause du message d'erreur je pense)

voila,

merci pour la suite,

Réponse 13 / 23

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
24 juil. 2009 à 23:09

Re ,

Surement une infection derrière tout cela :(

Reponds aux questions stp :

- Peut-tu me donner le message d'erreur ?
- peut-tu lancer Malwarebytes ?

++

Réponse 14 / 23

francis76
24 juil. 2009 à 23:29

alors voila le message d'erreur qui s'affiche pour otl:

error :
OTL cannot be run from a tempory folder
please download to your desktop or other suitable location

concernant malwarebites, ça fonctionne correctement

Réponse 15 / 23

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
24 juil. 2009 à 23:32

Re ,

La je comprends ! :)

Enregistre le sur ton bureau (enregistrer au lieu de exécuter)

ADemain.

francis76
27 juil. 2009 à 21:07

dsl mais je ne suis pas très doué,

alors voila le rapport de otl:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44F27C0A-1149-7B9A-CCBD-9F091034EC3D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44F27C0A-1149-7B9A-CCBD-9F091034EC3D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\preload deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SNCT511 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WeatherOnTray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpySpotter System Defender deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NI.UERSV_0001_N68M0602 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\second load not found.
========== FILES ==========
File\Folder C:\DOCUME~1\FRANCOIS\APPLIC~1\SpamBlocker not found.
C:\Windows\RUNXMLPL.EXE moved successfully.
C:\WINDOWS\system32\tmp.txt moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 2924588 bytes

User: Francois
->Temp folder emptied: 1091902 bytes
->Temporary Internet Files folder emptied: 97645101 bytes
->Java cache emptied: 3359781 bytes
->FireFox cache emptied: 878388 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3433472 bytes
Windows Temp folder emptied: 2098 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 104,35 mb

OTL by OldTimer - Version 3.0.10.3 log created on 07272009_182207

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

voila j'attends les instructions, et alors qu'est ce que ça dit avec tout ça, ça risque de prendre encore beaucoup de temps?

merci pour les infos,

Réponse 16 / 23

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
27 juil. 2009 à 22:58

Salut ,

Télécharge OTL de OLDTimer et enregistre le sur ton Bureau.

▶ Double clic sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant "scan all users"

▶ Clic sur Run Scan.

▶ A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

Pour me le transmettre clique sur ce lien: --> http://www.cijoint.fr/

Clique sur Parcourir et cherche le fichier ci-dessus.

Clique sur Ouvrir.

Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

A++

francis76
28 juil. 2009 à 22:30

voila le rapport de OTL,

je te joints l'adresse de OTL texte, et il y a aussi un autre fichier "extras" en plus qui s'est ouvert après le fichier texte

http://www.cijoint.fr/cjlink.php?file=cj200907/cijkgAn4k8.txt

le rapport "extras"

http://www.cijoint.fr/cjlink.php?file=cj200907/cijpUfrWJ6.txt

voila

a plus,

Réponse 17 / 23

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
30 juil. 2009 à 15:47

Impec :)

Double clic sur OTL.exe pour le lancer.

Copie la liste qui se trouve en gras ci-dessous, et colle-la dans la zone sous Customs Scans/Fixes

:processes
explorer.exe
:services

:OTL
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll File not found

:reg

:files
C:\WINDOWS\System32\tmp.reg
C:\WINDOWS\SlantAdj.dll

:commands
[emptytemp]
[start explorer]
[reboot]

Clique sur RunFix pour lancer la suppression.

Poste le rapport.

========================================================

Télécharge Toolscleaner sur ton Bureau

▶ Sous XP : Double-clique sur ToolsCleaner2.exe

▶ Sous Vista : Fais un clic droit sur ToolsCleaner2.exe et sélectionne "Exécuter en tant qu'administrateur"

▶ Clique sur Recherche et laisse le scan se terminer.

▶ Clique sur Suppression pour finaliser.

▶ Tu peux, si tu le souhaites, te servir des Options facultatives.

▶ Clique sur Quitter, pour que le rapport puisse se créer.

▶ Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse

=======================================================

4/Désactivation/Réactivation de la restauration du système :

*Désactivation:
▶ Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer patiente jusqu'a que cela soit marqué "désactivée" puis OK.

* Activation :
▶ Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
▶ Appliquer attends que cela soit a nouveau sur "surveillance" puis OK.
▶ Redémarrer l'ordinateur..

=======================================================

Mets a jour Malwarebyte's Anti-Malware , un scan COMPLET et colle le rapport .

=======================================================

Refais un coup CCleaner (Registre & nettoyage)

=======================================================

Fais un scan en ligne avec Kaspersky (avec Internet Explorer)

▶ En bas à droite, clique sur Démarrer Online-scanner

▶ Dans la nouvelle fenêtre qui s'affiche clique sur J'accepte

▶ Accepte les Contrôles ActiveX

▶ Choisis Poste de travail pour le scan.

▶ A la fin du scan, sauvegarde le rapport (choisis fichier texte) et poste le dans ta prochaine réponse.

▶ Pour t'aider à utiliser le scan en ligne, consulte le Tutoriel Kaspersky online scanner

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

==============================================================

P.S : je pense que je dois partir en vacances demain , je ne peux donc pas répondre ... je te ferais un signe quand je reviens :)

A+ .

francis76
31 juil. 2009 à 18:15

salut, bonnes vacances si tu pars, voila les infos que tu m'as demandé,

le rapport OTL:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\System32\tmp.reg moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SlantAdj.dll
C:\WINDOWS\SlantAdj.dll NOT unregistered.
C:\WINDOWS\SlantAdj.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Francois
->Temp folder emptied: 22065 bytes
->Temporary Internet Files folder emptied: 5535612 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5,33 mb

OTL by OldTimer - Version 3.0.10.3 log created on 07302009_172308

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

après, le rapport Malawayre

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\System32\tmp.reg moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SlantAdj.dll
C:\WINDOWS\SlantAdj.dll NOT unregistered.
C:\WINDOWS\SlantAdj.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Francois
->Temp folder emptied: 22065 bytes
->Temporary Internet Files folder emptied: 5535612 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5,33 mb

OTL by OldTimer - Version 3.0.10.3 log created on 07302009_172308

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

voila un copier coller du rapport kaspersky, désolé pas réussi à trouver le format texte

vendredi 31 juillet 2009
Système d'exploitation : Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Version de Kaspersky Online Scanner : 7.0.26.13
Dernière mise à jour de la base : Thursday, July 30, 2009 22:40:15
Enregistrements dans la base : 2564753

Paramètres d'analyse
analyser avec la base suivante étendue
Analyser les archives oui
Analyser les bases de messagerie oui

Zone d'analyse Poste de travail
C:\
D:\

Statistiques d'analyse
Objets analysés 83130
Menaces trouvées 2
Objets infectés trouvés 6
Objets suspects trouvés 0
Durée d'analyse 03:18:33

Nom de fichier Menace Compteur de menaces
C:\Documents and Settings\All Users\Application Data\Boldnurbmp3flaw\Heck Bash.exe Infecté : not-a-virus:AdWare.Win32.Lop.bb 1

C:\Documents and Settings\All Users\Application Data\Boldnurbmp3flaw\DaleKind.exe Infecté : not-a-virus:AdWare.Win32.Lop.bb 1

C:\Documents and Settings\All Users\Application Data\Boldnurbmp3flaw\Once Remote.exe Infecté : not-a-virus:AdWare.Win32.Lop.bb 1

C:\Documents and Settings\All Users\Application Data\Boldnurbmp3flaw\LICENSE BLEH.exe Infecté : not-a-virus:AdWare.Win32.Lop.bb 1

C:\Documents and Settings\All Users\Application Data\Boldnurbmp3flaw\Logo list.exe Infecté : not-a-virus:AdWare.Win32.Lop.bb 1

C:\Program Files\Common Files\Companion Wizard\WapCHK.dll Infecté : not-a-virus:FraudTool.Win32.WinAntiVirus.2006 1

La zone sélectionnée a été analysée.

Nom de fichier Menace Compteur de menaces
C:\Documents and Settings\All Users\Application Data\Boldnurbmp3flaw\Heck Bash.exe Infecté : not-a-virus:AdWare.Win32.Lop.bb 1

C:\Documents and Settings\All Users\Application Data\Boldnurbmp3flaw\DaleKind.exe Infecté : not-a-virus:AdWare.Win32.Lop.bb 1

C:\Documents and Settings\All Users\Application Data\Boldnurbmp3flaw\Once Remote.exe Infecté : not-a-virus:AdWare.Win32.Lop.bb 1

C:\Documents and Settings\All Users\Application Data\Boldnurbmp3flaw\LICENSE BLEH.exe Infecté : not-a-virus:AdWare.Win32.Lop.bb 1

C:\Documents and Settings\All Users\Application Data\Boldnurbmp3flaw\Logo list.exe Infecté : not-a-virus:AdWare.Win32.Lop.bb 1

C:\Program Files\Common Files\Companion Wizard\WapCHK.dll Infecté : not-a-virus:FraudTool.Win32.WinAntiVirus.2006 1

La zone sélectionnée a été analysée.

pour tools cleaner, par contre j'ai du effacer le premier rapport quand je l'ai relancé une 2è fois,

je te mets le rapport de la 2 é fois,

[ Rapport ToolsCleaner version 2.3.9 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

---------------------------------
--> Suppression:

voila j'attends tes nouvelles quand tu rentres,

a plus

Réponse 18 / 23

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
31 juil. 2009 à 22:08

Salut :)

J'écris depuis un autre PC

J'ai besoin du rapport Malwarebyte's car c pas le bon ...

Fais moi ceci stp :

Double clic sur OTL.exe pour le lancer.

Copie la liste qui se trouve en gras ci-dessous, et colle-la dans la zone sous Customs Scans/Fixes

:processes
explorer.exe
:services
:reg

:files
C:\Documents and Settings\All Users\Application Data\Boldnurbmp3flaw\Heck Bash.exe
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
:commands
[emptytemp]
[start explorer]
[reboot]

Clique sur RunFix pour lancer la suppression.

Poste le rapport.

Ensuite :

Passe un coup Lop S&D comme éxpliqué : http://www.malekal.com/tutorial_Lop_SD.php

A+

francis76
6 août 2009 à 20:59

salut,

dsl, pas beaucoup de temps en ce moment pour l'ordi,

voila les infos sans erreur j'espère, !

Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2530
Windows 5.1.2600 Service Pack 3

30/07/2009 21:15:06
mbam-log-2009-07-30 (21-15-06).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 169619
Temps écoulé: 1 hour(s), 50 minute(s), 34 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

le rapport OTL:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Boldnurbmp3flaw\Heck Bash.exe moved successfully.
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll NOT unregistered.
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Francois
->Temp folder emptied: 79257468 bytes
->Temporary Internet Files folder emptied: 159699434 bytes
->Java cache emptied: 13553524 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 528808 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 241,35 mb

OTL by OldTimer - Version 3.0.10.3 log created on 08062009_194253

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

et le rapport lop SD recherche + suppression

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Francois ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 0.0.0.0 (Activated)
C:\ (Local Disk) - FAT32 - Total:26 Go (Free:9 Go)
D:\ (Local Disk) - FAT32 - Total:26 Go (Free:18 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 06/08/2009|20:40 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[15/10/2004|12:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[15/10/2004|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[09/10/2008|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[26/09/2006|16:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
[08/02/2009|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[05/01/2008|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
[14/12/2005|22:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Boldnurbmp3flaw
[31/12/2007|13:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
[27/10/2006|12:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[24/05/2009|16:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[09/07/2009|10:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[25/02/2009|18:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[15/10/2004|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[16/03/2007|20:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NtiDvdCopy
[01/05/2008|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[20/09/2005|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
[24/02/2006|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[21/01/2006|11:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[06/12/2005|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[28/01/2006|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[28/01/2006|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
[17/09/2005|23:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[26/10/2008|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[08/08/2006|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/02/2007|10:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[22/11/2007|23:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[15/10/2004|11:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[20/04/2009|18:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[15/10/2004|11:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[22/09/2005|12:33] C:\DOCUME~1\FRANCOIS\APPLIC~1\Adobe
[22/09/2005|12:38] C:\DOCUME~1\FRANCOIS\APPLIC~1\AdobeUM
[28/01/2006|12:20] C:\DOCUME~1\FRANCOIS\APPLIC~1\Arcsoft
[01/12/2006|16:07] C:\DOCUME~1\FRANCOIS\APPLIC~1\Azureus
[28/01/2006|12:18] C:\DOCUME~1\FRANCOIS\APPLIC~1\Canon
[31/12/2007|13:43] C:\DOCUME~1\FRANCOIS\APPLIC~1\Creative
[17/09/2005|23:57] C:\DOCUME~1\FRANCOIS\APPLIC~1\CyberLink
[06/01/2008|14:13] C:\DOCUME~1\FRANCOIS\APPLIC~1\dvdcss
[27/10/2006|12:32] C:\DOCUME~1\FRANCOIS\APPLIC~1\Google
[05/12/2005|14:34] C:\DOCUME~1\FRANCOIS\APPLIC~1\Help
[15/10/2004|12:05] C:\DOCUME~1\FRANCOIS\APPLIC~1\Identities
[28/01/2006|12:11] C:\DOCUME~1\FRANCOIS\APPLIC~1\InterTrust
[18/12/2005|20:49] C:\DOCUME~1\FRANCOIS\APPLIC~1\Lavasoft
[22/09/2005|11:25] C:\DOCUME~1\FRANCOIS\APPLIC~1\Macromedia
[09/07/2009|10:03] C:\DOCUME~1\FRANCOIS\APPLIC~1\Malwarebytes
[03/03/2006|16:28] C:\DOCUME~1\FRANCOIS\APPLIC~1\Media Player Classic
[15/10/2004|11:51] C:\DOCUME~1\FRANCOIS\APPLIC~1\Microsoft
[20/09/2005|18:41] C:\DOCUME~1\FRANCOIS\APPLIC~1\Microsoft Web Folders
[12/08/2008|18:37] C:\DOCUME~1\FRANCOIS\APPLIC~1\Mozilla
[06/01/2009|18:46] C:\DOCUME~1\FRANCOIS\APPLIC~1\MP-Manager
[17/03/2006|18:37] C:\DOCUME~1\FRANCOIS\APPLIC~1\MSNInstaller
[03/10/2006|11:28] C:\DOCUME~1\FRANCOIS\APPLIC~1\programsite
[20/12/2007|17:27] C:\DOCUME~1\FRANCOIS\APPLIC~1\Real
[28/01/2006|12:14] C:\DOCUME~1\FRANCOIS\APPLIC~1\ScanSoft
[21/01/2006|11:50] C:\DOCUME~1\FRANCOIS\APPLIC~1\Skype
[13/03/2008|18:19] C:\DOCUME~1\FRANCOIS\APPLIC~1\skypePM
[14/12/2008|12:21] C:\DOCUME~1\FRANCOIS\APPLIC~1\Smart Panel
[05/01/2008|11:16] C:\DOCUME~1\FRANCOIS\APPLIC~1\Sony Corporation
[01/12/2006|16:05] C:\DOCUME~1\FRANCOIS\APPLIC~1\Sun
[17/09/2005|23:52] C:\DOCUME~1\FRANCOIS\APPLIC~1\Symantec
[02/06/2008|21:29] C:\DOCUME~1\FRANCOIS\APPLIC~1\TaoUSign
[14/06/2008|18:53] C:\DOCUME~1\FRANCOIS\APPLIC~1\U3
[20/12/2007|08:00] C:\DOCUME~1\FRANCOIS\APPLIC~1\vlc
[07/07/2009|19:40] C:\DOCUME~1\FRANCOIS\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[11/06/2009 10:00][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[06/08/2009 19:45][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[17/09/2005|23:39] C:\Program Files\acer
[06/07/2005|20:04] C:\Program Files\Acer Inc
[06/07/2005|20:03] C:\Program Files\Adobe
[26/09/2006|16:43] C:\Program Files\AntiVir PersonalEdition Classic
[17/09/2005|23:38] C:\Program Files\Arcade
[28/01/2006|12:11] C:\Program Files\ArcSoft
[06/01/2006|18:58] C:\Program Files\Canon
[21/10/2007|12:18] C:\Program Files\Coeur
[27/03/2006|09:33] C:\Program Files\Common Files
[15/10/2004|11:58] C:\Program Files\ComPlus Applications
[06/07/2005|19:59] C:\Program Files\CONEXANT
[31/12/2007|13:35] C:\Program Files\Creative
[06/07/2005|20:03] C:\Program Files\CyberLink
[07/12/2005|20:20] C:\Program Files\directx
[09/07/2007|21:49] C:\Program Files\epson
[15/10/2004|11:52] C:\Program Files\Fichiers communs
[05/01/2008|11:59] C:\Program Files\FlashDiskManager
[28/09/2007|22:37] C:\Program Files\Free
[27/10/2006|12:31] C:\Program Files\Google
[06/07/2005|19:50] C:\Program Files\InstallShield Installation Information
[06/07/2005|19:51] C:\Program Files\Intel
[15/10/2004|11:58] C:\Program Files\Internet Explorer
[05/01/2008|11:25] C:\Program Files\IVT Corporation
[01/12/2006|16:01] C:\Program Files\Java
[29/01/2006|11:21] C:\Program Files\Kerio
[03/03/2006|21:45] C:\Program Files\K-Lite Codec Pack
[06/07/2005|20:00] C:\Program Files\Launch Manager
[24/05/2009|16:09] C:\Program Files\Lavasoft
[19/11/2006|12:14] C:\Program Files\Logitech
[09/07/2009|10:02] C:\Program Files\Malwarebytes' Anti-Malware
[15/10/2004|11:57] C:\Program Files\Messenger
[22/03/2009|15:40] C:\Program Files\Microsoft
[13/05/2007|03:03] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[15/10/2004|12:01] C:\Program Files\microsoft frontpage
[17/09/2005|23:42] C:\Program Files\Microsoft Office
[25/09/2005|12:53] C:\Program Files\Microsoft R‚f‚rence
[22/03/2009|15:48] C:\Program Files\Microsoft Silverlight
[22/11/2007|23:34] C:\Program Files\Microsoft SQL Server Compact Edition
[22/03/2009|15:43] C:\Program Files\Microsoft Sync Framework
[20/09/2005|18:46] C:\Program Files\Microsoft Visual Studio
[17/09/2005|23:42] C:\Program Files\Microsoft Works
[15/10/2004|11:58] C:\Program Files\Movie Maker
[12/08/2008|18:37] C:\Program Files\Mozilla Firefox
[15/10/2004|11:57] C:\Program Files\MSN
[15/10/2004|11:57] C:\Program Files\MSN Gaming Zone
[15/11/2006|03:01] C:\Program Files\MSXML 4.0
[15/10/2004|11:58] C:\Program Files\NetMeeting
[06/07/2005|20:01] C:\Program Files\NewTech Infosystems
[15/10/2004|11:57] C:\Program Files\Online Services
[26/12/2008|15:42] C:\Program Files\OrangeHSS
[15/10/2004|11:58] C:\Program Files\Outlook Express
[01/05/2008|20:44] C:\Program Files\QuickTime
[06/01/2007|10:48] C:\Program Files\Real
[03/12/2006|12:15] C:\Program Files\Samsung
[28/01/2006|12:13] C:\Program Files\ScanSoft
[26/12/2008|15:43] C:\Program Files\Securitoo
[15/10/2004|11:59] C:\Program Files\Services en ligne
[24/10/2007|21:14] C:\Program Files\Skype
[26/10/2008|11:57] C:\Program Files\Smart Panel
[20/09/2005|18:43] C:\Program Files\Snapshot Viewer
[05/01/2008|11:08] C:\Program Files\Sony
[06/12/2005|16:58] C:\Program Files\Spybot - Search & Destroy
[06/07/2005|19:58] C:\Program Files\Synaptics
[25/05/2009|20:59] C:\Program Files\trend micro
[15/10/2004|12:05] C:\Program Files\Uninstall Information
[01/04/2006|15:41] C:\Program Files\VirtualDJ
[08/02/2009|18:58] C:\Program Files\Vuze
[10/08/2007|22:11] C:\Program Files\Windows Live
[22/03/2009|15:40] C:\Program Files\Windows Live SkyDrive
[05/05/2007|20:00] C:\Program Files\Windows Media Connect 2
[15/10/2004|11:57] C:\Program Files\Windows Media Player
[15/10/2004|11:57] C:\Program Files\Windows NT
[15/10/2004|11:59] C:\Program Files\WindowsUpdate
[19/10/2005|20:48] C:\Program Files\WinRAR
[15/10/2004|12:01] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[22/09/2005|12:33] C:\Program Files\Fichiers communs\Adobe
[09/10/2008|22:51] C:\Program Files\Fichiers communs\Adobe AIR
[20/09/2005|18:46] C:\Program Files\Fichiers communs\Designer
[26/12/2008|15:41] C:\Program Files\Fichiers communs\France Telecom
[08/02/2009|18:58] C:\Program Files\Fichiers communs\i4j_jres
[06/07/2005|19:50] C:\Program Files\Fichiers communs\InstallShield
[07/12/2005|20:17] C:\Program Files\Fichiers communs\Logitech
[15/10/2004|11:52] C:\Program Files\Fichiers communs\Microsoft Shared
[15/10/2004|11:58] C:\Program Files\Fichiers communs\MSSoap
[06/07/2005|20:02] C:\Program Files\Fichiers communs\muvee Technologies
[06/07/2005|20:01] C:\Program Files\Fichiers communs\NewTech Infosystems
[15/10/2004|11:52] C:\Program Files\Fichiers communs\ODBC
[06/01/2007|10:48] C:\Program Files\Fichiers communs\Real
[28/01/2006|12:14] C:\Program Files\Fichiers communs\ScanSoft Shared
[15/10/2004|11:58] C:\Program Files\Fichiers communs\Services
[13/03/2008|18:18] C:\Program Files\Fichiers communs\Skype
[15/10/2004|11:52] C:\Program Files\Fichiers communs\SpeechEngines
[17/09/2005|23:52] C:\Program Files\Fichiers communs\Symantec Shared
[15/10/2004|11:58] C:\Program Files\Fichiers communs\System
[22/03/2009|15:34] C:\Program Files\Fichiers communs\Windows Live
[22/11/2007|23:30] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 54 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 20:43:14
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:3][D:3]-> C:\DOCUME~1\Francois\LOCALS~1\Temp
[F:52][D:0]-> C:\DOCUME~1\Francois\Cookies
[F:125][D:4]-> C:\DOCUME~1\Francois\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 06/08/2009|20:35 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 06/08/2009|20:43 - Option : [2]

--------------------\\ Fin du rapport a 20:43:42

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Francois ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 0.0.0.0 (Activated)
C:\ (Local Disk) - FAT32 - Total:26 Go (Free:9 Go)
D:\ (Local Disk) - FAT32 - Total:26 Go (Free:18 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 06/08/2009|20:40 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[15/10/2004|12:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[15/10/2004|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[09/10/2008|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[26/09/2006|16:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
[08/02/2009|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[05/01/2008|11:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
[14/12/2005|22:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Boldnurbmp3flaw
[31/12/2007|13:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
[27/10/2006|12:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[24/05/2009|16:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[09/07/2009|10:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[25/02/2009|18:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[15/10/2004|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[16/03/2007|20:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NtiDvdCopy
[01/05/2008|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[20/09/2005|18:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
[24/02/2006|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[21/01/2006|11:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[06/12/2005|16:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[28/01/2006|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[28/01/2006|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
[17/09/2005|23:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[26/10/2008|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[08/08/2006|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/02/2007|10:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[22/11/2007|23:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[15/10/2004|11:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[20/04/2009|18:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[15/10/2004|11:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[22/09/2005|12:33] C:\DOCUME~1\FRANCOIS\APPLIC~1\Adobe
[22/09/2005|12:38] C:\DOCUME~1\FRANCOIS\APPLIC~1\AdobeUM
[28/01/2006|12:20] C:\DOCUME~1\FRANCOIS\APPLIC~1\Arcsoft
[01/12/2006|16:07] C:\DOCUME~1\FRANCOIS\APPLIC~1\Azureus
[28/01/2006|12:18] C:\DOCUME~1\FRANCOIS\APPLIC~1\Canon
[31/12/2007|13:43] C:\DOCUME~1\FRANCOIS\APPLIC~1\Creative
[17/09/2005|23:57] C:\DOCUME~1\FRANCOIS\APPLIC~1\CyberLink
[06/01/2008|14:13] C:\DOCUME~1\FRANCOIS\APPLIC~1\dvdcss
[27/10/2006|12:32] C:\DOCUME~1\FRANCOIS\APPLIC~1\Google
[05/12/2005|14:34] C:\DOCUME~1\FRANCOIS\APPLIC~1\Help
[15/10/2004|12:05] C:\DOCUME~1\FRANCOIS\APPLIC~1\Identities
[28/01/2006|12:11] C:\DOCUME~1\FRANCOIS\APPLIC~1\InterTrust
[18/12/2005|20:49] C:\DOCUME~1\FRANCOIS\APPLIC~1\Lavasoft
[22/09/2005|11:25] C:\DOCUME~1\FRANCOIS\APPLIC~1\Macromedia
[09/07/2009|10:03] C:\DOCUME~1\FRANCOIS\APPLIC~1\Malwarebytes
[03/03/2006|16:28] C:\DOCUME~1\FRANCOIS\APPLIC~1\Media Player Classic
[15/10/2004|11:51] C:\DOCUME~1\FRANCOIS\APPLIC~1\Microsoft
[20/09/2005|18:41] C:\DOCUME~1\FRANCOIS\APPLIC~1\Microsoft Web Folders
[12/08/2008|18:37] C:\DOCUME~1\FRANCOIS\APPLIC~1\Mozilla
[06/01/2009|18:46] C:\DOCUME~1\FRANCOIS\APPLIC~1\MP-Manager
[17/03/2006|18:37] C:\DOCUME~1\FRANCOIS\APPLIC~1\MSNInstaller
[03/10/2006|11:28] C:\DOCUME~1\FRANCOIS\APPLIC~1\programsite
[20/12/2007|17:27] C:\DOCUME~1\FRANCOIS\APPLIC~1\Real
[28/01/2006|12:14] C:\DOCUME~1\FRANCOIS\APPLIC~1\ScanSoft
[21/01/2006|11:50] C:\DOCUME~1\FRANCOIS\APPLIC~1\Skype
[13/03/2008|18:19] C:\DOCUME~1\FRANCOIS\APPLIC~1\skypePM
[14/12/2008|12:21] C:\DOCUME~1\FRANCOIS\APPLIC~1\Smart Panel
[05/01/2008|11:16] C:\DOCUME~1\FRANCOIS\APPLIC~1\Sony Corporation
[01/12/2006|16:05] C:\DOCUME~1\FRANCOIS\APPLIC~1\Sun
[17/09/2005|23:52] C:\DOCUME~1\FRANCOIS\APPLIC~1\Symantec
[02/06/2008|21:29] C:\DOCUME~1\FRANCOIS\APPLIC~1\TaoUSign
[14/06/2008|18:53] C:\DOCUME~1\FRANCOIS\APPLIC~1\U3
[20/12/2007|08:00] C:\DOCUME~1\FRANCOIS\APPLIC~1\vlc
[07/07/2009|19:40] C:\DOCUME~1\FRANCOIS\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[11/06/2009 10:00][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[06/08/2009 19:45][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[17/09/2005|23:39] C:\Program Files\acer
[06/07/2005|20:04] C:\Program Files\Acer Inc
[06/07/2005|20:03] C:\Program Files\Adobe
[26/09/2006|16:43] C:\Program Files\AntiVir PersonalEdition Classic
[17/09/2005|23:38] C:\Program Files\Arcade
[28/01/2006|12:11] C:\Program Files\ArcSoft
[06/01/2006|18:58] C:\Program Files\Canon
[21/10/2007|12:18] C:\Program Files\Coeur
[27/03/2006|09:33] C:\Program Files\Common Files
[15/10/2004|11:58] C:\Program Files\ComPlus Applications
[06/07/2005|19:59] C:\Program Files\CONEXANT
[31/12/2007|13:35] C:\Program Files\Creative
[06/07/2005|20:03] C:\Program Files\CyberLink
[07/12/2005|20:20] C:\Program Files\directx
[09/07/2007|21:49] C:\Program Files\epson
[15/10/2004|11:52] C:\Program Files\Fichiers communs
[05/01/2008|11:59] C:\Program Files\FlashDiskManager
[28/09/2007|22:37] C:\Program Files\Free
[27/10/2006|12:31] C:\Program Files\Google
[06/07/2005|19:50] C:\Program Files\InstallShield Installation Information
[06/07/2005|19:51] C:\Program Files\Intel
[15/10/2004|11:58] C:\Program Files\Internet Explorer
[05/01/2008|11:25] C:\Program Files\IVT Corporation
[01/12/2006|16:01] C:\Program Files\Java
[29/01/2006|11:21] C:\Program Files\Kerio
[03/03/2006|21:45] C:\Program Files\K-Lite Codec Pack
[06/07/2005|20:00] C:\Program Files\Launch Manager
[24/05/2009|16:09] C:\Program Files\Lavasoft
[19/11/2006|12:14] C:\Program Files\Logitech
[09/07/2009|10:02] C:\Program Files\Malwarebytes' Anti-Malware
[15/10/2004|11:57] C:\Program Files\Messenger
[22/03/2009|15:40] C:\Program Files\Microsoft
[13/05/2007|03:03] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[15/10/2004|12:01] C:\Program Files\microsoft frontpage
[17/09/2005|23:42] C:\Program Files\Microsoft Office
[25/09/2005|12:53] C:\Program Files\Microsoft R‚f‚rence
[22/03/2009|15:48] C:\Program Files\Microsoft Silverlight
[22/11/2007|23:34] C:\Program Files\Microsoft SQL Server Compact Edition
[22/03/2009|15:43] C:\Program Files\Microsoft Sync Framework
[20/09/2005|18:46] C:\Program Files\Microsoft Visual Studio
[17/09/2005|23:42] C:\Program Files\Microsoft Works
[15/10/2004|11:58] C:\Program Files\Movie Maker
[12/08/2008|18:37] C:\Program Files\Mozilla Firefox
[15/10/2004|11:57] C:\Program Files\MSN
[15/10/2004|11:57] C:\Program Files\MSN Gaming Zone
[15/11/2006|03:01] C:\Program Files\MSXML 4.0
[15/10/2004|11:58] C:\Program Files\NetMeeting
[06/07/2005|20:01] C:\Program Files\NewTech Infosystems
[15/10/2004|11:57] C:\Program Files\Online Services
[26/12/2008|15:42] C:\Program Files\OrangeHSS
[15/10/2004|11:58] C:\Program Files\Outlook Express
[01/05/2008|20:44] C:\Program Files\QuickTime
[06/01/2007|10:48] C:\Program Files\Real
[03/12/2006|12:15] C:\Program Files\Samsung
[28/01/2006|12:13] C:\Program Files\ScanSoft
[26/12/2008|15:43] C:\Program Files\Securitoo
[15/10/2004|11:59] C:\Program Files\Services en ligne
[24/10/2007|21:14] C:\Program Files\Skype
[26/10/2008|11:57] C:\Program Files\Smart Panel
[20/09/2005|18:43] C:\Program Files\Snapshot Viewer
[05/01/2008|11:08] C:\Program Files\Sony
[06/12/2005|16:58] C:\Program Files\Spybot - Search & Destroy
[06/07/2005|19:58] C:\Program Files\Synaptics
[25/05/2009|20:59] C:\Program Files\trend micro
[15/10/2004|12:05] C:\Program Files\Uninstall Information
[01/04/2006|15:41] C:\Program Files\VirtualDJ
[08/02/2009|18:58] C:\Program Files\Vuze
[10/08/2007|22:11] C:\Program Files\Windows Live
[22/03/2009|15:40] C:\Program Files\Windows Live SkyDrive
[05/05/2007|20:00] C:\Program Files\Windows Media Connect 2
[15/10/2004|11:57] C:\Program Files\Windows Media Player
[15/10/2004|11:57] C:\Program Files\Windows NT
[15/10/2004|11:59] C:\Program Files\WindowsUpdate
[19/10/2005|20:48] C:\Program Files\WinRAR
[15/10/2004|12:01] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[22/09/2005|12:33] C:\Program Files\Fichiers communs\Adobe
[09/10/2008|22:51] C:\Program Files\Fichiers communs\Adobe AIR
[20/09/2005|18:46] C:\Program Files\Fichiers communs\Designer
[26/12/2008|15:41] C:\Program Files\Fichiers communs\France Telecom
[08/02/2009|18:58] C:\Program Files\Fichiers communs\i4j_jres
[06/07/2005|19:50] C:\Program Files\Fichiers communs\InstallShield
[07/12/2005|20:17] C:\Program Files\Fichiers communs\Logitech
[15/10/2004|11:52] C:\Program Files\Fichiers communs\Microsoft Shared
[15/10/2004|11:58] C:\Program Files\Fichiers communs\MSSoap
[06/07/2005|20:02] C:\Program Files\Fichiers communs\muvee Technologies
[06/07/2005|20:01] C:\Program Files\Fichiers communs\NewTech Infosystems
[15/10/2004|11:52] C:\Program Files\Fichiers communs\ODBC
[06/01/2007|10:48] C:\Program Files\Fichiers communs\Real
[28/01/2006|12:14] C:\Program Files\Fichiers communs\ScanSoft Shared
[15/10/2004|11:58] C:\Program Files\Fichiers communs\Services
[13/03/2008|18:18] C:\Program Files\Fichiers communs\Skype
[15/10/2004|11:52] C:\Program Files\Fichiers communs\SpeechEngines
[17/09/2005|23:52] C:\Program Files\Fichiers communs\Symantec Shared
[15/10/2004|11:58] C:\Program Files\Fichiers communs\System
[22/03/2009|15:34] C:\Program Files\Fichiers communs\Windows Live
[22/11/2007|23:30] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 54 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 20:43:14
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:3][D:3]-> C:\DOCUME~1\Francois\LOCALS~1\Temp
[F:52][D:0]-> C:\DOCUME~1\Francois\Cookies
[F:125][D:4]-> C:\DOCUME~1\Francois\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 06/08/2009|20:35 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 06/08/2009|20:43 - Option : [2]

--------------------\\ Fin du rapport a 20:43:42

j'espère que tu as tout,

a +

Réponse 19 / 23

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
12 août 2009 à 11:17

Hello.

de retour :)

Tu as une nfection lop ...

Double clic sur OTL.exe pour le lancer.

Copie la liste qui se trouve en gras ci-dessous, et colle-la dans la zone sous Customs Scans/Fixes

:processes
explorer.exe

:files
C:\Documents and Settings\All Users\Application Data\Boldnurbmp3flaw
:commands
[emptytemp]
[start explorer]
[reboot]

Clique sur RunFix pour lancer la suppression.

Poste le rapport.

==========

Refais un coup de nettoyage avec CCleaner (registre compris)

==========

Comment va ton PC ? Du mieux ?

==========

A+

=)

francis76
12 août 2009 à 20:02

salut,

c'est quoi une infection lop

voila pour le rapport,

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Boldnurbmp3flaw moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Francois
->Temp folder emptied: 62408 bytes
->Temporary Internet Files folder emptied: 14943925 bytes
->Java cache emptied: 13425503 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 17570586 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 43,97 mb

OTL by OldTimer - Version 3.0.10.3 log created on 08122009_194201

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

sinon l'ordi, c'est pas tellement mieux, toujours très long à démarrer et après ça va mieux,

par contre je ne dois pas avoir le CCleaner,

a plus

Réponse 20 / 23

fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 158
16 août 2009 à 11:20

Salut ,

Je suis vraiment désolé , je t'ai malheureusement oublié parmi les autres >_<"

Bref encore DESOLE .

Refais OTL en cochant les deux cases , et upload le rapport sur cijoint puis colle le lien obtenu par cijoint ... regarde le poste pour OTL. ( https://forums.commentcamarche.net/forum/affich-12598993-ordi-qui-rame#32 )

@++

francis76
22 août 2009 à 16:58

dsl mais pas beaucoup de temps,

voila le rapport que tu m'as demandé:

http://www.cijoint.fr/cjlink.php?file=cj200908/cijMH6RLq6.txt

j'espére que j'ai réussi,

encore combien de temps ça peut prendre ces ralentissements

a plus

Ordi qui rame

23 réponses

Discussions similaires

Newsletters