Rapport hijackthis

Résolu
Marie-kiri Messages postés 67 Statut Membre -  
Marie-kiri Messages postés 67 Statut Membre -
bonjour, j'ai un problème avec mon ordinateur. je trouve qu'il est très lent. De plus il fait beaucoup de bruit (je viens de nettoyer les ventilateurs). Serait-il possible de lire mon rapport hijackthis?
Merci à vous
Configuration: Windows XP
Firefox 2.0.0.3

34 réponses

  • 1
  • 2
  1. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Salut

    Poste le ;-))

    ++
    0
  2. Marie-kiri Messages postés 67 Statut Membre 1
     
    le voila!
    je crois que tu vas etre horrifié!lol
    bon courage

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 13:36:06, on 14/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\Sitecom\Logiciel Bluetooth\BTTray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Sitecom\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\CHAUSSAVOINE\Bureau\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    R3 - URLSearchHook: (no name) - - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {584993D2-B1F1-8CE4-2611-446648054C3B} - C:\DOCUME~1\CHAUSS~1\APPLIC~1\EQFILE~1\Global Pop.exe (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKLM\..\Policies\Explorer\Run: [homepage.monitor.exe] C:\Program Files\iCodecPack\isamonitor.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RegFreeze.lnk = C:\Program Files\RegFreeze\regfreeze.exe
    O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: AVG Anti-Spyware 7.5
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Sitecom\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?6510ede6b15d45c2a2f0d1d2b2437e73
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?6510ede6b15d45c2a2f0d1d2b2437e73
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: AdsGone - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\AdsGone\adsgone (file missing)
    O9 - Extra 'Tools' menuitem: &AdsGone Settings - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\AdsGone\adsgone (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Filter hijack: text/html - (no CLSID) - (no file)
    O21 - SSODL: considerateness - {4d993022-0899-4599-b4b6-0f887d0802e6} - (no file)
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: considerateness - {4d993022-0899-4599-b4b6-0f887d0802e6} - (no file)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Administration IIS (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe (file missing)
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Publication World Wide Web (W3SVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  3. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    J'ai déjà vu plus inquiétant :)

    fais ce qui est indiqué ic istp

    virus methode preliminaire de desinfection version fr

    ++
    0
  4. Marie-kiri Messages postés 67 Statut Membre 1
     
    RE.
    j'arrive pas à faire la sauvegarde du registre. il devrait me proposer d'en faire une, non?
    merci
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    re

    la sauvegarde du registre ???

    ++
    0
  7. Marie-kiri Messages postés 67 Statut Membre 1
     
    oui?
    pourquoi? y un problème?
    j'ai oublié de te dire que je suis nulle en informatique...
    dans Ccleaner, il est dit que avant de réparé les erreurs il faut faire une sauvegarde du registre mais je ne sais pas comment faire. Mais j'ai cru comprendre qu'il le proposait automatiquement. mais je dois me trompé.
    ++
    0
  8. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Ah ! ok :)

    en fait, après avoir réparer les erreurs, ccleaner va te demander si tu veux faire une sauvegarde ou pas, et la tu reponds oui !

    ++
    0
  9. Marie-kiri Messages postés 67 Statut Membre 1
     
    re
    je te poste le rapport de AVG mm si je crois que ca va pas servir.
    je vais maintenant faire un scan avec BitDefender au cas ou..

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 16:39:35 14/05/2007

    + Résultat de l'analyse:

    Rien à signaler.

    Fin du rapport

    merci de tes conseils
    ++
    0
  10. Marie-kiri Messages postés 67 Statut Membre 1
     
    RE
    le scan en ligne de BitDefender est terminé, je te poste le rapport.
    qu'en penses-tu?

    BitDefender Online Scanner

    Scan report generated at: Mon, May 14, 2007 - 18:01:37

    Scan path: A:\;C:\;D:\;E:\;

    Statistics

    Time

    01:10:22

    Files

    289645

    Folders

    4838

    Boot Sectors

    3

    Archives

    7951

    Packed Files

    26392

    Results

    Identified Viruses

    6

    Infected Files

    80

    Suspect Files

    0

    Warnings

    0

    Disinfected

    0

    Deleted Files

    80

    Engines Info

    Virus Definitions

    506209

    Engine build

    AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

    Scan plugins

    14

    Archive plugins

    38

    Unpack plugins

    6

    E-mail plugins

    6

    System plugins

    1

    Scan Settings

    First Action

    Disinfect

    Second Action

    Delete

    Heuristics

    Yes

    Enable Warnings

    Yes

    Scanned Extensions

    *;

    Exclude Extensions

    Scan Emails

    Yes

    Scan Archives

    Yes

    Scan Packed

    Yes

    Scan Files

    Yes

    Scan Boot

    Yes

    Scanned File

    Status

    C:\WINDOWS\system32\windowsautomaticupdates.bat

    Infected with: BAT.Installer.A

    C:\WINDOWS\system32\windowsautomaticupdates.bat

    Disinfection failed

    C:\WINDOWS\system32\windowsautomaticupdates.bat

    Deleted

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\boredelete.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\boredelete.exe

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\boredelete.exe

    Deleted

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\error stupid.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\error stupid.exe

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\error stupid.exe

    Deleted

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\PlatformBurn.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\PlatformBurn.exe

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\PlatformBurn.exe

    Deleted

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\filmarmy.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\filmarmy.exe

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\filmarmy.exe

    Deleted

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\bytewarn.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\bytewarn.exe

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\bytewarn.exe

    Deleted

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\file meow.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\file meow.exe

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\file meow.exe

    Deleted

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\Book dead.exe

    Infected with: Trojan.Downloader.Swizzor.DV

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\Book dead.exe

    Deleted

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\Type Download.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\Type Download.exe

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\Type Download.exe

    Deleted

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\Joystupid.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\Joystupid.exe

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\Joystupid.exe

    Deleted

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\Team intra.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\Team intra.exe

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\Team intra.exe

    Deleted

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\warn regs.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\warn regs.exe

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\warn regs.exe

    Deleted

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\stupid corn.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\stupid corn.exe

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\stupid corn.exe

    Deleted

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\Stylememo.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\Stylememo.exe

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\Stylememo.exe

    Deleted

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\CampMeow.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\CampMeow.exe

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\CampMeow.exe

    Deleted

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\active first.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\active first.exe

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\active first.exe

    Deleted

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\name base.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\name base.exe

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\name base.exe

    Deleted

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\birdmemo.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\birdmemo.exe

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\birdmemo.exe

    Deleted

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\Forkmemo.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\Forkmemo.exe

    Disinfection failed

    C:\Documents and Settings\All Users\Application Data\Seek Ping Third Plan\Forkmemo.exe

    Deleted

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\ljnlxruw.exe

    Infected with: Trojan.Downloader.Swizzor.DV

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\ljnlxruw.exe

    Deleted

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\AXISNEW.exe

    Infected with: GenPack:Trojan.Swizzor.CL

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\AXISNEW.exe

    Disinfection failed

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\AXISNEW.exe

    Deleted

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\qqnlommk.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\qqnlommk.exe

    Disinfection failed

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\qqnlommk.exe

    Deleted

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\ycjvibvo.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\ycjvibvo.exe

    Disinfection failed

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\ycjvibvo.exe

    Deleted

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\mdrqvjth.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\mdrqvjth.exe

    Disinfection failed

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\mdrqvjth.exe

    Deleted

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\rspejudn.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\rspejudn.exe

    Disinfection failed

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\rspejudn.exe

    Deleted

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\wqucwifu.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\wqucwifu.exe

    Disinfection failed

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\wqucwifu.exe

    Deleted

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\esbqxtvz.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\esbqxtvz.exe

    Disinfection failed

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\esbqxtvz.exe

    Deleted

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\sasdtexb.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\sasdtexb.exe

    Disinfection failed

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\sasdtexb.exe

    Deleted

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\nxwispvf.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\nxwispvf.exe

    Disinfection failed

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\nxwispvf.exe

    Deleted

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\rgntibtj.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\rgntibtj.exe

    Disinfection failed

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\rgntibtj.exe

    Deleted

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\jkdrbcuv.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\jkdrbcuv.exe

    Disinfection failed

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\jkdrbcuv.exe

    Deleted

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\huzdldvx.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\huzdldvx.exe

    Disinfection failed

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\huzdldvx.exe

    Deleted

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\rbogdelw.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\rbogdelw.exe

    Disinfection failed

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\rbogdelw.exe

    Deleted

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\perolsug.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\perolsug.exe

    Disinfection failed

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\perolsug.exe

    Deleted

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\wqhayzcv.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\wqhayzcv.exe

    Disinfection failed

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\wqhayzcv.exe

    Deleted

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\xaxnyjqd.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\xaxnyjqd.exe

    Disinfection failed

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\xaxnyjqd.exe

    Deleted

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\wzlvepxc.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\wzlvepxc.exe

    Disinfection failed

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\wzlvepxc.exe

    Deleted

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\pepqjmkf.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\pepqjmkf.exe

    Disinfection failed

    C:\Documents and Settings\CHAUSSAVOINE\Application Data\Else plus\pepqjmkf.exe

    Deleted

    C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL

    Detected with: Adware.ToolBar.MyWebSearch.L

    C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL

    Disinfection failed

    C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL

    Deleted

    C:\Program Files\mailskinner\OESkinner.dll

    Infected with: Trojan.Mailskinner.DLL

    C:\Program Files\mailskinner\OESkinner.dll

    Disinfection failed

    C:\Program Files\mailskinner\OESkinner.dll

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506621.bat

    Infected with: BAT.Installer.A

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506621.bat

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506621.bat

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506622.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506622.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506622.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506623.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506623.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506623.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506624.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506624.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506624.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506625.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506625.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506625.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506626.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506626.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506626.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506627.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506627.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506627.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506628.exe

    Infected with: Trojan.Downloader.Swizzor.DV

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506628.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506629.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506629.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506629.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506630.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506630.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506630.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506631.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506631.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506631.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506632.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506632.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506632.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506633.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506633.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506633.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506634.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506634.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506634.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506635.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506635.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506635.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506636.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506636.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506636.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506637.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506637.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506637.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506638.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506638.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506638.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506639.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506639.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506639.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506640.exe

    Infected with: Trojan.Downloader.Swizzor.DV

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506640.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506641.exe

    Infected with: GenPack:Trojan.Swizzor.CL

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506641.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506641.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506642.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506642.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506642.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506643.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506643.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506643.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506644.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506644.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506644.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506645.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506645.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506645.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506646.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506646.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506646.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506647.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506647.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506647.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506648.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506648.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506648.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506649.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506649.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506649.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506650.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506650.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506650.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506651.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506651.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506651.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506652.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506652.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506652.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506653.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506653.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506653.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506654.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506654.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506654.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506655.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506655.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506655.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506656.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506656.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506656.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506657.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506657.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506657.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506658.exe

    Infected with: GenPack:Trojan.Swizzor.BF

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506658.exe

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506658.exe

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506659.DLL

    Detected with: Adware.ToolBar.MyWebSearch.L

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506659.DLL

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506659.DLL

    Deleted

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506660.dll

    Infected with: Trojan.Mailskinner.DLL

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506660.dll

    Disinfection failed

    C:\System Volume Information\_restore{0863191E-1F64-456A-A135-E2605EBC1D45}\RP1009\A0506660.dll

    Deleted

    c grave?
    merci
    a+
    0
  11. Marie-kiri Messages postés 67 Statut Membre 1
     
    je te poste le rapport Hijackthis que je viens de faire.
    ca fait beaucoup de boulot qd mm!!

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 18:07:55, on 14/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\Sitecom\Logiciel Bluetooth\BTTray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Sitecom\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    C:\Documents and Settings\CHAUSSAVOINE\Bureau\anti-virus\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    R3 - URLSearchHook: (no name) - - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {584993D2-B1F1-8CE4-2611-446648054C3B} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKLM\..\Policies\Explorer\Run: [homepage.monitor.exe] C:\Program Files\iCodecPack\isamonitor.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: AVG Anti-Spyware 7.5
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Sitecom\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?6510ede6b15d45c2a2f0d1d2b2437e73
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?6510ede6b15d45c2a2f0d1d2b2437e73
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: AdsGone - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\AdsGone\adsgone (file missing)
    O9 - Extra 'Tools' menuitem: &AdsGone Settings - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\AdsGone\adsgone (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Filter hijack: text/html - (no CLSID) - (no file)
    O21 - SSODL: considerateness - {4d993022-0899-4599-b4b6-0f887d0802e6} - (no file)
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: considerateness - {4d993022-0899-4599-b4b6-0f887d0802e6} - (no file)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Administration IIS (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe (file missing)
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Publication World Wide Web (W3SVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
    0
  12. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok, où en sont tes soucis ???

    ++
    0
  13. Marie-kiri Messages postés 67 Statut Membre 1
     
    re
    il est bcp plus rapide mais il fait toujours autant de bruit, je pense qu'un des ventilateurs doit etre changer.
    que dise les différents rapport que j'ai posté?
    merci
    ++
    0
  14. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Beaucoup de saletés, mais ils ont été supprimé !

    # Désactiver la Restauration du système

    * Cliquez sur le bouton Démarrer.
    * Cliquez avec le bouton droit de la souris sur Poste de travail puis cliquez sur Propriétés.
    * Dans l'onglet Restauration du système, sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs

    ( tu pourras la réactivé à la fin de la manip )

    # Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC

    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    R3 - URLSearchHook: (no name) - - (no file)

    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {584993D2-B1F1-8CE4-2611-446648054C3B} - (no file)

    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

    O22 - SharedTaskScheduler: considerateness - {4d993022-0899-4599-b4b6-0f887d0802e6} - (no file)

    ensuite cherche et supprime ce logiciel :

    MyWebSearch Search

    et enfin :

    # Télécharge ceci: (merci a S!RI pour ce petit programme).

    http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
    voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
    il va générer un rapport : copie/colle le sur le poste stp.

    @+

    La sagesse, c'est d'avoir des rêves suffisamment grands pour ne pas les
    perdre de vue lorsqu'on les poursuit. (Oscar Wilde)
    0
  15. Marie-kiri Messages postés 67 Statut Membre 1
     
    j'ai un message d'erreur qui s'affiche qd je veux supprimer MyWebsearch. le message dit : impossible de supprimer MWSBAR.DLL
    j'ai chercher dans ajout/suppression de programme, je le trouve pas. comment faire pour le supprimer?
    merci
    ++
    0
  16. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok, passe à la suite; on verra au fur et à mesure !

    ++
    0
  17. Marie-kiri Messages postés 67 Statut Membre 1
     
    voila le rapprt:

    SmitFraudFix v2.181

    Rapport fait à 19:45:55,10, 14/05/2007
    Executé à partir de C:\Documents and Settings\CHAUSSAVOINE\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est FAT32
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\windows\system32\pvwgnut.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Sitecom\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CHAUSSAVOINE

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CHAUSSAVOINE\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Realtek RTL8139/810x Family Fast Ethernet NIC #2 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.27.54.252
    DNS Server Search Order: 212.27.53.252

    Description: Realtek RTL8139/810x Family Fast Ethernet NIC #2 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.27.54.252
    DNS Server Search Order: 212.27.53.252

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{4FC48CF4-7B48-4E66-9277-0E8ECE90E3E0}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{D4060057-96F4-4625-AE5E-1CBD391F47BB}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{4FC48CF4-7B48-4E66-9277-0E8ECE90E3E0}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{D4060057-96F4-4625-AE5E-1CBD391F47BB}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{4FC48CF4-7B48-4E66-9277-0E8ECE90E3E0}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{D4060057-96F4-4625-AE5E-1CBD391F47BB}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    merci de ton aide encore une fois
    0
  18. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    ok,

    Télécharge Blacklight (de F-Secure) :

    https://europe.f-secure.com/exclude/blacklight/index.shtml

    et sauvegarde le sur ton Bureau.

    Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next

    Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

    Copie et colle le contenu de ce rapport dans ta prochaine réponse

    ++
    0
  19. Marie-kiri Messages postés 67 Statut Membre 1
     
    voila encore un rapport (ca en fait des rapport de pster en 1 journée!! lol)

    05/14/07 19:56:12 [Info]: BlackLight Engine 1.0.61 initialized
    05/14/07 19:56:12 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    05/14/07 19:56:12 [Note]: 7019 4
    05/14/07 19:56:12 [Note]: 7005 0
    05/14/07 19:56:28 [Note]: 7006 0
    05/14/07 19:56:28 [Note]: 7011 1648
    05/14/07 19:56:29 [Note]: 7026 0
    05/14/07 19:56:29 [Note]: 7026 0
    05/14/07 19:56:29 [Note]: 7015 404
    05/14/07 19:56:29 [Note]: 7015 5
    05/14/07 19:56:29 [Note]: 7015 1236
    05/14/07 19:56:29 [Note]: 7015 5
    05/14/07 19:56:29 [Note]: 7015 1764
    05/14/07 19:56:29 [Note]: 7015 5
    05/14/07 19:56:29 [Note]: 7024 3
    05/14/07 19:56:29 [Info]: Hidden process: C:\windows\system32\pvwgnut.exe
    05/14/07 19:56:37 [Note]: FSRAW library version 1.7.1021
    05/14/07 19:57:01 [Info]: Hidden file: C:\windows\system32\pvwgnut.exe
    05/14/07 19:57:02 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\PVWGNUT.DAT
    05/14/07 19:57:02 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\PVWGNU~1.DAT
    05/14/07 19:57:02 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\PVWGNU~2.DAT

    voila
    0
  20. green day Messages postés 26374 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   2 166
     
    Ouep ! mais c'est vite fait à lire :)

    tu as encore pas mal de bébétes ...

    Prendre connaissance du contenu du lien suivant:
    http://www.f-secure.com/products/license-terms/eult_fra.pdf
    Tu as donc pris connaissance et accepté les conditions d'utilisations du programme blacklight qui est inclus dans le dossier compressé navilog1.zip que tu vas télécharger.
    Maintenant fais un clic droit sur ce lien :
    http://perso.orange.fr/il.mafioso/Navifix/navilog1.zip
    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Fais un clic droit sur navilog1.zip et choisis "tout extraire"
    Ensuite double clique sur navilog1.bat
    Laisses-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2 sans notre avis/accord)
    Patientes jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuies sur une touche comme demandé, le blocnote va s'ouvrir.
    Copies-colles l'intégralité dans une réponse. Refermes le blocnote.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

    ++
    0
  21. Marie-kiri Messages postés 67 Statut Membre 1
     
    je ne peu pas "tout extraire", un message me dit "aucune archive trouvée"
    kes ke je doi faire?
    ++
    0
  • 1
  • 2