Sujet Précédent Sujet Suivant

Help antivirus pro 2009

Fermé
petitecoco43 Messages postés 1 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 15 novembre 2008 - 15 nov. 2008 à 14:12
 Utilisateur anonyme - 16 nov. 2008 à 16:36
Bonjour,
etant novice en informatique j ai besoin de votre aide, depuis ce matin mon pc est infecté par pro antivirus 2009 et je n'arrive pas a le supprimer
voici mon log hijckthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:27, on 15/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\brastk.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\documents and settings\proprietaire\local settings\application data\abewbdvi.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ADFD5FD2-2DD2-4572-80DA-C74F1193FBA1} - C:\WINDOWS\SYSTEM32\mlJdedEV.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {BA60F275-C11F-435D-A773-B415542A6F9D} - C:\WINDOWS\system32\jkkhFXqo.dll (file missing)
O2 - BHO: (no name) - {CE86878F-D099-4FFC-A4DC-E51D192063B1} - C:\WINDOWS\SYSTEM32\ssqRkifG.dll (file missing)
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Antivirus Pro 2009] "C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe" /hide
O4 - HKLM\..\RunOnce: [SpybotDeletingA9916] command /c del "C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.mediapluspro.com/mediaplus66/Download/msrdp.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O18 - Filter hijack: text/html - {C6F62B7A-5450-4A2F-8687-6CEEC3AEB055} - (no file)
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe


merci de votre aide
A voir également:

25 réponses

  • 1
  • 2
Réponse 1 / 25
Utilisateur anonyme
15 nov. 2008 à 15:33
Hi,

Installe [- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe smitfraudfix]



Option:1 => Recherche:

* Double cliquer sur SmitfraudFix.exe

* Sélectionner 1 et pressez =>Entrée dans le menu pour créer

un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque

système

C:\rapport.txt

==>et colle le rapport génèrer sur le forum.

*=>Ne pas faire l'option 2 sans un avis d'une personne compétente

Alut.
0
Réponse 2 / 25
petitecoco43
15 nov. 2008 à 17:48
merci de votre aide, desolé pour le retard je n'arrivais plus a me connecter au net

voici le rapport :
SmitFraudFix v2.375

Rapport fait à 17:44:14,92, 15/11/2008
Executé à partir de C:\Documents and Settings\PROPRIETAIRE\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\WINDOWS\System32\svchost.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\brastk.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\brastk.exe PRESENT !
C:\WINDOWS\system32\_scui.cpl PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PROPRIETAIRE


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PROPRIETAIRE\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\PCHealthCenter\ PRESENT !
C:\Program Files\Google\googletoolbar1.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0B60D39B-0414-4552-BA76-7FD52203B1AF}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B151D55E-57F1-4EB2-B40A-2FEAC74B43D2}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C8D49E6E-145A-4AEB-8563-9B1F90F8C0E5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0B60D39B-0414-4552-BA76-7FD52203B1AF}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B151D55E-57F1-4EB2-B40A-2FEAC74B43D2}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C8D49E6E-145A-4AEB-8563-9B1F90F8C0E5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0B60D39B-0414-4552-BA76-7FD52203B1AF}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B151D55E-57F1-4EB2-B40A-2FEAC74B43D2}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C8D49E6E-145A-4AEB-8563-9B1F90F8C0E5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0B60D39B-0414-4552-BA76-7FD52203B1AF}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B151D55E-57F1-4EB2-B40A-2FEAC74B43D2}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C8D49E6E-145A-4AEB-8563-9B1F90F8C0E5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 3 / 25
Utilisateur anonyme
15 nov. 2008 à 17:49
Hi,

Nettoyage:

* Redemarrer l'ordinateur en mode sans échec:

* Double cliquer sur smitfraudix:

* Sélectionner 2 et pressez Entrée dans le menu pour supprimer les fichiers responsables de l'infection.

* A la question: Voulez-vous nettoyer le registre ? répondre O (oui) et pressez Entrée afin de débloquer le fond d'écran et supprimer les clés de registre de l'infection:.

* Le fix déterminera si le fichier wininet.dll est infecté. A la question: Corriger le fichier infecté ? répondre O (oui) et pressez Entrée pour remplacer le fichier corrompu:.

* Un redemarrage sera peut être necessaire pour terminer la procedure de nettoyage. Le rapport se trouve à la racine du disque système C:\rapport.txt:



Option::

* Pour effacer la liste des sites de confiance et sensibles, sélectionner 3 et pressez Entrée dans le menu.


* A la question: Réinitialiser la liste des sites de confiance et sensibles ? répondre O (oui) et pressez Entrée afin de restaurer les zones de confiances et sensibles:.

:FAUX POSITIF::

process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Alut.
0
Réponse 4 / 25
petitecoco43
15 nov. 2008 à 18:08
voivi le rapport :
SmitFraudFix v2.375

Rapport fait à 17:59:56,82, 15/11/2008
Executé à partir de C:\Documents and Settings\PROPRIETAIRE\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\brastk.exe supprimé
C:\WINDOWS\system32\_scui.cpl supprimé
C:\Program Files\PCHealthCenter\ supprimé
C:\Program Files\Google\googletoolbar1.dll supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0B60D39B-0414-4552-BA76-7FD52203B1AF}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B151D55E-57F1-4EB2-B40A-2FEAC74B43D2}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C8D49E6E-145A-4AEB-8563-9B1F90F8C0E5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0B60D39B-0414-4552-BA76-7FD52203B1AF}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B151D55E-57F1-4EB2-B40A-2FEAC74B43D2}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C8D49E6E-145A-4AEB-8563-9B1F90F8C0E5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0B60D39B-0414-4552-BA76-7FD52203B1AF}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B151D55E-57F1-4EB2-B40A-2FEAC74B43D2}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C8D49E6E-145A-4AEB-8563-9B1F90F8C0E5}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 25
Utilisateur anonyme
15 nov. 2008 à 18:13
Hi,

-Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte

- Mets le à jour

---
- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher

- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
0
Réponse 6 / 25
petitecoco43
15 nov. 2008 à 18:43
voici le rapport (j'ai pris peur en voyant le nbre d'infections)

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1400
Windows 5.1.2600 Service Pack 3

15/11/2008 18:42:09
mbam-log-2008-11-15 (18-42-09).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 136222
Temps écoulé: 26 minute(s), 22 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 21
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 21
Fichier(s) infecté(s): 278

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ce86878f-d099-4ffc-a4dc-e51d192063b1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce86878f-d099-4ffc-a4dc-e51d192063b1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antiviruspro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\antiviruspro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ce86878f-d099-4ffc-a4dc-e51d192063b1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Seekmo (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0 (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\firefox (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\firefox\extensions (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\firefox\extensions\components (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\firefox\extensions\plugins (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.0.21 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\eskin (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\DownLoad (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekmoSA (Adware.Seekmo) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\abewbdvi_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\abewbdvi_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\abewbdvi.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\abewbdvi.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Program Files\Multi_Media_France\tbMul0.dll (Adware.Shopper) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\arrow.ico (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\copyright.txt (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\HostOE.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\link.ico (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\SeekmoSAAX.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\SeekmoSAHook.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\firefox\extensions\chrome.manifest (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\firefox\extensions\install.rdf (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\firefox\extensions\components\npclntax.xpt (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo\bin\10.0.427.0\firefox\extensions\plugins\npclntax_SeekmoSA.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\AntivirusPro2009\Uninstall.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\eskin\empty_bg_st.htm (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\eskin\FileManager.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte10_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte11_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte12_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte13_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte14_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte19_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte20_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte21_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\030104_emte9_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\030203lib_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\033102angel_1_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\033102bigluf_1_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\033102bigsmile_1_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\033102birthday_1_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\033102cheers_1_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\033102flo_1_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\033102good_1_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\033102jump_1_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\033102king_1_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\033102lough_1_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\033102luf_1_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\033102smiled_1_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\033102smile_1_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\033102sor_1_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\033102thanx_1_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\033102uhu_1_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\040103ahh_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\040103wow_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\040104_emi2_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\042102_1134_112_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\050103big_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\050103gig_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\050103hm_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\050103nomail_emoti_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\050103norm_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\060104_ema15_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\060104_ema16_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\060104_ema17_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\060104_ema18_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\060104_ema19_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\060104_ema20_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\060104_ema21_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\060104_ema24_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\060104_ema25_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\060104_ema26_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\060104_ema30_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\060104_ema33_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\060104_ema34_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\062802hippi_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\062802jumpie_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\080402argh_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\080402oops_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\080402ouch_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\082502no_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\082502yes_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\110103_boring1_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\110103_confused_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\110103_crying_ugly_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\110103_fantastic_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\110103_feel_better_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\110103_gimme_break_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\110103_heehee_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\110103_hlopaet_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\110103_ign_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\110103_lol_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\110103_no_comment_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\110103_peace_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\110103_smashing_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\110103_talk2thehand_prv.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\blocked.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\blocked2.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\block_sm.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\block_sm2.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\block_smli.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\block_smli2.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\btn_add-but.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\btn_back-but.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\btn_left_cut_enabled_1.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\btn_left_enabled_1.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\btn_left_pressed_1.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\btn_middle_enabled_1.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\btn_middle_pressed_1.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\btn_right_cut_enabled_1.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\btn_right_enabled_1.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\btn_right_pressed_1.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\business_promo.htm (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\buttondir.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\components.cdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\css2_main.css (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\css2_pagingmodule.css (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\css2_topbuttons.css (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\css_cattree.css (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\css_flashpreview.css (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\cursors.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\delete.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\edit_clear_sound.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\edit_fs.htm (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\edit_select.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-511724-543450.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-511724-548964.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-511724-589306.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-511724-591943.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-511724-592579.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-511724-598579.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-511724-603763.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-511724-9595.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-511724-9696.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-511745-514279.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-email-backgrounds.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-email-bcards.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-email-ecards.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-email-emoticons.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-email-estationery.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-email-funny.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-email-help.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-email-images.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-email-info.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-email-more.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-email-my.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-email-new.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-email-new2.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-email-options.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-email-people.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-email-photo.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-email-tell.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-email-temp.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-email-text.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def-email-voice.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-def.cdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-premium-email-premium.mnu (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-t1-bg.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\email-temp-bg.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\estatationery.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\flashpatch.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\flashpreview.htm (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\fs3.htm (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\hotbar_promo.htm (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\icon_checked_1.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\icon_close_1.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\icon_close_pressed_1.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\icon_edit_preview.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\icon_edit_send.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\icon_flash_preview.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\icon_recently_used.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\icon_remove_1.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\icon_remove_pressed_1.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\icon_sand-clock2.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\icon_tell_1.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\icon_tell_pressed_1.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\icon_tree_null.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\icon_unchecked_1.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\icon_unchecked_pressed_1.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\img_barlayout.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\img_barlayout2.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\img_barlayout4.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\img_corner_left.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\img_local_logo.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\js2_basetemplate.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\js2_hbgroups.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\js2_hbobject3.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\js2_hbobjectset3.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\js2_hotbarwrapper.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\js2_iteratorsandreaders3nf.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\js2_pagingmoduleobj3.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\js2_texts3.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\js2_xmltree3nf.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\layout.cdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\linkpathlegal.txt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\n.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\nav_bb_2.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\nav_b_2.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\nav_ff_2.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\nav_f_2.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\progress.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\pro_hb_fo_word.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\sales_buttons.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\searchbtn.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\seekmo_btn.res (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\submit.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\tab_bg.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\tab_bga.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\tab_bgia.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\tab_l.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\tab_la.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\tab_lia.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\tab_r.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\tab_ra.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\tab_ria.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\treedata_animations.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\treedata_backgrounds.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\treedata_ecards.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\treedata_emoticons.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\treedata_notifiers.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\treedata_text.xml (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\tree_dots.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\tree_minus.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\1\tree_plus.gif (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\DownLoad\business_promo.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\DownLoad\buttondir.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\DownLoad\code.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\DownLoad\cursors.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\DownLoad\email-def.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\DownLoad\email-t1-bg.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\DownLoad\email-temp-bg.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\DownLoad\hotbar_promo.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\DownLoad\images.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\DownLoad\layout.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\DownLoad\linkpathlegal.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\DownLoad\localcontent.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\DownLoad\pro_hb_fo_word.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\DownLoad\sales_buttons.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\DownLoad\seekmo_btn.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\PROPRIETAIRE\Application Data\Seekmo\v3.0\HostOL\static\DownLoad\treexml.xip (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini101980.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
0
Réponse 7 / 25
Utilisateur anonyme
15 nov. 2008 à 18:44
Hi,

Combofix. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...

Fais exactement ce qui suit :



Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis....)

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

Tuto ici : TUTO
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp
0
Réponse 8 / 25
petitecoco43
15 nov. 2008 à 18:51
j'ai desactivé la protection residente de avast, j'ai desactivé le pare feu de windows par contre pr spybot je n'ai rien fait de particulier
est ce suffisant?
en tout merci bcp de ton aide et de ta patience !
0
Réponse 9 / 25
Utilisateur anonyme
15 nov. 2008 à 18:53
Hi,

pour spybot te conseil fortement de le désinstaller tu le remettra ensuite .

Car le tea-timer de spybot des fois fait des siennes.plop*plop*

Alut.
0
Réponse 10 / 25
petitecoco43
15 nov. 2008 à 19:30
voici donc le rapport :

ComboFix 08-11-13.02 - PROPRIETAIRE 2008-11-15 19:09:13.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.574 [GMT 1:00]
Lancé depuis: c:\documents and settings\PROPRIETAIRE\Bureau\C-Fix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\hhpxaxge.ini
c:\windows\system32\MSINET.oca
c:\windows\system32\oqXFhkkj.ini
c:\windows\system32\oqXFhkkj.ini2
c:\windows\system32\puufwgjc.ini

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-15 au 2008-11-15 ))))))))))))))))))))))))))))))))))))
.

2008-11-15 17:49 . 2008-11-15 17:49 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-15 17:49 . 2008-11-15 17:49 <REP> d-------- c:\documents and settings\PROPRIETAIRE\Application Data\Malwarebytes
2008-11-15 17:49 . 2008-11-15 17:49 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-15 17:49 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-15 17:49 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-15 17:44 . 2008-11-15 18:00 3,540 --a------ c:\windows\system32\tmp.reg
2008-11-15 17:43 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-15 17:43 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-15 17:43 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-15 17:43 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-15 17:43 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-15 17:43 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-15 17:43 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-15 17:43 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-15 17:43 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-15 17:43 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-14 21:17 . 2008-11-14 21:53 <REP> d-------- c:\documents and settings\PROPRIETAIRE\Application Data\Azureus
2008-11-14 21:17 . 2008-11-14 21:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
2008-11-14 19:17 . 2008-11-14 19:17 <REP> d-------- c:\program files\eRightSoft
2008-11-14 19:17 . 2008-11-14 19:17 <REP> d-------- c:\program files\AviSynth 2.5
2008-11-12 15:19 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 15:18 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-10 22:36 . 2008-11-10 22:45 <REP> d-------- c:\documents and settings\PROPRIETAIRE\Application Data\Ulead Systems
2008-11-10 22:31 . 2008-11-10 22:31 <REP> d-------- c:\program files\Fichiers communs\InterVideo
2008-11-10 22:31 . 2008-11-10 22:31 <REP> d-------- c:\documents and settings\All Users\Application Data\InterVideo
2008-11-10 22:31 . 2007-03-27 19:56 210,456 --a------ c:\windows\system32\IVIresizeW7.dll
2008-11-10 22:31 . 2007-03-27 19:56 206,360 --a------ c:\windows\system32\IVIresizeA6.dll
2008-11-10 22:31 . 2007-03-27 19:56 198,168 --a------ c:\windows\system32\IVIresizeP6.dll
2008-11-10 22:31 . 2007-03-27 19:56 198,168 --a------ c:\windows\system32\IVIresizeM6.dll
2008-11-10 22:31 . 2007-03-27 19:56 194,072 --a------ c:\windows\system32\IVIresizePX.dll
2008-11-10 22:31 . 2007-03-27 19:56 26,136 --a------ c:\windows\system32\IVIresize.dll
2008-11-10 22:30 . 2008-11-10 22:30 <REP> d-------- c:\program files\Windows Media Components
2008-11-10 22:29 . 2008-11-10 22:29 <REP> d-------- c:\program files\Ulead Systems
2008-11-10 22:29 . 2008-11-10 22:30 <REP> d-------- c:\program files\Fichiers communs\Ulead Systems
2008-11-10 22:29 . 2008-11-10 22:36 <REP> d-------- c:\documents and settings\All Users\Application Data\Ulead Systems
2008-11-10 22:07 . 2007-09-30 20:19 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-04 14:17 . 2008-11-04 14:17 <REP> d-------- c:\windows\system32\fr
2008-11-04 14:17 . 2008-11-04 14:17 <REP> d-------- c:\windows\system32\bits
2008-11-04 14:17 . 2008-11-04 14:17 <REP> d-------- c:\windows\l2schemas
2008-11-04 14:15 . 2008-11-04 14:17 <REP> d-------- c:\windows\ServicePackFiles
2008-11-04 14:09 . 2008-11-04 14:09 <REP> d-------- c:\windows\EHome
2008-10-23 19:08 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-16 12:35 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 12:35 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 12:35 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 12:35 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-16 12:35 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-16 12:34 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 18:25 --------- d-----w c:\program files\lx_cats
2008-11-15 17:55 --------- d-----w c:\documents and settings\PROPRIETAIRE\Application Data\OpenOffice.org2
2008-11-15 17:54 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-15 17:53 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-15 17:26 --------- d-----w c:\program files\Google
2008-11-14 20:32 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-14 18:34 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-14 18:34 --------- d-----w c:\program files\VirtualDub
2008-11-14 18:34 --------- d-----w c:\documents and settings\PROPRIETAIRE\Application Data\Desperate Housewives
2008-11-14 18:34 --------- d-----w c:\documents and settings\marc\Application Data\Desperate Housewives
2008-11-14 18:32 --------- d-----w c:\program files\Java
2008-11-14 18:30 --------- d-----w c:\program files\DivX
2008-11-14 05:48 --------- d-----w c:\program files\eMule
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-09-18 09:13 --------- d-----w c:\program files\Windows Live Safety Center
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-05 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-04-28 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-05-13 77824]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-01-22 286720]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 98304]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2005-09-21 425984]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 393216]
"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2005-09-29 114688]
"F-Secure Manager"="c:\program files\Pack Securite\Common\FSM32.EXE" [2007-04-26 183208]
"F-Secure TNB"="c:\program files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 740208]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 65536]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2005-08-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\PROPRIETAIRE\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"NPFMntor"=2 (0x2)
"navapsvc"=3 (0x3)
"LiveUpdate"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Neuf\\Kit\\9conf.exe"=
"c:\\Program Files\\Neuf\\Kit\\9mail.exe"=
"c:\\Program Files\\Neuf\\Kit\\9props.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8531:TCP"= 8531:TCP:emuletcp
"7561:TCP"= 7561:TCP:emultcp
"4661:TCP"= 4661:TCP:emuletcp
"4242:TCP"= 4242:TCP:emuletcp
"1002:UDP"= 1002:UDP:emuleudp
"4252:UDP"= 4252:UDP:emuleudp
"61000:UDP"= 61000:UDP:emuleudp
"4675:UDP"= 4675:UDP:emuleudp

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-08-21 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-02 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-02 20560]
R2 int15.sys;int15.sys;\??\c:\acer\Empowering Technology\eRecovery\int15.sys [2007-05-30 69632]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;c:\windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{ADFD5FD2-2DD2-4572-80DA-C74F1193FBA1} - (no file)
BHO-{BA60F275-C11F-435D-A773-B415542A6F9D} - (no file)
WebBrowser-{635566A6-3D2C-4109-AB89-961537C64CBE} - (no file)
ShellExecuteHooks-{ADFD5FD2-2DD2-4572-80DA-C74F1193FBA1} - (no file)


.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\1ujtrm0o.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 19:23:53
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\documents and settings\PROPRIETAIRE\Application Data\Microsoft\Internet Explorer\UserData\35FRKUCZ\Tdy58[1].xml

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Acer\Acer eConsole\MediaServerService.exe
c:\program files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Pack Securite\Common\FSMA32.EXE
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Pack Securite\Common\FSMB32.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Pack Securite\Common\FCH32.EXE
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Pack Securite\Common\FAMEH32.EXE
c:\program files\Pack Securite\FSPC\fspc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Pack Securite\FSAUA\program\fsaua.exe
c:\program files\Pack Securite\FSAUA\program\fsus.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\lxcrcoms.exe
c:\program files\Pack Securite\FSGUI\fsguidll.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\OpenOffice.org 2.3\program\soffice.bin
c:\windows\system32\msiexec.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-11-15 19:28:15 - La machine a redémarré [PROPRIETAIRE]
ComboFix-quarantined-files.txt 2008-11-15 18:28:04

Avant-CF: 24,997,252,096 octets libres
Après-CF: 25,189,085,184 octets libres

233 --- E O F --- 2008-11-12 17:00:56
0
Réponse 11 / 25
Utilisateur anonyme
15 nov. 2008 à 19:40
Hi,

installe NAVILOG1


Remarque concernant la détection de Navilog1 par certains programmes de sécurités :

Certains fichiers de Navilog1.exe peuvent être considérés comme dangereux et donc supprimés ou neutralisés par certains programmes de sécurités. Ce sont des faux positifs et dans certains cas, vous serez amener à désactiver votre protection le temps du téléchargement/utilisation de Navilog1.
/ !\ Déconnecte toi du net et désactive ton antivirus et antispyware résident pour que Navilog1 puisse s'exécuter normalement. / !\

Utilisateurs de Windows Vista :

* Afin que Navilog1 puisse fonctionner correctement, il est recommandé de désactiver l'UAC pendant l'utilisation de Navilog1 (Installation, Utilisation). N'oubliez pas dès l'utilisation de Navilog1 terminé à réactiver l'UAC sur votre Ordinateur.
comment faire pour désactiver l'UAC

* A chaque fois que vous êtes amené à exécuter Navilog1.bat ou Navilog1.exe pour l'installation, ne double-cliquez pas sur le fichier ou raccourci mais faites un clic droit dessus et dans le menu contextuel choisssez "Exécuter en tant qu'administrateur".

Le lancement de l'installation de Navilog1 se fait en exécutant Navilog1.exe

(Si vous avez téléchargé navilog1.zip, Veuillez auparavant décompresser ce fichier)

Une fois l'installation terminé, pour lancer le fix :

- en utilisant le raccourci crée sur le bureau : Navilog1
- Via le poste de travail, en exécutant le fichier Navilog1.bat se trouvant dans %program files%Navilog1

Après le choix de la langue et les messages d'avertissement, le menu s'affiche.

Faite le choix 1

Effectue la vérification du système à la recherche de l'adware. Un scan avec catchme de GMER est également éffectué pour Windows XP. Cette analyse peut durer une dizaine de minutes. Patientez alors jusqu'au message «Analyse terminée le ....». Appuyez sur une touche comme demandé et le bloc note va souvrir , Enregistrez-le sur votre disque. Puis Ouvrez-le et Copiez-Collez l'intégralité de ce rapport sur le forum qui vous l'auras demandé.

(si le bloc-note ne s'ouvre pas : Rendez-vous dans votre poste de travail, à la racine du disque C vous trouverez le rapport sous le nom de fixnavi.txt)

Attention : Ne lancez-pas la partie désinfection (choix 2, 3 ou 4) sans l'avis/accord express de l'Helper qui vous as pris en charge sur le forum d'aide ou vous aurez exposer votre problème.
0
Réponse 12 / 25
petitecoco43
15 nov. 2008 à 19:52
voici le log ::
Search Navipromo version 3.6.9 commencé le 15/11/2008 à 19:46:38,75

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "PROPRIETAIRE"

Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit

*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\PROPRIETAIRE\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\marc\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\MARIEC~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\PROPRIETAIRE\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\marc\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\MARIEC~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\PROPRIETAIRE\menud+~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\marc\menud+~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\MARIEC~1\menud+~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\PROPRIETAIRE\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\marc\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\MARIEC~1\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\PROPRIETAIRE\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


* Dans "C:\DOCUME~1\marc\locals~1\applic~1" :


* Dans "C:\DOCUME~1\MARIEC~1\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 15/11/2008 à 19:50:44,34 ***
0
Réponse 13 / 25
Utilisateur anonyme
15 nov. 2008 à 20:18
Hi,

fait un nouvelle hijackthis......

Alut.
0
Réponse 14 / 25
petitecoco43
15 nov. 2008 à 20:21
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:18, on 15/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.mediapluspro.com/mediaplus66/Download/msrdp.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 15 / 25
Utilisateur anonyme
15 nov. 2008 à 20:33
Hi,


Relance hijack et clique sur "Do a system scan only"

Ensuite recherche ces lignes et coches les cases


O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -

Ensuite clique sur "Fix checked"
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*
Tu as combien d'antivirus?

Alwil®Avast! Antivirus
F-Secure®Internet Security Suite
F-Secure Internet Security Suite
F-Secure®Internet Security
Symantec®Norton Antivirus

=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*
Refait un scan avec malwarebyte et supprime toute la quarantaine.

Poste le rapport générer.

Alut.
0
Réponse 16 / 25
petitecoco43
15 nov. 2008 à 21:44
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1400
Windows 5.1.2600 Service Pack 3

15/11/2008 21:39:11
mbam-log-2008-11-15 (21-39-06).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 132739
Temps écoulé: 55 minute(s), 1 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{18120FB7-1173-47C3-9BCD-321152D5F4E4}\RP559\A0181807.sys (Trojan.Downloader) -> No action taken.


je n'ai que avast comme anti virus
quelantivirus de preference gratuit me conseille tu? car apparament d'apres toutes les infections que j'avais ca a l'air d etre une passoire
0
Réponse 17 / 25
Utilisateur anonyme
15 nov. 2008 à 21:49
Hi,

alors relance malwarebyte et va dans l'onglet "quarantaine" et

supprime =>C:\System Volume Information\_restore{18120FB7-1173-47C3-9BCD-321152D5F4E4}\R­P559\A0181807.sys (Trojan.Downloader) -> No action taken.

Ensuite tu refait un hijackthis.

=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
Supprimer AVAST:

desinstaller avast proprement

=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
Un bon antivirus:

ANTIVIR

Alut.

0
Réponse 18 / 25
petitecoco43
15 nov. 2008 à 21:58
re

je n'arrive pas a supprimer avast avec le lien donné
ca me met :
self protection is enabled, the operation can't be completed

voici le scan :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:10, on 15/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.mediapluspro.com/mediaplus66/Download/msrdp.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 19 / 25
Utilisateur anonyme
15 nov. 2008 à 22:08
Hi,

Relance hijack et clique sur "Do a system scan only"

Ensuite recherche ces lignes et coches les cases


O2 - BHO: Freeze.com Helper - {D6A99B1F-FAB9-4FA5-9C9D-D0D0CF846C05} - C:\Program Files\YourScreen\Freeze.DesktopManager.BrowserHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -

Ensuite clique sur "Fix checked"

Car pas fait avant!!!!!!!
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
1. Téléchargez aswClear.exe sur votre bureau
2. Désactivez le système d’autoprotection avast!
3. Exécutez l'utilitaire téléchargé
4. Si vous avez installé avast dans un dossier différent de celui par défaut retrouvez le en parcourrant votre disque avec le bouton "...". (Note: Faites attention! Le contenu de tout dossier que vous choisirez sera supprimé!)
5. Cliquez sur Uninstall
6. Redémarrez votre ordinateur

fait le en mode sans échec

=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
Reposte un hijackthis.

Alut.
0
Réponse 20 / 25
petitecoco43
15 nov. 2008 à 22:20
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:18:17, on 15/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.mediapluspro.com/mediaplus66/Download/msrdp.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0

Discussions similaires

télécharger et installer encarta junior
98653773 -
1 -

3 réponses
Google Chrome "  Échec de l'analyse antivirus "
jmpower -
Coco71 -

15 réponses
pro direct soccer fiable ?
Doudy28 -
Sm81 -

6 réponses
Avis sur Pro Foot X
rimka -
Loulou -

32 réponses