Cheval de troie "TR/Dldr.Conhook.gen "

Question

Bonjour, 
Moi c'est Ben, mon pc bureau qui dispose d'un windows a été infecté par un cheval de troie "TR/Dldr.Conhook.gen ", suite à cela j'ai changé mon antivirus Kaspersky pour Antivir, mais ça n'a rien changé du tout.
je viens au près de vous car je suis désespéré, j'arrive presque plus à accéder à Internet avec ce malware, merci d'avance pour votre aide.

Lyonnais92 · Answer

Bonjour,
Clique sur ce lien 
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe 
pour télécharger le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.  

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là : 
C:\Program Files\Trend Micro\HijackThis

Accepte la license en cliquant sur le bouton "I Accept"

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum

Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement


Tutoriaux : http://pageperso.aol.fr/balltrap34/demohijack.htm (ne fixe rien pour le moment !!)
              http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm 

Télécharge VundoFix.exe (par Atribune) sur ton Bureau. 
http://www.atribune.org/ccount/click.php?id=4 
Double-clique VundoFix.exe afin de le lancer. 

Clique sur le bouton Scan for Vundo. 
Lorsque le scan est complété, clique sur le bouton Remove Vundo. 
Une invite te demandera si tu veux supprimer les fichiers, clique YES 
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers. 
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK 
Démarre ton PC à nouveau. 
Copie/colle le rapport (c:\vundofix.txt) dans ta réponse

BenCaptain · Answer

Bonsoir,

Voici le rapport généré par HijackThis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:31, on 07/11/2007
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ABox.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Hotbar\bin\10.0.356.0\OEAddOn.exe
C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSA.exe
C:\Program Files\ReparateurDeSysteme\SysRep.exe
C:\PROGRA~1\FICHIE~1\REPARA~1\gescw.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hotbar\bin\10.0.356.0\Weather.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32
tvdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Hotbar - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Hotbar\bin\10.0.356.0\HostIE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ABox] C:\WINDOWS\ABox.exe
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HotbarOE] C:\Program Files\Hotbar\bin\10.0.356.0\OEAddOn.exe
O4 - HKLM\..\Run: [HotbarSA] "C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSA.exe"
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.8.4.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [1f461a4e] rundll32.exe "C:\WINDOWS\System32\gctwiprr.dll",sitypnow
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [ReparateurDeSysteme] C:\Program Files\ReparateurDeSysteme\SysRep.exe
O4 - HKLM\..\Run: [gescw] "C:\PROGRA~1\FICHIE~1\REPARA~1\gescw.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Hotbar\bin\10.0.356.0\Weather.exe" -auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b0cfb0b8fd5940bb893b8a30d58dd525
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b0cfb0b8fd5940bb893b8a30d58dd525
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\webelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\webelated.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\ICDSPTSV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Lyonnais92 · Answer

Re,

et le rapport de Vundofix ?

Désactive le tea-timer de Spybot.

BenCaptain · Answer

Rebonsoir à vous, merci pour votre aide, là je vous envoie le rapport de VundoFix.exe



VundoFix V6.5.11

Checking Java version...

Sun Java not detected
Scan started at 17:54:18 07/11/2007

Listing files found while scanning....

C:\WINDOWS\System32\adefe.bak1
C:\WINDOWS\System32\adefe.ini
C:\WINDOWS\System32\efeda.dll
C:\WINDOWS\System32\yayaxxv.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\System32\adefe.bak1
C:\WINDOWS\System32\adefe.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\System32\adefe.ini
C:\WINDOWS\System32\adefe.ini Has been deleted!

 Attempting to delete C:\WINDOWS\System32\yayaxxv.dll
C:\WINDOWS\System32\yayaxxv.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Lyonnais92 · Answer

Re,

télécharge combofix (par sUBs)ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


et enregistre le sur le bureau.

2 double-clique sur combofix.exe et suis les instructions

3 à la fin, il va produire un rapport C:\ComboFix.txt

4 copie/colle ce rapport dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.


renomme Hijackthis.exe en vundoscan.exe

Remets un nouveau log "hijackthis" avec celui de combofix.

BenCaptain · Answer

C'est encore moi, j'ai fait ce que vous m'avez demandé.

voici le log combofix:

ComboFix 07-11-08.1 - azerty 2007-11-07 18:31:02.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.92 [GMT 1:00]
Running from: C:\Documents and Settings\azerty\Bureau\ComboFix.exe
* Created a new restore point
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Application Data\HotbarSA
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEula.mht
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\azerty\Application Data\Hotbar
C:\Documents and Settings\azerty\Application Data\Hotbar\eskin\empty_bg_st.htm
C:\Documents and Settings\azerty\Application Data\Hotbar\eskin\FileManager.txt
C:\Documents and Settings\azerty\Application Data\Hotbar\HbTools.log
C:\Documents and Settings\azerty\Application Data\Hotbar\HbTools_1190825346.log
C:\Documents and Settings\azerty\Application Data\Hotbar\HbTools_1190889315.log
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056052.sdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383356.sdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384577.sdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385587.sdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\1407182.sdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\3251993.sdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\3730773.sdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\3739474.sdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\3757935.sdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\3781275.sdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\3786240.sdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\48657.sdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\549620.sdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\600583.sdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\806451.sdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\890068.sdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\934538.sdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000023749
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000023964
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000024237
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026149
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026207
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026630
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000027037
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000027050
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000027621
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000028063
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000029227
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000032977
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000048404
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052023
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052024
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052180
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052202
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052322
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052525
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052581
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052703
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052753
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052761
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052915
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052982
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000053695
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000053967
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000059594
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000059880
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000060446
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000063500
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000063632
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000063638
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000063686
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000063834
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000065262
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000068764
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000068765
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000079045
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000081253
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000081806
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11208
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11891
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1235
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\12457
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\12776
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14440
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15039
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\153363
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15643
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\16204
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17025
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17040
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17656
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20153
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20266
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20570
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21030
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\212398
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\22254
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\22257
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\237467
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\23928
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\241510
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\242437
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25063
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25469
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25502
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25698
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26656
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26664
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27414
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27503
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\281075
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\284928
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\286256
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\290893
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29115
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\30665
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32887
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\3338
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33912
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34123
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34186
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35047
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35804
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36735
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\372500
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39232
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\394595
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\403255
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41499
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\427075
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4382
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44228
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44320
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44878
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\459338
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\475788
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\51666
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52335
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\530292
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\53312
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\53481
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54473
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54488
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\576702
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\57904
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\58197
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\58804
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\611476
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61779
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6292
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64517
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\652092
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6612
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\66274
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\66851
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68055
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68458
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\703600
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\704963
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705035
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705036
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705150
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705218
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705284
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705316
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705516
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\708497
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\710839
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\711372
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\71340
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\722380
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\722383
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\730994
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\73861
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\742100
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\744472
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\744869
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\744920
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\745220
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\745356
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\748893
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753017
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753084
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79824
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79972
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79989
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\80193
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\80670
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\81093
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\81293
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\82292
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86172
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86379
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\94407
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95645
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95716
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\99739
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\99795
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\35ff.dat
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\ads.cdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\btntrans.idx
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\btntrans1.dat
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\buttondir.txt
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\cursors.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_other.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_weather.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_511745-514279.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz1.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz10.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz11.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz12.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz13.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz14.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz15.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz16.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz17.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz18.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz19.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz2.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz20.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz3.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz4.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz5.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz6.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz7.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz8.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz9.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-people.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemster.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemsterie.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jobsearch.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Mails.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_reun.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_ringtones.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\gamesmenu.cdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\gamesMenu.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\hb_ie_menu.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium.cdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\ie_games_icon.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\ie_video.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\more.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\new_games.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\progress.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\sales_buttons.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\theweb.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\tsd_bg.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\1\weathericon.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\ads.cdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\btntrans.idx
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\btntrans1.dat
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\buttondir.txt
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\cursors.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_other.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_weather.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_511745-514279.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz1.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz10.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz11.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz12.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz13.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz14.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz15.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz16.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz17.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz18.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz19.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz2.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz20.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz3.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz4.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz5.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz6.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz7.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz8.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz9.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-people.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hotmail.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemster.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemsterie.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jobsearch.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Mails.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_reun.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_ringtones.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\gamesmenu.cdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\gamesMenu.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\hb_ie_menu.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium.cdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\icons2.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\ie_games_icon.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\ie_video.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords.idx
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords1.dat
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\linkpathlegal.txt
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\more.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\new_games.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\progress.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\sales_buttons.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\theweb.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\tsd_bg.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\2\weathericon.res
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\cursors.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\gamesmenu.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hb_ie_menu.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ie_video.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\more.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\azerty\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\weathericon.xip
C:\Documents and Settings\azerty\Application Data\setup_fr[1].exe
C:\Documents and Settings\azerty\Application Data\systemerrorrepairinstallfull_fr[1].exe
C:\Documents and Settings\azerty\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\azerty\Application Data\WinAntiVirus Pro 2006\PGE.dat
C:\Program Files\Fichiers communs\winantivirus pro 2006
C:\Program Files\Fichiers communs\winantivirus pro 2006\WapCHK.dll
C:\Program Files\Fichiers communs\WinSoftware
C:\Program Files\Fichiers communs\WinSoftware\CrXML.dll
C:\Program Files\Fichiers communs\WinSoftware\PCheck.dll
C:\Program Files\Hotbar
C:\Program Files\Hotbar\bin\10.0.356.0\arrow.ico
C:\Program Files\Hotbar\bin\10.0.356.0\Cml.exe
C:\Program Files\Hotbar\bin\10.0.356.0\copyright.txt
C:\Program Files\Hotbar\bin\10.0.356.0\CoreSrv.dll
C:\Program Files\Hotbar\bin\10.0.356.0\dBenderC.dll
C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\components\npclntax.xpt
C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\install.rdf
C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\plugins\npclntax_HotbarSA.dll
C:\Program Files\Hotbar\bin\10.0.356.0\HostIE.dll
C:\Program Files\Hotbar\bin\10.0.356.0\HostOE.dll
C:\Program Files\Hotbar\bin\10.0.356.0\HostOL.dll
C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSA.exe
C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSAAX.dll
C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSADF.exe
C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSAHook.dll
C:\Program Files\Hotbar\bin\10.0.356.0\HotbarUnInstaller.exe
C:\Program Files\Hotbar\bin\10.0.356.0\InstIE.dll
C:\Program Files\Hotbar\bin\10.0.356.0\link.ico
C:\Program Files\Hotbar\bin\10.0.356.0\OEAddOn.exe
C:\Program Files\Hotbar\bin\10.0.356.0\Srv.exe
C:\Program Files\Hotbar\bin\10.0.356.0\Toolbar.dll
C:\Program Files\Hotbar\bin\10.0.356.0\Wallpaper.dll
C:\Program Files\Hotbar\bin\10.0.356.0\Weather.exe
C:\Program Files\Hotbar\bin\10.0.356.0\WeSkin.dll
C:\Program Files\winantivirus pro 2006
C:\Program Files\WinAntiVirus Pro 2006\history.db
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files.\HbInstIE.dll
C:\WINDOWS\Downloaded Program Files\UERSV_0001_LPNetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UWFX5V_0001_N56M1411NetInstaller.exe
C:\WINDOWS\system32\bayay.bak1
C:\WINDOWS\system32\bayay.bak2
C:\WINDOWS\system32\bayay.ini
C:\WINDOWS\System32\byvst.dll
C:\WINDOWS\system32\fihhk.bak1
C:\WINDOWS\system32\fihhk.bak2
C:\WINDOWS\system32\fihhk.ini
C:\WINDOWS\system32\iiiii.bak1
C:\WINDOWS\system32\iiiii.ini
C:\WINDOWS\system32\iijlm.bak1
C:\WINDOWS\system32\iijlm.ini
C:\WINDOWS\system32\jiiii.bak1
C:\WINDOWS\system32\jiiii.ini
C:\WINDOWS\system32\jjkkj.bak1
C:\WINDOWS\system32\jjkkj.bak2
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.tmp
C:\WINDOWS\system32\llnnn.bak1
C:\WINDOWS\system32\llnnn.ini
C:\WINDOWS\system32\llnnn.ini2
C:\WINDOWS\system32\llnnn.tmp
C:\WINDOWS\system32\mmlnn.bak1
C:\WINDOWS\system32\mmlnn.ini
C:\WINDOWS\system32\qttss.bak1
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\rsvut.bak1
C:\WINDOWS\system32\rsvut.bak2
C:\WINDOWS\system32\rsvut.tmp
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\tsvyb.bak1
C:\WINDOWS\system32\tsvyb.ini
C:\WINDOWS\system32\wxyxx.bak1
C:\WINDOWS\system32\wxyxx.bak2
C:\WINDOWS\system32\wxyxx.ini
C:\WINDOWS\system32\xycdd.bak1
C:\WINDOWS\system32\xycdd.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FOPN
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK
-------\vspf
-------\vspf_hk

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-08 to 2007-11-08 ))))))))))))))))))))))))))))))))))))
.

2007-11-07 18:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 17:54 <REP> d-------- C:\VundoFix Backups
2007-11-07 17:10 <REP> d-------- C:\Program Files\Trend Micro
2007-11-06 21:04 <REP> d-------- C:\Program Files\Navilog1
2007-11-06 20:43 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-11-06 20:43 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-11-06 20:43 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-11-06 20:43 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-11-06 20:43 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-11-06 20:43 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-11-06 20:43 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-11-06 18:40 <REP> d--hs---- C:\FOUND.006
2007-11-05 18:53 65,359 --a------ C:\scan.dat
2007-11-03 20:00 81,472 --a------ C:\WINDOWS\system32\tkscjjcb.dll
2007-10-30 20:37 <REP> d-------- C:\Program Files\Avira
2007-10-30 20:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-29 18:53 83,008 --------- C:\WINDOWS\system32\gctwiprr.dll
2007-10-29 17:58 <REP> d--hs---- C:\FOUND.005
2007-10-13 23:07 <REP> d-------- C:\Documents and Settings\azerty\Application Data\reparateurdesysteme
2007-10-13 23:02 <REP> dr------- C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
2007-10-13 23:01 <REP> d-------- C:\Program Files\ReparateurDeSysteme
2007-10-13 23:01 <REP> d-------- C:\Program Files\Fichiers communs\ReparateurDeSysteme
2007-10-09 11:07 <REP> d--hs---- C:\FOUND.004

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 20:27 79,936 ----a-w C:\WINDOWS\system32\vvdsojjs.dll
2007-10-03 10:51 79,936 ----a-w C:\WINDOWS\system32\rvjvjqmr.dll
2007-10-02 10:51 79,936 ----a-w C:\WINDOWS\system32\yyhelvlt.dll
2007-09-27 11:48 --------- d-----w C:\Documents and Settings\azerty\Application Data\WeatherDPA
2007-09-27 11:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2007-09-26 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-26 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-09-26 17:55 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-09-26 17:55 --------- d-----w C:\Documents and Settings\azerty\Application Data\TuneUp Software
2007-09-26 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-09-26 17:54 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-09-21 21:48 --------- d-----w C:\Program Files\Google
2007-09-21 20:20 --------- d-----w C:\Program Files\Windows Live Favorites
2007-09-21 20:19 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-09-21 20:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-09-21 13:12 --------- d-----w C:\Documents and Settings\azerty\Application Data\Creative
2007-09-21 12:35 --------- d-----w C:\Program Files\SightSpeed
2006-03-17 17:51 21,608 ----a-w C:\Documents and Settings\azerty\Application Data\GDIPFONTCACHEV1.DAT
2002-12-16 18:33 266 --sh--w C:\Program Files\desktop.ini
2002-12-16 18:33 11,208 ---h--w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B655423-DBBD-4863-A267-BD4C7257A8F4}]
C:\WINDOWS\System32\efeda.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99479E2F-E0D5-4858-B6A0-B18C92784614}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f54984c5-f2cb-4d7e-9128-9f6a102c7369}]
2007-11-03 20:00 81472 --a------ C:\WINDOWS\System32\tkscjjcb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 11:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-25 18:29]
"ABox"="C:\WINDOWS\ABox.exe" []
"V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 19:01]
"CTRegRun"="C:\WINDOWS\CTRegRun.EXE" [1999-10-11 03:00]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" []
"1f461a4e"="C:\WINDOWS\System32\gctwiprr.dll" [2007-10-29 18:53]
"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" []
"ReparateurDeSysteme"="C:\Program Files\ReparateurDeSysteme\SysRep.exe" [2007-10-09 14:29]
"gescw"="C:\PROGRA~1\FICHIE~1\REPARA~1\gescw.exe" [2007-08-15 12:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-10-30 21:22]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyx]
C:\WINDOWS\System32\ddcyx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efeda]
C:\WINDOWS\System32\efeda.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiiii]
C:\WINDOWS\System32\iiiii.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiiij]
C:\WINDOWS\System32\iiiij.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjj]
C:\WINDOWS\System32\jkkjj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khhif]
C:\WINDOWS\System32\khhif.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljii]
C:\WINDOWS\System32\mljii.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnlmm]
C:\WINDOWS\System32\nnlmm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnll]
C:\WINDOWS\System32\nnnll.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\oppmk]
C:\WINDOWS\System32\oppmk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttq]
C:\WINDOWS\System32\ssttq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvsr]
C:\WINDOWS\System32\tuvsr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxw]
C:\WINDOWS\System32\xxyxw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayab]
C:\WINDOWS\System32\yayab.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayaxxv]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\byvst.dll

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 3dfxvs;3dfxvs;C:\WINDOWS\System32\DRIVERS\3dfxvsm.sys
R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\System32\DRIVERS\V0220Dev.sys
R3 V0220Vfx;V0220VFX;C:\WINDOWS\System32\DRIVERS\V0220Vfx.sys
S3 ICDSX;Sony IC Recorder (SX);C:\WINDOWS\System32\Drivers\ICDSX.sys
S3 ids00026;ids00026;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys
S3 NtApm;Pilote d'interface NT APM/hérité;C:\WINDOWS\System32\DRIVERS\NtApm.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-07 16:33:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
"2007-09-28 16:20:42 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 18:41:00
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 18:42:42 - machine was rebooted
.
--- E O F ---

et là c 'est le log de hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:45:53, on 08/11/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ReparateurDeSysteme\SysRep.exe
C:\PROGRA~1\FICHIE~1\REPARA~1\gescw.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\vundoscan.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Hotbar /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O2 - BHO: (no name) - {7B655423-DBBD-4863-A267-BD4C7257A8F4} - C:\WINDOWS\System32\efeda.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {99479E2F-E0D5-4858-B6A0-B18C92784614} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {9637c201-a6f9-8219-e7d4-bc2f5c48945f} - {f54984c5-f2cb-4d7e-9128-9f6a102c7369} - C:\WINDOWS\System32\tkscjjcb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ABox] C:\WINDOWS\ABox.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [1f461a4e] rundll32.exe "C:\WINDOWS\System32\gctwiprr.dll",sitypnow
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [ReparateurDeSysteme] C:\Program Files\ReparateurDeSysteme\SysRep.exe
O4 - HKLM\..\Run: [gescw] "C:\PROGRA~1\FICHIE~1\REPARA~1\gescw.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b0cfb0b8fd5940bb893b8a30d58dd525
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b0cfb0b8fd5940bb893b8a30d58dd525
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\System32\ddcyx.dll

Lyonnais92 · Answer

Re,

ouvre Spybot.

clique sur mode, choisis advanced mode;

dans la colonne de gauche clique sur le + devant tools.

clique sur résident (colonne de gauche)

dans la fenêtre de droite décoche la case devant "resident tea-timer"

(tant que ceci ne sera pas fait, on aura des difficultés).


Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\System32	kscjjcb.dll 

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse. 

Le log de Combofix était long. Le log de Hijackthis a été coupé avant la fin.

Reposte le. Merci

BenCaptain · Answer

désolé, mais je ne retrouve pas Spybot

Lyonnais92 · Answer

Re,

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

ou bien un raccourci sur ton bureau.

BenCaptain · Answer

C'est encore moi, voici le resultat donné par https://www.virustotal.com/gui/ après avoir décoché la case de Spybot:




Fichier tkscjjcb.dll reçu le 2007.11.07 20:00:03 (CET)
Antivirus	Version	Dernière mise à jour	Résultat
AhnLab-V3	2007.11.2.1	2007.11.02	-
AntiVir	7.6.0.34	2007.11.07	TR/Dldr.ConHook.Gen
Authentium	4.93.8	2007.11.01	-
Avast	4.7.1074.0	2007.11.06	-
AVG	7.5.0.503	2007.11.06	BHO.CLZ
BitDefender	7.2	2007.11.07	-
CAT-QuickHeal	9.00	2007.11.06	-
ClamAV	0.91.2	2007.11.07	-
DrWeb	4.44.0.09170	2007.11.07	-
eSafe	7.0.15.0	2007.10.28	-
eTrust-Vet	31.2.5276	2007.11.07	-
Ewido	4.0	2007.11.06	-
FileAdvisor	1	2007.11.07	-
Fortinet	3.11.0.0	2007.10.19	-
F-Prot	4.4.2.54	2007.11.07	-
F-Secure	6.70.13030.0	2007.11.02	-
Ikarus	T3.1.1.12	2007.11.07	Trojan.Win32.BHO.re
Kaspersky	7.0.0.125	2007.11.02	-
McAfee	5157	2007.11.06	-
Microsoft	1.3007	2007.11.07	-
NOD32v2	2642	2007.11.06	-
Norman	5.80.02	2007.11.06	-
Panda	9.0.0.4	2007.11.06	Suspicious file
Prevx1	V2	2007.11.07	Trojan.Vundo
Rising	20.16.42.00	2007.11.02	-
Sophos	4.23.0	2007.11.07	-
Sunbelt	2.2.907.0	2007.10.31	-
Symantec	10	2007.11.02	-
TheHacker	6.2.9.118	2007.11.06	-
VBA32	3.12.2.4	2007.11.06	-
VirusBuster	4.3.26:9	2007.11.06	Trojan.BHO.NQ
Webwasher-Gateway	6.0.1	2007.11.07	Trojan.Dldr.ConHook.Gen

Information additionnelle
File size: 81472 bytes
MD5: 2a1da8eb5bccdf5f316785f42ae1a58f
SHA1: bb6b0f235b6e3556f65e268e15943dd2d0d9a434
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=2BD61A1040DE3A603E31019484090700CD32EEC5

BenCaptain · Answer

Voici, le log généré par Hijackthis:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:40, on 08/11/2007
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\ReparateurDeSysteme\SysRep.exe
C:\PROGRA~1\FICHIE~1\REPARA~1\gescw.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32
tvdm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Trend Micro\HijackThis\vundoscan.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Hotbar /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O2 - BHO: (no name) - {7B655423-DBBD-4863-A267-BD4C7257A8F4} - C:\WINDOWS\System32\efeda.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {99479E2F-E0D5-4858-B6A0-B18C92784614} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {9637c201-a6f9-8219-e7d4-bc2f5c48945f} - {f54984c5-f2cb-4d7e-9128-9f6a102c7369} - C:\WINDOWS\System32	kscjjcb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ABox] C:\WINDOWS\ABox.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [1f461a4e] rundll32.exe "C:\WINDOWS\System32\gctwiprr.dll",sitypnow
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [ReparateurDeSysteme] C:\Program Files\ReparateurDeSysteme\SysRep.exe
O4 - HKLM\..\Run: [gescw] "C:\PROGRA~1\FICHIE~1\REPARA~1\gescw.exe" -start
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [HotbarOE] C:\Program Files\Hotbar\bin\10.0.356.0\OEAddOn.exe
O4 - HKLM\..\Run: [HotbarSA] "C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSA.exe"
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.8.4.0\HbtWeatherOnTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Hotbar\bin\10.0.356.0\Weather.exe" -auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b0cfb0b8fd5940bb893b8a30d58dd525
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b0cfb0b8fd5940bb893b8a30d58dd525
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\webelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\webelated.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\System32\ddcyx.dll (file missing)
O20 - Winlogon Notify: efeda - C:\WINDOWS\System32\efeda.dll (file missing)
O20 - Winlogon Notify: iiiii - C:\WINDOWS\System32\iiiii.dll (file missing)
O20 - Winlogon Notify: iiiij - C:\WINDOWS\System32\iiiij.dll (file missing)
O20 - Winlogon Notify: jkkjj - C:\WINDOWS\System32\jkkjj.dll (file missing)
O20 - Winlogon Notify: jkkkl - C:\WINDOWS\
O20 - Winlogon Notify: khhif - C:\WINDOWS\System32\khhif.dll (file missing)
O20 - Winlogon Notify: mljii - C:\WINDOWS\System32\mljii.dll (file missing)
O20 - Winlogon Notify: nnlmm - C:\WINDOWS\System32
nlmm.dll (file missing)
O20 - Winlogon Notify: nnnll - C:\WINDOWS\System32
nnll.dll (file missing)
O20 - Winlogon Notify: oppmk - C:\WINDOWS\System32\oppmk.dll (file missing)
O20 - Winlogon Notify: ssttq - C:\WINDOWS\System32\ssttq.dll (file missing)
O20 - Winlogon Notify: tuvsr - C:\WINDOWS\System32	uvsr.dll (file missing)
O20 - Winlogon Notify: xxyxw - C:\WINDOWS\System32\xxyxw.dll (file missing)
O20 - Winlogon Notify: yayab - C:\WINDOWS\System32\yayab.dll (file missing)
O20 - Winlogon Notify: yayaxxv - C:\WINDOWS\
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\ICDSPTSV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

BenCaptain · Answer

Oupsssss, apparemment t'es plus là, merci pour tout.

Lyonnais92 · Answer

Re,

Ouvre le Bloc Notes.
Copie le texte ci-dessous (entre les * mais sans les *) avec le texte qui se trouve dans l'espace ci-dessous (copie/colle) : 

*****************************
REGEDIT4 

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}] 
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B655423-DBBD-4863-A267-BD4C7257A8F4}] 
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99479E2F-E0D5-4858-B6A0-B18C92784614}] 
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f54984c5-f2cb-4d7e-9128-9f6a102c7369}] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\ddcyx] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\efeda] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\iiiii] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\iiiij] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\jkkjj] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\jkkkl] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\khhif] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\mljii] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify
nlmm] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify
nnll] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\oppmk] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\ssttq] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify	uvsr] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\xxyxw] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\yayab] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\yayaxxv] 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"1f461a4e"= - 
*****************************
Clique sur "Fichier", "Enregistrer sous".
Clique sur Bureau (dans la colonne de gauche)
Dans Nom du fichier tu écris fix.reg 
Pour Type tu choisis "tous les fichiers" avec le menu déroulant.
Tu cliques sur Enregistrer.
Tu fermes le Bloc-notes

Sur ton bureau, tu double-clique sur l'icône de Fix.reg
Tu acceptes l'avertissement concernant la fusion
Le fix va travailler sans se manifester.
A la fin, tu vas voir un message disant que la fusion est terminée. Tu valides.

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\WINDOWS\System32	kscjjcb.dll
C:\WINDOWS\System32\gctwiprr.dll 
C:\Program Files\Hotbar
C:\WINDOWS\system32\gctwiprr.dll
C:\WINDOWS\system32\vvdsojjs.dll 
C:\WINDOWS\system32vjvjqmr.dll 
C:\WINDOWS\system32\yyhelvlt.dll 
C:\FOUND.006 
C:\FOUND.005 
C:\FOUND.004 
C:\FOUND.003 
C:\FOUND.003 
C:\FOUND.001 
C:\FOUND.000 

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 

Remets aussi un log hijackthis

BenCaptain · Answer

Voici, le log généré:



DllUnregisterServer procedure not found in C:\WINDOWS\System32	kscjjcb.dll
C:\WINDOWS\System32	kscjjcb.dll NOT unregistered.
C:\WINDOWS\System32	kscjjcb.dll moved successfully.
File/Folder C:\WINDOWS\System32\gctwiprr.dll not found.
File/Folder C:\Program Files\Hotbar not found.
File/Folder C:\WINDOWS\system32\gctwiprr.dll not found.
LoadLibrary failed for C:\WINDOWS\system32\vvdsojjs.dll
C:\WINDOWS\system32\vvdsojjs.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\vvdsojjs.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32vjvjqmr.dll
C:\WINDOWS\system32vjvjqmr.dll NOT unregistered.
File move failed. C:\WINDOWS\system32vjvjqmr.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\yyhelvlt.dll
C:\WINDOWS\system32\yyhelvlt.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\yyhelvlt.dll scheduled to be moved on reboot.
C:\FOUND.006 moved successfully.
C:\FOUND.005 moved successfully.
C:\FOUND.004 moved successfully.
C:\FOUND.003 moved successfully.
File/Folder C:\FOUND.003 not found.
C:\FOUND.001 moved successfully.
C:\FOUND.000 moved successfully.
 
Created on 11/08/2007 20:59:57

Lyonnais92 · Answer

Re,

le rapport Hijackthis ?

Cheval de troie "TR/Dldr.Conhook.gen "

15 réponses

Votre réponse

Discussions similaires

Newsletters