Votre question

Cheval de troie (&) virus. [ RESOLU ]

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
5 Juillet 2008 01:33:03

Bien le bonjour à tout le monde!
Voila je viens de détecter un cheval de troie avec Avast. J'ai donc suivis votre tuto qu'est excellent sur l'utilisation de HijackThis, voila mon log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:53:23, on 05/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Messenger\msmsgs.exe
C:\program files\steam\steam.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\LimeWire Music\LimeWire Music.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\Program Files\Fichiers communs\PCSuite\Services\NclBTHandler.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MobiNearCast] "C:\Program Files\MobiNearCast\MobiNearCast.exe" -min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: winmmt32 - winmmt32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 13374 bytes

Avant d'attraper ce cheval de troie, mon PC redemmarait de temps en temps, est-ce un virus ? Avast ne détecte qu'une infection.
PS: je ne m'y connais que très peu en informatique.. sniff
En espérant une réponse à mon problème, je vous souhaite une bonne nuit =)

Autres pages sur : cheval troie amp virus resolu

a b 8 Sécurité
5 Juillet 2008 15:00:22

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    7 Juillet 2008 03:12:42

    Merci beaucoup pour votre aide mais j'ai supprimer quelques fichiers qui me semblais "louche" et avast ne détecte plus d'infection =) .. en espérant que ce n'est aps une feinte, encore merci.
    Contenus similaires
    a b 8 Sécurité
    7 Juillet 2008 13:48:14

    Et le rapport ?
    8 Juillet 2008 18:49:27

    Rebonjour, le rapport indique qu'il y a 4 infections ...(dommage Avast n'a rien trouvé sniff).
    Donc voilà le rapport :

    Malwarebytes' Anti-Malware 1.20
    Version de la base de données: 931
    Windows 5.1.2600 Service Pack 2

    18:06:47 08/07/2008
    mbam-log-7-8-2008 (18-06-47).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 178000
    Temps écoulé: 1 hour(s), 48 minute(s), 35 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 4
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PSRV (Trojan.Agent) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Program Files\Conduit\Community Alerts\Alert.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Motorola Phone Tools\MPT_TEST_Info.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\webGobbler\webGobbler.scr (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\webGobbler.scr (Trojan.Agent) -> Quarantined and deleted successfully.

    (j'espère que je ne me suis pas trompé en choisissant ma sesion au lieu de Administrateur lors du redemmarage sans échec )
    En tout cas encore merci..
    a b 8 Sécurité
    8 Juillet 2008 19:08:23

    Cela ne change rien ;)  Reposte un rapport Hijackthis.
    9 Juillet 2008 01:14:31

    Voilà chef, un autre rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:12:53, on 09/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\program files\steam\steam.exe
    C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Last.fm\LastFM.exe
    C:\Program Files\Fichiers communs\PCSuite\Services\NclBTHandler.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
    O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
    O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
    O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MobiNearCast] "C:\Program Files\MobiNearCast\MobiNearCast.exe" -min
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.sony-europe.com
    O15 - Trusted Zone: *.sonystyle-europe.com
    O15 - Trusted Zone: *.vaio-link.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

    --
    End of file - 12958 bytes
    a b 8 Sécurité
    9 Juillet 2008 13:00:27

    Re,

    Télécharge Toolbar-S&D ([#ff0000]Team IDN[/#ff]) sur ton Bureau.

  • Lance l'installation du programme en exécutant le fichier téléchargé.
  • Double-clique maintenant sur le raccourci de Toolbar-S&D.
  • Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  • Poste le rapport généré. (C:\TB.txt)
    9 Juillet 2008 15:04:21

    Voilà le rapport :


    -----------\\ ToolBar S&D 1.0.3 XP/Vista

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : Henri ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
    [ 09/07/2008 | 15:03:21,53 ] [ PC : NOM-C90I4T4C9F0 ]
    [ MAJ : 08-07-2008 | 22:24 ]

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\Crawler
    C:\Program Files\Crawler\adrkeys.dat
    C:\Program Files\Crawler\Cache
    C:\Program Files\Crawler\COMMON_FF.dat
    C:\Program Files\Crawler\confirm.dat
    C:\Program Files\Crawler\ctbcomm.dll
    C:\Program Files\Crawler\ctbr.dll
    C:\Program Files\Crawler\CTConf.dat
    C:\Program Files\Crawler\CTipsDef.dll
    C:\Program Files\Crawler\CToolbar.exe
    C:\Program Files\Crawler\CUpdate.exe
    C:\Program Files\Crawler\Download
    C:\Program Files\Crawler\firefox
    C:\Program Files\Crawler\Languages
    C:\Program Files\Crawler\lookfor.dat
    C:\Program Files\Crawler\majorse.dat
    C:\Program Files\Crawler\rootmenu.dat
    C:\Program Files\Crawler\services.dat
    C:\Program Files\Crawler\TBR5LanguageAct
    C:\Program Files\Crawler\TempDir
    C:\Program Files\Crawler\Update
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Crawler Toolbar
    C:\Program Files\P2P_Energy
    C:\Program Files\P2P_Energy\INSTALL.LOG
    C:\Program Files\P2P_Energy\tbP2P0.dll
    C:\Program Files\P2P_Energy\tbP2P1.dll
    C:\Program Files\P2P_Energy\tbP2P_.dll
    C:\Program Files\P2P_Energy\toolbar.cfg
    C:\Program Files\P2P_Energy\UNWISE.EXE
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\1
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\1px_dark.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\1px_green.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\1px_white.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\a.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\amazon.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\an.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\arrow.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\arrowB.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\arrowT.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\arrow_down.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\arrow_red.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\arrow_red2.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\arrow_up.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\autofill.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\b.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\bgmeteo_results.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\bg_pub.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\bg_ttl.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\bn.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\bottom.png
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\bottom_left.png
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\bottom_right.png
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\btn_close.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\btn_minus.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\btn_moreforecast.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\c.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\CAlogo.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\canalblog.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\cn.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\d.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\dictionary2.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\dn.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\downfile
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\Download
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\DownloadCOM.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\dropdown.css
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\email_b.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\equalizer_loading.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\equalizer_off.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\equalizer_on.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\ErrorLog.txt
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\ErrorPageTemplate_search.css
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\f.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\fn.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\g.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\gaming.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\gn.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred0.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred0_5.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred1.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred1_5.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred2.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred2_5.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred3.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred3_5.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred4.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred4_5.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred5.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\help.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\hideremove.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\highlight.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\hn.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_aquarius.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_aries.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_cancer.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_capricorn.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_gemini.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_leo.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_libra.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_pisces.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_sagittarius.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_scorpio.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_taurus.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_virgo.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\i.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\IEtab1_8.zip
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\images01.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\in.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\j.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\jn.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\k.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\kn.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\l.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\left.png
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\ln.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\loading.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\logo.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\logo_facebook.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\minus.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\minus_on.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\music2.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\n.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\New York_NY_weather.txt
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\New York_NY_weather.txt262867046
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\NewCfg
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\news.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\news.html
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\newsb.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\nn.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\o.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\on.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\p.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\pixsy.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\play.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\play_on.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\plus.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\plus_on.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\pn.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\popup_off.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\popup_on.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\popup_ona.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\p_yahoo.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\q.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\qn.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\r.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\relatedlinks.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\report.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\right.png
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\rn.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\rss.xsl
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\rss1.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\rsslib.js
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\rssmenu1_7a.zip
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\s.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\search.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\search.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\search_fr.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\settings.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\shop2.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\sinfo.txt
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\sinfo.txt255655468
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\siteinfo.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\slider.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\sn.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\spacer.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\stars-red1.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\stars-red2.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\stars-red3.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\stars-red4.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\stars-red5.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\stop.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\stop_on.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\t.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\tabdata.js
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\tabdataV3.js
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\tablib.js
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\tabwelcome_en.html
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\tabwelcome_fr.html
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\tab_icon.png
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\technorati.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\Thumbs.db
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\tn.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\tools.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\top.png
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\top_left.png
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\top_right.png
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\translate.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\u.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\un.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\utf8.js
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\v.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\vmlib.js
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\vmntoolbartb1501.cfg
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\vn.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\w.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\web_fr.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\wikipedia.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\wn.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\x.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\xp_close_small.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\yahoo_search.gif
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\YouTube.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\z.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\zn.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\zoom.bmp
    C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\__slider.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\---Yahoo.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\0
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\01net.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\a.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\amazon.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\an.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\arrow.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\arrowB.gif
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\arrowT.gif
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\arrow_down.gif
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\arrow_up.gif
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\autofill.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\avstate.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\b.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\bg_pub.gif
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\bg_ttl.gif
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\bn.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\bottom.png
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\bottom_left.png
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\bottom_right.png
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\c.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\CAlogo.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\canalblog.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\cn.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\d.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\dictionary2.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\dn.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\downfile
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\DownloadCOM.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\dropdown.css
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\email_b.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\equalizer_loading.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\equalizer_off.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\equalizer_on.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\ErrorLog.txt
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\ErrorPageTemplate_search.css
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\f.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_argentine.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_australia.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_brazil.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_canada.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_china.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_france.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_germany.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_greece.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_hongkong.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_india.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_indonesia.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_italy.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_japan.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_korea.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_mexico.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_netherlands.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_spain.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_sweeden.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_taiwan.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_uk.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_usa.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\fn.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\g.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\gaming.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\gn.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\gograph.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred0.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred0_5.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred1.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred1_5.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred2.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred2_5.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred3.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred3_5.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred4.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred4_5.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred5.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\help.gif
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\hideremove.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\highlight.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\hn.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\hororank.xml
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_aquarius.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_aries.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_cancer.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_capricorn.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_gemini.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_leo.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_libra.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_pisces.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_sagittarius.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_scorpio.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_taurus.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_virgo.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\i.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\IEtab1_7b.zip
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\IEtab1_8.zip
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\images01.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\in.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\ipsearch.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\j.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\jn.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\k.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\kn.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\l.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\left.png
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\ln.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\loading.gif
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\login.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\logo.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\logo_facebook.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\minus.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\minus_on.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\music2.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\n.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\new02.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\NewCfg
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\news.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\news.html
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\newsb.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\nn.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\o.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\on.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\p.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\pestscanimg.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\pixsy.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\play.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\play_on.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\plus.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\plus_on.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\pn.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\popup_off.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\popup_on.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\popup_ona.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\p_yahoo.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\q.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\qn.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\r.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\relatedlinks.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\report.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\right.png
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\rn.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\rss.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\rss.xsl
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\rss1.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\rsslib.js
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\rssmenu1_6a.zip
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\rssmenu1_7a.zip
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\s.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\search.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\search.gif
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\search_fr.gif
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\security.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\settings.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\shop2.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\sinfo.txt
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\siteinfo.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\slider.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\sn.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\spacer.gif
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\stars-red1.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\stars-red2.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\stars-red3.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\stars-red4.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\stars-red5.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\stop.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\stop_on.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\storage.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\t.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\tabdata.js
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\tablib.js
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\tabwelcome_en.html
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\tabwelcome_fr.html
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\tab_icon.png
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\technorati.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\thes_search.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\tn.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\tools.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\top.png
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\top_left.png
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\top_right.png
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\translate.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\u.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\un.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\utf8.js
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\v.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\vmlib.js
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\vmntoolbartb0500.cfg
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\vmntoolbartb0501.cfg
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\vn.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\w.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\web.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\web_en.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\wikipedia.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\wn.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\x.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\xp_close_small.gif
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\Yahoo.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\yahoo_search.gif
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\YouTube.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\z.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\zn.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\zoom.bmp
    C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\__slider.bmp
    C:\Program Files\VMNToolbar
    C:\Program Files\VMNToolbar\install.ico
    C:\Program Files\VMNToolbar\tbuninstall.exe
    C:\Program Files\VMNToolbar\toolbar.ini
    C:\Program Files\VMNToolbar\uninstall.exe
    C:\Program Files\VMNToolbar\vmntoolbar.dll
    C:\WINDOWS\iun6002.exe

    -----------\\ [HKCU\..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Bar"="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk..."


    -----------\\ Fin du rapport a 15:03:47,87
    a b 8 Sécurité
    9 Juillet 2008 15:08:18

    Re,

    Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
    [#ff0000]! Ne ferme pas la fenêtre lors de la suppression ! [/#f]
    Un rapport sera généré, poste son contenu ici.

    NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.
    9 Juillet 2008 17:33:10

    Voilà mon rappot :


    -----------\\ ToolBar S&D 1.0.3 XP/Vista

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : Henri ] [ "C:\Toolbar SD" ] [ Selection : 2 ]
    [ 09/07/2008 | 17:17:17,67 ] [ PC : NOM-C90I4T4C9F0 ]
    [ MAJ : 08-07-2008 | 22:24 ]

    -----------\\ SUPPRESSION

    Supprime! - C:\Program Files\Crawler\adrkeys.dat
    Supprime! - C:\Program Files\Crawler\Cache
    Supprime! - C:\Program Files\Crawler\COMMON_FF.dat
    Supprime! - C:\Program Files\Crawler\confirm.dat
    Supprime! - C:\Program Files\Crawler\ctbcomm.dll
    Supprime! - C:\Program Files\Crawler\ctbr.dll
    Supprime! - C:\Program Files\Crawler\CTConf.dat
    Supprime! - C:\Program Files\Crawler\CTipsDef.dll
    Supprime! - C:\Program Files\Crawler\CToolbar.exe
    Supprime! - C:\Program Files\Crawler\CUpdate.exe
    Supprime! - C:\Program Files\Crawler\Download
    Supprime! - C:\Program Files\Crawler\firefox
    Supprime! - C:\Program Files\Crawler\Languages
    Supprime! - C:\Program Files\Crawler\lookfor.dat
    Supprime! - C:\Program Files\Crawler\majorse.dat
    Supprime! - C:\Program Files\Crawler\rootmenu.dat
    Supprime! - C:\Program Files\Crawler\services.dat
    Supprime! - C:\Program Files\Crawler\TBR5LanguageAct
    Supprime! - C:\Program Files\Crawler\TempDir
    Supprime! - C:\Program Files\Crawler\Update
    Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Crawler Toolbar
    Supprime! - C:\Program Files\P2P_Energy\INSTALL.LOG
    Supprime! - C:\Program Files\P2P_Energy\tbP2P0.dll
    Supprime! - C:\Program Files\P2P_Energy\tbP2P1.dll
    Supprime! - C:\Program Files\P2P_Energy\tbP2P_.dll
    Supprime! - C:\Program Files\P2P_Energy\toolbar.cfg
    Supprime! - C:\Program Files\P2P_Energy\UNWISE.EXE
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\1
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\1px_dark.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\1px_green.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\1px_white.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\a.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\amazon.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\an.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\arrow.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\arrowB.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\arrowT.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\arrow_down.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\arrow_red.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\arrow_red2.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\arrow_up.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\autofill.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\b.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\bgmeteo_results.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\bg_pub.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\bg_ttl.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\bn.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\bottom.png
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\bottom_left.png
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\bottom_right.png
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\btn_close.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\btn_minus.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\btn_moreforecast.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\c.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\CAlogo.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\canalblog.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\cn.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\d.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\dictionary2.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\dn.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\downfile
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\Download
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\DownloadCOM.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\dropdown.css
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\email_b.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\equalizer_loading.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\equalizer_off.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\equalizer_on.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\ErrorLog.txt
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\ErrorPageTemplate_search.css
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\f.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\fn.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\g.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\gaming.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\gn.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred0.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred0_5.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred1.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred1_5.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred2.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred2_5.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred3.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred3_5.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred4.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred4_5.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\graphred5.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\help.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\hideremove.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\highlight.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\hn.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_aquarius.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_aries.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_cancer.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_capricorn.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_gemini.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_leo.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_libra.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_pisces.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_sagittarius.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_scorpio.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_taurus.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\h_virgo.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\i.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\icotemp_placeholder.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\IEtab1_8.zip
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\images01.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\in.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\j.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\jn.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\k.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\kn.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\l.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\left.png
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\ln.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\loading.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\logo.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\logo_facebook.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\minus.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\minus_on.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\music2.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\n.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\New York_NY_weather.txt
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\New York_NY_weather.txt262867046
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\NewCfg
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\news.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\news.html
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\newsb.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\nn.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\o.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\on.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\p.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\pixsy.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\play.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\play_on.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\plus.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\plus_on.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\pn.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\popup_off.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\popup_on.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\popup_ona.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\p_yahoo.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\q.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\qn.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\r.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\relatedlinks.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\report.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\right.png
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\rn.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\rss.xsl
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\rss1.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\rsslib.js
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\rssmenu1_7a.zip
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\s.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\search.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\search.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\search_fr.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\settings.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\shop2.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\sinfo.txt
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\sinfo.txt255655468
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\siteinfo.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\slider.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\sn.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\spacer.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\stars-red1.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\stars-red2.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\stars-red3.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\stars-red4.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\stars-red5.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\stop.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\stop_on.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\t.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\tabdata.js
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\tabdataV3.js
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\tablib.js
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\tabwelcome_en.html
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\tabwelcome_fr.html
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\tab_icon.png
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\technorati.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\Thumbs.db
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\tn.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\tools.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\top.png
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\top_left.png
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\top_right.png
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\translate.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\u.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\un.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\utf8.js
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\v.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\vmlib.js
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\vmntoolbartb1501.cfg
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\vn.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\w.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\web_fr.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\wikipedia.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\wn.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\x.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\xp_close_small.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\yahoo_search.gif
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\YouTube.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\z.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\zn.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\zoom.bmp
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar\__slider.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\---Yahoo.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\0
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\01net.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\a.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\amazon.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\an.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\arrow.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\arrowB.gif
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\arrowT.gif
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\arrow_down.gif
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\arrow_up.gif
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\autofill.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\avstate.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\b.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\bg_pub.gif
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\bg_ttl.gif
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\bn.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\bottom.png
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\bottom_left.png
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\bottom_right.png
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\c.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\CAlogo.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\canalblog.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\cn.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\d.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\dictionary2.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\dn.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\downfile
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\DownloadCOM.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\dropdown.css
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\email_b.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\equalizer_loading.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\equalizer_off.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\equalizer_on.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\ErrorLog.txt
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\ErrorPageTemplate.css
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\ErrorPageTemplate_search.css
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\f.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_argentine.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_australia.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_brazil.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_canada.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_china.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_france.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_germany.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_greece.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_hongkong.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_india.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_indonesia.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_italy.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_japan.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_korea.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_mexico.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_netherlands.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_spain.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_sweeden.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_taiwan.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_uk.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\flag_usa.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\fn.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\g.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\gaming.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\gn.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\gograph.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred0.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred0_5.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred1.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred1_5.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred2.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred2_5.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred3.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred3_5.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred4.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred4_5.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\graphred5.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\help.gif
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\hideremove.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\highlight.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\hn.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\hororank.xml
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_aquarius.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_aries.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_cancer.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_capricorn.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_gemini.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_leo.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_libra.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_pisces.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_sagittarius.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_scorpio.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_taurus.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\h_virgo.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\i.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\IEtab1_7b.zip
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\IEtab1_8.zip
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\images01.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\in.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\ipsearch.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\j.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\jn.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\k.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\kn.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\l.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\left.png
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\ln.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\loading.gif
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\login.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\logo.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\logo_facebook.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\minus.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\minus_on.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\music2.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\n.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\New York_NY_weather.txt
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\new02.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\NewCfg
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\news.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\news.html
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\newsb.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\nn.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\o.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\on.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\p.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\pestscanimg.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\pixsy.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\play.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\play_on.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\plus.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\plus_on.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\pn.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\popup_off.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\popup_on.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\popup_ona.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\p_yahoo.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\p_yahoo_fr.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\q.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\qn.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\r.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\relatedlinks.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\report.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\right.png
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\rn.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\rss.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\rss.xsl
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\rss1.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\rsslib.js
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\rssmenu1_6a.zip
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\rssmenu1_7a.zip
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\s.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\search.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\search.gif
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\search_fr.gif
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\security.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\settings.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\shop2.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\sinfo.txt
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\siteinfo.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\slider.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\sn.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\spacer.gif
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\stars-red1.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\stars-red2.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\stars-red3.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\stars-red4.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\stars-red5.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\stop.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\stop_on.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\storage.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\t.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\tabdata.js
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\tablib.js
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\tabwelcome_en.html
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\tabwelcome_fr.html
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\tab_icon.png
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\technorati.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\thes_search.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\tn.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\tools.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\top.png
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\top_left.png
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\top_right.png
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\translate.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\u.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\un.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\utf8.js
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\v.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\vmlib.js
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\vmntoolbartb0500.cfg
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\vmntoolbartb0501.cfg
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\vn.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\w.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\web.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\web_en.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\wikipedia.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\wn.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\x.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\xp_close_small.gif
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\Yahoo.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\yahoo_search.gif
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\YouTube.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\z.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\zn.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\zoom.bmp
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar\__slider.bmp
    Supprime! - C:\Program Files\VMNToolbar\install.ico
    Supprime! - C:\Program Files\VMNToolbar\tbuninstall.exe
    Supprime! - C:\Program Files\VMNToolbar\toolbar.ini
    Supprime! - C:\Program Files\VMNToolbar\uninstall.exe
    Supprime! - C:\Program Files\VMNToolbar\vmntoolbar.dll
    Supprime! - C:\WINDOWS\iun6002.exe
    Supprime! - C:\Program Files\Crawler
    Supprime! - C:\Program Files\P2P_Energy
    Supprime! - C:\DOCUME~1\Henri\APPLIC~1\VMNToolbar
    Supprime! - C:\DOCUME~1\HOANGL~1\APPLIC~1\VMNToolbar
    Supprime! - C:\Program Files\VMNToolbar

    -----------\\ Recherche de Fichiers / Dossiers ...


    -----------\\ [HKCU\..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Bar"="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk..."


    -----------\\ Fin du rapport a 17:28:00,21

    Merci pour ces réponses rapides.
    a b 8 Sécurité
    9 Juillet 2008 17:34:55

    Reposte un rapport Hijackthis.
    10 Juillet 2008 00:35:46

    Voilà rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:35:06, on 10/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\Program Files\Last.fm\LastFM.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Fichiers communs\PCSuite\Services\NclBTHandler.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MobiNearCast] "C:\Program Files\MobiNearCast\MobiNearCast.exe" -min
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.sony-europe.com
    O15 - Trusted Zone: *.sonystyle-europe.com
    O15 - Trusted Zone: *.vaio-link.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

    --
    End of file - 11842 bytes
    10 Juillet 2008 02:11:25

    Bonsoir,

    Je reprends le sujet.

    Désinstalle via Ajout/Suppression de Programmes (si présents) :
  • Avast!

    Télécharge et exécute : http://www.avast.com/eng/avast-uninstall-utility.html

    Télécharge Ccleaner sur ton Bureau.

  • Clique sur download the latest version.
  • Installe-le en laissant seulement les options suivantes cochées :
    - Ajouter un raccourci sur le Bureau.
    - Contrôler automatiquement les mises à jour de CCleaner.
  • Lance le Nettoyage.
  • Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

    Aide : Comment utiliser CCleaner.

    ***************

    Télécharge AntiVir sur ton Bureau.

  • Double clique sur l'exécutable téléchargé pour lancer l'installation.
  • A la fin de l'installation, clique sur Finish.
  • Ouvre Antivir, assure-toi qu’il soit bien à jour !
  • Dans l'onglet Local Protection, choisis Scanner.
  • Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
  • Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
  • Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..

    Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.

    Pourquoi changer ? Avast vs Antivir.

    Aide : Comment installer et utiliser AntiVir.
    10 Juillet 2008 18:15:29

    Re_bonjour, voilà j'ai essayé de suivre les étapes mais je butte sur celle-ci :
    "Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur"
    Est-ce bien celle ou il y a marqué Active Processe ?
    Si c'est le cas j'ai fais clic droit et start scan.
    Et donc voilà mon rapport :


    Avira AntiVir Personal
    Report file date: jeudi 10 juillet 2008 17:50

    Scanning for 1411247 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Save mode
    Username: Henri
    Computer name: NOM-C90I4T4C9F0

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 15:02:23
    ANTIVIR2.VDF : 7.0.5.86 547840 Bytes 09/07/2008 15:02:30
    ANTIVIR3.VDF : 7.0.5.95 147968 Bytes 10/07/2008 15:02:32
    Engineversion : 8.1.0.64
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.46 283002 Bytes 10/07/2008 15:02:57
    AESCN.DLL : 8.1.0.22 119157 Bytes 10/07/2008 15:02:55
    AERDL.DLL : 8.1.0.20 418165 Bytes 10/07/2008 15:02:54
    AEPACK.DLL : 8.1.1.6 364918 Bytes 10/07/2008 15:02:51
    AEOFFICE.DLL : 8.1.0.20 192891 Bytes 10/07/2008 15:02:48
    AEHEUR.DLL : 8.1.0.35 1298806 Bytes 10/07/2008 15:02:46
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 15:02:39
    AEGEN.DLL : 8.1.0.29 307573 Bytes 10/07/2008 15:02:38
    AEEMU.DLL : 8.1.0.6 430451 Bytes 10/07/2008 15:02:35
    AECORE.DLL : 8.1.0.32 168311 Bytes 10/07/2008 15:02:33
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Active Processes
    Configuration file...............: c:\program files\avira\antivir personaledition classic\process.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Scan memory......................: off
    Process scan.....................: on
    Extended process scan............: on
    Scan registry....................: off
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 10 juillet 2008 17:50

    The scan of running processes will be started
    Scan process 'avscan.exe' - '44' Module(s) have been scanned
    Scan process 'avcenter.exe' - '104' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '26' Module(s) have been scanned
    Scan process 'explorer.exe' - '79' Module(s) have been scanned
    Scan process 'svchost.exe' - '65' Module(s) have been scanned
    Scan process 'svchost.exe' - '42' Module(s) have been scanned
    Scan process 'svchost.exe' - '34' Module(s) have been scanned
    Scan process 'lsass.exe' - '50' Module(s) have been scanned
    Scan process 'services.exe' - '29' Module(s) have been scanned
    Scan process 'Winlogon.exe' - '60' Module(s) have been scanned
    Scan process 'csrss.exe' - '14' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned
    12 processes with 549 modules were scanned


    End of the scan: jeudi 10 juillet 2008 17:50
    Used time: 00:06 min

    The scan has been done completely.

    0 Scanning directories
    549 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    0 Files cannot be scanned
    549 Files not concerned
    0 Archives were scanned
    0 Warnings
    0 Notes

    10 Juillet 2008 19:01:30

    Re,

    Tu n'as rien scanné :D 

    Regarde, je te montre une capture d'image :

    10 Juillet 2008 19:21:47

    Re, bah moi j'ai qu' une loupe, celle de gauche (start scan with the selected profil ) ; j'ai pas celui avec le bouclier multicolore sniff.
    J'vous envoi comme même son rapport au cas ou c'était bon:



    Avira AntiVir Personal
    Report file date: jeudi 10 juillet 2008 19:11

    Scanning for 1411247 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: Henri
    Computer name: NOM-C90I4T4C9F0

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 15:02:23
    ANTIVIR2.VDF : 7.0.5.86 547840 Bytes 09/07/2008 15:02:30
    ANTIVIR3.VDF : 7.0.5.95 147968 Bytes 10/07/2008 15:02:32
    Engineversion : 8.1.0.64
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.46 283002 Bytes 10/07/2008 15:02:57
    AESCN.DLL : 8.1.0.22 119157 Bytes 10/07/2008 15:02:55
    AERDL.DLL : 8.1.0.20 418165 Bytes 10/07/2008 15:02:54
    AEPACK.DLL : 8.1.1.6 364918 Bytes 10/07/2008 15:02:51
    AEOFFICE.DLL : 8.1.0.20 192891 Bytes 10/07/2008 15:02:48
    AEHEUR.DLL : 8.1.0.35 1298806 Bytes 10/07/2008 15:02:46
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 15:02:39
    AEGEN.DLL : 8.1.0.29 307573 Bytes 10/07/2008 15:02:38
    AEEMU.DLL : 8.1.0.6 430451 Bytes 10/07/2008 15:02:35
    AECORE.DLL : 8.1.0.32 168311 Bytes 10/07/2008 15:02:33
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Rootkit search
    Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
    Logging..........................: high
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Scan memory......................: off
    Process scan.....................: off
    Scan registry....................: off
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high
    Expanded search settings.........: 0x00300922

    Start of the scan: jeudi 10 juillet 2008 19:11

    Starting search for hidden objects.
    HKEY_USERS\S-1-5-21-41\itempos1024x768(1)
    [INFO] The registry entry is invisible.
    '484342' objects were checked, '1' hidden objects were found.


    End of the scan: jeudi 10 juillet 2008 19:19
    Used time: 07:58 min

    The scan has been done completely.

    0 Scanning directories
    0 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    0 Files cannot be scanned
    0 Files not concerned
    0 Archives were scanned
    0 Warnings
    0 Notes
    484342 Objects were scanned with rootkit scan
    1 Hidden objects were found

    11 Juillet 2008 00:34:36

    Tu n'es pas en session Admin c'est pour ça.
    Mais ce n'est pas grave.
    En revanche tu ne scannes rien, sélectionne tout en bas, comme sur mon screen !
    12 Juillet 2008 00:49:43

    Euh je comprend rien là..dsl j'suis un Gros noob.
    Donc là je redemmare l'ordi en mode sans échec et je choisi la session Administrateur ?
    Et pourquoi les trucs que je poste c'est pas des rapports de scan
    (encore dsl mais j'y peux rien si j'suis nul ).
    12 Juillet 2008 00:53:52

    Nan :) 

    Laisse tomber pour l'admin.

    Sélectionne toutes tes partitions, comme je l'ai montré sur mon screen !
    C:\, D:\, ..
    12 Juillet 2008 01:08:21

    Ok ( je coche pas les disques amovibles et lecteurs ) ensuite je vais dans la loupe "start scan with the selected profile " ?
    ( merci de ta patiente)
    12 Juillet 2008 01:43:25

    Oui :) 
    12 Juillet 2008 03:10:29

    Bon voilà, j'espère que je ne me suis pas trompé:


    Avira AntiVir Personal
    Report file date: samedi 12 juillet 2008 02:08

    Scanning for 1419754 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: Henri
    Computer name: NOM-C90I4T4C9F0

    Version information:
    BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 15:02:23
    ANTIVIR2.VDF : 7.0.5.86 547840 Bytes 09/07/2008 15:02:30
    ANTIVIR3.VDF : 7.0.5.103 247296 Bytes 11/07/2008 15:00:09
    Engineversion : 8.1.0.64
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.46 283002 Bytes 10/07/2008 15:02:57
    AESCN.DLL : 8.1.0.22 119157 Bytes 10/07/2008 15:02:55
    AERDL.DLL : 8.1.0.20 418165 Bytes 10/07/2008 15:02:54
    AEPACK.DLL : 8.1.1.6 364918 Bytes 10/07/2008 15:02:51
    AEOFFICE.DLL : 8.1.0.20 192891 Bytes 10/07/2008 15:02:48
    AEHEUR.DLL : 8.1.0.35 1298806 Bytes 10/07/2008 15:02:46
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 15:02:39
    AEGEN.DLL : 8.1.0.29 307573 Bytes 10/07/2008 15:02:38
    AEEMU.DLL : 8.1.0.6 430451 Bytes 10/07/2008 15:02:35
    AECORE.DLL : 8.1.0.32 168311 Bytes 10/07/2008 15:02:33
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Manual Selection
    Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: A:, C:, D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 12 juillet 2008 02:08

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avant.exe' - '1' Module(s) have been scanned
    Scan process 'NclBTHandler.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'CLI.exe' - '1' Module(s) have been scanned
    Scan process 'CLI.exe' - '1' Module(s) have been scanned
    Scan process 'LastFM.exe' - '1' Module(s) have been scanned
    Scan process 'epmworker.exe' - '1' Module(s) have been scanned
    Scan process 'Generic.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
    Scan process 'winvnc4.exe' - '1' Module(s) have been scanned
    Scan process 'Ymsgr_tray.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
    Scan process 'BTTray.exe' - '1' Module(s) have been scanned
    Scan process 'acrotray.exe' - '1' Module(s) have been scanned
    Scan process 'MPAPI3s.exe' - '1' Module(s) have been scanned
    Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
    Scan process 'btwdins.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'Steam.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'PcSync2.exe' - '1' Module(s) have been scanned
    Scan process 'Skype.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'CLI.exe' - '1' Module(s) have been scanned
    Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'LAUNCH~1.EXE' - '1' Module(s) have been scanned
    Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'CamTray.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'DragDrop.exe' - '1' Module(s) have been scanned
    Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
    Scan process 'ezSP_Px.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'Winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    59 processes with 59 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'A:\'
    [INFO] In the drive 'A:\' no data medium is inserted!
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '43' files ).


    Starting the file scan:

    Begin scan in 'A:\'
    Search path A:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'C:\' <VAIO>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB824141$\user32.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB824141$\win32k.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\hh.exe
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\itircl.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\itss.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\locator.exe
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\magnify.exe
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\narrator.exe
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\newdev.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\ole32.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\shdocvw.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\shell32.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\srv.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\urlmon.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\user32.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\win32k.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallQ828026$\wmp.dll
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <VAIO>


    End of the scan: samedi 12 juillet 2008 03:01
    Used time: 52:59 min

    The scan has been done completely.

    9155 Scanning directories
    416787 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    38 Files cannot be scanned
    416787 Files not concerned
    7984 Archives were scanned
    41 Warnings
    0 Notes

    (Si c'est pas du scannage ça ^_ )
    12 Juillet 2008 03:27:55

    :) 

    Poste un nouveau rapport HIjacktHIS ;) 
    12 Juillet 2008 03:49:29

    Voilà rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:48:58, on 12/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\program files\steam\steam.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Last.fm\LastFM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\PCSuite\Services\NclBTHandler.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [MobiNearCast] "C:\Program Files\MobiNearCast\MobiNearCast.exe" -min
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.sony-europe.com
    O15 - Trusted Zone: *.sonystyle-europe.com
    O15 - Trusted Zone: *.vaio-link.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

    --
    End of file - 11711 bytes
    12 Juillet 2008 14:48:36

    Re,

    Relance Hijackthis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/disp [...] tbid=66006
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_ [...] TbId=66006
    R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked !


    Relance Hijackthis

  • Clique sur  Open the Misc Tools Section.
  • Choisis  Delete an NT Service .
  • Tape NMIndexingService et valide.

    Plus de soucis ?
    12 Juillet 2008 15:53:00

    Re, encore dsl mais je vois pas ou c'est "lancer en tant qu'Administrateur sous Vista ". Quand je fais clic droit je le vois pas :( 
    12 Juillet 2008 23:45:37

    Normal, tu n'es pas sous Vista :)  Vista, c'est un système d'exploitation, toi tu as XP ;) 

    Plus de soucis ?
    13 Juillet 2008 01:18:13

    Bon je crois que c'est bon, mais j'ai ressayé de refaire une deuxième fois au cas ou :
    Clique sur Open the Misc Tools Section.
    Choisis Delete an NT Service .
    Tape NMIndexingService et valide.

    Et maintenent je lis ça :
    . Est-ce normal ?
    Enfin bref je vous tiend au courant si je 'lag' encore.
    Donc merci à Angeldark et à Toi Michou !!
    (je pensais pas que sa existait des helpers à ton age ;)
    :hello: " alt="" class="imgLz frmImg " />
    13 Juillet 2008 01:24:06

    Mince ça marche pas le lien de l'image. Je te l'écris :
    Service 'NMIndexingService'was not found in the Registry.Make sure you entered the name of the service correctly'. Bye
    13 Juillet 2008 01:32:36

    Ouaip, normal.
    Tu as déjà supprimé le service, donc plus là ;) 

    Plus de soucis ? :) 

    Tu peux attendre deux jours pour le dire si tu veux :) 

    REgarde l'âge d'Angel ^^
    13 Juillet 2008 02:10:51

    Mince alors c'est quoi ces Machines que vous etes :ouch:  ^_ d'ou vous vous conaissez tant en informatique :D 

    Et je sais pas si c'est un virus mais j'ai un dossier que j'avais créé pour sauvegarder les fichiers téléchargés de lime wire, bah il revient constamment de temps en temps sur mon bureau même si je l'ai renvoyé à la corbeille.
    13 Juillet 2008 14:12:10

    C'est à dire ?
    Oui, dès que tu vas sur Limewire, le dossier Incomplete se crée ;) 
    C'est normal.
    13 Juillet 2008 15:16:08

    Bah tout simplement que vous êtes trop bon :lol: 
    En tout cas je vous remercie encore pour votre aide !!
    Je vous souhaite une bonne continuation et je vous tiend au courant s' il y a du bug en vue.
    14 Juillet 2008 00:16:47

    Oki :) 

    Télécharge ToolsCleaner2 (de A.Rothstein)

  • Installe le sur ton Bureau.
  • Clique sur Recherche pour lancer le scan.
  • Clique sur Supprimer pour nettoyer les outils utilisés.
  • Clique sur Quitter.
  • Poste ce rapport ~>C:\TCleaner.txt<~

  • Garde Ccleaner, MBAM et AntiVir si nous les avons installés..
  • Désactive-réactive la restauration système.
  • Rapporte ton infection sur Malware Complaints >Tuto<
  • Ton(tes) infection(s) : Toolbars néfastes.
  • Si tu ne la trouves pas dans la liste, poste dans Autres infections,

  • Mets ton ordi correctement à jour >ici<
  • Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !

    Puis regarde ces dossiers :

    - Sécurité/Prévention
    - Conséquences de la multi-protection
    - Toolbars : Inutilité et ralentissements

    Bonne journée/soirée :) 
    18 Juillet 2008 01:05:37

    Bon benh l'odinateur se comporte pas trop mal à par quelques pages sur internet qui se bloquent parfois. En tout cas encore merci pour tout et vous souhaitant une bonne continuation je m'éclipse..
    (j'annonce RESOLU dans le titre )
    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS