Virus tratbho(tri)

Résolu
lafille -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
j'ai un cheval de troie sur mon pc et je ne sais plus comment faire.j'ai avast mais quand je fais un scan il me dit qu'il ni a rien. avec ad-ware c'est pareil.les premiers scans m'ont donné des infos et j'ai tout supprimé apres j'ai fais un nettoyage avec ccleaner.normalement il n'y a plus rien mais a chaque fois que j'allume mon pc:message d'avast qui me dit que j'ai un cheval de troie.ça me rend folle en plus ce vius a contaminé tous mes contacts de messenger. au secours!!c'est win32tratbho(tri).j'ai vue qu'il y a beaucoup de manipulation a faire avec vous mais je ne suis pas tres douée.merci de me repondre.
Configuration: Windows XP
Internet Explorer 7.0

25 réponses

  • 1
  • 2
  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut lafille,

    fais ceci dans l´ordre :

    Téléchargez MSNFix.zip (de !aur3n7) sur votre bureau:
    http://sosvirus.changelog.fr/MSNFix.zip
    Décompressez-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.
    - Exécutez l'option R.
    -- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage

    Note :
    Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

    - Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Télécharge HijackThis ici :

    -> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

    Tutoriel d´utilisation (video) :

    -> http://pageperso.aol.fr/balltrap34/demohijack.htm

    Post le rapport généré ici stp...

    bon courrage ;-)

    post les rapports stp

    @+
    0
  2. fanette280
     
    Salut,

    Mon ordi a été infecté par le virus trathbo et j'ai suivi les conseils de ce site en faisant un scan avec combofix.

    Voici le rapport généré par hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:48:30, on 29/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
    O2 - BHO: (no name) - {64A7CAC4-D429-4013-912D-F9ECE93988DD} - C:\WINDOWS\system32\ssqpm.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {832bc68d-f05b-4716-8202-c2a34fba0e97} - C:\WINDOWS\system32\cbnrwokg.dll (file missing)
    O2 - BHO: (no name) - {8946104D-917A-44F6-B094-7AEE67581E48} - C:\WINDOWS\system32\ddaya.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Ins3DT] E:\INSTALL4\INS3DT.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Cld2000.exe] D:\INSATLLATION\Calendrier\Cld2000.exe
    O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm119YYFR
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?64c526adcc044d8c8d5377be5cfc0e22
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?64c526adcc044d8c8d5377be5cfc0e22
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O20 - Winlogon Notify: byxyyyw - byxyyyw.dll (file missing)
    O20 - Winlogon Notify: geede - C:\WINDOWS\system32\geede.dll (file missing)
    O20 - Winlogon Notify: jkhhf - C:\WINDOWS\system32\jkhhf.dll (file missing)
    O20 - Winlogon Notify: jkkll - C:\WINDOWS\system32\jkkll.dll (file missing)
    O20 - Winlogon Notify: ssqpm - C:\WINDOWS\system32\ssqpm.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut fanette280,

    tu peux poster le rapport de combofix stp

    @+
    0
  4. fanette280
     
    Voici le rapport combofix :

    ComboFix 08-02-25.3 - Raphaëlle 2008-02-29 13:32:20.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.275 [GMT 1:00]
    Endroit: C:\Documents and Settings\Raphaëlle\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\HotbarSA
    C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat
    C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_gdf.dat
    C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat
    C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht
    C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat
    C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEula.mht
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1160263393.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1161689077.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1162956301.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1163984763.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1164147595.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1164708661.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1164875875.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1165350098.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1165679218.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1166591255.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1166983012.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1167345453.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1167670819.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1167934682.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1168021563.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1168328987.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1172209064.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1173816812.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1174308233.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1174466584.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1177768163.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\HbTools_1184673211.log
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1065003.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1067059.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383356.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384287.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384577.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384736.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384900.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1390732.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1391472.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1403651.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1412146.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\1581365.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\2883915.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\2889521.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\2893863.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\2903988.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\3251993.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\3471354.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\3750949.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\3755917.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\3756263.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\3781261.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\3893245.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\549620.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\819382.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\969631.sdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000003756
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000023749
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000023840
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000024140
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000025284
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026048
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026054
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026100
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000026149
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000027037
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000027621
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000027627
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000027929
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000028825
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000029227
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000032977
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052034
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000052231
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000063329
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000063686
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000065154
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000065273
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000068397
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000078388
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000078974
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1000079246
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\10110
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\12457
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\130787
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\134210
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13546
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15040
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15473
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15643
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\16204
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17025
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17040
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18036
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18296
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19052
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20266
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20570
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21030
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\212398
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\214162
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\22254
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\241510
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\24337
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\247895
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25063
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\253036
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25372
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25509
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27503
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27942
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\281075
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\306519
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31537
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31551
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32171
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32415
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32887
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\3338
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33912
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\3405
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34123
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34174
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34186
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35000
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35150
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\352526
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\362710
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\367116
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\372500
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\374830
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39228
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41347
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41499
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41999
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\427075
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43907
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44100
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44320
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44878
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\450215
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\459338
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\481176
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49587
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\51495
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\5204
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52335
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52625
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52990
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54189
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\576702
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\577538
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\578150
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\583749
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\602763
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61779
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\61847
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6292
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\639057
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\63930
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64414
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64429
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64446
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64484
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64502
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64737
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\658110
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\6612
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\66274
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67469
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68031
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68055
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68076
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\69201
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\704963
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\704972
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705036
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705063
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705280
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705284
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705294
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705316
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705461
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\705516
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\708497
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\712427
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\73664
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\744260
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\744920
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\745220
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\745356
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753084
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753276
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753306
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753307
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753326
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753328
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\753335
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\76113
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79824
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79977
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\79986
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\80567
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\82011
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\85381
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\85878
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86379
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86452
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86587
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\87594
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\88533
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\90375
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93910
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\94407
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95615
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95645
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95917
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\99795
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\ads.cdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\btntrans.idx
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\btntrans1.dat
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\buttondir.txt
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\cursors.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_3000.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bar.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_logos.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_other.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_weather.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_511745-514279.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz1.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz10.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz11.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz12.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz13.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz14.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz15.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz16.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz17.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz18.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz19.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz2.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz20.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz3.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz4.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz5.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz6.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz7.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz8.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_bidz9.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-people.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemster.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemsterie.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jemsteruk.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_jobsearch.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Mails.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_reun.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_ringtones.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_SearchBoxTrapper.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\editblbuttons.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-548964.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-9595.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\gamesmenu.cdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\gamesMenu.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\hb_ie_menu.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium.cdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\ie_games_icon.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\ie_video.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\more.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\new_games.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\progress.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\sales_buttons.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\sdfmodifier.xml
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\theweb.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\tsd_bg.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\1\weathericon.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\ads.cdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\btntrans.idx
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\btntrans1.dat
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\buttondir.txt
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\cursors.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_1000.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_2000.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_3000.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bar.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_logos.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_other.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_weather.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_511745-514279.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz1.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz10.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz11.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz12.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz13.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz14.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz15.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz16.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz17.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz18.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz19.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz2.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz20.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz3.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz4.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz5.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz6.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz7.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz8.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz9.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-Mails.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-people.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hotmail.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemster.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemsterie.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemsteruk.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jobsearch.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Mails.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_reun.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_ringtones.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_SearchBoxTrapper.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\editblbuttons.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-548964.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-9595.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\gamesmenu.cdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\gamesMenu.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\hb_ie_menu.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium.cdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\icons2.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\ie_games_icon.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\ie_video.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords.idx
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords1.dat
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\linkpathlegal.txt
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\more.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\new_games.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\progress.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\sales_buttons.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\sdfmodifier.xml
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\theweb.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\tsd_bg.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\2\weathericon.res
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\BtnTrans.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\BtnTrans1.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\cursors.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\editblbuttons.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\gamesmenu.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hb_ie_menu.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ie_games_icon.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ie_video.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\more.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\sales_buttons.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\sdfmodifier.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip
    C:\Documents and Settings\Raphaëlle\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\weathericon.xip
    C:\Documents and Settings\Raphaëlle\Application Data\ShoppingReport
    C:\Documents and Settings\Raphaëlle\Application Data\ShoppingReport\cs\Config.xml
    C:\Documents and Settings\Raphaëlle\Application Data\ShoppingReport\cs\db\Aliases.dbs
    C:\Documents and Settings\Raphaëlle\Application Data\ShoppingReport\cs\db\Sites.dbs
    C:\Documents and Settings\Raphaëlle\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    C:\Documents and Settings\Raphaëlle\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    C:\Documents and Settings\Raphaëlle\Application Data\ShoppingReport\cs\report\send_storage.xml
    C:\Documents and Settings\Raphaëlle\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
    C:\Program Files\FunWebProducts
    C:\Program Files\FunWebProducts\ScreenSaver\Images\[u]0[/u]DCCA57B.urr
    C:\Program Files\FunWebProducts\Shared\46749E25.dat
    C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html
    C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
    C:\Program Files\Hotbar
    C:\Program Files\Hotbar\bin\10.0.356.0\arrow.ico
    C:\Program Files\Hotbar\bin\10.0.356.0\Cml.exe
    C:\Program Files\Hotbar\bin\10.0.356.0\copyright.txt
    C:\Program Files\Hotbar\bin\10.0.356.0\CoreSrv.dll
    C:\Program Files\Hotbar\bin\10.0.356.0\dBenderC.dll
    C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\chrome.manifest
    C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\components\npclntax.xpt
    C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\install.rdf
    C:\Program Files\Hotbar\bin\10.0.356.0\firefox\extensions\plugins\npclntax_HotbarSA.dll
    C:\Program Files\Hotbar\bin\10.0.356.0\HostOE.dll
    C:\Program Files\Hotbar\bin\10.0.356.0\HostOL.dll
    C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSA.exe
    C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSADF.exe
    C:\Program Files\Hotbar\bin\10.0.356.0\HotbarSAHook.dll
    C:\Program Files\Hotbar\bin\10.0.356.0\HotbarUnInstaller.exe
    C:\Program Files\Hotbar\bin\10.0.356.0\InstIE.dll
    C:\Program Files\Hotbar\bin\10.0.356.0\link.ico
    C:\Program Files\Hotbar\bin\10.0.356.0\OEAddOn.exe
    C:\Program Files\Hotbar\bin\10.0.356.0\Srv.exe
    C:\Program Files\Hotbar\bin\10.0.356.0\Toolbar.dll
    C:\Program Files\Hotbar\bin\10.0.356.0\Wallpaper.dll
    C:\Program Files\Hotbar\bin\10.0.356.0\Weather.exe
    C:\Program Files\Hotbar\bin\10.0.356.0\WeSkin.dll
    C:\Program Files\internet explorer\msimg32.dll
    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
    C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
    C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
    C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
    C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]011C958.bin
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]011CB9A.bin
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]011CD6F.bin
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]011CF05.bin
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0833EA2
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]B4D935F
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]DCCD872
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]DCCDA76.bin
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]DCCDCB8.bin
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]DCCDF48.bin
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]DCCE1E8.bin
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]DCCE459.bin
    C:\Program Files\MyWebSearch\bar\Cache\246B31AB.bin
    C:\Program Files\MyWebSearch\bar\Cache\246B4543.bin
    C:\Program Files\MyWebSearch\bar\Cache\246B46E9.bin
    C:\Program Files\MyWebSearch\bar\Cache\246B48BE
    C:\Program Files\MyWebSearch\bar\Cache\files.ini
    C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
    C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
    C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
    C:\Program Files\MyWebSearch\bar\History\search2
    C:\Program Files\MyWebSearch\bar\Search\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
    C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
    C:\Program Files\MyWebSearch\bar\Settings\settings.dat
    C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    C:\Program Files\ShoppingReport
    C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
    C:\Program Files\ShoppingReport\Uninst.exe
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\aosxgeet.dll
    C:\WINDOWS\system32\awvtu.dll
    C:\WINDOWS\system32\ayadd.ini
    C:\WINDOWS\system32\ayadd.ini2
    C:\WINDOWS\system32\bovirkmo.dll
    C:\WINDOWS\system32\cbnadrco.dll
    C:\WINDOWS\system32\claytuxe.ini
    C:\WINDOWS\system32\cqdunhpw.dll
    C:\WINDOWS\system32\ctjarjws.ini
    C:\WINDOWS\system32\dogfbult.dll
    C:\WINDOWS\system32\edosgjut.dll
    C:\WINDOWS\system32\eqknbhss.ini
    C:\WINDOWS\system32\f3PSSavr.scr
    C:\WINDOWS\system32\fchryesu.dll
    C:\WINDOWS\system32\fjkdcksx.ini
    C:\WINDOWS\system32\gebca.dll
    C:\WINDOWS\system32\gebcc.dll
    C:\WINDOWS\system32\glmyyyvl.ini
    C:\WINDOWS\system32\gucirnns.dll
    C:\WINDOWS\system32\gwuspsvm.ini
    C:\WINDOWS\system32\hcdmokib.dll
    C:\WINDOWS\system32\iqxhobtj.ini
    C:\WINDOWS\system32\javwtacq.ini
    C:\WINDOWS\system32\jeefrxcj.dll
    C:\WINDOWS\system32\jplruhhb.ini
    C:\WINDOWS\system32\jutpvkvd.dll
    C:\WINDOWS\system32\krqymxfk.ini
    C:\WINDOWS\system32\lmxgxfqi.ini
    C:\WINDOWS\system32\lomuawen.dll
    C:\WINDOWS\system32\mljjj.dll
    C:\WINDOWS\system32\mllmn.dll
    C:\WINDOWS\system32\nclkqoix.ini
    C:\WINDOWS\system32\ncwoxy.dat
    C:\WINDOWS\system32\ncwoxy.exe
    C:\WINDOWS\system32\ncwoxy_nav.dat
    C:\WINDOWS\system32\ncwoxy_navps.dat
    C:\WINDOWS\system32\notrmrxy.ini
    C:\WINDOWS\system32\nvs2.inf
    C:\WINDOWS\system32\ohfeunru.dll
    C:\WINDOWS\system32\ohgovjdc.dll
    C:\WINDOWS\system32\okyyxjib.ini
    C:\WINDOWS\system32\oscqknwc.ini
    C:\WINDOWS\system32\osmdsobv.dll
    C:\WINDOWS\system32\pejwqioy.dll
    C:\WINDOWS\system32\pmkji.dll
    C:\WINDOWS\system32\qdclakak.ini
    C:\WINDOWS\system32\qihmtsvd.ini
    C:\WINDOWS\system32\qonivlby.ini
    C:\WINDOWS\system32\qxrsvcbp.ini
    C:\WINDOWS\system32\rdbkjrte.ini
    C:\WINDOWS\system32\rmkugnaa.dll
    C:\WINDOWS\system32\rqxqjqkk.ini
    C:\WINDOWS\system32\rxtdeqxe.dll
    C:\WINDOWS\system32\sdygjfmc.dll
    C:\WINDOWS\system32\sqwtviha.dll
    C:\WINDOWS\system32\tapqfqvw.ini
    C:\WINDOWS\system32\tiwwckem.dll
    C:\WINDOWS\system32\tujgsode.ini
    C:\WINDOWS\system32\txntfngo.ini
    C:\WINDOWS\system32\uovwkhqn.ini
    C:\WINDOWS\system32\vtutq.dll
    C:\WINDOWS\system32\wbwtdifm.dll
    C:\WINDOWS\system32\wdhgjqyj.ini
    C:\WINDOWS\system32\winsys.exe
    C:\WINDOWS\system32\wpronrqa.ini
    C:\WINDOWS\system32\xskcdkjf.dll
    C:\WINDOWS\system32\xxbiwmfd.ini
    C:\WINDOWS\system32\xxyyawx.dll
    C:\WINDOWS\system32\yeetlqjd.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-28 to 2008-02-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-28 19:10 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2008-02-28 19:10 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-02-28 19:10 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-02-28 19:10 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-02-28 19:10 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-02-28 19:10 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-02-28 19:10 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-02-28 19:10 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-02-28 19:10 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-02-27 18:17 . 2008-02-27 18:18 <REP> d-------- C:\Program Files\Viewpoint
    2008-02-27 18:17 . 2008-02-27 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
    2008-02-26 13:31 . 2008-02-29 13:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-02-26 13:31 . 2008-02-26 13:31 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-02-26 13:29 . 2008-02-26 13:29 <REP> d-------- C:\Program Files\iPod
    2008-02-26 13:28 . 2008-02-26 13:29 <REP> d-------- C:\Program Files\iTunes
    2008-02-26 13:16 . 2008-02-26 13:19 <REP> d-------- C:\Program Files\QuickTime
    2008-02-20 15:38 . 2008-02-20 15:38 <REP> d-------- C:\Program Files\Yahoo!
    2008-02-17 14:49 . 2008-02-29 13:30 99,683 --a------ C:\WINDOWS\BM277fbc20.xml
    2008-02-16 14:49 . 2008-02-29 13:32 21 --a------ C:\WINDOWS\pskt.ini
    2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-27 08:52 15,776 ----a-w C:\WINDOWS\system32\vollovrr.dll
    2008-01-09 17:54 --------- d-----w C:\Program Files\Red Kawa
    2008-01-09 17:54 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-01-09 13:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-01-09 13:15 --------- d-----w C:\Program Files\Apple Software Update
    2008-01-09 13:13 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-01-09 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-12-12 23:23 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2007-09-25 13:48 6,572 --sh--w C:\WINDOWS\system32\edeeg.bak1
    2007-09-24 22:42 6,680 --sh--w C:\WINDOWS\system32\fhhkj.bak1
    2007-09-29 14:38 23,986 --sh--w C:\WINDOWS\system32\llkkj.bak2
    2007-11-10 14:32 183,692 --sh--w C:\WINDOWS\system32\mpqss.bak1
    2007-11-12 18:09 184,725 --sh--w C:\WINDOWS\system32\mpqss.bak2
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64A7CAC4-D429-4013-912D-F9ECE93988DD}]
    C:\WINDOWS\system32\ssqpm.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{832bc68d-f05b-4716-8202-c2a34fba0e97}]
    C:\WINDOWS\system32\cbnrwokg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8946104D-917A-44F6-B094-7AEE67581E48}]
    C:\WINDOWS\system32\ddaya.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
    "Cld2000.exe"="D:\INSATLLATION\Calendrier\Cld2000.exe" [ ]
    "L'Assistant DartyBox"="C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe" [2007-06-05 21:15 151552]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Ins3DT"="E:\INSTALL4\INS3DT.EXE" [ ]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-30 23:35 7634944]
    "nwiz"="nwiz.exe" [2006-10-30 23:35 1622016 C:\WINDOWS\system32\nwiz.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-30 23:35 86016]
    "RTHDCPL"="RTHDCPL.EXE" [2007-02-26 08:03 16125440 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
    "avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyyyw]
    byxyyyw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geede]
    C:\WINDOWS\system32\geede.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhf]
    C:\WINDOWS\system32\jkhhf.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkll]
    C:\WINDOWS\system32\jkkll.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpm]
    C:\WINDOWS\system32\ssqpm.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\eMule\\emule.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 22:38]
    S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2002-12-11 14:25]
    S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-02-26 11:43:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-02-29 11:59:06 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-29 13:40:09
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    D:\Program
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    Ok voici la suite :

    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\edeeg.bak1
    C:\WINDOWS\system32\fhhkj.bak1
    C:\WINDOWS\system32\llkkj.bak2
    C:\WINDOWS\system32\mpqss.bak1
    C:\WINDOWS\system32\mpqss.bak2
    C:\WINDOWS\system32\vollovrr.dll
    C:\WINDOWS\BM277fbc20.xml
    C:\WINDOWS\pskt.ini
    E:\INSTALL4\INS3DT.EXE

    Folder::
    C:\Program Files\Viewpoint
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    D:\INSATLLATION\Calendrier

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64A7CAC4-D429-4013-912D-F9ECE93988DD}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{832bc68d-f05b-4716-8202-c2a34fba0e97}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8946104D-917A-44F6-B094-7AEE67581E48}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cld2000.exe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Ins3DT"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyyyw]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geede]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhf]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkll]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpm]

    DirLook::
    C:\WINDOWS\system32\bak

    Driver::
    Viewpoint Manager Service

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.
    0
  7. fanette280
     
    Ca y est, j'ai fait comme tu m'as dit et tout a fonctionné.

    Voici le rapport combofix :

    ComboFix 08-02-25.3 - Raphaëlle 2008-02-29 19:22:46.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.196 [GMT 1:00]
    Endroit: C:\Documents and Settings\Raphaëlle\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Raphaëlle\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\WINDOWS\BM277fbc20.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\edeeg.bak1
    C:\WINDOWS\system32\fhhkj.bak1
    C:\WINDOWS\system32\llkkj.bak2
    C:\WINDOWS\system32\mpqss.bak1
    C:\WINDOWS\system32\mpqss.bak2
    C:\WINDOWS\system32\vollovrr.dll
    E:\INSTALL4\INS3DT.EXE
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Viewpoint
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\config.ini
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\1C9263C30139E3B5D456CFE1B697D8255AB23823.dat
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\1DC35D5766C037FEBEF69DA43E8C12BEF1868DFC.dat
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\37BA46E231178725849DD2F23FEE3FB777068149.dat
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\44EA01069E17599C43FFB0E96AD5897F2D212A20.dat
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\5D77D966848120E827ECF25D743E9AEA6B68CC1D.dat
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\7A60D8A8B86B66FDF9419ABA6C7CADDEB8D0C1C3.dat
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\83BE3FF3EF121B99E742D7342C4777CC8709F1F7.dat
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\879457297094C7B2106FA805ED506C1B6FBDF1A8.dat
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\A078D9C6D085F17EEE21516F2C144C87612EE7DF.dat
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\ABC07195DCB319746979EEA7A58115855B2B5E60.dat
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\BD5CF92BE4D7340C29538355642446ADC4BAA63C.dat
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\cache.ini
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\CEE2B669CCA7F4BDF05CE3CCEB1FBFC7FD818F0A.dat
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\F9EE4E09B5AE80CE31EF8082CF8DBBF71CA48DDD.dat
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\history.ini
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\locate-akamai.mtx
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\locate.mtz
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\policy-akamai.mtx
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\ServicesRegistry.xml
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\updates-akamai.mtx
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\vdt.dat
    C:\Program Files\Viewpoint
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Viewpoint\Common\VistaBoot.sdll
    C:\Program Files\Viewpoint\Viewpoint Manager\CPtask.xml
    C:\Program Files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCP.cpl
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPexe.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
    C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
    C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
    C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
    C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
    C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
    C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
    C:\Program Files\Viewpoint\Viewpoint Media Player\Components\ExtremeShot.dll
    C:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
    C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
    C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
    C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
    C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
    C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VETScriptInterpreter.dll
    C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
    C:\Program Files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
    C:\Program Files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
    C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
    C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
    C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
    C:\Program Files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
    C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
    C:\WINDOWS\BM277fbc20.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\edeeg.bak1
    C:\WINDOWS\system32\fhhkj.bak1
    C:\WINDOWS\system32\llkkj.bak2
    C:\WINDOWS\system32\mpqss.bak1
    C:\WINDOWS\system32\mpqss.bak2
    C:\WINDOWS\system32\vollovrr.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_VIEWPOINT_MANAGER_SERVICE
    -------\Viewpoint Manager Service

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-28 to 2008-02-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-29 13:47 . 2008-02-29 13:47 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-29 13:41 . 2008-02-29 13:41 <REP> d-------- C:\WINDOWS\LastGood.Tmp
    2008-02-28 19:10 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2008-02-28 19:10 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-02-28 19:10 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-02-28 19:10 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-02-28 19:10 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-02-28 19:10 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-02-28 19:10 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-02-28 19:10 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-02-28 19:10 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-02-26 13:31 . 2008-02-29 19:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-02-26 13:31 . 2008-02-26 13:31 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-02-26 13:29 . 2008-02-26 13:29 <REP> d-------- C:\Program Files\iPod
    2008-02-26 13:28 . 2008-02-26 13:29 <REP> d-------- C:\Program Files\iTunes
    2008-02-26 13:16 . 2008-02-26 13:19 <REP> d-------- C:\Program Files\QuickTime
    2008-02-20 15:38 . 2008-02-20 15:38 <REP> d-------- C:\Program Files\Yahoo!
    2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-09 17:54 --------- d-----w C:\Program Files\Red Kawa
    2008-01-09 17:54 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-01-09 13:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-01-09 13:15 --------- d-----w C:\Program Files\Apple Software Update
    2008-01-09 13:13 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-01-09 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-12-12 23:23 315,392 ----a-w C:\WINDOWS\HideWin.exe
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ---- Directory of C:\WINDOWS\system32\bak ----

    C:\WINDOWS\system32\bak\

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
    "L'Assistant DartyBox"="C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe" [2007-06-05 21:15 151552]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-30 23:35 7634944]
    "nwiz"="nwiz.exe" [2006-10-30 23:35 1622016 C:\WINDOWS\system32\nwiz.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-30 23:35 86016]
    "RTHDCPL"="RTHDCPL.EXE" [2007-02-26 08:03 16125440 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
    "avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\eMule\\emule.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2002-12-11 14:25]
    S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-02-26 11:43:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-02-29 17:59:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-29 19:25:30
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\imapi.exe
    C:\WINDOWS\system32\wscntfy.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-29 19:27:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-29 18:26:51
    ComboFix2.txt 2008-02-29 12:41:41

    et maintenant le rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:29:44, on 29/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\imapi.exe
    C:\WINDOWS\system32\wscntfy.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm119YYFR
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?64c526adcc044d8c8d5377be5cfc0e22
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?64c526adcc044d8c8d5377be5cfc0e22
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    De rien fanette ;-)

    A l´aide de hijack this coche et fix les lignes suivantes :

    O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm119YYFR
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/

    comment fixer :

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol

    /balltrap34/demohijack.htm

    puis

    tu surf avec internet explorer 6.0 = failles de securitées importantes

    alors fais les mises a jour windows : tu veux la version 7.0

    https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70

    et pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

    http://www.firefox.fr/

    ta version de acrobat reader n´est pas a jour, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

    et instale la derniere :

    https://get2.adobe.com/reader/otherversions/

    ou foxit plus léger :

    https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

    installes un par feu:

    par feu : kerio

    http://www.malekal.com/kerio_firewall.php#mozTocId721480

    https://www.vulgarisation-informatique.com/kerio.php

    https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall

    Comodo 3 pro :

    http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro

    Online armor :

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

    tuto : https://forum.pcastuces.com/sujet.asp?f=25&s=35606

    ou zone alarm plus facil a configurer mais moins performant

    https://www.malekal.com/tutoriel-zonealarm-firewall/

    anti spyware :

    spywareblaster :

    http://www.brightfort.com/spywareblaster.html

    c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

    tuto : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/question-spywareblaser-sujet_174747_1.htm

    *Spybot (gratuit) :
    Téléchargement :
    http://www.commentcamarche.net/telecharger/telecharger 122 spybot
    voir demo d utilisation (merci Balltrap)
    http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm

    fais un scan a l´aide de spybot et suppriome tout ce qu´il va te trouver...

    puis

    regarde ceci concernant avast :

    antivir vs avast :

    -> http://forum.malekal.com/ftopic3528.php

    alors je te conseille de le desinstaller et d´installer antivir a la place

    Telecharge et instales l'antivirus Antivir Personal Edition Classic :

    ->https://www.malekal.com/avira-free-security-antivirus-gratuit/

    https://www.avira.com/en/prime

    http://mickael.barroux.free.fr/securite/antivir.php
    http://speedweb1.free.fr/frames2.php?page=tuto5
    <- tutoriel configuration du scanner...

    une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
    puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
    coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
    puis sur la droite coche les case suivantes :
    scan boot sectors of selected drives
    scan master boot sectors
    scan memory
    search foe rootkit before scan
    decoche :
    ignore off line files
    toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

    Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp

    post un nouveau hijack this ainsi que le scan d´antivir si tu veux tu peux poster celui de spybot ou seulement me dire ce qu´il a trouvé ou pas ?!

    Bon courrage`

    @+
    0
  9. fanette280
     
    Ca y est, j'ai tout suivi à la lettre et tout installé.

    Voici le rapport d'Antivir :

    AntiVir PersonalEdition Classic
    Report file date: samedi 1 mars 2008 00:03

    Scanning for 1129035 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: THUMINE-LITZO7X

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 22:45:58
    ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 22:45:58
    ANTIVIR3.VDF : 7.0.2.215 117248 Bytes 29/02/2008 22:45:58
    AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 29/02/2008 22:45:59
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 29/02/2008 22:45:59
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high

    Start of the scan: samedi 1 mars 2008 00:03

    Starting search for hidden objects.
    '34028' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'upgrade_manager.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'oaui.exe' - '0' Module(s) have been scanned
    Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'oasrv.exe' - '0' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    31 processes with 31 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [NOTE] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '26' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\QooBox\Quarantine\catchme2008-02-29_133957.67.zip
    [0] Archive type: ZIP
    --> xxyyawx.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483c9273.qua'!
    C:\QooBox\Quarantine\C\Program Files\ShoppingReport\Uninst.exe.vir
    [DETECTION] Contains detection pattern of the dropper DR/MartShop.2
    [INFO] The file was moved to '483192a0.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\aosxgeet.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483b92ab.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\awvtu.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483e92c1.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\bovirkmo.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483e92be.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\cbnadrco.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483692bd.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\cqdunhpw.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '482c92cf.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\dogfbult.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '482f92d1.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\edosgjut.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483792c9.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\fchryesu.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483092cb.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\gebca.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '482a92d0.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\gebcc.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '482a92d3.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\gucirnns.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '482b92e6.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\hcdmokib.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '482c92d7.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\jeefrxcj.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '482d92dc.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\jutpvkvd.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483c92f0.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\lomuawen.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483592ec.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\mljjj.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483292ec.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\mllmn.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483492ee.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\ohfeunru.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '482e92ed.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\ohgovjdc.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '482f92f0.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\osmdsobv.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483592fd.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\pejwqioy.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483292f3.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\pmkji.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483392ff.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\rmkugnaa.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '48339303.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\rxtdeqxe.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483c9312.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\sdygjfmc.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '48419300.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\sqwtviha.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483f9310.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\tiwwckem.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483f930a.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\vollovrr.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '48349313.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\vtutq.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483d931a.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\wbwtdifm.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483f930b.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\xskcdkjf.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4833931e.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\xxyyawx.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '48419327.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\yeetlqjd.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '482d9316.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP517\A0099072.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f892e3.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP517\A0099073.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f892e9.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP517\A0099074.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f892f0.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP517\A0099075.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f892f4.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP517\A0099076.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f892f7.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP519\A0100533.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f9930b.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP521\A0101620.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f99312.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP521\A0102630.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f99316.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP522\A0103637.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f9931f.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP522\A0103638.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f99321.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP522\A0103639.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DME
    [INFO] The file was moved to '47f99324.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP522\A0103641.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f99326.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP522\A0103643.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f99328.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104722.exe
    [DETECTION] Contains detection pattern of the dropper DR/MartShop.2
    [INFO] The file was moved to '47f9932d.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104729.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f9932f.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104730.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f99332.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104731.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f99335.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104732.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f99339.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104733.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f9933d.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104734.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f99340.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104735.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f99343.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104736.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f9934e.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104737.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f9934f.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104738.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '467c2748.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104739.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f99351.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104740.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '467c274a.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104741.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f99350.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104742.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '467c2749.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104743.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f99352.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104744.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '467c274b.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104745.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f99353.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104746.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '467c274c.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104747.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f99355.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104748.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '467c274e.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104749.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f99354.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104750.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '467c274d.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104751.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f99356.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104752.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '467c274f.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104753.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f99357.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104754.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '467c2740.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104755.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f99359.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104756.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f99348.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104757.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '467c2751.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104758.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f9934a.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104759.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '467c2753.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104793.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was moved to '467c2742.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP524\A0104906.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f9935b.qua'!
    C:\WINDOWS\system32\fivciduw.exe
    [WARNING] 'Contains detection pattern of the dropper DR/180Solutions.AY.4'. This detection is probably an error. Please send us this file immediately for further analysis.
    C:\WINDOWS\system32\geedc.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '482d9595.qua'!
    C:\WINDOWS\system32\kernel32.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\mllmj.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483495a6.qua'!
    C:\WINDOWS\system32\ntdll.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\ntkrnlpa.exe
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\ntoskrnl.exe
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\user32.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\vturo.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '483d95cb.qua'!
    C:\WINDOWS\system32\win32k.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\ndisrd.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\OADriver.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\OAmon.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\'

    End of the scan: samedi 1 mars 2008 00:34
    Used time: 31:18 min

    The scan has been done completely.

    3677 Scanning directories
    185030 Files were scanned
    85 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    85 files were moved to quarantine
    0 files were renamed
    10 Files cannot be scanned
    184945 Files not concerned
    1235 Archives were scanned
    11 Warnings
    19 Notes
    34028 Objects were scanned with rootkit scan
    0 Hidden objects were found

    Et maintenant le rapport di hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:35:41, on 01/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    D:\Program Files\Tall Emu\Online Armor\oasrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    D:\Program Files\Tall Emu\Online Armor\oaui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [OnlineArmor GUI] "D:\Program Files\Tall Emu\Online Armor\oaui.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?64c526adcc044d8c8d5377be5cfc0e22
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?64c526adcc044d8c8d5377be5cfc0e22
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - D:\Program Files\Tall Emu\Online Armor\oasrv.exe
    0
  10. g!rly Messages postés 18462 Statut Contributeur 407
     
    Re,

    oui il restait des trojans vundo...

    fais ceci :

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4
    * Double-clique VundoFix.exe afin de le lancer
    * Clique sur le bouton Scan for Vundo
    * Lorsque le scan est complété, clique sur le bouton Remove Vundo
    * Une invite te demandera si tu veux supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
    * Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt

    puis

    A.V.G :

    -> Télécharger AVG Anti-Spyware (ewido)

    http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

    -> L´installer.

    -> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...

    p.s : si les mises a jours ne se font pas, elles sont telechargable ici :

    http://downloads.ewido.net/avgas-signatures-full-current.exe

    -> Sur la page "analyse":

    choisir d´abord l'onglet "paramètres".

    sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».

    redemarre le pc en mode sans echec :

    Comment redémarrer en mode sans echec?

    Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
    Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
    Ps : si F8 ne marche pas utilise la touche F5.

    -> Tuto : http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm

    -> Lancer le scan, (c´est long...).

    -> A la fin du scan copier Et coller le rapport ici.

    -> Une aide en image au cas ou :

    Tutoriel d´installation et de parametrages :

    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    @+
    0
  11. fanette280
     
    salut,

    J'ai lancé le scan voundofix et il n'a rien trouvé... Je sais aps trop si c'est normal.
    0
  12. fanette280
     
    Re,

    J'ai quand même fait le scan de AVG anti-spyware en mode sans échec et voici le rapport :

    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 15:17:46 01/03/2008

    + Résultat de l'analyse:

    C:\WINDOWS\system32\fivciduw.exe -> Not-A-Virus.Adware.180Solutions : Aucune action entreprise.
    C:\Documents and Settings\Raphaëlle\Bureau\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Aucune action entreprise.
    :mozilla.237:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
    :mozilla.96:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
    :mozilla.97:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
    :mozilla.105:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
    C:\Documents and Settings\Raphaëlle\Cookies\raphaëlle@adtech[1].txt -> TrackingCookie.Adtech : Aucune action entreprise.
    :mozilla.106:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
    :mozilla.107:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
    :mozilla.108:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
    :mozilla.109:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
    :mozilla.116:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
    C:\Documents and Settings\Raphaëlle\Cookies\raphaëlle@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
    :mozilla.452:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Burstbeacon : Aucune action entreprise.
    :mozilla.454:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
    :mozilla.455:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
    C:\Documents and Settings\Raphaëlle\Cookies\raphaëlle@casinotropez[1].txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
    :mozilla.410:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
    :mozilla.411:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
    :mozilla.412:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
    :mozilla.100:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
    :mozilla.101:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
    :mozilla.102:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
    :mozilla.103:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
    :mozilla.465:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
    :mozilla.249:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
    :mozilla.278:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
    :mozilla.279:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
    :mozilla.285:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
    :mozilla.286:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
    :mozilla.287:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
    :mozilla.288:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
    :mozilla.289:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
    :mozilla.120:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    :mozilla.298:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    :mozilla.299:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    :mozilla.300:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    :mozilla.301:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    :mozilla.302:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    :mozilla.303:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    C:\Documents and Settings\Raphaëlle\Cookies\raphaëlle@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    C:\Documents and Settings\Raphaëlle\Cookies\raphaëlle@serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    :mozilla.304:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
    :mozilla.305:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
    :mozilla.306:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
    :mozilla.307:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
    :mozilla.317:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Trafficmp : Aucune action entreprise.
    :mozilla.318:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Trafficmp : Aucune action entreprise.
    :mozilla.319:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Trafficmp : Aucune action entreprise.
    :mozilla.320:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Trafficmp : Aucune action entreprise.
    :mozilla.321:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Trafficmp : Aucune action entreprise.
    C:\Documents and Settings\Raphaëlle\Cookies\raphaëlle@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Aucune action entreprise.
    :mozilla.10:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
    :mozilla.11:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
    :mozilla.413:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Webtrends : Aucune action entreprise.
    :mozilla.42:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
    :mozilla.43:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
    :mozilla.44:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
    :mozilla.45:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
    :mozilla.46:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
    :mozilla.47:C:\Documents and Settings\Raphaëlle\Application Data\Mozilla\Firefox\Profiles\4x1i7kur.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
    C:\Documents and Settings\Raphaëlle\Cookies\raphaëlle@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.

    Fin du rapport
    0
  13. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut fanette280,

    tu as supprimé tout ce que avg a trouvé?

    ok pour vundofix ;-)

    pour verifier refais un scan ici :

    Scan en ligne bitdefender :

    https://www.bitdefender.com/toolbox/

    Clicker sur " I agree " et suivre les indications

    A faire imperativement sous internet explorer, en acceptant l´activ x

    tutoriel en image en image

    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    Post le rapport obtenu stp

    @+
    0
  14. fanette280
     
    J'ai bien supprimé tout ce que AVG a trouvé et j'ai scané avec bitdefender

    Voici le rapport :

    BitDefender Online Scanner

    Scan report generated at: Sat, Mar 01, 2008 - 20:14:45

    Scan path: A:\;C:\;D:\;E:\;

    Statistics

    Time

    00:41:10

    Files

    148913

    Folders

    3705

    Boot Sectors

    3

    Archives

    1908

    Packed Files

    12394

    Results

    Identified Viruses

    24

    Infected Files

    50

    Suspect Files

    0

    Warnings

    0

    Disinfected

    0

    Deleted Files

    50

    Engines Info

    Virus Definitions

    984760

    Engine build

    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins

    16

    Archive plugins

    41

    Unpack plugins

    7

    E-mail plugins

    6

    System plugins

    5

    Scan Settings

    First Action

    Disinfect

    Second Action

    Delete

    Heuristics

    Yes

    Enable Warnings

    Yes

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Yes

    Scan Archives

    Yes

    Scan Packed

    Yes

    Scan Files

    Yes

    Scan Boot

    Yes

    Scanned File

    Status

    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\467c2742.qua

    Infected with: Trojan.Vundo.DVO

    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\467c2742.qua

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\467c2742.qua

    Deleted

    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48419327.qua

    Infected with: Trojan.Vundo.DVO

    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48419327.qua

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48419327.qua

    Deleted

    C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\dBenderC.dll.vir

    Detected with: Adware.Hotbar.B

    C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\dBenderC.dll.vir

    Deleted

    C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HostOE.dll.vir

    Detected with: Adware.Zango.AN

    C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HostOE.dll.vir

    Deleted

    C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HotbarSADF.exe.vir

    Detected with: Adware.Zango.SB

    C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HotbarSADF.exe.vir

    Deleted

    C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HotbarSAHook.dll.vir

    Detected with: Adware.Zango.AV

    C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HotbarSAHook.dll.vir

    Deleted

    C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HotbarUnInstaller.exe.vir=>(NSIS o)=>lzma_solid_nsis0004

    Detected with: Adware.Zango.AU

    C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HotbarUnInstaller.exe.vir=>(NSIS o)=>lzma_solid_nsis0004

    Deleted

    C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\HotbarUnInstaller.exe.vir=>(NSIS o)

    Update failed

    C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\InstIE.dll.vir

    Detected with: Adware.Zango.AG

    C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\InstIE.dll.vir

    Deleted

    C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\OEAddOn.exe.vir

    Detected with: Adware.Zango.SC

    C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\OEAddOn.exe.vir

    Deleted

    C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\Wallpaper.dll.vir

    Detected with: Adware.Zango.BB

    C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\Wallpaper.dll.vir

    Deleted

    C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\Weather.exe.vir

    Detected with: Application.Adware.Savenow.I

    C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\Weather.exe.vir

    Disinfection failed

    C:\QooBox\Quarantine\C\Program Files\Hotbar\bin\10.0.356.0\Weather.exe.vir

    Deleted

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir

    Detected with: Application.MWS

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir

    Disinfection failed

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir

    Deleted

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir

    Detected with: Adware.Toolbar.Mywebsearch.AK

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir

    Deleted

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir

    Detected with: Adware.Mywebsearch.AF

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir

    Deleted

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir

    Detected with: Adware.Msearch.P

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir

    Deleted

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir

    Detected with: Application.AdTool.MyWebSearch.AT

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir

    Disinfection failed

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir

    Deleted

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir

    Detected with: Adware.Mywebsearch.AS

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir

    Deleted

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir

    Detected with: Application.AdTool.MyWebSearch.AU

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir

    Disinfection failed

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir

    Deleted

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir

    Detected with: Application.Mywebsearch.Toolbar.C

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir

    Disinfection failed

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir

    Deleted

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir

    Detected with: Adware.Mywebsearch.I

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir

    Deleted

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir

    Detected with: Adware.Toolbar.MyWebSearch.AC

    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir

    Deleted

    C:\QooBox\Quarantine\C\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll.vir

    Detected with: Adware.Smartshopper.B

    C:\QooBox\Quarantine\C\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll.vir

    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0005

    Detected with: Adware.NaviPromo.BYC

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0005

    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)

    Update failed

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002

    Detected with: Adware.NaviPromo.BYC

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002

    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)

    Update failed

    C:\QooBox\Quarantine\C\WINDOWS\system32\edeeg.bak1.vir

    Infected with: Trojan.Vundo.DVS

    C:\QooBox\Quarantine\C\WINDOWS\system32\edeeg.bak1.vir

    Disinfection failed

    C:\QooBox\Quarantine\C\WINDOWS\system32\edeeg.bak1.vir

    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\system32\fhhkj.bak1.vir

    Infected with: Trojan.Vundo.DVS

    C:\QooBox\Quarantine\C\WINDOWS\system32\fhhkj.bak1.vir

    Disinfection failed

    C:\QooBox\Quarantine\C\WINDOWS\system32\fhhkj.bak1.vir

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP522\A0103640.dll

    Infected with: Trojan.Vundo.DYE

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP522\A0103640.dll

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP522\A0103644.dll

    Infected with: Trojan.Vundo.DYE

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP522\A0103644.dll

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104674.dll

    Detected with: Adware.Hotbar.B

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104674.dll

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104675.dll

    Detected with: Adware.Zango.AN

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104675.dll

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104678.exe

    Detected with: Adware.Zango.SB

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104678.exe

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104679.dll

    Detected with: Adware.Zango.AV

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104679.dll

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104680.exe=>(NSIS o)=>lzma_solid_nsis0004

    Detected with: Adware.Zango.AU

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104680.exe=>(NSIS o)=>lzma_solid_nsis0004

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104680.exe=>(NSIS o)

    Update failed

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104681.dll

    Detected with: Adware.Zango.AG

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104681.dll

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104683.exe

    Detected with: Adware.Zango.SC

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104683.exe

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104686.dll

    Detected with: Adware.Zango.BB

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104686.dll

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104687.exe

    Detected with: Application.Adware.Savenow.I

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104687.exe

    Disinfection failed

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104687.exe

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104691.DLL

    Detected with: Application.MWS

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104691.DLL

    Disinfection failed

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104691.DLL

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104694.DLL

    Detected with: Adware.Toolbar.Mywebsearch.AK

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104694.DLL

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104695.DLL

    Detected with: Adware.Mywebsearch.AF

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104695.DLL

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104701.EXE

    Detected with: Adware.Msearch.P

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104701.EXE

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104706.DLL

    Detected with: Application.AdTool.MyWebSearch.AT

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104706.DLL

    Disinfection failed

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104706.DLL

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104710.DLL

    Detected with: Adware.Mywebsearch.AS

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104710.DLL

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104713.EXE

    Detected with: Application.AdTool.MyWebSearch.AU

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104713.EXE

    Disinfection failed

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104713.EXE

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104714.EXE

    Detected with: Application.Mywebsearch.Toolbar.C

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104714.EXE

    Disinfection failed

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104714.EXE

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104716.EXE

    Detected with: Adware.Mywebsearch.I

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104716.EXE

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104719.DLL

    Detected with: Adware.Toolbar.MyWebSearch.AC

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104719.DLL

    Deleted

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104723.dll

    Detected with: Adware.Smartshopper.B

    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP523\A0104723.dll

    Deleted

    C:\WINDOWS\system32\edeeg.tmp

    Infected with: Trojan.Vundo.DVS

    C:\WINDOWS\system32\edeeg.tmp

    Disinfection failed

    C:\WINDOWS\system32\edeeg.tmp

    Deleted

    C:\WINDOWS\system32\fhhkj.ini

    Infected with: Trojan.Vundo.DVS

    C:\WINDOWS\system32\fhhkj.ini

    Disinfection failed

    C:\WINDOWS\system32\fhhkj.ini

    Deleted
    0
  15. g!rly Messages postés 18462 Statut Contributeur 407
     
    fanette280

    ok pour bitdefender.

    fais ceci :

    Copie le texte ci-dessous :

    DirLook::
    C:\WINDOWS\system32\ini
    C:\WINDOWS\system32\tmp

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt

    @+
    0
  16. fanette280
     
    Voici le rapport de combofix :

    ComboFix 08-02-25.3 - Raphaëlle 2008-03-02 11:55:21.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.137 [GMT 1:00]
    Endroit: C:\Documents and Settings\Raphaëlle\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Raphaëlle\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-01 19:31 . 2008-03-01 19:31 <REP> d-------- C:\WINDOWS\LastGood
    2008-03-01 19:31 . 2008-03-01 20:19 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-03-01 11:35 . 2008-03-01 11:35 <REP> d-------- C:\Documents and Settings\Raphaëlle\Application Data\Grisoft
    2008-03-01 11:33 . 2008-03-01 11:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-03-01 11:33 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-03-01 10:58 . 2008-03-01 10:58 <REP> d-------- C:\VundoFix Backups
    2008-02-29 23:39 . 2008-02-29 23:39 <REP> d-------- C:\Program Files\Avira
    2008-02-29 23:39 . 2008-02-29 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-02-29 22:54 . 2008-02-29 22:55 250 --a------ C:\WINDOWS\wininit.ini
    2008-02-29 22:20 . 2008-02-29 22:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-29 22:14 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
    2008-02-29 21:28 . 2008-02-29 21:28 <REP> d-------- C:\OnlineArmor
    2008-02-29 21:28 . 2008-03-01 15:40 <REP> d-------- C:\Documents and Settings\Raphaëlle\Application Data\OnlineArmor
    2008-02-29 21:28 . 2008-02-29 21:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
    2008-02-29 21:28 . 2007-11-08 06:37 68,608 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
    2008-02-29 21:28 . 2007-09-29 00:06 25,600 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
    2008-02-29 21:28 . 2007-09-29 00:06 18,944 --a------ C:\WINDOWS\system32\drivers\ndisrd.sys
    2008-02-29 21:20 . 2008-02-29 21:21 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-02-29 21:06 . 2008-02-29 21:07 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-02-29 21:02 . 2008-02-29 21:07 1,374 --a------ C:\WINDOWS\imsins.BAK
    2008-02-29 21:01 . 2008-02-29 21:07 <REP> d--h----- C:\WINDOWS\$hf_mig$
    2008-02-29 21:01 . 2007-12-07 03:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-02-29 21:01 . 2007-12-07 03:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-02-29 21:00 . 2007-12-07 03:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-02-29 21:00 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-02-29 21:00 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-02-29 21:00 . 2007-12-07 03:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-02-29 21:00 . 2007-12-07 03:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-02-29 21:00 . 2007-12-07 03:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-02-29 21:00 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-02-29 19:35 . 2008-02-29 19:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-02-29 13:47 . 2008-02-29 13:47 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-28 19:10 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2008-02-27 18:18 . 2008-02-27 18:18 <REP> d-------- C:\Documents and Settings\Raphaëlle\Application Data\Viewpoint
    2008-02-26 13:31 . 2008-02-29 20:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-02-26 13:31 . 2008-02-26 13:31 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-02-26 13:29 . 2008-02-26 13:29 <REP> d-------- C:\Program Files\iPod
    2008-02-26 13:28 . 2008-02-26 13:29 <REP> d-------- C:\Program Files\iTunes
    2008-02-26 13:16 . 2008-02-26 13:19 <REP> d-------- C:\Program Files\QuickTime
    2008-02-20 15:38 . 2008-02-20 15:38 <REP> d-------- C:\Program Files\Yahoo!

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-29 21:54 --------- d-----w C:\Documents and Settings\Raphaëlle\Application Data\WeatherDPA
    2008-01-09 17:54 --------- d-----w C:\Program Files\Red Kawa
    2008-01-09 17:54 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    2008-01-09 13:23 --------- d-----w C:\Documents and Settings\Raphaëlle\Application Data\Apple Computer
    2008-01-09 13:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-01-09 13:15 --------- d-----w C:\Program Files\Apple Software Update
    2008-01-09 13:13 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-01-09 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-12-12 23:23 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    2006-10-18 17:32 17,920 ----a-w C:\Documents and Settings\Raphaëlle\Application Data\GDIPFONTCACHEV1.DAT
    .
    [color=red] C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below) [/color]
    562,176 2001-08-28 12:00:00 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
    578,048 2004-08-19 14:09:48 C:\WINDOWS\ServicePackFiles\i386\user32.dll
    578,048 2004-08-19 14:09:48 C:\WINDOWS\system32\user32.dll

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ---- Directory of C:\WINDOWS\system32\ini ----

    C:\WINDOWS\system32\ini\

    ---- Directory of C:\WINDOWS\system32\tmp ----

    C:\WINDOWS\system32\tmp\

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
    "L'Assistant DartyBox"="C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe" [2007-06-05 21:15 151552]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-30 23:35 7634944]
    "nwiz"="nwiz.exe" [2006-10-30 23:35 1622016 C:\WINDOWS\system32\nwiz.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-30 23:35 86016]
    "RTHDCPL"="RTHDCPL.EXE" [2007-02-26 08:03 16125440 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-29 23:45 249896]
    "!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
    "OnlineArmor GUI"="D:\Program Files\Tall Emu\Online Armor\oaui.exe" [2007-11-16 07:51 5029952]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{4F07DA45-8170-4859-9B5F-037EF2970034}"= D:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2007-11-16 07:50 633344]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\eMule\\emule.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R1 NDISRD;NDISRD;C:\WINDOWS\system32\drivers\NDISRD.sys [2007-09-29 00:06]
    R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2007-11-08 06:37]
    R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2007-09-29 00:06]
    R2 SvcOnlineArmor;Online Armor;"D:\Program Files\Tall Emu\Online Armor\oasrv.exe" [2007-11-16 07:51]
    S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2002-12-11 14:25]
    S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-26 11:43:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-03-02 10:59:09 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-02 12:12:19
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-02 12:18:04
    ComboFix-quarantined-files.txt 2008-03-02 11:17:41
    ComboFix2.txt 2008-02-29 18:27:01
    ComboFix3.txt 2008-02-29 12:41:41
    0
  17. g!rly Messages postés 18462 Statut Contributeur 407
     
    Fanette280,

    Comment se porte ton pc?

    @+
    0
  18. fanette280
     
    Salut,

    J'ai l'impression que mon pc est réparé. En tout cas il marche super bien!
    J'ai quand même refaits un scan avec antivir et il m'a trouvé encore des virus et j'ai mis les fichiers en quarantaine.

    Je te remercie vraiment pour ton aide et ta patience. C'est super sympa. Merci beaucup!!!
    0
  19. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut fanette280,

    peux tu poster le rapport d´antivir stp ?

    @+
    0
  20. fanette280
     
    Voici le rapport antivir :

    AntiVir PersonalEdition Classic
    Report file date: lundi 3 mars 2008 12:00

    Scanning for 1130387 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: THUMINE-LITZO7X

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 22:45:58
    ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 22:45:58
    ANTIVIR3.VDF : 7.0.2.216 135168 Bytes 02/03/2008 22:41:36
    AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 29/02/2008 22:45:59
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 29/02/2008 22:45:59
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Local Hard Disks
    Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldiscs.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high

    Start of the scan: lundi 3 mars 2008 12:00

    Starting search for hidden objects.
    '34693' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'notepad.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'emule.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'upgrade_manager.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'oaui.exe' - '0' Module(s) have been scanned
    Scan process 'avgas.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '0' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'oasrv.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    34 processes with 34 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [NOTE] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '22' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP533\A0106466.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47fcde0e.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP533\A0106467.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47fcde13.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP533\A0106468.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4694507c.qua'!
    C:\System Volume Information\_restore{A078F1AA-5476-462C-AF05-2CC1CB0FD20C}\RP533\A0106506.exe
    [DETECTION] Contains detection pattern of the dropper DR/180Solutions.AY.4
    [INFO] The file was moved to '47fcde14.qua'!
    C:\WINDOWS\system32\kernel32.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\ntdll.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\ntkrnlpa.exe
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\ntoskrnl.exe
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\user32.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\win32k.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\ndisrd.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\OADriver.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\OAmon.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\'

    End of the scan: lundi 3 mars 2008 12:29
    Used time: 29:41 min

    The scan has been done completely.

    3697 Scanning directories
    185557 Files were scanned
    4 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    4 files were moved to quarantine
    0 files were renamed
    10 Files cannot be scanned
    185553 Files not concerned
    1286 Archives were scanned
    10 Warnings
    19 Notes
    34693 Objects were scanned with rootkit scan
    0 Hidden objects were found
    0
  21. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    fais ceci :

    Désactive ta restauration système:
    pour cela :
    Click droit sur poste de travail, dans l´arborescence sur propriétés;
    dans la nouvelle fenettre click sur l´onglet restauration système;
    coche la case désactiver la restauration systèm et applique.
    puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés;
    dans la nouvelle fenettre click sur l´onglet restauration systèm
    décoche la case désactiver la restauration systèm et applique.

    puis

    Télécharge ToolsCleaner sur ton bureau.
    --> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    @+
    0
  • 1
  • 2