Sujet Précédent Sujet Suivant

Virus tratbho(tri)

Résolu
lafille -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
j'ai un cheval de troie sur mon pc et je ne sais plus comment faire.j'ai avast mais quand je fais un scan il me dit qu'il ni a rien. avec ad-ware c'est pareil.les premiers scans m'ont donné des infos et j'ai tout supprimé apres j'ai fais un nettoyage avec ccleaner.normalement il n'y a plus rien mais a chaque fois que j'allume mon pc:message d'avast qui me dit que j'ai un cheval de troie.ça me rend folle en plus ce vius a contaminé tous mes contacts de messenger. au secours!!c'est win32tratbho(tri).j'ai vue qu'il y a beaucoup de manipulation a faire avec vous mais je ne suis pas tres douée.merci de me repondre.
A voir également:

25 réponses

  • 1
  • 2
Réponse 1 / 25
g!rly Messages postés 18462 Statut Contributeur 406
 
salut lafille,

fais ceci dans l´ordre :

Téléchargez MSNFix.zip (de !aur3n7) sur votre bureau:
http://sosvirus.changelog.fr/MSNFix.zip
Décompressez-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Télécharge HijackThis ici :

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´utilisation (video) :

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

Post le rapport généré ici stp...

bon courrage ;-)

post les rapports stp

@+
0
Réponse 2 / 25
fanette280
 
Salut,

Mon ordi a été infecté par le virus trathbo et j'ai suivi les conseils de ce site en faisant un scan avec combofix.

Voici le rapport généré par hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:30, on 29/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O2 - BHO: (no name) - {64A7CAC4-D429-4013-912D-F9ECE93988DD} - C:\WINDOWS\system32\ssqpm.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {832bc68d-f05b-4716-8202-c2a34fba0e97} - C:\WINDOWS\system32\cbnrwokg.dll (file missing)
O2 - BHO: (no name) - {8946104D-917A-44F6-B094-7AEE67581E48} - C:\WINDOWS\system32\ddaya.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Ins3DT] E:\INSTALL4\INS3DT.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Cld2000.exe] D:\INSATLLATION\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm119YYFR
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?64c526adcc044d8c8d5377be5cfc0e22
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?64c526adcc044d8c8d5377be5cfc0e22
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: byxyyyw - byxyyyw.dll (file missing)
O20 - Winlogon Notify: geede - C:\WINDOWS\system32\geede.dll (file missing)
O20 - Winlogon Notify: jkhhf - C:\WINDOWS\system32\jkhhf.dll (file missing)
O20 - Winlogon Notify: jkkll - C:\WINDOWS\system32\jkkll.dll (file missing)
O20 - Winlogon Notify: ssqpm - C:\WINDOWS\system32\ssqpm.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
0
Réponse 3 / 25
g!rly Messages postés 18462 Statut Contributeur 406
 
Salut fanette280,

tu peux poster le rapport de combofix stp

@+
0
Réponse 4 / 25
fanette280
 
Voici le rapport combofix :

ComboFix 08-02-25.3 - Raphaëlle 2008-02-29 13:32:20.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.275 [GMT 1:00]
Endroit: C:\Documents and Settings\Raphaëlle\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\HotbarSA
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_gdf.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEula.mht
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1160263393.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1161689077.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1162956301.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1163984763.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1164147595.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1164708661.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1164875875.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1165350098.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1165679218.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1166591255.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1166983012.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1167345453.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1167670819.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1167934682.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1168021563.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1168328987.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1172209064.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1173816812.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1174308233.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1174466584.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1177768163.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1184673211.log
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1065003.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1067059.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383356.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384287.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384577.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384736.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384900.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1390732.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1391472.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1403651.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1412146.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1581365.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\2883915.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\2889521.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\2893863.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\2903988.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\3251993.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\3471354.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\3750949.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\3755917.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\3756263.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\3781261.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\3893245.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\549620.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\819382.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\969631.sdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000003756
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000023749
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000023840
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000024140
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000025284
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026048
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026054
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026100
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026149
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000027037
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000027621
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000027627
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000027929
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000028825
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000029227
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000032977
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052034
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052231
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000063329
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000063686
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000065154
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000065273
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000068397
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000078388
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000078974
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000079246
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\10110
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\12457
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\130787
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\134210
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13546
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15040
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15473
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15643
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\16204
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17025
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17040
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18036
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18296
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19052
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20266
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20570
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21030
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\212398
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\214162
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\22254
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\241510
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\24337
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\247895
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25063
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\253036
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25372
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25509
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27503
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27942
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\281075
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\306519
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31537
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31551
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32171
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32415
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32887
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\3338
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33912
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\3405
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34123
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34174
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34186
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35000
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35150
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\352526
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\362710
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\367116
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\372500
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\374830
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39228
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41347
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41499
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41999
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\427075
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43907
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44100
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44320
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44878
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\450215
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\459338
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\481176
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49587
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\51495
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\5204
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52335
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52625
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52990
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54189
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\576702
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\577538
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\578150
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\583749
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\602763
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61779
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61847
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6292
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\639057
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\63930
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64414
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64429
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64446
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64484
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64502
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64737
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\658110
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6612
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\66274
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67469
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68031
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68055
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68076
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\69201
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\704963
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\704972
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705036
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705063
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705280
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705284
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705294
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705316
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705461
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705516
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\708497
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\712427
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\73664
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\744260
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\744920
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\745220
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\745356
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753084
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753276
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753306
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753307
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753326
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753328
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753335
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\76113
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79824
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79977
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79986
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\80567
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\82011
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\85381
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\85878
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86379
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86452
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86587
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87594
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\88533
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90375
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93910
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\94407
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95615
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95645
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95917
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\99795
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\ads.cdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\btntrans.idx
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\btntrans1.dat
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\buttondir.txt
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\cursors.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_weather.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz1.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz10.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz11.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz12.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz13.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz14.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz15.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz16.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz17.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz18.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz19.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz2.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz20.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz3.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz4.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz5.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz6.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz7.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz8.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz9.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemster.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemsterie.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jobsearch.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Mails.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_reun.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_ringtones.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\editblbuttons.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\gamesmenu.cdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\gamesMenu.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\hb_ie_menu.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium.cdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\ie_games_icon.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\ie_video.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\more.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\new_games.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\progress.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\sales_buttons.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\sdfmodifier.xml
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\theweb.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\tsd_bg.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\weathericon.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\ads.cdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\btntrans.idx
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\btntrans1.dat
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\buttondir.txt
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\cursors.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_other.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_weather.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_511745-514279.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz1.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz10.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz11.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz12.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz13.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz14.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz15.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz16.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz17.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz18.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz19.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz2.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz20.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz3.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz4.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz5.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz6.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz7.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz8.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz9.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-people.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hotmail.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemster.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemsterie.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jobsearch.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Mails.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_reun.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_ringtones.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\editblbuttons.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\gamesmenu.cdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\gamesMenu.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\hb_ie_menu.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium.cdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\icons2.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\ie_games_icon.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\ie_video.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords.idx
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords1.dat
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\linkpathlegal.txt
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\more.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\new_games.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\progress.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\sales_buttons.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\sdfmodifier.xml
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\theweb.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\tsd_bg.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\weathericon.res
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\cursors.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\editblbuttons.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\gamesmenu.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hb_ie_menu.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ie_video.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\more.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\sdfmodifier.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\weathericon.xip
C:\Documents and Settings\Raphaëlle\Application Data\ShoppingReport
C:\Documents and Settings\Raphaëlle\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Raphaëlle\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Raphaëlle\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Raphaëlle\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Raphaëlle\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Raphaëlle\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Raphaëlle\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\[u]0[/u]DCCA57B.urr
C:\Program Files\FunWebProducts\Shared\46749E25.dat
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\Hotbar
C:\Program Files\Hotbar\bin\10.0.356.0\arrow.ico
C:\Program Files\Hotbar\bin\10.0.356.0\Cml.exe
C:\Program Files\Hotbar\bin\10.0.356.0\copyright.txt
C:\Program Files\Hotbar\bin\10.0.356.0\CoreSrv.dll
C:\Program Files\Hotbar\bin\10.0.356.0\dBenderC.dll
C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\chrome.manifest
C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\components\npclntax.xpt
C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\install.rdf
C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\plugins\npclntax_HotbarSA.dll
C:\Program Files\Hotbar\bin\10.0.356.0\HostOE.dll
C:\Program Files\Hotbar\bin\10.0.356.0\HostOL.dll
C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSA.exe
C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSADF.exe
C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSAHook.dll
C:\Program Files\Hotbar\bin\10.0.356.0\HotbarUnInstaller.exe
C:\Program Files\Hotbar\bin\10.0.356.0\InstIE.dll
C:\Program Files\Hotbar\bin\10.0.356.0\link.ico
C:\Program Files\Hotbar\bin\10.0.356.0\OEAddOn.exe
C:\Program Files\Hotbar\bin\10.0.356.0\Srv.exe
C:\Program Files\Hotbar\bin\10.0.356.0\Toolbar.dll
C:\Program Files\Hotbar\bin\10.0.356.0\Wallpaper.dll
C:\Program Files\Hotbar\bin\10.0.356.0\Weather.exe
C:\Program Files\Hotbar\bin\10.0.356.0\WeSkin.dll
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]011C958.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]011CB9A.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]011CD6F.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]011CF05.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0833EA2
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]B4D935F
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]DCCD872
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]DCCDA76.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]DCCDCB8.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]DCCDF48.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]DCCE1E8.bin
C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]DCCE459.bin
C:\Program Files\MyWebSearch\bar\Cache\246B31AB.bin
C:\Program Files\MyWebSearch\bar\Cache\246B4543.bin
C:\Program Files\MyWebSearch\bar\Cache\246B46E9.bin
C:\Program Files\MyWebSearch\bar\Cache\246B48BE
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Search\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\aosxgeet.dll
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.ini2
C:\WINDOWS\system32\bovirkmo.dll
C:\WINDOWS\system32\cbnadrco.dll
C:\WINDOWS\system32\claytuxe.ini
C:\WINDOWS\system32\cqdunhpw.dll
C:\WINDOWS\system32\ctjarjws.ini
C:\WINDOWS\system32\dogfbult.dll
C:\WINDOWS\system32\edosgjut.dll
C:\WINDOWS\system32\eqknbhss.ini
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\fchryesu.dll
C:\WINDOWS\system32\fjkdcksx.ini
C:\WINDOWS\system32\gebca.dll
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\glmyyyvl.ini
C:\WINDOWS\system32\gucirnns.dll
C:\WINDOWS\system32\gwuspsvm.ini
C:\WINDOWS\system32\hcdmokib.dll
C:\WINDOWS\system32\iqxhobtj.ini
C:\WINDOWS\system32\javwtacq.ini
C:\WINDOWS\system32\jeefrxcj.dll
C:\WINDOWS\system32\jplruhhb.ini
C:\WINDOWS\system32\jutpvkvd.dll
C:\WINDOWS\system32\krqymxfk.ini
C:\WINDOWS\system32\lmxgxfqi.ini
C:\WINDOWS\system32\lomuawen.dll
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\system32\nclkqoix.ini
C:\WINDOWS\system32\ncwoxy.dat
C:\WINDOWS\system32\ncwoxy.exe
C:\WINDOWS\system32\ncwoxy_nav.dat
C:\WINDOWS\system32\ncwoxy_navps.dat
C:\WINDOWS\system32\notrmrxy.ini
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\ohfeunru.dll
C:\WINDOWS\system32\ohgovjdc.dll
C:\WINDOWS\system32\okyyxjib.ini
C:\WINDOWS\system32\oscqknwc.ini
C:\WINDOWS\system32\osmdsobv.dll
C:\WINDOWS\system32\pejwqioy.dll
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\qdclakak.ini
C:\WINDOWS\system32\qihmtsvd.ini
C:\WINDOWS\system32\qonivlby.ini
C:\WINDOWS\system32\qxrsvcbp.ini
C:\WINDOWS\system32\rdbkjrte.ini
C:\WINDOWS\system32\rmkugnaa.dll
C:\WINDOWS\system32\rqxqjqkk.ini
C:\WINDOWS\system32\rxtdeqxe.dll
C:\WINDOWS\system32\sdygjfmc.dll
C:\WINDOWS\system32\sqwtviha.dll
C:\WINDOWS\system32\tapqfqvw.ini
C:\WINDOWS\system32\tiwwckem.dll
C:\WINDOWS\system32\tujgsode.ini
C:\WINDOWS\system32\txntfngo.ini
C:\WINDOWS\system32\uovwkhqn.ini
C:\WINDOWS\system32\vtutq.dll
C:\WINDOWS\system32\wbwtdifm.dll
C:\WINDOWS\system32\wdhgjqyj.ini
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\system32\wpronrqa.ini
C:\WINDOWS\system32\xskcdkjf.dll
C:\WINDOWS\system32\xxbiwmfd.ini
C:\WINDOWS\system32\xxyyawx.dll
C:\WINDOWS\system32\yeetlqjd.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-28 to 2008-02-29 ))))))))))))))))))))))))))))))))))))
.

2008-02-28 19:10 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-02-28 19:10 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-28 19:10 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-28 19:10 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-28 19:10 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-28 19:10 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-28 19:10 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-28 19:10 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-28 19:10 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-27 18:17 . 2008-02-27 18:18 <REP> d-------- C:\Program Files\Viewpoint
2008-02-27 18:17 . 2008-02-27 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-26 13:31 . 2008-02-29 13:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-26 13:31 . 2008-02-26 13:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-26 13:29 . 2008-02-26 13:29 <REP> d-------- C:\Program Files\iPod
2008-02-26 13:28 . 2008-02-26 13:29 <REP> d-------- C:\Program Files\iTunes
2008-02-26 13:16 . 2008-02-26 13:19 <REP> d-------- C:\Program Files\QuickTime
2008-02-20 15:38 . 2008-02-20 15:38 <REP> d-------- C:\Program Files\Yahoo!
2008-02-17 14:49 . 2008-02-29 13:30 99,683 --a------ C:\WINDOWS\BM277fbc20.xml
2008-02-16 14:49 . 2008-02-29 13:32 21 --a------ C:\WINDOWS\pskt.ini
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 08:52 15,776 ----a-w C:\WINDOWS\system32\vollovrr.dll
2008-01-09 17:54 --------- d-----w C:\Program Files\Red Kawa
2008-01-09 17:54 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-09 13:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-09 13:15 --------- d-----w C:\Program Files\Apple Software Update
2008-01-09 13:13 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-01-09 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-12 23:23 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-09-25 13:48 6,572 --sh--w C:\WINDOWS\system32\edeeg.bak1
2007-09-24 22:42 6,680 --sh--w C:\WINDOWS\system32\fhhkj.bak1
2007-09-29 14:38 23,986 --sh--w C:\WINDOWS\system32\llkkj.bak2
2007-11-10 14:32 183,692 --sh--w C:\WINDOWS\system32\mpqss.bak1
2007-11-12 18:09 184,725 --sh--w C:\WINDOWS\system32\mpqss.bak2
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64A7CAC4-D429-4013-912D-F9ECE93988DD}]
C:\WINDOWS\system32\ssqpm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{832bc68d-f05b-4716-8202-c2a34fba0e97}]
C:\WINDOWS\system32\cbnrwokg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8946104D-917A-44F6-B094-7AEE67581E48}]
C:\WINDOWS\system32\ddaya.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"Cld2000.exe"="D:\INSATLLATION\Calendrier\Cld2000.exe" [ ]
"L'Assistant DartyBox"="C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe" [2007-06-05 21:15 151552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ins3DT"="E:\INSTALL4\INS3DT.EXE" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-30 23:35 7634944]
"nwiz"="nwiz.exe" [2006-10-30 23:35 1622016 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-30 23:35 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 08:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyyyw]
byxyyyw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geede]
C:\WINDOWS\system32\geede.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhf]
C:\WINDOWS\system32\jkhhf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkll]
C:\WINDOWS\system32\jkkll.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpm]
C:\WINDOWS\system32\ssqpm.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 22:38]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2002-12-11 14:25]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-26 11:43:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-29 11:59:06 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 13:40:09
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Program
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 25
g!rly Messages postés 18462 Statut Contributeur 406
 
Ok voici la suite :

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\fhhkj.bak1
C:\WINDOWS\system32\llkkj.bak2
C:\WINDOWS\system32\mpqss.bak1
C:\WINDOWS\system32\mpqss.bak2
C:\WINDOWS\system32\vollovrr.dll
C:\WINDOWS\BM277fbc20.xml
C:\WINDOWS\pskt.ini
E:\INSTALL4\INS3DT.EXE

Folder::
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
D:\INSATLLATION\Calendrier

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64A7CAC4-D429-4013-912D-F9ECE93988DD}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{832bc68d-f05b-4716-8202-c2a34fba0e97}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8946104D-917A-44F6-B094-7AEE67581E48}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cld2000.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ins3DT"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyyyw]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geede]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhf]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkll]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpm]

DirLook::
C:\WINDOWS\system32\bak

Driver::
Viewpoint Manager Service

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.
0
Réponse 6 / 25
fanette280
 
Ca y est, j'ai fait comme tu m'as dit et tout a fonctionné.

Voici le rapport combofix :

ComboFix 08-02-25.3 - Raphaëlle 2008-02-29 19:22:46.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.196 [GMT 1:00]
Endroit: C:\Documents and Settings\Raphaëlle\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Raphaëlle\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\BM277fbc20.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\fhhkj.bak1
C:\WINDOWS\system32\llkkj.bak2
C:\WINDOWS\system32\mpqss.bak1
C:\WINDOWS\system32\mpqss.bak2
C:\WINDOWS\system32\vollovrr.dll
E:\INSTALL4\INS3DT.EXE
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\config.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\1C9263C30139E3B5D456CFE1B697D8255AB23823.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\1DC35D5766C037FEBEF69DA43E8C12BEF1868DFC.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\37BA46E231178725849DD2F23FEE3FB777068149.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\44EA01069E17599C43FFB0E96AD5897F2D212A20.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\5D77D966848120E827ECF25D743E9AEA6B68CC1D.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\7A60D8A8B86B66FDF9419ABA6C7CADDEB8D0C1C3.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\83BE3FF3EF121B99E742D7342C4777CC8709F1F7.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\879457297094C7B2106FA805ED506C1B6FBDF1A8.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\A078D9C6D085F17EEE21516F2C144C87612EE7DF.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\ABC07195DCB319746979EEA7A58115855B2B5E60.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\BD5CF92BE4D7340C29538355642446ADC4BAA63C.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\cache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\CEE2B669CCA7F4BDF05CE3CCEB1FBFC7FD818F0A.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\F9EE4E09B5AE80CE31EF8082CF8DBBF71CA48DDD.dat
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\history.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\locate-akamai.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\locate.mtz
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\policy-akamai.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\ServicesRegistry.xml
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\updates-akamai.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\vdt.dat
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Common\VistaBoot.sdll
C:\Program Files\Viewpoint\Viewpoint Manager\CPtask.xml
C:\Program Files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCP.cpl
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPexe.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\ExtremeShot.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
C:\WINDOWS\BM277fbc20.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\fhhkj.bak1
C:\WINDOWS\system32\llkkj.bak2
C:\WINDOWS\system32\mpqss.bak1
C:\WINDOWS\system32\mpqss.bak2
C:\WINDOWS\system32\vollovrr.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_VIEWPOINT_MANAGER_SERVICE
-------\Viewpoint Manager Service

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-28 to 2008-02-29 ))))))))))))))))))))))))))))))))))))
.

2008-02-29 13:47 . 2008-02-29 13:47 <REP> d-------- C:\Program Files\Trend Micro
2008-02-29 13:41 . 2008-02-29 13:41 <REP> d-------- C:\WINDOWS\LastGood.Tmp
2008-02-28 19:10 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-02-28 19:10 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-28 19:10 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-28 19:10 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-28 19:10 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-28 19:10 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-28 19:10 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-28 19:10 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-28 19:10 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-26 13:31 . 2008-02-29 19:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-26 13:31 . 2008-02-26 13:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-26 13:29 . 2008-02-26 13:29 <REP> d-------- C:\Program Files\iPod
2008-02-26 13:28 . 2008-02-26 13:29 <REP> d-------- C:\Program Files\iTunes
2008-02-26 13:16 . 2008-02-26 13:19 <REP> d-------- C:\Program Files\QuickTime
2008-02-20 15:38 . 2008-02-20 15:38 <REP> d-------- C:\Program Files\Yahoo!
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 17:54 --------- d-----w C:\Program Files\Red Kawa
2008-01-09 17:54 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-09 13:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-09 13:15 --------- d-----w C:\Program Files\Apple Software Update
2008-01-09 13:13 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-01-09 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-12 23:23 315,392 ----a-w C:\WINDOWS\HideWin.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\bak ----

C:\WINDOWS\system32\bak\

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"L'Assistant DartyBox"="C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe" [2007-06-05 21:15 151552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-30 23:35 7634944]
"nwiz"="nwiz.exe" [2006-10-30 23:35 1622016 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-30 23:35 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 08:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2002-12-11 14:25]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-26 11:43:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-29 17:59:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 19:25:30
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-29 19:27:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-29 18:26:51
ComboFix2.txt 2008-02-29 12:41:41

et maintenant le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:44, on 29/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm119YYFR
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?64c526adcc044d8c8d5377be5cfc0e22
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?64c526adcc044d8c8d5377be5cfc0e22
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 7 / 25
g!rly Messages postés 18462 Statut Contributeur 406
 
De rien fanette ;-)

A l´aide de hijack this coche et fix les lignes suivantes :

O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm119YYFR
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/

comment fixer :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol

/balltrap34/demohijack.htm

puis

tu surf avec internet explorer 6.0 = failles de securitées importantes

alors fais les mises a jour windows : tu veux la version 7.0

https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70

et pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

http://www.firefox.fr/

ta version de acrobat reader n´est pas a jour, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

et instale la derniere :

https://get2.adobe.com/reader/otherversions/

ou foxit plus léger :

https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

installes un par feu:

par feu : kerio

http://www.malekal.com/kerio_firewall.php#mozTocId721480

https://www.vulgarisation-informatique.com/kerio.php

https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall

Comodo 3 pro :

http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro

Online armor :

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

tuto : https://forum.pcastuces.com/sujet.asp?f=25&s=35606

ou zone alarm plus facil a configurer mais moins performant

https://www.malekal.com/tutoriel-zonealarm-firewall/

anti spyware :

spywareblaster :

http://www.brightfort.com/spywareblaster.html

c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

tuto : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/question-spywareblaser-sujet_174747_1.htm

*Spybot (gratuit) :
Téléchargement :
http://www.commentcamarche.net/telecharger/telecharger 122 spybot
voir demo d utilisation (merci Balltrap)
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm

fais un scan a l´aide de spybot et suppriome tout ce qu´il va te trouver...

puis

regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp

post un nouveau hijack this ainsi que le scan d´antivir si tu veux tu peux poster celui de spybot ou seulement me dire ce qu´il a trouvé ou pas ?!

Bon courrage`

@+
0
Réponse 8 / 25
fanette280
 
Ca y est, j'ai tout suivi à la lettre et tout installé.

Voici le rapport d'Antivir :

AntiVir PersonalEdition Classic
Report file date: samedi 1 mars 2008 00:03

Scanning for 1129035 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: THUMINE-LITZO7X

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 22:45:58
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 22:45:58
ANTIVIR3.VDF : 7.0.2.215 117248 Bytes 29/02/2008 22:45:58
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 29/02/2008 22:45:59
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 29/02/2008 22:45:59
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: samedi 1 mars 2008 00:03

Starting search for hidden objects.
'34028' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'upgrade_manager.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'oaui.exe' - '0' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'oasrv.exe' - '0' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '26' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\catchme2008-02-29_133957.67.zip
[0] Archive type: ZIP
--> xxyyawx.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483c9273.qua'!
C:\QooBox\Quarantine\C\Program Files\ShoppingReport\Uninst.exe.vir
[DETECTION] Contains detection pattern of the dropper DR/MartShop.2
[INFO] The file was moved to '483192a0.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\aosxgeet.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483b92ab.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\awvtu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483e92c1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\bovirkmo.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483e92be.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\cbnadrco.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483692bd.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\cqdunhpw.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482c92cf.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\dogfbult.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482f92d1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\edosgjut.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483792c9.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fchryesu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483092cb.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\gebca.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482a92d0.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\gebcc.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482a92d3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\gucirnns.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482b92e6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\hcdmokib.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482c92d7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\jeefrxcj.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482d92dc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\jutpvkvd.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483c92f0.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\lomuawen.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483592ec.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\mljjj.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483292ec.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\mllmn.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483492ee.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ohfeunru.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482e92ed.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ohgovjdc.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482f92f0.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\osmdsobv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483592fd.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\pejwqioy.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483292f3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\pmkji.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483392ff.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rmkugnaa.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48339303.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rxtdeqxe.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483c9312.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\sdygjfmc.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48419300.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\sqwtviha.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483f9310.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tiwwckem.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483f930a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vollovrr.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48349313.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vtutq.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483d931a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wbwtdifm.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483f930b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xskcdkjf.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4833931e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xxyyawx.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '48419327.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\yeetlqjd.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482d9316.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP517\A0099072.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f892e3.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP517\A0099073.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f892e9.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP517\A0099074.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f892f0.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP517\A0099075.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f892f4.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP517\A0099076.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f892f7.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP519\A0100533.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f9930b.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP521\A0101620.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f99312.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP521\A0102630.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f99316.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP522\A0103637.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f9931f.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP522\A0103638.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f99321.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP522\A0103639.dll
[DETECTION] Is the Trojan horse TR/Vundo.DME
[INFO] The file was moved to '47f99324.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP522\A0103641.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f99326.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP522\A0103643.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f99328.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104722.exe
[DETECTION] Contains detection pattern of the dropper DR/MartShop.2
[INFO] The file was moved to '47f9932d.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104729.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f9932f.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104730.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f99332.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104731.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f99335.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104732.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f99339.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104733.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f9933d.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104734.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f99340.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104735.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f99343.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104736.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f9934e.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104737.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f9934f.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104738.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '467c2748.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104739.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f99351.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104740.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '467c274a.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104741.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f99350.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104742.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '467c2749.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104743.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f99352.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104744.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '467c274b.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104745.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f99353.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104746.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '467c274c.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104747.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f99355.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104748.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '467c274e.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104749.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f99354.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104750.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '467c274d.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104751.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f99356.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104752.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '467c274f.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104753.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f99357.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104754.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '467c2740.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104755.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f99359.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104756.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f99348.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104757.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '467c2751.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104758.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f9934a.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104759.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '467c2753.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104793.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '467c2742.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP524\A0104906.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f9935b.qua'!
C:\WINDOWS\system32\fivciduw.exe
[WARNING] 'Contains detection pattern of the dropper DR/180Solutions.AY.4'. This detection is probably an error. Please send us this file immediately for further analysis.
C:\WINDOWS\system32\geedc.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482d9595.qua'!
C:\WINDOWS\system32\kernel32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\mllmj.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483495a6.qua'!
C:\WINDOWS\system32\ntdll.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\ntkrnlpa.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\ntoskrnl.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\user32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\vturo.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '483d95cb.qua'!
C:\WINDOWS\system32\win32k.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\ndisrd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\OADriver.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\OAmon.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'

End of the scan: samedi 1 mars 2008 00:34
Used time: 31:18 min

The scan has been done completely.

3677 Scanning directories
185030 Files were scanned
85 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
85 files were moved to quarantine
0 files were renamed
10 Files cannot be scanned
184945 Files not concerned
1235 Archives were scanned
11 Warnings
19 Notes
34028 Objects were scanned with rootkit scan
0 Hidden objects were found

Et maintenant le rapport di hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:35:41, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "D:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?64c526adcc044d8c8d5377be5cfc0e22
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?64c526adcc044d8c8d5377be5cfc0e22
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - D:\Program Files\Tall Emu\Online Armor\oasrv.exe
0
Réponse 9 / 25
g!rly Messages postés 18462 Statut Contributeur 406
 
Re,

oui il restait des trojans vundo...

fais ceci :

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt

puis

A.V.G :

-> Télécharger AVG Anti-Spyware (ewido)

http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

-> L´installer.

-> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...

p.s : si les mises a jours ne se font pas, elles sont telechargable ici :

http://downloads.ewido.net/avgas-signatures-full-current.exe

-> Sur la page "analyse":

choisir d´abord l'onglet "paramètres".

sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».

redemarre le pc en mode sans echec :

Comment redémarrer en mode sans echec?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.

-> Tuto : http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm

-> Lancer le scan, (c´est long...).

-> A la fin du scan copier Et coller le rapport ici.

-> Une aide en image au cas ou :

Tutoriel d´installation et de parametrages :

http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

@+
0
Réponse 10 / 25
fanette280
 
salut,

J'ai lancé le scan voundofix et il n'a rien trouvé... Je sais aps trop si c'est normal.
0
Réponse 11 / 25
fanette280
 
Re,

J'ai quand même fait le scan de AVG anti-spyware en mode sans échec et voici le rapport :

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 15:17:46 01/03/2008

+ Résultat de l'analyse:

C:\WINDOWS\system32\fivciduw.exe -> Not-A-Virus.Adware.180Solutions : Aucune action entreprise.
C:\Documents and Settings\Raphaëlle\Bureau\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Aucune action entreprise.
:mozilla.237:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.96:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.97:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.105:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
C:\Documents and Settings\Raphaëlle\Cookies\raphaëlle@adtech[1].txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.106:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.107:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.108:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.109:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.116:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Raphaëlle\Cookies\raphaëlle@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.452:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Burstbeacon : Aucune action entreprise.
:mozilla.454:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
:mozilla.455:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
C:\Documents and Settings\Raphaëlle\Cookies\raphaëlle@casinotropez[1].txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
:mozilla.410:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.411:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.412:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.100:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.101:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.102:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.103:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.465:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.249:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
:mozilla.278:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
:mozilla.279:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
:mozilla.285:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.286:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.287:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.288:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.289:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.120:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.298:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.299:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.300:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.301:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.302:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.303:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Raphaëlle\Cookies\raphaëlle@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Raphaëlle\Cookies\raphaëlle@serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.304:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.305:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.306:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.307:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.317:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Trafficmp : Aucune action entreprise.
:mozilla.318:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Trafficmp : Aucune action entreprise.
:mozilla.319:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Trafficmp : Aucune action entreprise.
:mozilla.320:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Trafficmp : Aucune action entreprise.
:mozilla.321:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Trafficmp : Aucune action entreprise.
C:\Documents and Settings\Raphaëlle\Cookies\raphaëlle@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Aucune action entreprise.
:mozilla.10:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.11:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.413:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Webtrends : Aucune action entreprise.
:mozilla.42:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.43:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.44:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.45:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.46:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.47:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
C:\Documents and Settings\Raphaëlle\Cookies\raphaëlle@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.

Fin du rapport
0
Réponse 12 / 25
g!rly Messages postés 18462 Statut Contributeur 406
 
Salut fanette280,

tu as supprimé tout ce que avg a trouvé?

ok pour vundofix ;-)

pour verifier refais un scan ici :

Scan en ligne bitdefender :

https://www.bitdefender.com/toolbox/

Clicker sur " I agree " et suivre les indications

A faire imperativement sous internet explorer, en acceptant l´activ x

tutoriel en image en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

Post le rapport obtenu stp

@+
0
Réponse 13 / 25
fanette280
 
J'ai bien supprimé tout ce que AVG a trouvé et j'ai scané avec bitdefender

Voici le rapport :

BitDefender Online Scanner

Scan report generated at: Sat, Mar 01, 2008 - 20:14:45

Scan path: A:\;C:\;D:\;E:\;

Statistics

Time

00:41:10

Files

148913

Folders

3705

Boot Sectors

3

Archives

1908

Packed Files

12394

Results

Identified Viruses

24

Infected Files

50

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

50

Engines Info

Virus Definitions

984760

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins

16

Archive plugins

41

Unpack plugins

7

E-mail plugins

6

System plugins

5

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\467c2742.qua

Infected with: Trojan.Vundo.DVO

C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\467c2742.qua

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\467c2742.qua

Deleted

C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48419327.qua

Infected with: Trojan.Vundo.DVO

C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48419327.qua

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48419327.qua

Deleted

C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\dBenderC.dll.vir

Detected with: Adware.Hotbar.B

C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\dBenderC.dll.vir

Deleted

C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HostOE.dll.vir

Detected with: Adware.Zango.AN

C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HostOE.dll.vir

Deleted

C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HotbarSADF.exe.vir

Detected with: Adware.Zango.SB

C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HotbarSADF.exe.vir

Deleted

C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HotbarSAHook.dll.vir

Detected with: Adware.Zango.AV

C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HotbarSAHook.dll.vir

Deleted

C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HotbarUnInstaller.exe.vir=>(NSIS o)=>lzma_solid_nsis0004

Detected with: Adware.Zango.AU

C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HotbarUnInstaller.exe.vir=>(NSIS o)=>lzma_solid_nsis0004

Deleted

C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HotbarUnInstaller.exe.vir=>(NSIS o)

Update failed

C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\InstIE.dll.vir

Detected with: Adware.Zango.AG

C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\InstIE.dll.vir

Deleted

C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\OEAddOn.exe.vir

Detected with: Adware.Zango.SC

C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\OEAddOn.exe.vir

Deleted

C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\Wallpaper.dll.vir

Detected with: Adware.Zango.BB

C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\Wallpaper.dll.vir

Deleted

C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\Weather.exe.vir

Detected with: Application.Adware.Savenow.I

C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\Weather.exe.vir

Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\Weather.exe.vir

Deleted

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir

Detected with: Application.MWS

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir

Disinfection failed

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir

Deleted

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir

Detected with: Adware.Toolbar.Mywebsearch.AK

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir

Deleted

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir

Detected with: Adware.Mywebsearch.AF

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir

Deleted

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir

Detected with: Adware.Msearch.P

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir

Deleted

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir

Detected with: Application.AdTool.MyWebSearch.AT

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir

Disinfection failed

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir

Deleted

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir

Detected with: Adware.Mywebsearch.AS

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir

Deleted

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir

Detected with: Application.AdTool.MyWebSearch.AU

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir

Disinfection failed

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir

Deleted

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir

Detected with: Application.Mywebsearch.Toolbar.C

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir

Disinfection failed

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir

Deleted

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir

Detected with: Adware.Mywebsearch.I

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir

Deleted

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir

Detected with: Adware.Toolbar.MyWebSearch.AC

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir

Deleted

C:\QooBox\Quarantine\C\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll.vir

Detected with: Adware.Smartshopper.B

C:\QooBox\Quarantine\C\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll.vir

Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0005

Detected with: Adware.NaviPromo.BYC

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0005

Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)

Update failed

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002

Detected with: Adware.NaviPromo.BYC

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002

Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)

Update failed

C:\QooBox\Quarantine\C\WINDOWS\system32\edeeg.bak1.vir

Infected with: Trojan.Vundo.DVS

C:\QooBox\Quarantine\C\WINDOWS\system32\edeeg.bak1.vir

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\edeeg.bak1.vir

Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\fhhkj.bak1.vir

Infected with: Trojan.Vundo.DVS

C:\QooBox\Quarantine\C\WINDOWS\system32\fhhkj.bak1.vir

Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\fhhkj.bak1.vir

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP522\A0103640.dll

Infected with: Trojan.Vundo.DYE

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP522\A0103640.dll

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP522\A0103644.dll

Infected with: Trojan.Vundo.DYE

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP522\A0103644.dll

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104674.dll

Detected with: Adware.Hotbar.B

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104674.dll

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104675.dll

Detected with: Adware.Zango.AN

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104675.dll

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104678.exe

Detected with: Adware.Zango.SB

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104678.exe

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104679.dll

Detected with: Adware.Zango.AV

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104679.dll

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104680.exe=>(NSIS o)=>lzma_solid_nsis0004

Detected with: Adware.Zango.AU

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104680.exe=>(NSIS o)=>lzma_solid_nsis0004

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104680.exe=>(NSIS o)

Update failed

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104681.dll

Detected with: Adware.Zango.AG

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104681.dll

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104683.exe

Detected with: Adware.Zango.SC

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104683.exe

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104686.dll

Detected with: Adware.Zango.BB

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104686.dll

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104687.exe

Detected with: Application.Adware.Savenow.I

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104687.exe

Disinfection failed

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104687.exe

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104691.DLL

Detected with: Application.MWS

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104691.DLL

Disinfection failed

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104691.DLL

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104694.DLL

Detected with: Adware.Toolbar.Mywebsearch.AK

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104694.DLL

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104695.DLL

Detected with: Adware.Mywebsearch.AF

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104695.DLL

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104701.EXE

Detected with: Adware.Msearch.P

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104701.EXE

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104706.DLL

Detected with: Application.AdTool.MyWebSearch.AT

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104706.DLL

Disinfection failed

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104706.DLL

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104710.DLL

Detected with: Adware.Mywebsearch.AS

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104710.DLL

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104713.EXE

Detected with: Application.AdTool.MyWebSearch.AU

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104713.EXE

Disinfection failed

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104713.EXE

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104714.EXE

Detected with: Application.Mywebsearch.Toolbar.C

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104714.EXE

Disinfection failed

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104714.EXE

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104716.EXE

Detected with: Adware.Mywebsearch.I

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104716.EXE

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104719.DLL

Detected with: Adware.Toolbar.MyWebSearch.AC

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104719.DLL

Deleted

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104723.dll

Detected with: Adware.Smartshopper.B

C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104723.dll

Deleted

C:\WINDOWS\system32\edeeg.tmp

Infected with: Trojan.Vundo.DVS

C:\WINDOWS\system32\edeeg.tmp

Disinfection failed

C:\WINDOWS\system32\edeeg.tmp

Deleted

C:\WINDOWS\system32\fhhkj.ini

Infected with: Trojan.Vundo.DVS

C:\WINDOWS\system32\fhhkj.ini

Disinfection failed

C:\WINDOWS\system32\fhhkj.ini

Deleted
0
Réponse 14 / 25
g!rly Messages postés 18462 Statut Contributeur 406
 
fanette280

ok pour bitdefender.

fais ceci :

Copie le texte ci-dessous :

DirLook::
C:\WINDOWS\system32\ini
C:\WINDOWS\system32\tmp

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt

@+
0
Réponse 15 / 25
fanette280
 
Voici le rapport de combofix :

ComboFix 08-02-25.3 - Raphaëlle 2008-03-02 11:55:21.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.137 [GMT 1:00]
Endroit: C:\Documents and Settings\Raphaëlle\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Raphaëlle\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
.

2008-03-01 19:31 . 2008-03-01 19:31 <REP> d-------- C:\WINDOWS\LastGood
2008-03-01 19:31 . 2008-03-01 20:19 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-01 11:35 . 2008-03-01 11:35 <REP> d-------- C:\Documents and Settings\Raphaëlle\Application Data\Grisoft
2008-03-01 11:33 . 2008-03-01 11:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-01 11:33 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-01 10:58 . 2008-03-01 10:58 <REP> d-------- C:\VundoFix Backups
2008-02-29 23:39 . 2008-02-29 23:39 <REP> d-------- C:\Program Files\Avira
2008-02-29 23:39 . 2008-02-29 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-29 22:54 . 2008-02-29 22:55 250 --a------ C:\WINDOWS\wininit.ini
2008-02-29 22:20 . 2008-02-29 22:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-29 22:14 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-29 21:28 . 2008-02-29 21:28 <REP> d-------- C:\OnlineArmor
2008-02-29 21:28 . 2008-03-01 15:40 <REP> d-------- C:\Documents and Settings\Raphaëlle\Application Data\OnlineArmor
2008-02-29 21:28 . 2008-02-29 21:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-02-29 21:28 . 2007-11-08 06:37 68,608 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-02-29 21:28 . 2007-09-29 00:06 25,600 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-02-29 21:28 . 2007-09-29 00:06 18,944 --a------ C:\WINDOWS\system32\drivers\ndisrd.sys
2008-02-29 21:20 . 2008-02-29 21:21 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-02-29 21:06 . 2008-02-29 21:07 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-02-29 21:02 . 2008-02-29 21:07 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-29 21:01 . 2008-02-29 21:07 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-02-29 21:01 . 2007-12-07 03:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-29 21:01 . 2007-12-07 03:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-29 21:00 . 2007-12-07 03:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-29 21:00 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-29 21:00 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-29 21:00 . 2007-12-07 03:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-29 21:00 . 2007-12-07 03:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-29 21:00 . 2007-12-07 03:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-29 21:00 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-29 19:35 . 2008-02-29 19:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-29 13:47 . 2008-02-29 13:47 <REP> d-------- C:\Program Files\Trend Micro
2008-02-28 19:10 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-02-27 18:18 . 2008-02-27 18:18 <REP> d-------- C:\Documents and Settings\Raphaëlle\Application Data\Viewpoint
2008-02-26 13:31 . 2008-02-29 20:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-26 13:31 . 2008-02-26 13:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-26 13:29 . 2008-02-26 13:29 <REP> d-------- C:\Program Files\iPod
2008-02-26 13:28 . 2008-02-26 13:29 <REP> d-------- C:\Program Files\iTunes
2008-02-26 13:16 . 2008-02-26 13:19 <REP> d-------- C:\Program Files\QuickTime
2008-02-20 15:38 . 2008-02-20 15:38 <REP> d-------- C:\Program Files\Yahoo!

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 21:54 --------- d-----w C:\Documents and Settings\Raphaëlle\Application Data\WeatherDPA
2008-01-09 17:54 --------- d-----w C:\Program Files\Red Kawa
2008-01-09 17:54 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-09 13:23 --------- d-----w C:\Documents and Settings\Raphaëlle\Application Data\Apple Computer
2008-01-09 13:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-09 13:15 --------- d-----w C:\Program Files\Apple Software Update
2008-01-09 13:13 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-01-09 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-12 23:23 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2006-10-18 17:32 17,920 ----a-w C:\Documents and Settings\Raphaëlle\Application Data\GDIPFONTCACHEV1.DAT
.
[color=red] C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below) [/color]
562,176 2001-08-28 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
578,048 2004-08-19 14:09:48 C:\WINDOWS\ServicePackFiles\i386\user32.dll
578,048 2004-08-19 14:09:48 C:\WINDOWS\system32\user32.dll

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\ini ----

C:\WINDOWS\system32\ini\

---- Directory of C:\WINDOWS\system32\tmp ----

C:\WINDOWS\system32\tmp\

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"L'Assistant DartyBox"="C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe" [2007-06-05 21:15 151552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-30 23:35 7634944]
"nwiz"="nwiz.exe" [2006-10-30 23:35 1622016 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-30 23:35 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 08:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-29 23:45 249896]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"OnlineArmor GUI"="D:\Program Files\Tall Emu\Online Armor\oaui.exe" [2007-11-16 07:51 5029952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= D:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2007-11-16 07:50 633344]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 NDISRD;NDISRD;C:\WINDOWS\system32\drivers\NDISRD.sys [2007-09-29 00:06]
R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2007-11-08 06:37]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2007-09-29 00:06]
R2 SvcOnlineArmor;Online Armor;"D:\Program Files\Tall Emu\Online Armor\oasrv.exe" [2007-11-16 07:51]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2002-12-11 14:25]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-26 11:43:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-02 10:59:09 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 12:12:19
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-02 12:18:04
ComboFix-quarantined-files.txt 2008-03-02 11:17:41
ComboFix2.txt 2008-02-29 18:27:01
ComboFix3.txt 2008-02-29 12:41:41
0
Réponse 16 / 25
g!rly Messages postés 18462 Statut Contributeur 406
 
Fanette280,

Comment se porte ton pc?

@+
0
Réponse 17 / 25
fanette280
 
Salut,

J'ai l'impression que mon pc est réparé. En tout cas il marche super bien!
J'ai quand même refaits un scan avec antivir et il m'a trouvé encore des virus et j'ai mis les fichiers en quarantaine.

Je te remercie vraiment pour ton aide et ta patience. C'est super sympa. Merci beaucup!!!
0
Réponse 18 / 25
g!rly Messages postés 18462 Statut Contributeur 406
 
Salut fanette280,

peux tu poster le rapport d´antivir stp ?

@+
0
Réponse 19 / 25
fanette280
 
Voici le rapport antivir :

AntiVir PersonalEdition Classic
Report file date: lundi 3 mars 2008 12:00

Scanning for 1130387 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: THUMINE-LITZO7X

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 22:45:58
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 22:45:58
ANTIVIR3.VDF : 7.0.2.216 135168 Bytes 02/03/2008 22:41:36
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 29/02/2008 22:45:59
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 29/02/2008 22:45:59
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: lundi 3 mars 2008 12:00

Starting search for hidden objects.
'34693' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'upgrade_manager.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'oaui.exe' - '0' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'oasrv.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '22' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP533\A0106466.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47fcde0e.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP533\A0106467.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47fcde13.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP533\A0106468.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4694507c.qua'!
C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP533\A0106506.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.AY.4
[INFO] The file was moved to '47fcde14.qua'!
C:\WINDOWS\system32\kernel32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\ntdll.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\ntkrnlpa.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\ntoskrnl.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\user32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\win32k.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\ndisrd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\OADriver.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\OAmon.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'

End of the scan: lundi 3 mars 2008 12:29
Used time: 29:41 min

The scan has been done completely.

3697 Scanning directories
185557 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
10 Files cannot be scanned
185553 Files not concerned
1286 Archives were scanned
10 Warnings
19 Notes
34693 Objects were scanned with rootkit scan
0 Hidden objects were found
0
Réponse 20 / 25
g!rly Messages postés 18462 Statut Contributeur 406
 
ok

fais ceci :

Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique.

puis

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

@+
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses