mal warior qui s'impose constementFermé

Question

Bonjour,
j'ai un programme que je n'ai absolument pas installé et dont je n'arrive pas a me débarrasser.
Il s'agit de malwarrior.
il s'ouvre tout seul consentement et s'impose sur mon écran et il est très lourd.

comment puis le supprimer pour de bon svp?

jlpjlp · Answer

slt


colle un rapport hijackthis 
 

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo. 

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste 

Ensuite avec Explorer créer un dossier c:\hijackthis 
Décompresser Hijackthis dans ce dossier. 
C'est important pour les sauvegardes."
________________

télécharge combofix (par sUBs) ici : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

et enregistre le sur le bureau. 


déconnecte toi d'internet et ferme toutes tes applications. 

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) 


double-clique sur combofix.exe et suis les instructions 

à la fin, il va produire un rapport C:\ComboFix.txt 

réactive ton parefeu, ton antivirus, la garde de ton antispyware 

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 

Tu as un tutoriel complet ici : 

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

sKe69 · Answer

salut,
commence par faire ce-ci :
Télécharges et instales le logiciel HijackThis : 
 
ftp://ftp.commentcamarche.com/download/HJTInstall.exe

Important :
1-Faire un click droit sur le lien ci-dessus et choisir "enregistrer la cible sous ... " et renommer Hijackthis en "thejack" .

Cliker sur thejack.exe pour lancer l'instale . laisses toi guider et instale le à l'endroit par défaut ( C\: programme file \ ) .
A la fin tu doit avoir un raccouci sur ton bureau et aussi un cheminement comme : "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe " .

2-Renommer le prg HijackThis : 
dans "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe", clik droit sur ce dernier et choisis "renommer" : tapes monjack et valide .

tuto pour l’utiliser 
regarde ici c'est parfaitement expliqué en images 
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm 

!!Déconnectes toi et fermes toute tes applications en cours !!

Double clik sur le raccourci du bureau,
Fais un scan monjack (ou HijackThis renommé) et postes le rapport générer pour analyse ...

tilt · Answer

merci a toute

tilt · Answer

resalu et merci pour votre aide

voici donc le rapport hijack this

 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:23, on 20/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AbsoluteTransfer module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Program Files\AbsoluteTransfer\AbsoluteTransfer.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

sKe69 · Answer

Salut,
Télécharges BTFix 1.017 (de bibi26) :
ici http://cluster1.easy-hebergement.net/ 
ou ici https://www.01net.com/ 

Déconnectes toi et fermes toute tes applications en cours.

* Décompresse l'archive sur ton Bureau (Clique-Droit/Extraire tout). 
* Ouvre le dossier BTFix 
* Double clique sur BTFix.exe 
* Clique sur Rechercher 
* Un rapport va apparaître, copie/colle-le dans ta prochaine réponse .

Tuto (aide):
https://leblogdeclaude.blogspot.com/2007/10/procdure-btfix.html

jlpjlp · Answer

pourquoi dis tu résolu alors qu'il en reste plein!

tilt · Answer

heu j'ai di re salut ;) en fait je viens de faire avec combo fix ça va aussi ??? je te passe le rapport thx ComboFix 08-05-19.4 - Thiliti 2008-05-20 19:27:19.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.691 [GMT 2:00] Endroit: C:\Documents and Settings\Thiliti\Bureau\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Thiliti\Application Data\inst.exe C:\Documents and Settings\Thiliti\Local Settings\Temporary Internet Files\bestwiner.stt C:\Documents and Settings\Thiliti\Local Settings\Temporary Internet Files\CPV.stt C:\Documents and Settings\Tilt\Application Data\Seekmo C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\1.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\1049051.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\1383356.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\1383442.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\1391092.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\1674600.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\2193100.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\2402948.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\2780046.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\2883915.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\3251993.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\3286773.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\3340762.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\3739474.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\3852203.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\3852962.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\3893245.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\596166.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\600583.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\639989.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\914727.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\921390.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\991767.sdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\domains.txt C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000023651 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000023900 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000024375 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000026048 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000027037 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000027169 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000027270 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000028825 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000032954 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000032977 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000033079 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000044868 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000047858 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000052008 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000052451 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000063329 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000063923 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000064073 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000065105 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000065225 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000079884 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\12457 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\130787 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\133685 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\15596 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\16204 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17025 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17040 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\18296 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\18383 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\19052 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20299 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20478 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\20570 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\212398 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\21846 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\22254 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\22364 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\24625 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\247895 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\25911 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\26664 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\269926 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\27503 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\29115 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32171 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32415 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\32551 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\33137 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\33912 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34123 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34174 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34186 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34237 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34513 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34911 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\349801 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35047 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\372500 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\374830 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\38733 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\39232 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\4020 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\41917 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\42208 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\427075 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44100 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44228 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44300 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44313 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44320 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44588 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\44878 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\451453 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\45827 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\481176 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\49833 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\51495 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\5204 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\52335 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\52968 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\52990 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\531510 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\53310 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\533670 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\5358 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\54118 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\5535 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\55907 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\57137 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\576702 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\61779 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\623694 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\624002 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\6292 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\631109 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64446 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64495 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64737 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\650283 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\652325 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\657449 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\658110 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\65843 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\6612 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\66836 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\66851 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\67469 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\68076 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\68386 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\68586 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\69235 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\703600 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\704972 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\704983 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\705150 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\705211 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\705215 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\705216 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\705293 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\705308 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\705311 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\705395 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\70608 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\709557 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\733622 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\738022 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744260 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\744756 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\745356 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753017 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753309 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753311 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753317 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753327 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753331 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753335 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\81293 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\82292 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\85062 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\85878 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\86452 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\87109 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\87881 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\90009 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\90358 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\90940 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93286 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\99739 C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat\364b.dat C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans.idx C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans1.dat C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\buttondir.txt C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\components.cdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\cursors.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_1000.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_2000.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_3000.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_bar.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_bbar1.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_logos.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_other.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_weather.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\default.cdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_511745-514279.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_categorize.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_comparison.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-Mails.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-people.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_favorites.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Games.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hide.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hotbarcom.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hotmail.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hsskin.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Mails.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_new.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_premium.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchfor.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchgo.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_weather.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_yellowpages.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-548964.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-9595.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\email-t1-bg.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\icons2.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_games_icon.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_video.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords.idx C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords1.dat C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\layout.cdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\linkpathlegal.txt C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\progress.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\s_icons_buttons.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\sales_buttons.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo_ie_menu.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1 2_bg.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1 heweb.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1 op7.cdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1\Top7_theweb.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\1 sd_bg.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\btntrans.idx C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\btntrans1.dat C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\buttondir.txt C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\components.cdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\cursors.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_1000.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_2000.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_3000.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bar.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bbar1.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_logos.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_other.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_weather.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\default.cdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_511745-514279.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_categorize.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_comparison.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-Mails.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-people.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_favorites.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Games.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hide.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hotbarcom.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hotmail.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hsskin.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Mails.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_new.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_premium.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchfor.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchgo.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_weather.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_yellowpages.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\email-def-511724-548964.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\email-def-511724-9595.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\email-t1-bg.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\icons2.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_games_icon.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_video.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords.idx C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords1.dat C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\layout.cdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\linkpathlegal.txt C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\progress.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\s_icons_buttons.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\sales_buttons.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo_ie_menu.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2 2_bg.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2 heweb.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2 op7.cdf C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2\Top7_theweb.mnu C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\2 sd_bg.res C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans1.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_1000.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_2000.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_3000.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bar.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bbar1.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_logos.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_other.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_weather.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\default.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\icons2.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathlegal.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\progress.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\s_icons_buttons.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.txt C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo_ie_menu.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad 2_bg.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad op7.xip C:\Documents and Settings\Tilt\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad sd_bg.xip C:\Documents and Settings\Tilt\Application Data\ShoppingReport C:\Documents and Settings\Tilt\Application Data\ShoppingReport\cs\Config.xml C:\Documents and Settings\Tilt\Application Data\ShoppingReport\cs\db\Aliases.dbs C:\Documents and Settings\Tilt\Application Data\ShoppingReport\cs\db\Sites.dbs C:\Documents and Settings\Tilt\Application Data\ShoppingReport\cs\dwld\WhiteList.xip C:\Documents and Settings\Tilt\Application Data\ShoppingReport\cs eport\aggr_storage.xml C:\Documents and Settings\Tilt\Application Data\ShoppingReport\cs eport\send_storage.xml C:\Documents and Settings\Tilt\Application Data\ShoppingReport\cs es1\WhiteList.dbs C:\Program Files\GamesBar\oberontb.dll C:\Program Files\wnsxs~1 . ((((((((((((((((((((((((((((( Fichiers créés 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))))))) . 2008-05-20 19:26 . 2008-05-20 19:26 1,024 --ah----- C:\Documents and Settings\Default User.WINDOWS tuser.dat.LOG 2008-05-18 22:46 . 2008-05-18 22:46 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sandlot Games 2008-05-18 22:43 . 2008-05-20 19:27 d-------- C:\Program Files\GamesBar 2008-05-18 22:43 . 2008-05-19 23:58 d-------- C:\Program Files\Gamenext 2008-05-18 22:43 . 2008-05-18 22:43 d-------- C:\Program Files\Fichiers communs\Oberon Media 2008-05-18 22:43 . 2008-05-19 22:21 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar 2008-05-15 19:59 . 2008-05-15 19:59 d-------- C:\WINDOWS\ERUNT 2008-05-14 22:36 . 2008-05-15 20:30 d-------- C:\SDFix 2008-05-14 21:39 . 2008-05-15 18:57 d-------- C:\Program Files\Navilog1 2008-05-14 21:27 . 2008-05-14 21:27 d-------- C:\Program Files\Trend Micro 2008-05-14 18:16 . 2008-05-14 18:16 d-------- C:\Program Files\Lavasoft 2008-05-14 18:16 . 2008-05-14 18:17 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft 2008-05-13 20:18 . 2008-05-19 23:56 d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2008-05-12 18:50 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2008-05-12 18:50 . 2005-07-06 17:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-05-11 16:42 . 2008-05-18 14:57 d-------- C:\Program Files\AbsoluteTransfer 2008-05-11 16:34 . 2008-05-14 22:40 d-------- C:\Documents and Settings\Thiliti\Application Data\TmpRecentIcons 2008-05-11 14:54 . 2008-05-11 14:54 29,824 --a------ C:\WINDOWS\system32\ssqPfffD.dll 2008-05-11 14:39 . 2008-05-11 14:39 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited 2008-05-05 18:00 . 2008-05-12 19:16 60 --a------ C:\WINDOWS\yesmessenger.ini 2008-05-04 12:46 . 2008-05-06 22:43 d-------- C:\Program Files\PhoenixDataBase 2008-04-30 00:21 . 2008-05-19 00:30 d-------- C:\Program Files\adslTV 2008-04-27 22:25 . 2008-04-28 20:57 d-------- C:\Program Files\Tropico2Demo 2008-04-27 15:24 . 2008-05-16 23:58 38 --a------ C:\WINDOWS\avisplitter.INI 2008-04-20 20:06 . 2008-05-20 19:04 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab 2008-04-20 20:06 . 2008-05-20 19:34 9,934,880 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-20 20:06 . 2008-05-20 19:34 140,576 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-04-20 20:06 . 2008-05-20 02:14 137,432 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-20 20:06 . 2008-04-21 16:49 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-04-20 20:06 . 2008-04-21 16:49 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-04-20 20:06 . 2008-05-20 02:14 16,028 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-04-20 15:07 . 2008-04-20 15:07 244 --ah----- C:\sqmnoopt07.sqm 2008-04-20 15:07 . 2008-04-20 15:07 232 --ah----- C:\sqmdata07.sqm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-14 16:15 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-05-09 16:16 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-04-29 22:21 --------- d-----w C:\Documents and Settings\Thiliti\Application Data\vlc 2008-04-27 20:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-20 11:14 --------- d-----w C:\Program Files\EPSON 2008-04-19 22:52 --------- d-----w C:\Documents and Settings\Thiliti\Application Data\Vso 2008-04-19 21:15 --------- d-----w C:\Program Files\Inet_Get_2 2008-04-15 19:58 --------- d-----w C:\Documents and Settings\Thiliti\Application Data\CopyToDvd 2008-04-07 17:10 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-04-07 17:10 47,360 ----a-w C:\Documents and Settings\Thiliti\Application Data\pcouffin.sys 2008-04-07 17:10 --------- d-----w C:\Program Files\VSO 2008-04-06 23:07 --------- d-----w C:\Program Files\Windows Live 2008-04-06 14:06 --------- d-----w C:\Program Files\eMule 2008-04-06 12:52 --------- d-----w C:\Program Files\Winamp 2008-04-05 22:58 8,864 ----a-w C:\WINDOWS\system32\drivers\CDAC15BA.SYS 2008-04-05 17:21 --------- d-----w C:\Program Files\AskTBar 2008-04-05 16:54 --------- d-----w C:\Program Files\Java 2008-04-05 14:02 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-04-05 13:51 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-04-05 13:48 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller 2008-04-05 13:44 --------- d-----w C:\Documents and Settings\Thiliti\Application Data\MSNInstaller 2008-03-30 17:16 --------- d-----w C:\Program Files\MSXML 4.0 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-22 18:21 --------- d-----w C:\Documents and Settings\Thiliti\Application Data\EPSON 2008-03-22 18:20 --------- d-----w C:\Documents and Settings\Thiliti\Application Data\Smart Panel 2008-03-22 18:19 --------- d-----w C:\Documents and Settings\Thiliti\Application Data\InterTrust 2008-03-22 18:18 39,936 ----a-w C:\WINDOWS\system32\drivers\CDAC11BA.EXE 2008-03-22 18:18 --------- d-----w C:\Documents and Settings\Thiliti\Application Data\ABBYY 2008-03-22 18:15 --------- d-----w C:\Program Files\Smart Panel 2008-03-22 17:58 --------- d-----w C:\Program Files\Accessoires 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 00:41 --------- d-----w C:\Program Files\Nero 2008-03-20 00:41 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero 2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2007-02-13 02:01 339 ---ha-w C:\Documents and Settings\Administrateur\hpothb07.dat 2007-02-13 02:01 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat 2007-02-13 02:01 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat 2007-02-13 01:57 0 -c-ha-w C:\Program Files\hpothb07.tif 2007-02-13 01:57 0 -c-ha-w C:\Program Files\hpothb07.dat 2005-09-26 21:08 271 --sh--w C:\Program Files\desktop.ini 2005-09-26 21:08 22,115 -c-ha-w C:\Program Files\folder.htt . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}] 2008-03-27 15:43 247296 --a------ C:\Program Files\AbsoluteTransfer\AbsoluteTransfer.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [ ] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "MalWarrior"="C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" [2008-05-11 14:40 1026560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 18:12 131072] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856] "C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\WINDOWS\system32\usmt\migwiz.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "D:\eMule\emule.exe"= "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"= "C:\Program Files\adslTV\adsltv.exe"= R2 LANPkt;Realtek LANPkt Protocol;C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-09-17 16:57] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 14:28] S3 Diag69xp;Diag69xp;C:\WINDOWS\system32\Drivers\Diag69xp.sys [2003-08-15 03:55] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-20 19:34:53 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-05-20 19:37:22 ComboFix-quarantined-files.txt 2008-05-20 17:37:19 Pre-Run: 79,929,344 octets libres Post-Run: 2,077,704,192 octets libres 470 --- E O F --- 2008-05-17 01:01:47

sKe69 · Answer

Peut refaire un scan hijack et poster le nouveau rapport obtenu ...

tilt · Answer

voici le nouveau scan     (a mon avis il reste pas mal de sale truc )


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:08, on 20/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AbsoluteTransfer module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Program Files\AbsoluteTransfer\AbsoluteTransfer.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

jlpjlp · Answer

effectivement un hiajkchtis de contrôle et un btfix comme tu as proposé serainet les bien venu

jlpjlp · Answer

fais BTFIX proposé en 7


il faudrait analyser ceci sur virus total:  https://www.virustotal.com/gui/

C:\WINDOWS\yesmessenger.ini

tilt · Answer

ben les liens vers BTFIX marche pas...

y a t'il d'autre liens que tu connaisse?

sKe69 · Answer

on récapitule ... =)

1-rapport BTFix ( manipe post 7 )

Accompagné de : 
2-résultat analyse Virus totale ( manipe post 13 )

tilt · Answer

ben j'ai bien compris pour ce que je dois faire mais lorsque je clic sur les liens pour telecharger btfix ils ne marchent pas 
alors comment faire pour avoir ce fameux btfix?

tilt · Answer

heu là j'ai un enorme probleme ....     mon pc a redémarrer car combo lui a demandé mais ma session ne peut plus s'ouvrir et une fenetre s'affiche en mettant:
" impossible de demarrer votre compte car shdocvw.dll est introuvable réinstaller le"

donc là je peux plus rien ouvrir... as tu une idée de la maniere dont ce sortir de là
pourtant je n'ai rien toucher pendant tout l'op
...

jlpjlp · Answer

telecharge le dll ici

https://www.fichier-dll.fr/shdocvw.dll,3789
ou
https://www.dll-files.com/shdocvw.dll.html

puis du le dezippe si besoin et tu le mets dans le fichier system32  (aller dans psote de travail puis C puiswindows puis system32) en faisant un copier /coller


C:\WINDOWS\system32\shdocvw.dll 


__________
si cela persiste:
essaye de reparer comme ceci
https://www.pcastuces.com/pratique/windows/xp/default.htm
____________

ou si cela persiste encore
essaye de reparer windows

https://www.informatruc.com

sKe69 · Answer

tiens nous bien au courrant de la situation et n'ésite pas à nous faire part des éventuelles dificultés que tu rencontres !

Si tu peut , essayes aussi de réparer en mode sans échec ...
Démarrer en mode sans echec : 
Comment aller en Mode sans échec 
1) Redémarres ton ordi 
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
3) Tu verras un écran avec options de démarrage apparaître 
4) Choisis la première option : Sans Échec, et valide avec "Entrée" 
5) Choisis ton compte habituel, et non Administrateur (si besoin ... ) ---> enfin , si cela marche ...

jlpjlp · Answer

sinon restaure ton ordi a une heure anterieure
comme ceci: 
http://www.infoprat.net/astuces/windows2k_xp/astuces/divers_004.php



puis refais le script du post 17 en mettant ceci (où j'ai retiré shdocvw.dll)





File::
C:\Program Files\AskTBar
C:\Program Files\GamesBar
C:\Program Files\Gamenext
C:\Program Files\Fichiers communs\Oberon Media
C:\Program Files\AbsoluteTransfer\AbsoluteTransfer.dll
C:\Program Files\AbsoluteTransfe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MalWarrior"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}]

Mal warior qui s'impose constement

18 réponses

Discussions similaires

Newsletters