Infection trojanvundo et autres

Résolu
gotinho Messages postés 68 Statut Membre -  
gotinho Messages postés 68 Statut Membre -
Bonjour,
mon pc portable est infecté par un ou plusieurs trojan dont trojanvundo (analyse effectué en mode sans echec avec norton ,j'ai essayé la manip avec vundofix mais je ne sais plus trop comment faire ,j'ai des fenetres de windows securité qui s'ouvrent et qui m'indiquent que mon pc n'est plus protegé

merci pour votre aide
Configuration: Windows XP
Firefox 2.0.0.8

60 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Une infection par des trojans, notamment Vundo, est signalée sur un PC portable sous Windows XP, avec des alertes indiquant une protection compromise et des tentatives de suppression en mode sans échec. Plusieurs solutions sont évoquées, notamment des scans en ligne avec BitDefender et des rapports à copier-coller, ainsi que des nettoyages via CatchMe et Navilog1 et des suppressions de fichiers suspects. Les résultats montrent de multiples infections et des tentatives de désinfection échouées, avec des traces telles que Trojan.Skintrim, Adware.Navipromo et de nombreux fichiers dans System32 et dans les dossiers Temp. Des éléments indiquent qu'un nettoyage approfondi et une vérification des sauvegardes, des préfetch et du registre peuvent être nécessaires pour éviter une réinfection durable et des conséquences futures.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. mucho 1 Messages postés 306 Statut Membre 8
     
    Bonjour,

    dans un premier temps Télécharge Navilog1 (de IL.MAFIOSO) http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
    - Double clique sur navilog1.exe pour lancer l'installation.
    - Une fois l'installation terminée, le fix s'exécutera automatiquement.
    - Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau.

    Laisse-toi guider. Au menu principal, choisis l'option 1 et valide par [Entrée]
    /*\ Ne fais pas le choix 2,3 ou 4 sans avis ou accord /*\
    Patiente jusqu'au message : « Analyse terminée le .... »
    Appuie sur une touche comme demandé, le Bloc-Notes va s'ouvrir.
    Copie-colle l'intégralité du rapport dans ta prochaine réponse.

    Attention!: Il est possible que ton antivirus refuse de laisser télécharger Navilog1, il suffit de le désactiver. N'oublie pas de le réactiver par la suite!

    @+
    0
  2. gotinho Messages postés 68 Statut Membre
     
    BONJOUR ET MERCI POUR TON AIDE

    Search Navipromo version 3.3.4 commencé le 02/11/2007 à 16:07:26,93

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 02.11.2007 à 12h00 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.13

    *** Recherche Programmes installés ***

    InternetGameBox

    *** Recherche dossiers dans C:\WINDOWS ***

    *** Recherche dossiers dans C:\Program Files ***

    C:\Program Files\InternetGameBox trouvé !

    *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

    *** Recherche dossiers dans C:\Documents and Settings\mag\Application Data ***

    ...\Application Data\MessengerSkinner trouvé !

    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Fichier(s) caché(s) :

    C:\WINDOWS\system32\gwafjn.dat
    C:\WINDOWS\system32\gwafjn.exe
    C:\WINDOWS\system32\gwafjn_nav.dat
    C:\WINDOWS\system32\gwafjn_navps.dat

    Processus caché(s) :

    C:\WINDOWS\system32\gwafjn.exe

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans C:\WINDOWS\system32 *

    Fichiers trouvés :

    aoftem.exe trouvé !
    avvikjjv.exe trouvé !
    fdjkba.exe trouvé !
    iecquoj.exe trouvé !
    ituravq.exe trouvé !
    vaqmtr.exe trouvé !
    zpspnbfof.exe trouvé !
    dsusxq.exe trouvé !
    fcajqf.exe trouvé !
    fkepwpczrj.exe trouvé !
    gwhbjbupoy.exe trouvé !
    mskljxmzw.exe trouvé !
    ptmalavmf.exe trouvé !
    qckcuvsxm.exe trouvé !
    rzpuaonoxu.exe trouvé !
    tqzfoa.exe trouvé !
    uiprfmc.exe trouvé !
    yrmxzu.exe trouvé !

    Fichiers suspects :

    C:\WINDOWS\system32\iagmhmhiv.exe trouvé !

    * Recherche dans C:\DOCUME~1\MAG\LOCALS~1\APPLIC~1 *

    *** Recherche fichiers ***

    C:\WINDOWS\system32\nvs2.inf trouvé !
    C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-0EE2A110.pf trouvé !

    *** Recherche clés spécifiques dans le Registre ***

    HKEY_CURRENT_USER\Software\Lanconfig trouvé !

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:
    C:\WINDOWS\system32\hgjlm.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\hjkmp.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\uvvwa.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\rrqss.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\ccbeg.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\hgjlm.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\hjkmp.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\uvvwa.bak2 trouvé ! infection Vundo possible non traitée par cet outil !

    2)Recherche Heuristique :

    C:\WINDOWS\system32\cjjfbd.dat trouvé !
    C:\WINDOWS\system32\efqicsdevn.dat trouvé !
    C:\WINDOWS\system32\fjsjiyccsk.dat trouvé !
    C:\WINDOWS\system32\gwafjn.dat trouvé !
    C:\WINDOWS\system32\pjqfutkbd.dat trouvé !
    C:\WINDOWS\system32\rmqxpa.dat trouvé !
    C:\WINDOWS\system32\xddhschcmw.dat trouvé !
    C:\WINDOWS\system32\zlwatzhnk.dat trouvé !
    C:\WINDOWS\system32\cjjfbd_nav.dat trouvé !
    C:\WINDOWS\system32\efqicsdevn_nav.dat trouvé !
    C:\WINDOWS\system32\fjsjiyccsk_nav.dat trouvé !
    C:\WINDOWS\system32\gwafjn_nav.dat trouvé !
    C:\WINDOWS\system32\pjqfutkbd_nav.dat trouvé !
    C:\WINDOWS\system32\rmqxpa_nav.dat trouvé !
    C:\WINDOWS\system32\xddhschcmw_nav.dat trouvé !
    C:\WINDOWS\system32\zlwatzhnk_nav.dat trouvé !

    3)Recherche Certificats :

    Certificat Egroup trouvé !

    *** Analyse terminée le 02/11/2007 à 16:08:27,76 ***
    0
  3. mucho 1 Messages postés 306 Statut Membre 8
     
    Très belle infection :)

    Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
    Au menu principal, choisis l'option 2 et valide par [Entrée].
    Le fix va t'informer qu'il va alors redémarrer ton PC.
    Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
    Appuie sur une touche comme demandé. (Si ton Pc ne redémarre pas automatiquement, fais-le toi même)

    Au redémarrage de ton PC, choisis ta session habituelle.
    Patiente jusqu'au message : *** Nettoyage Termine le ..... ***
    Le Bloc-notes va s'ouvrir.
    Sauvegarde le rapport de manière à le retrouver.
    Referme le Bloc-Notes. Ton bureau va réapparaître.
    Note : Si ton bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches. Rends-toi à l'onglet "Processus", clique en haut à gauche sur > Fichiers et choisis > Exécuter Tape: explorer et valide. Celà te fera apparaître ton Bureau.

    Ensuite ferme Internet explorer s'il est ouvert. Rends toi dans ton Menu démarrer, Paramètres, Panneau de configuration, Options Internet.
    Clique sur l'onglet Contenu, puis Certificats.
    Dans tous les onglets, Personnel, Autres personnes, etc. cherche et supprime si tu les trouves :
    electronic-group
    egroup
    Montorgueil
    VIP
    "Sunny Day Design Ltd".


    uniquement celà

    @+
    0
  4. gotinho Messages postés 68 Statut Membre
     
    re
    pour les certificats je n'ai trouvé que celui de electronic-group

    Clean Navipromo version 3.3.4 commencé le 02/11/2007 à 16:18:06,12

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 02.11.2007 à 12h00 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.13

    Mode suppression automatique

    *** Creation backups fichiers trouvés par Catchme ***

    Copie vers "C:\Program Files\navilog1\Backupnavi"

    Copie C:\WINDOWS\system32\gwafjn.dat réalisé avec succès !
    Copie C:\WINDOWS\system32\gwafjn.exe réalisé avec succès !
    Copie C:\WINDOWS\system32\gwafjn_nav.dat réalisé avec succès !
    Copie C:\WINDOWS\system32\gwafjn_navps.dat réalisé avec succès !

    *** Suppression des fichiers trouvés avec Catchme ***

    C:\WINDOWS\system32\gwafjn.dat supprimé !
    C:\WINDOWS\system32\gwafjn.exe supprimé !
    C:\WINDOWS\system32\gwafjn_nav.dat supprimé !
    C:\WINDOWS\system32\gwafjn_navps.dat supprimé !

    ** 2ème passage avec résultats Catchme **

    C:\WINDOWS\prefetch\gwafjn*.pf trouvé !
    Copie C:\WINDOWS\prefetch\gwafjn*.pf réalisé avec succès !
    C:\WINDOWS\prefetch\gwafjn*.pf supprimé !

    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans C:\WINDOWS\System32 *

    aoftem.exe trouvé !
    Copie aoftem.exe réalisé avec succès !
    aoftem.exe supprimé !

    avvikjjv.exe trouvé !
    Copie avvikjjv.exe réalisé avec succès !
    avvikjjv.exe supprimé !

    fdjkba.exe trouvé !
    Copie fdjkba.exe réalisé avec succès !
    fdjkba.exe supprimé !

    C:\WINDOWS\prefetch\fdjkba*.pf trouvé !
    Copie C:\WINDOWS\prefetch\fdjkba*.pf réalisé avec succès !
    C:\WINDOWS\prefetch\fdjkba*.pf supprimé !

    iecquoj.exe trouvé !
    Copie iecquoj.exe réalisé avec succès !
    iecquoj.exe supprimé !

    C:\WINDOWS\prefetch\iecquoj*.pf trouvé !
    Copie C:\WINDOWS\prefetch\iecquoj*.pf réalisé avec succès !
    C:\WINDOWS\prefetch\iecquoj*.pf supprimé !

    ituravq.exe trouvé !
    Copie ituravq.exe réalisé avec succès !
    ituravq.exe supprimé !

    C:\WINDOWS\prefetch\ituravq*.pf trouvé !
    Copie C:\WINDOWS\prefetch\ituravq*.pf réalisé avec succès !
    C:\WINDOWS\prefetch\ituravq*.pf supprimé !

    vaqmtr.exe trouvé !
    Copie vaqmtr.exe réalisé avec succès !
    vaqmtr.exe supprimé !

    C:\WINDOWS\prefetch\vaqmtr*.pf trouvé !
    Copie C:\WINDOWS\prefetch\vaqmtr*.pf réalisé avec succès !
    C:\WINDOWS\prefetch\vaqmtr*.pf supprimé !

    zpspnbfof.exe trouvé !
    Copie zpspnbfof.exe réalisé avec succès !
    zpspnbfof.exe supprimé !

    C:\WINDOWS\prefetch\zpspnbfof*.pf trouvé !
    Copie C:\WINDOWS\prefetch\zpspnbfof*.pf réalisé avec succès !
    C:\WINDOWS\prefetch\zpspnbfof*.pf supprimé !

    dsusxq.exe trouvé !
    Copie dsusxq.exe réalisé avec succès !
    dsusxq.exe supprimé !

    C:\WINDOWS\prefetch\dsusxq*.pf trouvé !
    Copie C:\WINDOWS\prefetch\dsusxq*.pf réalisé avec succès !
    C:\WINDOWS\prefetch\dsusxq*.pf supprimé !

    fcajqf.exe trouvé !
    Copie fcajqf.exe réalisé avec succès !
    fcajqf.exe supprimé !

    fkepwpczrj.exe trouvé !
    Copie fkepwpczrj.exe réalisé avec succès !
    fkepwpczrj.exe supprimé !

    C:\WINDOWS\prefetch\fkepwpczrj*.pf trouvé !
    Copie C:\WINDOWS\prefetch\fkepwpczrj*.pf réalisé avec succès !
    C:\WINDOWS\prefetch\fkepwpczrj*.pf supprimé !

    gwhbjbupoy.exe trouvé !
    Copie gwhbjbupoy.exe réalisé avec succès !
    gwhbjbupoy.exe supprimé !

    C:\WINDOWS\prefetch\gwhbjbupoy*.pf trouvé !
    Copie C:\WINDOWS\prefetch\gwhbjbupoy*.pf réalisé avec succès !
    C:\WINDOWS\prefetch\gwhbjbupoy*.pf supprimé !

    mskljxmzw.exe trouvé !
    Copie mskljxmzw.exe réalisé avec succès !
    mskljxmzw.exe supprimé !

    C:\WINDOWS\prefetch\mskljxmzw*.pf trouvé !
    Copie C:\WINDOWS\prefetch\mskljxmzw*.pf réalisé avec succès !
    C:\WINDOWS\prefetch\mskljxmzw*.pf supprimé !

    ptmalavmf.exe trouvé !
    Copie ptmalavmf.exe réalisé avec succès !
    ptmalavmf.exe supprimé !

    C:\WINDOWS\prefetch\ptmalavmf*.pf trouvé !
    Copie C:\WINDOWS\prefetch\ptmalavmf*.pf réalisé avec succès !
    C:\WINDOWS\prefetch\ptmalavmf*.pf supprimé !

    qckcuvsxm.exe trouvé !
    Copie qckcuvsxm.exe réalisé avec succès !
    qckcuvsxm.exe supprimé !

    C:\WINDOWS\prefetch\qckcuvsxm*.pf trouvé !
    Copie C:\WINDOWS\prefetch\qckcuvsxm*.pf réalisé avec succès !
    C:\WINDOWS\prefetch\qckcuvsxm*.pf supprimé !

    rzpuaonoxu.exe trouvé !
    Copie rzpuaonoxu.exe réalisé avec succès !
    rzpuaonoxu.exe supprimé !

    C:\WINDOWS\prefetch\rzpuaonoxu*.pf trouvé !
    Copie C:\WINDOWS\prefetch\rzpuaonoxu*.pf réalisé avec succès !
    C:\WINDOWS\prefetch\rzpuaonoxu*.pf supprimé !

    tqzfoa.exe trouvé !
    Copie tqzfoa.exe réalisé avec succès !
    tqzfoa.exe supprimé !

    C:\WINDOWS\prefetch\tqzfoa*.pf trouvé !
    Copie C:\WINDOWS\prefetch\tqzfoa*.pf réalisé avec succès !
    C:\WINDOWS\prefetch\tqzfoa*.pf supprimé !

    uiprfmc.exe trouvé !
    Copie uiprfmc.exe réalisé avec succès !
    uiprfmc.exe supprimé !

    C:\WINDOWS\prefetch\uiprfmc*.pf trouvé !
    Copie C:\WINDOWS\prefetch\uiprfmc*.pf réalisé avec succès !
    C:\WINDOWS\prefetch\uiprfmc*.pf supprimé !

    yrmxzu.exe trouvé !
    Copie yrmxzu.exe réalisé avec succès !
    yrmxzu.exe supprimé !

    C:\WINDOWS\prefetch\yrmxzu*.pf trouvé !
    Copie C:\WINDOWS\prefetch\yrmxzu*.pf réalisé avec succès !
    C:\WINDOWS\prefetch\yrmxzu*.pf supprimé !

    * Suppression dans C:\DOCUME~1\MAG\LOCALS~1\APPLIC~1 *

    *** Suppression dossiers dans C:\WINDOWS ***

    *** Suppression dossiers dans C:\Program Files ***

    C:\Program Files\InternetGameBox ...suppression...
    C:\Program Files\InternetGameBox supprimé !

    *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***

    *** Suppression dossiers dans C:\Documents and Settings\mag\Application Data ***

    ...\Application Data\MessengerSkinner ...suppression...
    ...\Application Data\MessengerSkinner supprimé !

    *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

    *** Suppression fichiers ***

    C:\WINDOWS\system32\nvs2.inf supprimé !
    C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-0EE2A110.pf supprimé !

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\mag\Local Settings\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:

    C:\WINDOWS\system32\hgjlm.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\hjkmp.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\uvvwa.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\rrqss.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\ccbeg.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\hgjlm.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\hjkmp.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\uvvwa.bak2 trouvé ! infection Vundo possible non traitée par cet outil !

    2)Recherche, création sauvegardes et suppression Heuristique :

    C:\WINDOWS\System32\cjjfbd.dat trouvé !
    Copie C:\WINDOWS\system32\cjjfbd.dat réalisé avec succès !
    C:\WINDOWS\system32\cjjfbd.dat supprimé !

    C:\WINDOWS\System32\efqicsdevn.dat trouvé !
    Copie C:\WINDOWS\system32\efqicsdevn.dat réalisé avec succès !
    C:\WINDOWS\system32\efqicsdevn.dat supprimé !

    C:\WINDOWS\System32\fjsjiyccsk.dat trouvé !
    Copie C:\WINDOWS\system32\fjsjiyccsk.dat réalisé avec succès !
    C:\WINDOWS\system32\fjsjiyccsk.dat supprimé !

    C:\WINDOWS\System32\pjqfutkbd.dat trouvé !
    Copie C:\WINDOWS\system32\pjqfutkbd.dat réalisé avec succès !
    C:\WINDOWS\system32\pjqfutkbd.dat supprimé !

    C:\WINDOWS\System32\rmqxpa.dat trouvé !
    Copie C:\WINDOWS\system32\rmqxpa.dat réalisé avec succès !
    C:\WINDOWS\system32\rmqxpa.dat supprimé !

    C:\WINDOWS\System32\xddhschcmw.dat trouvé !
    Copie C:\WINDOWS\system32\xddhschcmw.dat réalisé avec succès !
    C:\WINDOWS\system32\xddhschcmw.dat supprimé !

    C:\WINDOWS\System32\zlwatzhnk.dat trouvé !
    Copie C:\WINDOWS\system32\zlwatzhnk.dat réalisé avec succès !
    C:\WINDOWS\system32\zlwatzhnk.dat supprimé !

    C:\WINDOWS\System32\cjjfbd_nav.dat trouvé !
    Copie C:\WINDOWS\system32\cjjfbd_nav.dat réalisé avec succès !
    C:\WINDOWS\system32\cjjfbd_nav.dat supprimé !

    C:\WINDOWS\System32\efqicsdevn_nav.dat trouvé !
    Copie C:\WINDOWS\system32\efqicsdevn_nav.dat réalisé avec succès !
    C:\WINDOWS\system32\efqicsdevn_nav.dat supprimé !

    C:\WINDOWS\System32\fjsjiyccsk_nav.dat trouvé !
    Copie C:\WINDOWS\system32\fjsjiyccsk_nav.dat réalisé avec succès !
    C:\WINDOWS\system32\fjsjiyccsk_nav.dat supprimé !

    C:\WINDOWS\System32\pjqfutkbd_nav.dat trouvé !
    Copie C:\WINDOWS\system32\pjqfutkbd_nav.dat réalisé avec succès !
    C:\WINDOWS\system32\pjqfutkbd_nav.dat supprimé !

    C:\WINDOWS\System32\rmqxpa_nav.dat trouvé !
    Copie C:\WINDOWS\system32\rmqxpa_nav.dat réalisé avec succès !
    C:\WINDOWS\system32\rmqxpa_nav.dat supprimé !

    C:\WINDOWS\System32\xddhschcmw_nav.dat trouvé !
    Copie C:\WINDOWS\system32\xddhschcmw_nav.dat réalisé avec succès !
    C:\WINDOWS\system32\xddhschcmw_nav.dat supprimé !

    C:\WINDOWS\System32\zlwatzhnk_nav.dat trouvé !
    Copie C:\WINDOWS\system32\zlwatzhnk_nav.dat réalisé avec succès !
    C:\WINDOWS\system32\zlwatzhnk_nav.dat supprimé !

    *** Sauvegarde du Registre vers dossier Backupnavi ***

    sauvegarde du Registre réalisé avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok

    *** Certificats ***

    Certificat Egroup supprimé !

    *** Fichiers suspects non supprimés par Navilog1 ***
    !! Fichiers légitimes possibles, à contrôler avant suppression !!

    C:\WINDOWS\system32\iagmhmhiv.exe trouvé !

    *** Nettoyage terminé le 02/11/2007 à 16:22:02,68 ***
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. mucho 1 Messages postés 306 Statut Membre 8
     
    Pour la suite désactive Norton

    Télécharge Vundofix (de Atribune) sur ton Bureau
    http://www.atribune.org/ccount/click.php?id=4

    - Double-clique VundoFix.exe afin de le lancer.
    - Clique sur le bouton Scan for Vundo.
    - Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    - Une invite te demandera si tu veux supprimer les fichiers, clique YES
    - Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    - Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
    - Démarre ton PC à nouveau.
    - Copie/colle le contenu du rapport situé dans C:\vundofix.txt

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

    puis Télécharge Combofix (par sUBs) sur ton Bureau.
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Double clique combofix.exe.
    Tape sur la touche 1 (Yes) pour démarrer le scan.
    Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : C:\Combofix.txt

    a ta prochaine réponse, tu me postera un rapport VundoFix et un rapport ComboFix

    @+
    0
  7. gotinho Messages postés 68 Statut Membre
     
    VundoFix V6.5.11

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Scan started at 16:45:15 02/11/2007

    Listing files found while scanning....

    No infected files were found.

    Beginning removal...

    ComboFix 07-11-01.1 - mag 2007-11-02 16:49:07.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1448 [GMT 1:00]
    Running from: C:\Documents and Settings\mag\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\HotbarSA
    C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat
    C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_gdf.dat
    C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat
    C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht
    C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat
    C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEula.mht
    C:\Documents and Settings\mag\Application Data\Hotbar
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]10104_bgn8_prv.jpg
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]10104_bgn8_st.htm
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]12002pets5_1.jpg
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]12002pets5_prv.gif
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]12002pets5_st.htm
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]12002pets5_st.xml
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]20302nature8_1.jpg
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]20302nature8_prv.gif
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]20302nature8_st.htm
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]20302nature8_st.xml
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]30107na12_em.htm
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]30107na12_prv.gif
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]50103dolphin.jpg
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]50103dolphin_prv.jpg
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]50103dolphin_st.htm
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]50103dolphin_st.xml
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]50103dolphin1.jpg
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]50103dolphin1_prv.jpg
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]50103dolphin2.jpg
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]50103dolphin2_prv.jpg
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]50103dolphin3.jpg
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\[u]0[/u]50103dolphin3_prv.jpg
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird_1.jpg
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird_prv.gif
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird_st.htm
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird_st.xml
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird2_1.jpg
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird2_prv.gif
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird3_1.gif
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird3_prv.gif
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird4_1.jpg
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird4_prv.gif
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird5_1.jpg
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601bird5_prv.gif
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601birds1_1.jpg
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\112601birds1_prv.gif
    C:\Documents and Settings\mag\Application Data\Hotbar\eskin\FileManager.txt
    C:\Documents and Settings\mag\Application Data\Hotbar\HbTools.log
    C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1182541879.log
    C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1183902336.log
    C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1184707480.log
    C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1185394085.log
    C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1186859875.log
    C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1187465127.log
    C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1188074144.log
    C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1188413115.log
    C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1188948679.log
    C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1189540630.log
    C:\Documents and Settings\mag\Application Data\Hotbar\HbTools_1190053769.log
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1049051.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1066490.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383356.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387273.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1388730.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1390732.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1391571.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1400295.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1404918.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1566705.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1584628.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\1785734.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2230111.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2267079.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2450605.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\251320.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2726728.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2889382.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2889521.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2899630.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2899650.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2899657.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2899666.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\2899670.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\29242.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\3251993.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\3755917.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\3781261.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\3786193.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\3812110.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\3852962.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\3855249.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\3893245.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\499863.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\510047.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\540510.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\566217.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\677998.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\698191.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\805478.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\84406.sdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000023840
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000024294
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000024483
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000025781
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000028869
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000028885
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000028900
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000029227
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000033079
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000037211
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052012
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052023
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052100
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052180
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052227
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052291
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052334
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052441
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052566
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052576
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052581
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052643
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052753
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052982
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000063329
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000063547
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000063652
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000063669
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000063834
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000074238
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000078304
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000078388
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000079467
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000079990
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000081968
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11891
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\130787
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\130921
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13632
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1489
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15032
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\16087
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17025
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17040
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\180320
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18296
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19052
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1927
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19650
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20106
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\2020
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20517
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20898
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\212398
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\22254
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\22657
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\227849
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\237467
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\23923
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\241510
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\247895
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25880
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26213
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26256
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27414
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27503
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\28383
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\290893
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29115
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29135
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29642
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31301
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31537
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32171
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32293
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34496
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35047
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\352526
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\356660
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\374830
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\396771
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\398397
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41875
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\427148
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44228
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44306
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4487
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4546
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\47468
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49442
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52335
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54280
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\561083
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\56815
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\578150
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\57904
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\58197
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\582319
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\59844
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\598613
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\600669
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\602763
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\60709
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\60780
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\611327
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\611476
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\614143
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6280
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\628262
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6292
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\639057
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64467
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\650179
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\652325
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6546
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\658110
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\66836
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\670462
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68040
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68076
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\684381
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68942
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\704972
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\704982
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705036
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705063
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705151
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705226
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705244
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705251
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705253
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705266
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705280
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705284
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705294
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705316
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705378
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705461
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\708037
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\708401
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\711372
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\711393
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\712427
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\72123
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\744499
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\744869
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\745220
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\748372
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\7521
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753083
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753084
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753088
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753197
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753198
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753199
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753276
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\78237
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\81093
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\82097
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83706
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\83718
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\84991
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87385
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87499
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\88578
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90009
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\91236
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93110
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93921
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\94407
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95695
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\97499
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\35f3.dat
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\35f5.dat
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\35f8.dat
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\ads.cdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\btntrans.idx
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\btntrans1.dat
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\buttondir.txt
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\cursors.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_3000.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bar.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_logos.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_other.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_weather.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_511745-514279.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz1.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz10.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz11.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz12.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz13.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz14.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz15.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz16.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz17.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz18.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz19.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz2.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz20.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz3.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz4.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz5.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz6.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz7.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz8.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz9.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-people.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemster.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemsterie.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemsteruk.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jobsearch.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Mails.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_reun.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_ringtones.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_SearchBoxTrapper.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-548964.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-9595.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\gamesmenu.cdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\gamesMenu.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\hb_ie_menu.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium.cdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\ie_games_icon.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\ie_video.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\more.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\new_games.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\progress.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\sales_buttons.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\theweb.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\tsd_bg.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\1\weathericon.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\ads.cdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\btntrans.idx
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\btntrans1.dat
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\buttondir.txt
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\cursors.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_1000.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_2000.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_3000.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bar.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_logos.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_other.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_weather.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_511745-514279.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz1.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz10.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz11.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz12.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz13.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz14.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz15.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz16.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz17.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz18.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz19.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz2.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz20.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz3.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz4.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz5.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz6.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz7.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz8.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz9.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-Mails.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-people.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hotmail.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemster.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemsterie.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemsteruk.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jobsearch.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Mails.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_reun.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_ringtones.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_SearchBoxTrapper.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-548964.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-9595.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\gamesmenu.cdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\gamesMenu.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\hb_ie_menu.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium.cdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\icons2.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\ie_games_icon.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\ie_video.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords.idx
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords1.dat
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\linkpathlegal.txt
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\more.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\new_games.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\progress.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\sales_buttons.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\theweb.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\tsd_bg.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\2\weathericon.res
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\BtnTrans.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\BtnTrans1.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\cursors.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\gamesmenu.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hb_ie_menu.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ie_games_icon.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ie_video.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\more.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\sales_buttons.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip
    C:\Documents and Settings\mag\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\weathericon.xip
    C:\Documents and Settings\mag\Application Data\ShoppingReport
    C:\Documents and Settings\mag\Application Data\ShoppingReport\cs\Config.xml
    C:\Documents and Settings\mag\Application Data\ShoppingReport\cs\db\Aliases.dbs
    C:\Documents and Settings\mag\Application Data\ShoppingReport\cs\db\Sites.dbs
    C:\Documents and Settings\mag\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    C:\Documents and Settings\mag\Application Data\ShoppingReport\cs\persist.dbs
    C:\Documents and Settings\mag\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    C:\Documents and Settings\mag\Application Data\ShoppingReport\cs\report\send_storage.xml
    C:\Documents and Settings\mag\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
    C:\Documents and Settings\mag\Menu Démarrer\Programmes\InternetGameBox
    C:\Documents and Settings\mag\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk
    C:\Documents and Settings\mag\Menu Démarrer\Programmes\InternetGameBox\Uninstall.lnk
    C:\Documents and Settings\mag\Menu Démarrer\Programmes\InternetGameBox\Website.lnk
    C:\Program Files\Hotbar
    C:\Program Files\Hotbar\bin\10.0.356.0\arrow.ico
    C:\Program Files\Hotbar\bin\10.0.356.0\Cml.exe
    C:\Program Files\Hotbar\bin\10.0.356.0\copyright.txt
    C:\Program Files\Hotbar\bin\10.0.356.0\dBenderC.dll
    C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\chrome.manifest
    C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\components\npclntax.xpt
    C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\install.rdf
    C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\plugins\npclntax_HotbarSA.dll
    C:\Program Files\Hotbar\bin\10.0.356.0\HostOL.dll
    C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSADF.exe
    C:\Program Files\Hotbar\bin\10.0.356.0\HotbarUnInstaller.exe
    C:\Program Files\Hotbar\bin\10.0.356.0\InstIE.dll
    C:\Program Files\Hotbar\bin\10.0.356.0\link.ico
    C:\Program Files\Hotbar\bin\10.0.356.0\Srv.exe
    C:\Program Files\Hotbar\bin\10.0.356.0\Wallpaper.dll
    C:\Program Files\ShoppingReport
    C:\Program Files\ShoppingReport\cs\persist.dbs
    C:\Program Files\ShoppingReport\Uninst.exe
    C:\WINDOWS\system32\arpgiwxv.dll
    C:\WINDOWS\system32\awvvu.dll
    C:\WINDOWS\system32\bbadd.ini
    C:\WINDOWS\system32\btojktfw.dll
    C:\WINDOWS\system32\ccbeg.bak2
    C:\WINDOWS\system32\ccbeg.ini
    c:\WINDOWS\system32\cjjfbd_navps.dat
    C:\WINDOWS\system32\ddabb.dll
    C:\WINDOWS\system32\dkhvsgyj.dll
    C:\WINDOWS\system32\efqicsdevn_navps.dat
    C:\WINDOWS\system32\efqswuvd.dll
    C:\WINDOWS\system32\fgiqqiuw.dll
    C:\WINDOWS\system32\fjsjiyccsk_navps.dat
    C:\WINDOWS\system32\ftynnniv.dll
    C:\WINDOWS\system32\gebcc.dll
    C:\WINDOWS\system32\geeda.dll
    C:\WINDOWS\system32\gqceinlx.dll
    C:\WINDOWS\system32\gqgexghy.dll
    C:\WINDOWS\system32\gufnxlhq.dll
    C:\WINDOWS\system32\hgjlm.bak2
    C:\WINDOWS\system32\hgjlm.ini
    C:\WINDOWS\system32\hgjlm.ini2
    C:\WINDOWS\system32\hgjlm.tmp
    C:\WINDOWS\system32\hjkmp.bak2
    C:\WINDOWS\system32\hjkmp.ini
    C:\WINDOWS\system32\hjkmp.ini2
    C:\WINDOWS\system32\hjkmp.tmp
    C:\WINDOWS\system32\jllovpfv.dll
    C:\WINDOWS\system32\jnvmhgal.dll
    C:\WINDOWS\system32\jpmkpknd.dll
    C:\WINDOWS\system32\kmllm.ini
    C:\WINDOWS\system32\mecawcsi.dll
    C:\WINDOWS\system32\mllmk.dll
    C:\WINDOWS\system32\oglqywqi.dll
    C:\WINDOWS\system32\oqflfwdw.dll
    c:\WINDOWS\system32\pjqfutkbd_navps.dat
    C:\WINDOWS\system32\pmkjh.dll
    C:\WINDOWS\system32\qpnxpwli.dll
    C:\WINDOWS\system32\qqstv.ini
    C:\WINDOWS\system32\qtfpvkcd.dll
    C:\WINDOWS\system32\rjwccaos.dll
    C:\WINDOWS\system32\rmqxpa_navps.dat
    C:\WINDOWS\system32\rpxglmqf.dll
    C:\WINDOWS\system32\rrqss.bak1
    C:\WINDOWS\system32\rrqss.ini
    C:\WINDOWS\system32\rrutv.ini
    C:\WINDOWS\system32\ssfqtnbh.dll
    C:\WINDOWS\system32\ssqrr.dll
    C:\WINDOWS\system32\swputxlr.dll
    C:\WINDOWS\system32\uceemfnw.dll
    C:\WINDOWS\system32\uhqiecxk.dll
    C:\WINDOWS\system32\uvvwa.bak2
    C:\WINDOWS\system32\uvvwa.ini
    C:\WINDOWS\system32\uvvwa.ini2
    C:\WINDOWS\system32\uvvwa.tmp
    C:\WINDOWS\system32\vtsqq.dll
    C:\WINDOWS\system32\vturr.dll
    c:\WINDOWS\system32\xddhschcmw_navps.dat
    C:\WINDOWS\system32\xricagng.dll
    C:\WINDOWS\system32\zlwatzhnk_navps.dat
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-10-02 to 2007-11-02 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-02 16:47 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-02 16:26 82,496 --a------ C:\WINDOWS\system32\omiawfmk.dll
    2007-11-02 16:26 65,465 --a------ C:\WINDOWS\system32\huhrrhju.dll
    2007-11-02 16:06 <REP> d-------- C:\Program Files\Navilog1
    2007-11-02 16:05 65,480 --a------ C:\WINDOWS\system32\hsmshejj.dll
    2007-11-02 16:02 82,496 --a------ C:\WINDOWS\system32\rtmsyobl.dll
    2007-11-02 16:02 5,620 --a------ C:\WINDOWS\system32\sqsmbcea.dll
    2007-10-31 21:59 <REP> d-------- C:\Program Files\Trend Micro
    2007-10-31 21:55 65,480 --a------ C:\WINDOWS\system32\xbohlrqg.dll
    2007-10-31 21:46 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-10-31 21:46 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2007-10-31 21:46 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-10-31 21:46 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-10-31 21:46 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-10-31 21:46 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
    2007-10-31 21:46 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-10-31 21:46 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-10-31 21:44 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2007-10-31 21:37 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
    2007-10-31 21:28 5,620 --a------ C:\WINDOWS\system32\niydcwfn.dll
    2007-10-31 20:00 <REP> d-------- C:\Program Files\Yahoo!
    2007-10-31 20:00 <REP> d-------- C:\Program Files\CCleaner
    2007-10-31 19:18 <REP> d-------- C:\VundoFix Backups
    2007-10-30 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-30 20:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-10-30 20:46 <REP> d-------- C:\WINDOWS\pss
    2007-10-27 14:11 67,136 --a------ C:\WINDOWS\system32\vdvnlfkc.dll
    2007-10-25 19:40 67,136 --a------ C:\WINDOWS\system32\twsedrhk.dll
    2007-10-24 13:06 67,136 --a------ C:\WINDOWS\system32\ukxppbms.dll
    2007-10-23 21:33 67,136 --a------ C:\WINDOWS\system32\aouctnst.dll
    2007-10-22 21:26 67,136 --a------ C:\WINDOWS\system32\pctwmtjo.dll
    2007-10-21 17:21 67,136 --a------ C:\WINDOWS\system32\euphopvg.dll
    2007-10-19 19:12 67,136 --a------ C:\WINDOWS\system32\peankbuy.dll
    2007-10-09 18:42 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-10-02 19:08 <REP> d-------- C:\Program Files\Spyware-Secure

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-02 15:34 --------- d-----w C:\Program Files\Java
    2007-11-02 15:33 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-11-02 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-10-31 21:53 --------- d-----w C:\Program Files\Norton Internet Security
    2007-10-31 20:30 --------- d-----w C:\Program Files\Google
    2007-10-31 20:24 --------- d-----w C:\Program Files\Windows Live Toolbar
    2007-10-31 20:23 --------- d-----w C:\Program Files\Micro Application
    2007-10-02 18:24 --------- d-----w C:\Program Files\eMule
    2007-10-01 20:16 --------- d-----w C:\Documents and Settings\mag\Application Data\LimeWire
    2007-09-29 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-09-25 21:58 48,512 ----a-w C:\Documents and Settings\mag\Application Data\GDIPFONTCACHEV1.DAT
    2007-09-25 20:28 --------- d-----w C:\Documents and Settings\mag\Application Data\WeatherDPA
    2007-09-25 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    2007-09-04 23:12 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-09-03 11:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-09-03 11:38 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-09-03 11:38 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-09-03 11:38 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-09-03 11:38 --------- d-----w C:\Program Files\Symantec
    2007-03-30 00:43 251 ----a-w C:\Program Files\wt3d.ini
    2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2007-03-31 21:13:08 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
    C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9f3c3cfc-d62f-4245-bd7e-cadbe30c8f46}]
    2007-11-02 16:26 82496 --a------ C:\WINDOWS\system32\omiawfmk.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 21:17]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 21:13]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 21:17]
    "MsmqIntCert"="regsvr32 /s mqrt.dll" []
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 16:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
    "ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 11:08]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 06:22]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 14:14]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33]
    "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 09:50]
    "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23]
    "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 08:46]
    "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
    "6d9186ee"="C:\WINDOWS\system32\vdvnlfkc.dll" [2007-10-27 14:11]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-10-30 21:03]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 05:00]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:59]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-16 15:58]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 14:02]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
    Démarrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-07-16 15:58:30]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyv]
    C:\WINDOWS\system32\ddcyv.dll 2007-09-25 22:01 283232 C:\WINDOWS\system32\ddcyv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyx]
    C:\WINDOWS\system32\gebyx.dll 2007-09-19 20:52 282720 C:\WINDOWS\system32\gebyx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeba]
    C:\WINDOWS\system32\geeba.dll 2007-09-17 20:19 283232 C:\WINDOWS\system32\geeba.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgh]
    C:\WINDOWS\system32\mljgh.dll 2007-09-18 19:53 283232 C:\WINDOWS\system32\mljgh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnm]
    C:\WINDOWS\system32\pmnnm.dll 2007-09-30 13:26 283232 C:\WINDOWS\system32\pmnnm.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvvu.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotbarOE]
    C:\Program Files\Hotbar\bin\10.0.356.0\OEAddOn.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\messengerskinner]
    C:\Program Files\MessengerSkinner\MessengerSkinner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

    *Newly Created Service* - COMHOST
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-05-18 18:40:52 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - mag.job"
    - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
    "2007-11-02 15:10:06 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-02 16:54:49
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????\??????`?@?????L?@
    0
  8. gotinho Messages postés 68 Statut Membre
     
    il en en manque un bout je crois
    voila

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????\??????`?@?????L?@

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-02 16:57:41 - machine was rebooted
    .
    --- E O F ---
    0
  9. mucho 1 Messages postés 306 Statut Membre 8
     
    As tu fait une sauvegarde de ton premier rapport VundoFix ?
    0
  10. mucho 1 Messages postés 306 Statut Membre 8
     
    Télécharge Hijackthis

    Voir Tuto et Téléchargement :
    http://forum.telecharger.01net.com/microhebdo/questions_techniques_diverses/securite/tuto2_hijackthis_202_version_install-346620/messages-1.html

    Poste moi le rapport

    merci

    @+
    0
  11. gotinho Messages postés 68 Statut Membre
     
    non mais j'ai noté le nom du trojan trouvé c\windows\system32\hgghhfe.dll
    0
  12. gotinho Messages postés 68 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:18:17, on 02/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.bing.com/search?form=MO0035&q=open+prj+file
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: {64f8c03e-bdac-e7db-5424-f26dcfc3c3f9} - {9f3c3cfc-d62f-4245-bd7e-cadbe30c8f46} - C:\WINDOWS\system32\omiawfmk.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [6d9186ee] rundll32.exe "C:\WINDOWS\system32\vdvnlfkc.dll",b
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4c92aa8aa9134d7cb0f944287c1f88
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4c92aa8aa9134d7cb0f944287c1f88
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/23.21/uploader2.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://max-hugonet.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O18 - Protocol: bw+0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: ddcyv - C:\WINDOWS\system32\ddcyv.dll
    O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll
    O20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dll
    O20 - Winlogon Notify: mljgh - C:\WINDOWS\system32\mljgh.dll
    O20 - Winlogon Notify: pmnnm - C:\WINDOWS\system32\pmnnm.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Service Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    0
  13. mucho 1 Messages postés 306 Statut Membre 8
     
    affiche les dossier cachés
    http://perso.orange.fr/astwinds/astuces/fichiers_caches.html

    puis tu vas sur https://www.virustotal.com/gui/

    et tu analyse les fichiers suivant :

    C:\WINDOWS\system32\iagmhmhiv.exe
    C:\WINDOWS\system32\omiawfmk.dll
    C:\WINDOWS\system32\huhrrhju.dll
    C:\WINDOWS\system32\hsmshejj.dll
    C:\WINDOWS\system32\rtmsyobl.dll
    C:\WINDOWS\system32\sqsmbcea.dll

    poste moi un rapport par fichier

    @+
    0
  14. gotinho Messages postés 68 Statut Membre
     
    Fichier iagmhmhiv.exe reçu le 2007.11.02 18:04:47 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2007.11.3.0 2007.11.02 -
    AntiVir 7.6.0.30 2007.11.02 -
    Authentium 4.93.8 2007.11.01 -
    Avast 4.7.1074.0 2007.11.02 -
    AVG 7.5.0.503 2007.11.02 -
    BitDefender 7.2 2007.11.02 -
    CAT-QuickHeal 9.00 2007.11.02 -
    ClamAV 0.91.2 2007.11.02 -
    DrWeb 4.44.0.09170 2007.11.02 -
    eSafe 7.0.15.0 2007.10.28 Suspicious File
    eTrust-Vet 31.2.5262 2007.11.02 -
    Ewido 4.0 2007.11.02 -
    FileAdvisor 1 2007.11.02 -
    Fortinet 3.11.0.0 2007.10.19 -
    F-Prot 4.4.2.54 2007.11.02 -
    F-Secure 6.70.13030.0 2007.11.02 -
    Ikarus T3.1.1.12 2007.11.02 -
    Kaspersky 7.0.0.125 2007.11.02 -
    McAfee 5155 2007.11.02 -
    Microsoft 1.2908 2007.11.02 -
    NOD32v2 2634 2007.11.02 -
    Norman 5.80.02 2007.11.02 -
    Panda 9.0.0.4 2007.11.02 -
    Prevx1 V2 2007.11.02 -
    Rising 20.16.42.00 2007.11.02 -
    Sophos 4.23.0 2007.11.02 -
    Sunbelt 2.2.907.0 2007.11.02 -
    Symantec 10 2007.11.02 -
    TheHacker 6.2.9.110 2007.10.27 -
    VBA32 3.12.2.4 2007.11.02 -
    VirusBuster 4.3.26:9 2007.11.01 -
    Webwasher-Gateway 6.6.1 2007.11.02 -
    Information additionnelle
    File size: 11410 bytes
    MD5: 4f5775ef95a36e9e25fa5046d3247451
    SHA1: f53079be39095d366ff210ea00f595261511463e
    packers: PE_Patch

    Fichier omiawfmk.dll reçu le 2007.11.02 18:20:23 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2007.11.3.0 2007.11.02 -
    AntiVir 7.6.0.30 2007.11.02 -
    Authentium 4.93.8 2007.11.01 -
    Avast 4.7.1074.0 2007.11.02 -
    AVG 7.5.0.503 2007.11.02 -
    BitDefender 7.2 2007.11.02 -
    CAT-QuickHeal 9.00 2007.11.02 -
    ClamAV 0.91.2 2007.11.02 -
    DrWeb 4.44.0.09170 2007.11.02 -
    eSafe 7.0.15.0 2007.10.28 -
    eTrust-Vet 31.2.5262 2007.11.02 -
    Ewido 4.0 2007.11.02 -
    FileAdvisor 1 2007.11.02 -
    Fortinet 3.11.0.0 2007.10.19 -
    F-Prot 4.4.2.54 2007.11.02 -
    F-Secure 6.70.13030.0 2007.11.02 -
    Ikarus T3.1.1.12 2007.11.02 -
    Kaspersky 7.0.0.125 2007.11.02 -
    McAfee 5155 2007.11.02 -
    Microsoft 1.2908 2007.11.02 -
    NOD32v2 2634 2007.11.02 -
    Norman 5.80.02 2007.11.02 -
    Panda 9.0.0.4 2007.11.02 Suspicious file
    Prevx1 V2 2007.11.02 -
    Rising 20.16.42.00 2007.11.02 -
    Sophos 4.23.0 2007.11.02 -
    Sunbelt 2.2.907.0 2007.11.02 -
    Symantec 10 2007.11.02 -
    TheHacker 6.2.9.110 2007.10.27 -
    VBA32 3.12.2.4 2007.11.02 -
    VirusBuster 4.3.26:9 2007.11.01 -
    Webwasher-Gateway 6.6.1 2007.11.02 Win32.Malware.gen (suspicious)
    Information additionnelle
    File size: 82496 bytes
    MD5: 387a5bdb0c91543f8a4a18db150c86f5
    SHA1: 0d96a8e7762af86386701493c38b9ae6eafe541e

    Fichier huhrrhju.dll reçu le 2007.11.02 18:29:02 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2007.11.3.0 2007.11.02 -
    AntiVir 7.6.0.30 2007.11.02 -
    Authentium 4.93.8 2007.11.01 -
    Avast 4.7.1074.0 2007.11.02 Win32:Trojano-1165
    AVG 7.5.0.503 2007.11.02 -
    BitDefender 7.2 2007.11.02 -
    CAT-QuickHeal 9.00 2007.11.02 -
    ClamAV 0.91.2 2007.11.02 -
    DrWeb 4.44.0.09170 2007.11.02 Trojan.Virtumod.227
    eSafe 7.0.15.0 2007.10.28 -
    eTrust-Vet 31.2.5262 2007.11.02 -
    Ewido 4.0 2007.11.02 -
    FileAdvisor 1 2007.11.02 -
    Fortinet 3.11.0.0 2007.10.19 -
    F-Prot 4.4.2.54 2007.11.02 -
    F-Secure 6.70.13030.0 2007.11.02 W32/Smalltroj.BMBW
    Ikarus T3.1.1.12 2007.11.02 Virus.Win32.Trojano.1165
    Kaspersky 7.0.0.125 2007.11.02 -
    McAfee 5155 2007.11.02 -
    Microsoft 1.2908 2007.11.02 -
    NOD32v2 2634 2007.11.02 unpack error
    Norman 5.80.02 2007.11.02 W32/Smalltroj.BMBW
    Panda 9.0.0.4 2007.11.02 Suspicious file
    Prevx1 V2 2007.11.02 Heuristic: Suspicious File With Persistence
    Rising 20.16.42.00 2007.11.02 -
    Sophos 4.23.0 2007.11.02 -
    Sunbelt 2.2.907.0 2007.11.02 -
    Symantec 10 2007.11.02 -
    TheHacker 6.2.9.110 2007.10.27 -
    VBA32 3.12.2.4 2007.11.02 -
    VirusBuster 4.3.26:9 2007.11.01 -
    Information additionnelle
    File size: 65465 bytes
    MD5: 37d392ca0f370e8c61847adfcbcb909a
    SHA1: a21680492f3cb6e2320b472390120df7679646b0
    packers: UPX

    Fichier hsmshejj.dll reçu le 2007.11.02 18:44:16 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2007.11.3.0 2007.11.02 -
    AntiVir 7.6.0.30 2007.11.02 -
    Authentium 4.93.8 2007.11.01 -
    Avast 4.7.1074.0 2007.11.02 Win32:Trojano-1165
    AVG 7.5.0.503 2007.11.02 -
    BitDefender 7.2 2007.11.02 -
    CAT-QuickHeal 9.00 2007.11.02 -
    ClamAV 0.91.2 2007.11.02 -
    DrWeb 4.44.0.09170 2007.11.02 Trojan.Virtumod.227
    eSafe 7.0.15.0 2007.10.28 -
    eTrust-Vet 31.2.5262 2007.11.02 -
    Ewido 4.0 2007.11.02 -
    FileAdvisor 1 2007.11.02 -
    Fortinet 3.11.0.0 2007.10.19 -
    F-Prot 4.4.2.54 2007.11.02 -
    F-Secure 6.70.13030.0 2007.11.02 W32/Smalltroj.BMBW
    Ikarus T3.1.1.12 2007.11.02 Virus.Win32.Trojano.1165
    Kaspersky 7.0.0.125 2007.11.02 -
    McAfee 5155 2007.11.02 -
    Microsoft 1.2908 2007.11.02 -
    NOD32v2 2634 2007.11.02 unpack error
    Norman 5.80.02 2007.11.02 W32/Smalltroj.BMBW
    Panda 9.0.0.4 2007.11.02 Suspicious file
    Prevx1 V2 2007.11.02 Heuristic: Suspicious File With Persistence
    Rising 20.16.42.00 2007.11.02 -
    Sophos 4.23.0 2007.11.02 -
    Sunbelt 2.2.907.0 2007.11.02 -
    Symantec 10 2007.11.02 -
    TheHacker 6.2.9.110 2007.10.27 -
    VBA32 3.12.2.4 2007.11.02 -
    VirusBuster 4.3.26:9 2007.11.01 -
    Webwasher-Gateway 6.6.1 2007.11.02 Win32.Malware.dam (suspicious)
    Information additionnelle
    File size: 65480 bytes
    MD5: e49021068da0dbc18716331535bb21d5
    SHA1: 0d3d8302e1f2a97aeb9a2760843455ab51aa1501
    packers: UPX
    packers: UPX
    packers: UPX
    packers: UPX
    Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=A3E493AAC82333ABFF4600859453CA0005070C50

    Fichier rtmsyobl.dll reçu le 2007.11.02 18:59:22 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2007.11.3.0 2007.11.02 -
    AntiVir 7.6.0.30 2007.11.02 -
    Authentium 4.93.8 2007.11.01 -
    Avast 4.7.1074.0 2007.11.02 -
    AVG 7.5.0.503 2007.11.02 -
    BitDefender 7.2 2007.11.02 -
    CAT-QuickHeal 9.00 2007.11.02 -
    ClamAV 0.91.2 2007.11.02 -
    DrWeb 4.44.0.09170 2007.11.02 -
    eSafe 7.0.15.0 2007.10.28 -
    eTrust-Vet 31.2.5262 2007.11.02 -
    Ewido 4.0 2007.11.02 -
    FileAdvisor 1 2007.11.02 -
    Fortinet 3.11.0.0 2007.10.19 -
    F-Prot 4.4.2.54 2007.11.02 -
    F-Secure 6.70.13030.0 2007.11.02 -
    Ikarus T3.1.1.12 2007.11.02 -
    Kaspersky 7.0.0.125 2007.11.02 -
    McAfee 5155 2007.11.02 -
    Microsoft 1.2908 2007.11.02 -
    NOD32v2 2634 2007.11.02 -
    Norman 5.80.02 2007.11.02 -
    Panda 9.0.0.4 2007.11.02 Suspicious file
    Prevx1 V2 2007.11.02 -
    Rising 20.16.42.00 2007.11.02 -
    Sophos 4.23.0 2007.11.02 -
    Sunbelt 2.2.907.0 2007.11.02 -
    Symantec 10 2007.11.02 -
    TheHacker 6.2.9.110 2007.10.27 -
    VBA32 3.12.2.4 2007.11.02 -
    VirusBuster 4.3.26:9 2007.11.01 -
    Webwasher-Gateway 6.6.1 2007.11.02 Win32.Malware.gen (suspicious)
    Information additionnelle
    File size: 82496 bytes
    MD5: 387a5bdb0c91543f8a4a18db150c86f5
    SHA1: 0d96a8e7762af86386701493c38b9ae6eafe541e

    Fichier sqsmbcea.dll reçu le 2007.11.02 19:09:03 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2007.11.3.0 2007.11.02 -
    AntiVir 7.6.0.30 2007.11.02 -
    Authentium 4.93.8 2007.11.01 -
    Avast 4.7.1074.0 2007.11.02 -
    AVG 7.5.0.503 2007.11.02 -
    BitDefender 7.2 2007.11.02 -
    CAT-QuickHeal 9.00 2007.11.02 -
    ClamAV 0.91.2 2007.11.02 -
    DrWeb 4.44.0.09170 2007.11.02 -
    eSafe 7.0.15.0 2007.10.28 -
    eTrust-Vet 31.2.5262 2007.11.02 -
    Ewido 4.0 2007.11.02 -
    FileAdvisor 1 2007.11.02 -
    Fortinet 3.11.0.0 2007.10.19 -
    F-Prot 4.4.2.54 2007.11.02 -
    F-Secure 6.70.13030.0 2007.11.02 -
    Ikarus T3.1.1.12 2007.11.02 -
    Kaspersky 7.0.0.125 2007.11.02 -
    McAfee 5155 2007.11.02 -
    Microsoft 1.2908 2007.11.02 -
    NOD32v2 2634 2007.11.02 -
    Norman 5.80.02 2007.11.02 -
    Panda 9.0.0.4 2007.11.02 -
    Prevx1 V2 2007.11.02 -
    Rising 20.16.42.00 2007.11.02 -
    Sophos 4.23.0 2007.11.02 -
    Sunbelt 2.2.907.0 2007.11.02 -
    Symantec 10 2007.11.02 -
    TheHacker 6.2.9.110 2007.10.27 -
    VBA32 3.12.2.4 2007.11.02 -
    VirusBuster 4.3.26:9 2007.11.01 -
    Information additionnelle
    File size: 5620 bytes
    MD5: 44266344322f5c684055a7655826b59f
    SHA1: 9133b64d3aaa8facdb1ab31c9a55b895684df3a6
    packers: PE_Patch
    0
  15. mucho 1 Messages postés 306 Statut Membre 8
     
    Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
    Double-clique sur OTMoveIt.exe pour le lancer. Copie la liste qui
    se trouve en citation ci-dessous, et colle-la dans le cadre de gauche
    de OTMoveIt : Paste List of Files/Folders to be moved.

    C:\WINDOWS\system32\huhrrhju.dll
    C:\WINDOWS\system32\hsmshejj.dll
    C:\Program Files\Spyware-Secure
    C:\Program Files\ShoppingReport
    C:\WINDOWS\system32\ddcyv.dll
    C:\WINDOWS\system32\gebyx.dll
    C:\WINDOWS\system32\geeba.dll
    C:\WINDOWS\system32\mljgh.dll
    C:\WINDOWS\system32\pmnnm.dll
    C:\WINDOWS\system32\awvvu.dll
    C:\Program Files\MessengerSkinner


    Clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre Results.
    Clique sur Exit pour fermer.

    Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    PS : il te sera peut-être demander de redémarrer le pc pour achever
    la suppression ; si c' est le cas accepte par "Yes".

    @+
    0
  16. gotinho Messages postés 68 Statut Membre
     
    LoadLibrary failed for C:\WINDOWS\system32\huhrrhju.dll
    C:\WINDOWS\system32\huhrrhju.dll NOT unregistered.
    C:\WINDOWS\system32\huhrrhju.dll moved successfully.
    LoadLibrary failed for C:\WINDOWS\system32\hsmshejj.dll
    C:\WINDOWS\system32\hsmshejj.dll NOT unregistered.
    C:\WINDOWS\system32\hsmshejj.dll moved successfully.
    Folder move failed. C:\Program Files\Spyware-Secure\nbmw scheduled to be moved on reboot.
    C:\Program Files\Spyware-Secure moved successfully.
    File/Folder C:\Program Files\ShoppingReport not found.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\ddcyv.dll
    C:\WINDOWS\system32\ddcyv.dll NOT unregistered.
    C:\WINDOWS\system32\ddcyv.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\gebyx.dll
    C:\WINDOWS\system32\gebyx.dll NOT unregistered.
    C:\WINDOWS\system32\gebyx.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\geeba.dll
    C:\WINDOWS\system32\geeba.dll NOT unregistered.
    C:\WINDOWS\system32\geeba.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\mljgh.dll
    C:\WINDOWS\system32\mljgh.dll NOT unregistered.
    C:\WINDOWS\system32\mljgh.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\pmnnm.dll
    C:\WINDOWS\system32\pmnnm.dll NOT unregistered.
    C:\WINDOWS\system32\pmnnm.dll moved successfully.
    File/Folder C:\WINDOWS\system32\awvvu.dll not found.
    File/Folder C:\Program Files\MessengerSkinner not found.

    Created on 11/02/2007 19:34:41
    0
  17. mucho 1 Messages postés 306 Statut Membre 8
     
    Poste moi un nouveau rapport Hijackthis

    merci
    0
  18. gotinho Messages postés 68 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:46:15, on 02/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.bing.com/search?form=MO0035&q=open+prj+file
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: {64f8c03e-bdac-e7db-5424-f26dcfc3c3f9} - {9f3c3cfc-d62f-4245-bd7e-cadbe30c8f46} - C:\WINDOWS\system32\omiawfmk.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [6d9186ee] rundll32.exe "C:\WINDOWS\system32\vdvnlfkc.dll",b
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4c92aa8aa9134d7cb0f944287c1f88
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4c92aa8aa9134d7cb0f944287c1f88
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/23.21/uploader2.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://max-hugonet.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O18 - Protocol: bw+0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {288B6A5F-2FBB-4E9E-8CC6-27080BAB569D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: ddcyv - C:\WINDOWS\system32\ddcyv.dll (file missing)
    O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll (file missing)
    O20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dll (file missing)
    O20 - Winlogon Notify: mljgh - C:\WINDOWS\system32\mljgh.dll (file missing)
    O20 - Winlogon Notify: pmnnm - C:\WINDOWS\system32\pmnnm.dll (file missing)
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Service Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    0
  19. mucho 1 Messages postés 306 Statut Membre 8
     
    dans un premier temps tu ferme toutes tes applications
    et tu relance Hijackthis

    coche les lignes suivantes :

    O2 - BHO: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)

    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll (file missing)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)

    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

    O20 - Winlogon Notify: ddcyv - C:\WINDOWS\system32\ddcyv.dll (file missing)

    O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll (file missing)

    O20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dll (file missing)

    O20 - Winlogon Notify: mljgh - C:\WINDOWS\system32\mljgh.dll (file missing)

    O20 - Winlogon Notify: pmnnm - C:\WINDOWS\system32\pmnnm.dll (file missing)

    puis tu clic sur Fix checked
    un message va apparaître valide le par ( yes)

    Pour fixer les lignes d’un rapport Hijackthis :
    Tuto :
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    et analyse ce fichier C:\WINDOWS\system32\vdvnlfkc.dll
    avec https://www.virustotal.com/gui/

    @+
    0
  20. gotinho Messages postés 68 Statut Membre
     
    bonsoir et merci pour ton temps et aide

    Fichier vdvnlfkc.dll reçu le 2007.11.02 20:46:31 (CET)Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2007.11.3.0 2007.11.02 -
    AntiVir 7.6.0.30 2007.11.02 TR/Dldr.ConHook.Gen
    Authentium 4.93.8 2007.11.02 -
    Avast 4.7.1074.0 2007.11.02 Win32:Trojano-1165
    AVG 7.5.0.503 2007.11.02 BHO.CER
    BitDefender 7.2 2007.11.02 -
    CAT-QuickHeal 9.00 2007.11.02 -
    ClamAV 0.91.2 2007.11.02 Trojan.Agent-68
    DrWeb 4.44.0.09170 2007.11.02 -
    eSafe 7.0.15.0 2007.10.28 -
    eTrust-Vet 31.2.5262 2007.11.02 Win32/Nisrest.A
    Ewido 4.0 2007.11.02 -
    FileAdvisor 1 2007.11.02 -
    Fortinet 3.11.0.0 2007.10.19 -
    F-Prot 4.4.2.54 2007.11.02 -
    F-Secure 6.70.13030.0 2007.11.02 -
    Ikarus T3.1.1.12 2007.11.02 Virus.Win32.Trojano.1165
    Kaspersky 7.0.0.125 2007.11.02 -
    McAfee 5155 2007.11.02 -
    Microsoft 1.2908 2007.11.02 -
    NOD32v2 2634 2007.11.02 a variant of Win32/Adware.Virtumonde
    Norman 5.80.02 2007.11.02 W32/Smalltroj.BMHH
    Panda 9.0.0.4 2007.11.02 Spyware/Virtumonde
    Prevx1 V2 2007.11.02 Trojan.Vundo
    Rising 20.16.42.00 2007.11.02 -
    Sophos 4.23.0 2007.11.02 Troj/Virtum-Gen
    Sunbelt 2.2.907.0 2007.11.02 -
    Symantec 10 2007.11.02 -
    TheHacker 6.2.9.110 2007.10.27 -
    VBA32 3.12.2.4 2007.11.02 AdWare.Win32.Virtumonde.afa
    VirusBuster 4.3.26:9 2007.11.01 -
    Webwasher-Gateway 6.6.1 2007.11.02 Trojan.Dldr.ConHook.Gen

    Information additionnelle
    File size: 67136 bytes
    MD5: b0710ff5c644c171b91248e1ad6c9d78
    SHA1: 9b5927ba9ba10945f9bd2d685fbf966a3b60bfea
    packers: UPX
    packers: UPX
    packers: UPX
    packers: PE_Patch.UPX, UPX
    Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=C9F6C2FF40967C49066901E5346A7600C8BFE6B9
    0
  21. mucho 1 Messages postés 306 Statut Membre 8
     
    Double-clique sur OTMoveIt.exe pour le lancer. Copie la liste qui
    se trouve en citation ci-dessous, et colle-la dans le cadre de gauche
    de OTMoveIt : Paste List of Files/Folders to be moved.

    C:\WINDOWS\system32\vdvnlfkc.dll

    Clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre Results.
    Clique sur Exit pour fermer.

    Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    PS : il te sera peut-être demander de redémarrer le pc pour achever
    la suppression ; si c' est le cas accepte par "Yes".

    Et dis moi comment se comporte ton PC ?
    0
  • 1
  • 2
  • 3