Sujet Précédent Sujet Suivant

Infection trojanvundo et autres

Résolu
gotinho Messages postés 68 Statut Membre -  
gotinho Messages postés 68 Statut Membre -
Bonjour,
mon pc portable est infecté par un ou plusieurs trojan dont trojanvundo (analyse effectué en mode sans echec avec norton ,j'ai essayé la manip avec vundofix mais je ne sais plus trop comment faire ,j'ai des fenetres de windows securité qui s'ouvrent et qui m'indiquent que mon pc n'est plus protegé

merci pour votre aide

60 réponses

Réponse 1 / 60
mucho 1 Messages postés 306 Statut Membre 8
 
Bonjour,

dans un premier temps Télécharge Navilog1 (de IL.MAFIOSO) http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
- Double clique sur navilog1.exe pour lancer l'installation.
- Une fois l'installation terminée, le fix s'exécutera automatiquement.
- Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau.

Laisse-toi guider. Au menu principal, choisis l'option 1 et valide par [Entrée]
/*\ Ne fais pas le choix 2,3 ou 4 sans avis ou accord /*\
Patiente jusqu'au message : « Analyse terminée le .... »
Appuie sur une touche comme demandé, le Bloc-Notes va s'ouvrir.
Copie-colle l'intégralité du rapport dans ta prochaine réponse.

Attention!: Il est possible que ton antivirus refuse de laisser télécharger Navilog1, il suffit de le désactiver. N'oublie pas de le réactiver par la suite!

@+
0
Réponse 2 / 60
gotinho Messages postés 68 Statut Membre
 
BONJOUR ET MERCI POUR TON AIDE

Search Navipromo version 3.3.4 commencé le 02/11/2007 à 16:07:26,93

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 02.11.2007 à 12h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13

*** Recherche Programmes installés ***

InternetGameBox

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

C:\Program Files\InternetGameBox trouvé !

*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

*** Recherche dossiers dans C:\Documents and Settings\mag\Application Data ***

...\Application Data\MessengerSkinner trouvé !

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\WINDOWS\system32\gwafjn.dat
C:\WINDOWS\system32\gwafjn.exe
C:\WINDOWS\system32\gwafjn_nav.dat
C:\WINDOWS\system32\gwafjn_navps.dat

Processus caché(s) :

C:\WINDOWS\system32\gwafjn.exe

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

Fichiers trouvés :

aoftem.exe trouvé !
avvikjjv.exe trouvé !
fdjkba.exe trouvé !
iecquoj.exe trouvé !
ituravq.exe trouvé !
vaqmtr.exe trouvé !
zpspnbfof.exe trouvé !
dsusxq.exe trouvé !
fcajqf.exe trouvé !
fkepwpczrj.exe trouvé !
gwhbjbupoy.exe trouvé !
mskljxmzw.exe trouvé !
ptmalavmf.exe trouvé !
qckcuvsxm.exe trouvé !
rzpuaonoxu.exe trouvé !
tqzfoa.exe trouvé !
uiprfmc.exe trouvé !
yrmxzu.exe trouvé !

Fichiers suspects :

C:\WINDOWS\system32\iagmhmhiv.exe trouvé !

* Recherche dans C:\DOCUME~1\MAG\LOCALS~1\APPLIC~1 *

*** Recherche fichiers ***

C:\WINDOWS\system32\nvs2.inf trouvé !
C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-0EE2A110.pf trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:
C:\WINDOWS\system32\hgjlm.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\hjkmp.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\uvvwa.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\rrqss.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\ccbeg.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\hgjlm.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\hjkmp.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\uvvwa.bak2 trouvé ! infection Vundo possible non traitée par cet outil !

2)Recherche Heuristique :

C:\WINDOWS\system32\cjjfbd.dat trouvé !
C:\WINDOWS\system32\efqicsdevn.dat trouvé !
C:\WINDOWS\system32\fjsjiyccsk.dat trouvé !
C:\WINDOWS\system32\gwafjn.dat trouvé !
C:\WINDOWS\system32\pjqfutkbd.dat trouvé !
C:\WINDOWS\system32\rmqxpa.dat trouvé !
C:\WINDOWS\system32\xddhschcmw.dat trouvé !
C:\WINDOWS\system32\zlwatzhnk.dat trouvé !
C:\WINDOWS\system32\cjjfbd_nav.dat trouvé !
C:\WINDOWS\system32\efqicsdevn_nav.dat trouvé !
C:\WINDOWS\system32\fjsjiyccsk_nav.dat trouvé !
C:\WINDOWS\system32\gwafjn_nav.dat trouvé !
C:\WINDOWS\system32\pjqfutkbd_nav.dat trouvé !
C:\WINDOWS\system32\rmqxpa_nav.dat trouvé !
C:\WINDOWS\system32\xddhschcmw_nav.dat trouvé !
C:\WINDOWS\system32\zlwatzhnk_nav.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !

*** Analyse terminée le 02/11/2007 à 16:08:27,76 ***
0
Réponse 3 / 60
mucho 1 Messages postés 306 Statut Membre 8
 
Très belle infection :)

Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis l'option 2 et valide par [Entrée].
Le fix va t'informer qu'il va alors redémarrer ton PC.
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé. (Si ton Pc ne redémarre pas automatiquement, fais-le toi même)

Au redémarrage de ton PC, choisis ta session habituelle.
Patiente jusqu'au message : *** Nettoyage Termine le ..... ***
Le Bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver.
Referme le Bloc-Notes. Ton bureau va réapparaître.
Note : Si ton bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches. Rends-toi à l'onglet "Processus", clique en haut à gauche sur > Fichiers et choisis > Exécuter Tape: explorer et valide. Celà te fera apparaître ton Bureau.

Ensuite ferme Internet explorer s'il est ouvert. Rends toi dans ton Menu démarrer, Paramètres, Panneau de configuration, Options Internet.
Clique sur l'onglet Contenu, puis Certificats.
Dans tous les onglets, Personnel, Autres personnes, etc. cherche et supprime si tu les trouves :
electronic-group
egroup
Montorgueil
VIP
"Sunny Day Design Ltd".


uniquement celà

@+
0
Réponse 4 / 60
gotinho Messages postés 68 Statut Membre
 
re
pour les certificats je n'ai trouvé que celui de electronic-group

Clean Navipromo version 3.3.4 commencé le 02/11/2007 à 16:18:06,12

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 02.11.2007 à 12h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13

Mode suppression automatique

*** Creation backups fichiers trouvés par Catchme ***

Copie vers "C:\Program Files\navilog1\Backupnavi"

Copie C:\WINDOWS\system32\gwafjn.dat réalisé avec succès !
Copie C:\WINDOWS\system32\gwafjn.exe réalisé avec succès !
Copie C:\WINDOWS\system32\gwafjn_nav.dat réalisé avec succès !
Copie C:\WINDOWS\system32\gwafjn_navps.dat réalisé avec succès !

*** Suppression des fichiers trouvés avec Catchme ***

C:\WINDOWS\system32\gwafjn.dat supprimé !
C:\WINDOWS\system32\gwafjn.exe supprimé !
C:\WINDOWS\system32\gwafjn_nav.dat supprimé !
C:\WINDOWS\system32\gwafjn_navps.dat supprimé !

** 2ème passage avec résultats Catchme **

C:\WINDOWS\prefetch\gwafjn*.pf trouvé !
Copie C:\WINDOWS\prefetch\gwafjn*.pf réalisé avec succès !
C:\WINDOWS\prefetch\gwafjn*.pf supprimé !

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *

aoftem.exe trouvé !
Copie aoftem.exe réalisé avec succès !
aoftem.exe supprimé !

avvikjjv.exe trouvé !
Copie avvikjjv.exe réalisé avec succès !
avvikjjv.exe supprimé !

fdjkba.exe trouvé !
Copie fdjkba.exe réalisé avec succès !
fdjkba.exe supprimé !

C:\WINDOWS\prefetch\fdjkba*.pf trouvé !
Copie C:\WINDOWS\prefetch\fdjkba*.pf réalisé avec succès !
C:\WINDOWS\prefetch\fdjkba*.pf supprimé !

iecquoj.exe trouvé !
Copie iecquoj.exe réalisé avec succès !
iecquoj.exe supprimé !

C:\WINDOWS\prefetch\iecquoj*.pf trouvé !
Copie C:\WINDOWS\prefetch\iecquoj*.pf réalisé avec succès !
C:\WINDOWS\prefetch\iecquoj*.pf supprimé !

ituravq.exe trouvé !
Copie ituravq.exe réalisé avec succès !
ituravq.exe supprimé !

C:\WINDOWS\prefetch\ituravq*.pf trouvé !
Copie C:\WINDOWS\prefetch\ituravq*.pf réalisé avec succès !
C:\WINDOWS\prefetch\ituravq*.pf supprimé !

vaqmtr.exe trouvé !
Copie vaqmtr.exe réalisé avec succès !
vaqmtr.exe supprimé !

C:\WINDOWS\prefetch\vaqmtr*.pf trouvé !
Copie C:\WINDOWS\prefetch\vaqmtr*.pf réalisé avec succès !
C:\WINDOWS\prefetch\vaqmtr*.pf supprimé !

zpspnbfof.exe trouvé !
Copie zpspnbfof.exe réalisé avec succès !
zpspnbfof.exe supprimé !

C:\WINDOWS\prefetch\zpspnbfof*.pf trouvé !
Copie C:\WINDOWS\prefetch\zpspnbfof*.pf réalisé avec succès !
C:\WINDOWS\prefetch\zpspnbfof*.pf supprimé !

dsusxq.exe trouvé !
Copie dsusxq.exe réalisé avec succès !
dsusxq.exe supprimé !

C:\WINDOWS\prefetch\dsusxq*.pf trouvé !
Copie C:\WINDOWS\prefetch\dsusxq*.pf réalisé avec succès !
C:\WINDOWS\prefetch\dsusxq*.pf supprimé !

fcajqf.exe trouvé !
Copie fcajqf.exe réalisé avec succès !
fcajqf.exe supprimé !

fkepwpczrj.exe trouvé !
Copie fkepwpczrj.exe réalisé avec succès !
fkepwpczrj.exe supprimé !

C:\WINDOWS\prefetch\fkepwpczrj*.pf trouvé !
Copie C:\WINDOWS\prefetch\fkepwpczrj*.pf réalisé avec succès !
C:\WINDOWS\prefetch\fkepwpczrj*.pf supprimé !

gwhbjbupoy.exe trouvé !
Copie gwhbjbupoy.exe réalisé avec succès !
gwhbjbupoy.exe supprimé !

C:\WINDOWS\prefetch\gwhbjbupoy*.pf trouvé !
Copie C:\WINDOWS\prefetch\gwhbjbupoy*.pf réalisé avec succès !
C:\WINDOWS\prefetch\gwhbjbupoy*.pf supprimé !

mskljxmzw.exe trouvé !
Copie mskljxmzw.exe réalisé avec succès !
mskljxmzw.exe supprimé !

C:\WINDOWS\prefetch\mskljxmzw*.pf trouvé !
Copie C:\WINDOWS\prefetch\mskljxmzw*.pf réalisé avec succès !
C:\WINDOWS\prefetch\mskljxmzw*.pf supprimé !

ptmalavmf.exe trouvé !
Copie ptmalavmf.exe réalisé avec succès !
ptmalavmf.exe supprimé !

C:\WINDOWS\prefetch\ptmalavmf*.pf trouvé !
Copie C:\WINDOWS\prefetch\ptmalavmf*.pf réalisé avec succès !
C:\WINDOWS\prefetch\ptmalavmf*.pf supprimé !

qckcuvsxm.exe trouvé !
Copie qckcuvsxm.exe réalisé avec succès !
qckcuvsxm.exe supprimé !

C:\WINDOWS\prefetch\qckcuvsxm*.pf trouvé !
Copie C:\WINDOWS\prefetch\qckcuvsxm*.pf réalisé avec succès !
C:\WINDOWS\prefetch\qckcuvsxm*.pf supprimé !

rzpuaonoxu.exe trouvé !
Copie rzpuaonoxu.exe réalisé avec succès !
rzpuaonoxu.exe supprimé !

C:\WINDOWS\prefetch\rzpuaonoxu*.pf trouvé !
Copie C:\WINDOWS\prefetch\rzpuaonoxu*.pf réalisé avec succès !
C:\WINDOWS\prefetch\rzpuaonoxu*.pf supprimé !

tqzfoa.exe trouvé !
Copie tqzfoa.exe réalisé avec succès !
tqzfoa.exe supprimé !

C:\WINDOWS\prefetch\tqzfoa*.pf trouvé !
Copie C:\WINDOWS\prefetch\tqzfoa*.pf réalisé avec succès !
C:\WINDOWS\prefetch\tqzfoa*.pf supprimé !

uiprfmc.exe trouvé !
Copie uiprfmc.exe réalisé avec succès !
uiprfmc.exe supprimé !

C:\WINDOWS\prefetch\uiprfmc*.pf trouvé !
Copie C:\WINDOWS\prefetch\uiprfmc*.pf réalisé avec succès !
C:\WINDOWS\prefetch\uiprfmc*.pf supprimé !

yrmxzu.exe trouvé !
Copie yrmxzu.exe réalisé avec succès !
yrmxzu.exe supprimé !

C:\WINDOWS\prefetch\yrmxzu*.pf trouvé !
Copie C:\WINDOWS\prefetch\yrmxzu*.pf réalisé avec succès !
C:\WINDOWS\prefetch\yrmxzu*.pf supprimé !

* Suppression dans C:\DOCUME~1\MAG\LOCALS~1\APPLIC~1 *

*** Suppression dossiers dans C:\WINDOWS ***

*** Suppression dossiers dans C:\Program Files ***

C:\Program Files\InternetGameBox ...suppression...
C:\Program Files\InternetGameBox supprimé !

*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***

*** Suppression dossiers dans C:\Documents and Settings\mag\Application Data ***

...\Application Data\MessengerSkinner ...suppression...
...\Application Data\MessengerSkinner supprimé !

*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Suppression fichiers ***

C:\WINDOWS\system32\nvs2.inf supprimé !
C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-0EE2A110.pf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\mag\Local Settings\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\hgjlm.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\hjkmp.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\uvvwa.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\rrqss.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\ccbeg.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\hgjlm.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\hjkmp.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\uvvwa.bak2 trouvé ! infection Vundo possible non traitée par cet outil !

2)Recherche, création sauvegardes et suppression Heuristique :

C:\WINDOWS\System32\cjjfbd.dat trouvé !
Copie C:\WINDOWS\system32\cjjfbd.dat réalisé avec succès !
C:\WINDOWS\system32\cjjfbd.dat supprimé !

C:\WINDOWS\System32\efqicsdevn.dat trouvé !
Copie C:\WINDOWS\system32\efqicsdevn.dat réalisé avec succès !
C:\WINDOWS\system32\efqicsdevn.dat supprimé !

C:\WINDOWS\System32\fjsjiyccsk.dat trouvé !
Copie C:\WINDOWS\system32\fjsjiyccsk.dat réalisé avec succès !
C:\WINDOWS\system32\fjsjiyccsk.dat supprimé !

C:\WINDOWS\System32\pjqfutkbd.dat trouvé !
Copie C:\WINDOWS\system32\pjqfutkbd.dat réalisé avec succès !
C:\WINDOWS\system32\pjqfutkbd.dat supprimé !

C:\WINDOWS\System32\rmqxpa.dat trouvé !
Copie C:\WINDOWS\system32\rmqxpa.dat réalisé avec succès !
C:\WINDOWS\system32\rmqxpa.dat supprimé !

C:\WINDOWS\System32\xddhschcmw.dat trouvé !
Copie C:\WINDOWS\system32\xddhschcmw.dat réalisé avec succès !
C:\WINDOWS\system32\xddhschcmw.dat supprimé !

C:\WINDOWS\System32\zlwatzhnk.dat trouvé !
Copie C:\WINDOWS\system32\zlwatzhnk.dat réalisé avec succès !
C:\WINDOWS\system32\zlwatzhnk.dat supprimé !

C:\WINDOWS\System32\cjjfbd_nav.dat trouvé !
Copie C:\WINDOWS\system32\cjjfbd_nav.dat réalisé avec succès !
C:\WINDOWS\system32\cjjfbd_nav.dat supprimé !

C:\WINDOWS\System32\efqicsdevn_nav.dat trouvé !
Copie C:\WINDOWS\system32\efqicsdevn_nav.dat réalisé avec succès !
C:\WINDOWS\system32\efqicsdevn_nav.dat supprimé !

C:\WINDOWS\System32\fjsjiyccsk_nav.dat trouvé !
Copie C:\WINDOWS\system32\fjsjiyccsk_nav.dat réalisé avec succès !
C:\WINDOWS\system32\fjsjiyccsk_nav.dat supprimé !

C:\WINDOWS\System32\pjqfutkbd_nav.dat trouvé !
Copie C:\WINDOWS\system32\pjqfutkbd_nav.dat réalisé avec succès !
C:\WINDOWS\system32\pjqfutkbd_nav.dat supprimé !

C:\WINDOWS\System32\rmqxpa_nav.dat trouvé !
Copie C:\WINDOWS\system32\rmqxpa_nav.dat réalisé avec succès !
C:\WINDOWS\system32\rmqxpa_nav.dat supprimé !

C:\WINDOWS\System32\xddhschcmw_nav.dat trouvé !
Copie C:\WINDOWS\system32\xddhschcmw_nav.dat réalisé avec succès !
C:\WINDOWS\system32\xddhschcmw_nav.dat supprimé !

C:\WINDOWS\System32\zlwatzhnk_nav.dat trouvé !
Copie C:\WINDOWS\system32\zlwatzhnk_nav.dat réalisé avec succès !
C:\WINDOWS\system32\zlwatzhnk_nav.dat supprimé !

*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisé avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !

*** Fichiers suspects non supprimés par Navilog1 ***
!! Fichiers légitimes possibles, à contrôler avant suppression !!

C:\WINDOWS\system32\iagmhmhiv.exe trouvé !

*** Nettoyage terminé le 02/11/2007 à 16:22:02,68 ***
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 60
mucho 1 Messages postés 306 Statut Membre 8
 
Pour la suite désactive Norton

Télécharge Vundofix (de Atribune) sur ton Bureau
http://www.atribune.org/ccount/click.php?id=4

- Double-clique VundoFix.exe afin de le lancer.
- Clique sur le bouton Scan for Vundo.
- Lorsque le scan est complété, clique sur le bouton Remove Vundo.
- Une invite te demandera si tu veux supprimer les fichiers, clique YES
- Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
- Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
- Démarre ton PC à nouveau.
- Copie/colle le contenu du rapport situé dans C:\vundofix.txt

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

puis Télécharge Combofix (par sUBs) sur ton Bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt

a ta prochaine réponse, tu me postera un rapport VundoFix et un rapport ComboFix

@+
0
Réponse 6 / 60
gotinho Messages postés 68 Statut Membre
 
VundoFix V6.5.11

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 16:45:15 02/11/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

ComboFix 07-11-01.1 - mag 2007-11-02 16:49:07.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1448 [GMT 1:00]
Running from: C:\Documents and Settings\mag\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\HotbarSA
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_gdf.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEula.mht
C:\Documents and Settings\mag\Application Data\Hotbar
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]10104_bgn8_prv.jpg
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]10104_bgn8_st.htm
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]12002pets5_1.jpg
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]12002pets5_prv.gif
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]12002pets5_st.htm
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]12002pets5_st.xml
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]20302nature8_1.jpg
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]20302nature8_prv.gif
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]20302nature8_st.htm
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]20302nature8_st.xml
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]30107na12_em.htm
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]30107na12_prv.gif
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]50103dolphin.jpg
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]50103dolphin_prv.jpg
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]50103dolphin_st.htm
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]50103dolphin_st.xml
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]50103dolphin1.jpg
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]50103dolphin1_prv.jpg
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]50103dolphin2.jpg
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]50103dolphin2_prv.jpg
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]50103dolphin3.jpg
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]50103dolphin3_prv.jpg
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird_1.jpg
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird_prv.gif
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird_st.htm
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird_st.xml
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird2_1.jpg
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird2_prv.gif
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird3_1.gif
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird3_prv.gif
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird4_1.jpg
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird4_prv.gif
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird5_1.jpg
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird5_prv.gif
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601birds1_1.jpg
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601birds1_prv.gif
C:\Documents and Settings\mag\Application Data\Hotbar\eskin\FileManager.txt
C:\Documents and Settings\mag\Application Data\Hotbar\HbTools.log
C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1182541879.log
C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1183902336.log
C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1184707480.log
C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1185394085.log
C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1186859875.log
C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1187465127.log
C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1188074144.log
C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1188413115.log
C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1188948679.log
C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1189540630.log
C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1190053769.log
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1049051.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1066490.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383356.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387273.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1388730.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1390732.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1391571.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1400295.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1404918.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1566705.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1584628.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1785734.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2230111.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2267079.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2450605.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\251320.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2726728.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2889382.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2889521.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2899630.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2899650.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2899657.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2899666.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2899670.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\29242.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\3251993.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\3755917.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\3781261.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\3786193.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\3812110.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\3852962.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\3855249.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\3893245.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\499863.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\510047.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\540510.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\566217.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\677998.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\698191.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\805478.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\84406.sdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000023840
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000024294
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000024483
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000025781
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000028869
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000028885
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000028900
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000029227
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000033079
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000037211
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052012
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052023
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052100
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052180
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052227
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052291
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052334
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052441
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052566
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052576
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052581
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052643
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052753
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052982
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000063329
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000063547
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000063652
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000063669
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000063834
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000074238
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000078304
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000078388
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000079467
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000079990
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000081968
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11891
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\130787
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\130921
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13632
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1489
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15032
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\16087
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17025
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17040
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\180320
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18296
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19052
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1927
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19650
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20106
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\2020
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20517
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20898
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\212398
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\22254
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\22657
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\227849
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\237467
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\23923
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\241510
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\247895
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25880
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26213
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26256
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27414
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27503
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\28383
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\290893
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29115
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29135
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29642
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31301
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31537
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32171
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32293
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34496
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35047
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\352526
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\356660
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\374830
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\396771
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\398397
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41875
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\427148
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44228
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44306
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4487
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4546
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\47468
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49442
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52335
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54280
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\561083
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\56815
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\578150
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\57904
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\58197
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\582319
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\59844
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\598613
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\600669
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\602763
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\60709
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\60780
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\611327
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\611476
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\614143
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6280
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\628262
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6292
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\639057
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64467
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\650179
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\652325
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6546
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\658110
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\66836
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\670462
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68040
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68076
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\684381
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68942
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\704972
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\704982
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705036
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705063
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705151
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705226
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705244
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705251
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705253
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705266
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705280
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705284
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705294
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705316
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705378
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705461
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\708037
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\708401
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\711372
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\711393
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\712427
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\72123
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\744499
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\744869
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\745220
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\748372
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\7521
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753083
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753084
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753088
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753197
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753198
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753199
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753276
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\78237
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\81093
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\82097
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83706
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83718
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\84991
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87385
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87499
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\88578
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90009
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\91236
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93110
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93921
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\94407
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95695
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\97499
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\35f3.dat
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\35f5.dat
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\35f8.dat
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\ads.cdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\btntrans.idx
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\btntrans1.dat
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\buttondir.txt
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\cursors.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_other.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_weather.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_511745-514279.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz1.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz10.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz11.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz12.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz13.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz14.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz15.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz16.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz17.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz18.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz19.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz2.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz20.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz3.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz4.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz5.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz6.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz7.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz8.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz9.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-people.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemster.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemsterie.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jobsearch.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Mails.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_reun.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_ringtones.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\gamesmenu.cdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\gamesMenu.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\hb_ie_menu.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium.cdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\ie_games_icon.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\ie_video.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\more.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\new_games.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\progress.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\sales_buttons.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\theweb.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\tsd_bg.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\weathericon.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\ads.cdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\btntrans.idx
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\btntrans1.dat
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\buttondir.txt
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\cursors.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_other.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_weather.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_511745-514279.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz1.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz10.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz11.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz12.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz13.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz14.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz15.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz16.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz17.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz18.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz19.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz2.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz20.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz3.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz4.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz5.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz6.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz7.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz8.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz9.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-people.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hotmail.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemster.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemsterie.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jobsearch.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Mails.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_reun.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_ringtones.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\gamesmenu.cdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\gamesMenu.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\hb_ie_menu.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium.cdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\icons2.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\ie_games_icon.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\ie_video.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords.idx
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords1.dat
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\linkpathlegal.txt
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\more.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\new_games.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\progress.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\sales_buttons.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\theweb.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\tsd_bg.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\weathericon.res
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\cursors.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\gamesmenu.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hb_ie_menu.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ie_video.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\more.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\weathericon.xip
C:\Documents and Settings\mag\Application Data\ShoppingReport
C:\Documents and Settings\mag\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\mag\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\mag\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\mag\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\mag\Application Data\ShoppingReport\cs\persist.dbs
C:\Documents and Settings\mag\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\mag\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\mag\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\mag\Menu Démarrer\Programmes\InternetGameBox
C:\Documents and Settings\mag\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk
C:\Documents and Settings\mag\Menu Démarrer\Programmes\InternetGameBox\Uninstall.lnk
C:\Documents and Settings\mag\Menu Démarrer\Programmes\InternetGameBox\Website.lnk
C:\Program Files\Hotbar
C:\Program Files\Hotbar\bin\10.0.356.0\arrow.ico
C:\Program Files\Hotbar\bin\10.0.356.0\Cml.exe
C:\Program Files\Hotbar\bin\10.0.356.0\copyright.txt
C:\Program Files\Hotbar\bin\10.0.356.0\dBenderC.dll
C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\chrome.manifest
C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\components\npclntax.xpt
C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\install.rdf
C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\plugins\npclntax_HotbarSA.dll
C:\Program Files\Hotbar\bin\10.0.356.0\HostOL.dll
C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSADF.exe
C:\Program Files\Hotbar\bin\10.0.356.0\HotbarUnInstaller.exe
C:\Program Files\Hotbar\bin\10.0.356.0\InstIE.dll
C:\Program Files\Hotbar\bin\10.0.356.0\link.ico
C:\Program Files\Hotbar\bin\10.0.356.0\Srv.exe
C:\Program Files\Hotbar\bin\10.0.356.0\Wallpaper.dll
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\cs\persist.dbs
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\system32\arpgiwxv.dll
C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\bbadd.ini
C:\WINDOWS\system32\btojktfw.dll
C:\WINDOWS\system32\ccbeg.bak2
C:\WINDOWS\system32\ccbeg.ini
c:\WINDOWS\system32\cjjfbd_navps.dat
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\dkhvsgyj.dll
C:\WINDOWS\system32\efqicsdevn_navps.dat
C:\WINDOWS\system32\efqswuvd.dll
C:\WINDOWS\system32\fgiqqiuw.dll
C:\WINDOWS\system32\fjsjiyccsk_navps.dat
C:\WINDOWS\system32\ftynnniv.dll
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\gqceinlx.dll
C:\WINDOWS\system32\gqgexghy.dll
C:\WINDOWS\system32\gufnxlhq.dll
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.tmp
C:\WINDOWS\system32\hjkmp.bak2
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\hjkmp.tmp
C:\WINDOWS\system32\jllovpfv.dll
C:\WINDOWS\system32\jnvmhgal.dll
C:\WINDOWS\system32\jpmkpknd.dll
C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\mecawcsi.dll
C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\oglqywqi.dll
C:\WINDOWS\system32\oqflfwdw.dll
c:\WINDOWS\system32\pjqfutkbd_navps.dat
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\qpnxpwli.dll
C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\qtfpvkcd.dll
C:\WINDOWS\system32\rjwccaos.dll
C:\WINDOWS\system32\rmqxpa_navps.dat
C:\WINDOWS\system32\rpxglmqf.dll
C:\WINDOWS\system32\rrqss.bak1
C:\WINDOWS\system32\rrqss.ini
C:\WINDOWS\system32\rrutv.ini
C:\WINDOWS\system32\ssfqtnbh.dll
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\swputxlr.dll
C:\WINDOWS\system32\uceemfnw.dll
C:\WINDOWS\system32\uhqiecxk.dll
C:\WINDOWS\system32\uvvwa.bak2
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini2
C:\WINDOWS\system32\uvvwa.tmp
C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\vturr.dll
c:\WINDOWS\system32\xddhschcmw_navps.dat
C:\WINDOWS\system32\xricagng.dll
C:\WINDOWS\system32\zlwatzhnk_navps.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-02 to 2007-11-02 ))))))))))))))))))))))))))))))))))))
.

2007-11-02 16:47 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-02 16:26 82,496 --a------ C:\WINDOWS\system32\omiawfmk.dll
2007-11-02 16:26 65,465 --a------ C:\WINDOWS\system32\huhrrhju.dll
2007-11-02 16:06 <REP> d-------- C:\Program Files\Navilog1
2007-11-02 16:05 65,480 --a------ C:\WINDOWS\system32\hsmshejj.dll
2007-11-02 16:02 82,496 --a------ C:\WINDOWS\system32\rtmsyobl.dll
2007-11-02 16:02 5,620 --a------ C:\WINDOWS\system32\sqsmbcea.dll
2007-10-31 21:59 <REP> d-------- C:\Program Files\Trend Micro
2007-10-31 21:55 65,480 --a------ C:\WINDOWS\system32\xbohlrqg.dll
2007-10-31 21:46 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-31 21:46 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-31 21:46 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-31 21:46 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-31 21:46 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-31 21:46 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-31 21:46 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-31 21:46 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-31 21:44 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-10-31 21:37 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-10-31 21:28 5,620 --a------ C:\WINDOWS\system32\niydcwfn.dll
2007-10-31 20:00 <REP> d-------- C:\Program Files\Yahoo!
2007-10-31 20:00 <REP> d-------- C:\Program Files\CCleaner
2007-10-31 19:18 <REP> d-------- C:\VundoFix Backups
2007-10-30 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-30 20:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-30 20:46 <REP> d-------- C:\WINDOWS\pss
2007-10-27 14:11 67,136 --a------ C:\WINDOWS\system32\vdvnlfkc.dll
2007-10-25 19:40 67,136 --a------ C:\WINDOWS\system32\twsedrhk.dll
2007-10-24 13:06 67,136 --a------ C:\WINDOWS\system32\ukxppbms.dll
2007-10-23 21:33 67,136 --a------ C:\WINDOWS\system32\aouctnst.dll
2007-10-22 21:26 67,136 --a------ C:\WINDOWS\system32\pctwmtjo.dll
2007-10-21 17:21 67,136 --a------ C:\WINDOWS\system32\euphopvg.dll
2007-10-19 19:12 67,136 --a------ C:\WINDOWS\system32\peankbuy.dll
2007-10-09 18:42 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-02 19:08 <REP> d-------- C:\Program Files\Spyware-Secure

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-02 15:34 --------- d-----w C:\Program Files\Java
2007-11-02 15:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-11-02 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-31 21:53 --------- d-----w C:\Program Files\Norton Internet Security
2007-10-31 20:30 --------- d-----w C:\Program Files\Google
2007-10-31 20:24 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-10-31 20:23 --------- d-----w C:\Program Files\Micro Application
2007-10-02 18:24 --------- d-----w C:\Program Files\eMule
2007-10-01 20:16 --------- d-----w C:\Documents and Settings\mag\Application Data\LimeWire
2007-09-29 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-09-25 21:58 48,512 ----a-w C:\Documents and Settings\mag\Application Data\GDIPFONTCACHEV1.DAT
2007-09-25 20:28 --------- d-----w C:\Documents and Settings\mag\Application Data\WeatherDPA
2007-09-25 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2007-09-04 23:12 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-03 11:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-03 11:38 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-03 11:38 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-03 11:38 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-03 11:38 --------- d-----w C:\Program Files\Symantec
2007-03-30 00:43 251 ----a-w C:\Program Files\wt3d.ini
2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2007-03-31 21:13:08 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9f3c3cfc-d62f-4245-bd7e-cadbe30c8f46}]
2007-11-02 16:26 82496 --a------ C:\WINDOWS\system32\omiawfmk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 21:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 21:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 21:17]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 16:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 11:08]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 06:22]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 14:14]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 09:50]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 08:46]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
"6d9186ee"="C:\WINDOWS\system32\vdvnlfkc.dll" [2007-10-27 14:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-10-30 21:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 05:00]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:59]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-16 15:58]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 14:02]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
Démarrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-07-16 15:58:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyv]
C:\WINDOWS\system32\ddcyv.dll 2007-09-25 22:01 283232 C:\WINDOWS\system32\ddcyv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyx]
C:\WINDOWS\system32\gebyx.dll 2007-09-19 20:52 282720 C:\WINDOWS\system32\gebyx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeba]
C:\WINDOWS\system32\geeba.dll 2007-09-17 20:19 283232 C:\WINDOWS\system32\geeba.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgh]
C:\WINDOWS\system32\mljgh.dll 2007-09-18 19:53 283232 C:\WINDOWS\system32\mljgh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnm]
C:\WINDOWS\system32\pmnnm.dll 2007-09-30 13:26 283232 C:\WINDOWS\system32\pmnnm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotbarOE]
C:\Program Files\Hotbar\bin\10.0.356.0\OEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\messengerskinner]
C:\Program Files\MessengerSkinner\MessengerSkinner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-05-18 18:40:52 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - mag.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2007-11-02 15:10:06 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-02 16:54:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????\??????`?@?????L?@
0
Réponse 7 / 60
gotinho Messages postés 68 Statut Membre
 
il en en manque un bout je crois
voila

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????\??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-02 16:57:41 - machine was rebooted
.
--- E O F ---
0
Réponse 8 / 60
mucho 1 Messages postés 306 Statut Membre 8
 
As tu fait une sauvegarde de ton premier rapport VundoFix ?
0
Réponse 9 / 60
mucho 1 Messages postés 306 Statut Membre 8
 
Télécharge Hijackthis

Voir Tuto et Téléchargement :
http://forum.telecharger.01net.com/microhebdo/questions_techniques_diverses/securite/tuto2_hijackthis_202_version_install-346620/messages-1.html

Poste moi le rapport

merci

@+
0
Réponse 10 / 60
gotinho Messages postés 68 Statut Membre
 
non mais j'ai noté le nom du trojan trouvé c\windows\system32\hgghhfe.dll
0
Réponse 11 / 60
gotinho Messages postés 68 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:17, on 02/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.bing.com/search?form=MO0035&q=open+prj+file
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {64f8c03e-bdac-e7db-5424-f26dcfc3c3f9} - {9f3c3cfc-d62f-4245-bd7e-cadbe30c8f46} - C:\WINDOWS\system32\omiawfmk.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [6d9186ee] rundll32.exe "C:\WINDOWS\system32\vdvnlfkc.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4c92aa8aa9134d7cb0f944287c1f88
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4c92aa8aa9134d7cb0f944287c1f88
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/23.21/uploader2.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://max-hugonet.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: bw+0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ddcyv - C:\WINDOWS\system32\ddcyv.dll
O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll
O20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dll
O20 - Winlogon Notify: mljgh - C:\WINDOWS\system32\mljgh.dll
O20 - Winlogon Notify: pmnnm - C:\WINDOWS\system32\pmnnm.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Service Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
0
Réponse 12 / 60
mucho 1 Messages postés 306 Statut Membre 8
 
affiche les dossier cachés
http://perso.orange.fr/astwinds/astuces/fichiers_caches.html

puis tu vas sur https://www.virustotal.com/gui/

et tu analyse les fichiers suivant :

C:\WINDOWS\system32\iagmhmhiv.exe
C:\WINDOWS\system32\omiawfmk.dll
C:\WINDOWS\system32\huhrrhju.dll
C:\WINDOWS\system32\hsmshejj.dll
C:\WINDOWS\system32\rtmsyobl.dll
C:\WINDOWS\system32\sqsmbcea.dll

poste moi un rapport par fichier

@+
0
Réponse 13 / 60
gotinho Messages postés 68 Statut Membre
 
Fichier iagmhmhiv.exe reçu le 2007.11.02 18:04:47 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.3.0 2007.11.02 -
AntiVir 7.6.0.30 2007.11.02 -
Authentium 4.93.8 2007.11.01 -
Avast 4.7.1074.0 2007.11.02 -
AVG 7.5.0.503 2007.11.02 -
BitDefender 7.2 2007.11.02 -
CAT-QuickHeal 9.00 2007.11.02 -
ClamAV 0.91.2 2007.11.02 -
DrWeb 4.44.0.09170 2007.11.02 -
eSafe 7.0.15.0 2007.10.28 Suspicious File
eTrust-Vet 31.2.5262 2007.11.02 -
Ewido 4.0 2007.11.02 -
FileAdvisor 1 2007.11.02 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.02 -
F-Secure 6.70.13030.0 2007.11.02 -
Ikarus T3.1.1.12 2007.11.02 -
Kaspersky 7.0.0.125 2007.11.02 -
McAfee 5155 2007.11.02 -
Microsoft 1.2908 2007.11.02 -
NOD32v2 2634 2007.11.02 -
Norman 5.80.02 2007.11.02 -
Panda 9.0.0.4 2007.11.02 -
Prevx1 V2 2007.11.02 -
Rising 20.16.42.00 2007.11.02 -
Sophos 4.23.0 2007.11.02 -
Sunbelt 2.2.907.0 2007.11.02 -
Symantec 10 2007.11.02 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.11.02 -
VirusBuster 4.3.26:9 2007.11.01 -
Webwasher-Gateway 6.6.1 2007.11.02 -
Information additionnelle
File size: 11410 bytes
MD5: 4f5775ef95a36e9e25fa5046d3247451
SHA1: f53079be39095d366ff210ea00f595261511463e
packers: PE_Patch

Fichier omiawfmk.dll reçu le 2007.11.02 18:20:23 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.3.0 2007.11.02 -
AntiVir 7.6.0.30 2007.11.02 -
Authentium 4.93.8 2007.11.01 -
Avast 4.7.1074.0 2007.11.02 -
AVG 7.5.0.503 2007.11.02 -
BitDefender 7.2 2007.11.02 -
CAT-QuickHeal 9.00 2007.11.02 -
ClamAV 0.91.2 2007.11.02 -
DrWeb 4.44.0.09170 2007.11.02 -
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5262 2007.11.02 -
Ewido 4.0 2007.11.02 -
FileAdvisor 1 2007.11.02 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.02 -
F-Secure 6.70.13030.0 2007.11.02 -
Ikarus T3.1.1.12 2007.11.02 -
Kaspersky 7.0.0.125 2007.11.02 -
McAfee 5155 2007.11.02 -
Microsoft 1.2908 2007.11.02 -
NOD32v2 2634 2007.11.02 -
Norman 5.80.02 2007.11.02 -
Panda 9.0.0.4 2007.11.02 Suspicious file
Prevx1 V2 2007.11.02 -
Rising 20.16.42.00 2007.11.02 -
Sophos 4.23.0 2007.11.02 -
Sunbelt 2.2.907.0 2007.11.02 -
Symantec 10 2007.11.02 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.11.02 -
VirusBuster 4.3.26:9 2007.11.01 -
Webwasher-Gateway 6.6.1 2007.11.02 Win32.Malware.gen (suspicious)
Information additionnelle
File size: 82496 bytes
MD5: 387a5bdb0c91543f8a4a18db150c86f5
SHA1: 0d96a8e7762af86386701493c38b9ae6eafe541e

Fichier huhrrhju.dll reçu le 2007.11.02 18:29:02 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.3.0 2007.11.02 -
AntiVir 7.6.0.30 2007.11.02 -
Authentium 4.93.8 2007.11.01 -
Avast 4.7.1074.0 2007.11.02 Win32:Trojano-1165
AVG 7.5.0.503 2007.11.02 -
BitDefender 7.2 2007.11.02 -
CAT-QuickHeal 9.00 2007.11.02 -
ClamAV 0.91.2 2007.11.02 -
DrWeb 4.44.0.09170 2007.11.02 Trojan.Virtumod.227
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5262 2007.11.02 -
Ewido 4.0 2007.11.02 -
FileAdvisor 1 2007.11.02 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.02 -
F-Secure 6.70.13030.0 2007.11.02 W32/Smalltroj.BMBW
Ikarus T3.1.1.12 2007.11.02 Virus.Win32.Trojano.1165
Kaspersky 7.0.0.125 2007.11.02 -
McAfee 5155 2007.11.02 -
Microsoft 1.2908 2007.11.02 -
NOD32v2 2634 2007.11.02 unpack error
Norman 5.80.02 2007.11.02 W32/Smalltroj.BMBW
Panda 9.0.0.4 2007.11.02 Suspicious file
Prevx1 V2 2007.11.02 Heuristic: Suspicious File With Persistence
Rising 20.16.42.00 2007.11.02 -
Sophos 4.23.0 2007.11.02 -
Sunbelt 2.2.907.0 2007.11.02 -
Symantec 10 2007.11.02 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.11.02 -
VirusBuster 4.3.26:9 2007.11.01 -
Information additionnelle
File size: 65465 bytes
MD5: 37d392ca0f370e8c61847adfcbcb909a
SHA1: a21680492f3cb6e2320b472390120df7679646b0
packers: UPX

Fichier hsmshejj.dll reçu le 2007.11.02 18:44:16 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.3.0 2007.11.02 -
AntiVir 7.6.0.30 2007.11.02 -
Authentium 4.93.8 2007.11.01 -
Avast 4.7.1074.0 2007.11.02 Win32:Trojano-1165
AVG 7.5.0.503 2007.11.02 -
BitDefender 7.2 2007.11.02 -
CAT-QuickHeal 9.00 2007.11.02 -
ClamAV 0.91.2 2007.11.02 -
DrWeb 4.44.0.09170 2007.11.02 Trojan.Virtumod.227
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5262 2007.11.02 -
Ewido 4.0 2007.11.02 -
FileAdvisor 1 2007.11.02 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.02 -
F-Secure 6.70.13030.0 2007.11.02 W32/Smalltroj.BMBW
Ikarus T3.1.1.12 2007.11.02 Virus.Win32.Trojano.1165
Kaspersky 7.0.0.125 2007.11.02 -
McAfee 5155 2007.11.02 -
Microsoft 1.2908 2007.11.02 -
NOD32v2 2634 2007.11.02 unpack error
Norman 5.80.02 2007.11.02 W32/Smalltroj.BMBW
Panda 9.0.0.4 2007.11.02 Suspicious file
Prevx1 V2 2007.11.02 Heuristic: Suspicious File With Persistence
Rising 20.16.42.00 2007.11.02 -
Sophos 4.23.0 2007.11.02 -
Sunbelt 2.2.907.0 2007.11.02 -
Symantec 10 2007.11.02 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.11.02 -
VirusBuster 4.3.26:9 2007.11.01 -
Webwasher-Gateway 6.6.1 2007.11.02 Win32.Malware.dam (suspicious)
Information additionnelle
File size: 65480 bytes
MD5: e49021068da0dbc18716331535bb21d5
SHA1: 0d3d8302e1f2a97aeb9a2760843455ab51aa1501
packers: UPX
packers: UPX
packers: UPX
packers: UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=A3E493AAC82333ABFF4600859453CA0005070C50

Fichier rtmsyobl.dll reçu le 2007.11.02 18:59:22 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.3.0 2007.11.02 -
AntiVir 7.6.0.30 2007.11.02 -
Authentium 4.93.8 2007.11.01 -
Avast 4.7.1074.0 2007.11.02 -
AVG 7.5.0.503 2007.11.02 -
BitDefender 7.2 2007.11.02 -
CAT-QuickHeal 9.00 2007.11.02 -
ClamAV 0.91.2 2007.11.02 -
DrWeb 4.44.0.09170 2007.11.02 -
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5262 2007.11.02 -
Ewido 4.0 2007.11.02 -
FileAdvisor 1 2007.11.02 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.02 -
F-Secure 6.70.13030.0 2007.11.02 -
Ikarus T3.1.1.12 2007.11.02 -
Kaspersky 7.0.0.125 2007.11.02 -
McAfee 5155 2007.11.02 -
Microsoft 1.2908 2007.11.02 -
NOD32v2 2634 2007.11.02 -
Norman 5.80.02 2007.11.02 -
Panda 9.0.0.4 2007.11.02 Suspicious file
Prevx1 V2 2007.11.02 -
Rising 20.16.42.00 2007.11.02 -
Sophos 4.23.0 2007.11.02 -
Sunbelt 2.2.907.0 2007.11.02 -
Symantec 10 2007.11.02 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.11.02 -
VirusBuster 4.3.26:9 2007.11.01 -
Webwasher-Gateway 6.6.1 2007.11.02 Win32.Malware.gen (suspicious)
Information additionnelle
File size: 82496 bytes
MD5: 387a5bdb0c91543f8a4a18db150c86f5
SHA1: 0d96a8e7762af86386701493c38b9ae6eafe541e

Fichier sqsmbcea.dll reçu le 2007.11.02 19:09:03 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.3.0 2007.11.02 -
AntiVir 7.6.0.30 2007.11.02 -
Authentium 4.93.8 2007.11.01 -
Avast 4.7.1074.0 2007.11.02 -
AVG 7.5.0.503 2007.11.02 -
BitDefender 7.2 2007.11.02 -
CAT-QuickHeal 9.00 2007.11.02 -
ClamAV 0.91.2 2007.11.02 -
DrWeb 4.44.0.09170 2007.11.02 -
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5262 2007.11.02 -
Ewido 4.0 2007.11.02 -
FileAdvisor 1 2007.11.02 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.02 -
F-Secure 6.70.13030.0 2007.11.02 -
Ikarus T3.1.1.12 2007.11.02 -
Kaspersky 7.0.0.125 2007.11.02 -
McAfee 5155 2007.11.02 -
Microsoft 1.2908 2007.11.02 -
NOD32v2 2634 2007.11.02 -
Norman 5.80.02 2007.11.02 -
Panda 9.0.0.4 2007.11.02 -
Prevx1 V2 2007.11.02 -
Rising 20.16.42.00 2007.11.02 -
Sophos 4.23.0 2007.11.02 -
Sunbelt 2.2.907.0 2007.11.02 -
Symantec 10 2007.11.02 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.11.02 -
VirusBuster 4.3.26:9 2007.11.01 -
Information additionnelle
File size: 5620 bytes
MD5: 44266344322f5c684055a7655826b59f
SHA1: 9133b64d3aaa8facdb1ab31c9a55b895684df3a6
packers: PE_Patch
0
Réponse 14 / 60
mucho 1 Messages postés 306 Statut Membre 8
 
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
Double-clique sur OTMoveIt.exe pour le lancer. Copie la liste qui
se trouve en citation ci-dessous, et colle-la dans le cadre de gauche
de OTMoveIt : Paste List of Files/Folders to be moved.

C:\WINDOWS\system32\huhrrhju.dll
C:\WINDOWS\system32\hsmshejj.dll
C:\Program Files\Spyware-Secure
C:\Program Files\ShoppingReport
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\awvvu.dll
C:\Program Files\MessengerSkinner

Clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

PS : il te sera peut-être demander de redémarrer le pc pour achever
la suppression ; si c' est le cas accepte par "Yes".

@+
0
Réponse 15 / 60
gotinho Messages postés 68 Statut Membre
 
LoadLibrary failed for C:\WINDOWS\system32\huhrrhju.dll
C:\WINDOWS\system32\huhrrhju.dll NOT unregistered.
C:\WINDOWS\system32\huhrrhju.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\hsmshejj.dll
C:\WINDOWS\system32\hsmshejj.dll NOT unregistered.
C:\WINDOWS\system32\hsmshejj.dll moved successfully.
Folder move failed. C:\Program Files\Spyware-Secure\nbmw scheduled to be moved on reboot.
C:\Program Files\Spyware-Secure moved successfully.
File/Folder C:\Program Files\ShoppingReport not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\ddcyv.dll NOT unregistered.
C:\WINDOWS\system32\ddcyv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\gebyx.dll NOT unregistered.
C:\WINDOWS\system32\gebyx.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\geeba.dll NOT unregistered.
C:\WINDOWS\system32\geeba.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\mljgh.dll NOT unregistered.
C:\WINDOWS\system32\mljgh.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\pmnnm.dll NOT unregistered.
C:\WINDOWS\system32\pmnnm.dll moved successfully.
File/Folder C:\WINDOWS\system32\awvvu.dll not found.
File/Folder C:\Program Files\MessengerSkinner not found.

Created on 11/02/2007 19:34:41
0
Réponse 16 / 60
mucho 1 Messages postés 306 Statut Membre 8
 
Poste moi un nouveau rapport Hijackthis

merci
0
Réponse 17 / 60
gotinho Messages postés 68 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:15, on 02/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.bing.com/search?form=MO0035&q=open+prj+file
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {64f8c03e-bdac-e7db-5424-f26dcfc3c3f9} - {9f3c3cfc-d62f-4245-bd7e-cadbe30c8f46} - C:\WINDOWS\system32\omiawfmk.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [6d9186ee] rundll32.exe "C:\WINDOWS\system32\vdvnlfkc.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4c92aa8aa9134d7cb0f944287c1f88
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4c92aa8aa9134d7cb0f944287c1f88
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/23.21/uploader2.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://max-hugonet.spaces.live.com/PhotoUpload/MsnPUpld.cab
O18 - Protocol: bw+0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ddcyv - C:\WINDOWS\system32\ddcyv.dll (file missing)
O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll (file missing)
O20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dll (file missing)
O20 - Winlogon Notify: mljgh - C:\WINDOWS\system32\mljgh.dll (file missing)
O20 - Winlogon Notify: pmnnm - C:\WINDOWS\system32\pmnnm.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Service Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
0
Réponse 18 / 60
mucho 1 Messages postés 306 Statut Membre 8
 
dans un premier temps tu ferme toutes tes applications
et tu relance Hijackthis

coche les lignes suivantes :

O2 - BHO: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O20 - Winlogon Notify: ddcyv - C:\WINDOWS\system32\ddcyv.dll (file missing)

O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll (file missing)

O20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dll (file missing)

O20 - Winlogon Notify: mljgh - C:\WINDOWS\system32\mljgh.dll (file missing)

O20 - Winlogon Notify: pmnnm - C:\WINDOWS\system32\pmnnm.dll (file missing)

puis tu clic sur Fix checked
un message va apparaître valide le par ( yes)

Pour fixer les lignes d’un rapport Hijackthis :
Tuto :
http://pageperso.aol.fr/balltrap34/demohijack.htm

et analyse ce fichier C:\WINDOWS\system32\vdvnlfkc.dll
avec https://www.virustotal.com/gui/

@+
0
Réponse 19 / 60
gotinho Messages postés 68 Statut Membre
 
bonsoir et merci pour ton temps et aide

Fichier vdvnlfkc.dll reçu le 2007.11.02 20:46:31 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.3.0 2007.11.02 -
AntiVir 7.6.0.30 2007.11.02 TR/Dldr.ConHook.Gen
Authentium 4.93.8 2007.11.02 -
Avast 4.7.1074.0 2007.11.02 Win32:Trojano-1165
AVG 7.5.0.503 2007.11.02 BHO.CER
BitDefender 7.2 2007.11.02 -
CAT-QuickHeal 9.00 2007.11.02 -
ClamAV 0.91.2 2007.11.02 Trojan.Agent-68
DrWeb 4.44.0.09170 2007.11.02 -
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5262 2007.11.02 Win32/Nisrest.A
Ewido 4.0 2007.11.02 -
FileAdvisor 1 2007.11.02 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.02 -
F-Secure 6.70.13030.0 2007.11.02 -
Ikarus T3.1.1.12 2007.11.02 Virus.Win32.Trojano.1165
Kaspersky 7.0.0.125 2007.11.02 -
McAfee 5155 2007.11.02 -
Microsoft 1.2908 2007.11.02 -
NOD32v2 2634 2007.11.02 a variant of Win32/Adware.Virtumonde
Norman 5.80.02 2007.11.02 W32/Smalltroj.BMHH
Panda 9.0.0.4 2007.11.02 Spyware/Virtumonde
Prevx1 V2 2007.11.02 Trojan.Vundo
Rising 20.16.42.00 2007.11.02 -
Sophos 4.23.0 2007.11.02 Troj/Virtum-Gen
Sunbelt 2.2.907.0 2007.11.02 -
Symantec 10 2007.11.02 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.11.02 AdWare.Win32.Virtumonde.afa
VirusBuster 4.3.26:9 2007.11.01 -
Webwasher-Gateway 6.6.1 2007.11.02 Trojan.Dldr.ConHook.Gen

Information additionnelle
File size: 67136 bytes
MD5: b0710ff5c644c171b91248e1ad6c9d78
SHA1: 9b5927ba9ba10945f9bd2d685fbf966a3b60bfea
packers: UPX
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=C9F6C2FF40967C49066901E5346A7600C8BFE6B9
0
Réponse 20 / 60
mucho 1 Messages postés 306 Statut Membre 8
 
Double-clique sur OTMoveIt.exe pour le lancer. Copie la liste qui
se trouve en citation ci-dessous, et colle-la dans le cadre de gauche
de OTMoveIt : Paste List of Files/Folders to be moved.

C:\WINDOWS\system32\vdvnlfkc.dll

Clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

PS : il te sera peut-être demander de redémarrer le pc pour achever
la suppression ; si c' est le cas accepte par "Yes".

Et dis moi comment se comporte ton PC ?
0

Discussions similaires

infection
gladiator1952 -
gladiator1952 -

6 réponses
Infection et rame permanente
dbz83 -
buckhulk -

15 réponses
Infection pc
Nanie24 -
Nanie24 -

22 réponses
[pnkbstra]infection
swazolie -
billou631 -

9 réponses
infection virus
Utilisateur anonyme -
Utilisateur anonyme -

3 réponses