Votre question

Rapport hijackthis et ToolBarSD que faire

Tags :
  • Hijackthis
  • Sécurité
Dernière réponse : dans Sécurité et virus
20 Mai 2009 18:33:35


Voilà des rapport hijack et toolbar que doi je faire ?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:28, on 20/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Poste\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher 2.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flas...
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.fnacphoto.com/ectelechargement/xupload/XUplo...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: (no name) -  TtwyxxHrU5n-M:http://voyages.caradisiac.com/images/aphotos/la_reunion.jpg" rel="nofollow" target="_blank">http://tbn0.google.com/images?q=tbn:p TtwyxxHrU5n-M:http...

--
End of file - 9694 bytes




***********************************************************************************




-----------\\ ToolBar S&D 1.2.5 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Poste ( Administrator )
BOOT : Normal boot
Antivirus : Bitdefender Antivirus 8.0 (Activated)
Firewall : ActiveArmor Firewall 1.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:232 Go (Free:140 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [1] ( 20/05/2009|18:29 )

-----------\\ Recherche de Fichiers / Dossiers ...

[Service] MyWebSearchService
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver
C:\Program Files\FunWebProducts\Shared
C:\Program Files\FunWebProducts\ScreenSaver\Images
C:\Program Files\FunWebProducts\Shared\Cache
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html
C:\Program Files\Fun Web Products
C:\Program Files\Fun Web Products\MSNMessenger
C:\Program Files\Fun Web Products\MSNMessenger\MSNBackgrounds
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar
C:\Program Files\MyWebSearch\SrchAstt
C:\Program Files\MyWebSearch\bar\1.bin
C:\Program Files\MyWebSearch\bar\2.bin
C:\Program Files\MyWebSearch\bar\Avatar
C:\Program Files\MyWebSearch\bar\Cache
C:\Program Files\MyWebSearch\bar\Game
C:\Program Files\MyWebSearch\bar\History
C:\Program Files\MyWebSearch\bar\icons
C:\Program Files\MyWebSearch\bar\Message
C:\Program Files\MyWebSearch\bar\Notifier
C:\Program Files\MyWebSearch\bar\Settings
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\008FB7FE
C:\Program Files\MyWebSearch\bar\Cache\008FBA4F.bin
C:\Program Files\MyWebSearch\bar\Cache\008FC9C0.bin
C:\Program Files\MyWebSearch\bar\Cache\008FCE25.bin
C:\Program Files\MyWebSearch\bar\Cache\008FD26B.bin
C:\Program Files\MyWebSearch\bar\Cache\009C3234.bin
C:\Program Files\MyWebSearch\bar\Cache\009C3419.bin
C:\Program Files\MyWebSearch\bar\Cache\009C36A9.bin
C:\Program Files\MyWebSearch\bar\Cache\009C3830.bin
C:\Program Files\MyWebSearch\bar\Cache\02992FB8
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin
C:\Program Files\MyWebSearch\SrchAstt\2.bin
C:\WINDOWS\System32\f3PSSavr.scr
C:\Program Files\Internet Explorer\msimg32.dll
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll

-----------\\ Extensions

(Poste) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Start Page"="http://www.01net.com/telecharger/"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68928"
"Url"="http://go.microsoft.com/fwlink/?LinkID=44406"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68929"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 23/11/2008|17:55 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 24/11/2008|19:05 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - 20/05/2009|18:30 - Option : [1]

-----------\\ Fin du rapport a 18:30:10,09

Autres pages sur : rapport hijackthis toolbarsd

a c 295 8 Sécurité
20 Mai 2009 18:37:45

Bonjour,

  • Fais l'option 2 de ToolBar S&D et poste le rapport.

    Je te déconseille de garder SweetIM.
    22 Mai 2009 20:57:41

    ok ok voilà le rapport merci beaucoup pour ton aide. et pour sweetim je déconseil aussi mais c'est ppas mon ordi c'est celui a ma copine de plus je conseiller Antivir mais idem ça leur plait pas alors je fait de mon mieux mai sje peux pas non plus tout leur faire sansleur permission ...


    -----------\\ ToolBar S&D 1.2.5 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : Poste ( Administrator )
    BOOT : Normal boot
    Antivirus : Bitdefender Antivirus 8.0 (Activated)
    Firewall : ActiveArmor Firewall 1.0 (Not Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:232 Go (Free:140 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)

    "C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
    Option : [2] ( 22/05/2009|20:53 )

    -----------\\ SUPPRESSION

    Supprime! - [Service] MyWebSearchService
    Supprime! - C:\Program Files\FunWebProducts\ScreenSaver
    Supprime! - C:\Program Files\FunWebProducts\Shared
    Supprime! - C:\Program Files\Fun Web Products\MSNMessenger
    Echec ! - C:\Program Files\MyWebSearch\bar
    Supprime! - C:\Program Files\MyWebSearch\SrchAstt
    Echec ! - C:\Program Files\MyWebSearch\bar\2.bin
    Echec ! - C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
    Echec ! - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
    Supprime! - C:\WINDOWS\System32\f3PSSavr.scr
    Supprime! - C:\Program Files\Internet Explorer\msimg32.dll
    Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
    Supprime! - C:\Program Files\FunWebProducts
    Supprime! - C:\Program Files\Fun Web Products
    Echec ! - C:\Program Files\MyWebSearch

    -----------\\ DEUXIEME PASSAGE

    Echec ! - C:\Program Files\MyWebSearch\bar
    Echec ! - C:\Program Files\MyWebSearch\bar\2.bin
    Echec ! - C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
    Echec ! - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
    Echec ! - C:\Program Files\MyWebSearch

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar
    C:\Program Files\MyWebSearch\bar\2.bin
    C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

    -----------\\ Extensions

    (Poste) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese..."
    "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
    "Start Page"="http://www.01net.com/telecharger/"
    "Url"="http://go.microsoft.com/fwlink/?LinkID=68928"
    "Url"="http://go.microsoft.com/fwlink/?LinkID=44406"
    "Url"="http://go.microsoft.com/fwlink/?LinkID=68929"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.msn.com/"


    --------------------\\ Recherche d'autres infections


    Aucune autre infection trouvée !


    1 - "C:\ToolBar SD\TB_1.txt" - 23/11/2008|17:55 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 24/11/2008|19:05 - Option : [2]
    3 - "C:\ToolBar SD\TB_3.txt" - 20/05/2009|18:30 - Option : [1]
    4 - "C:\ToolBar SD\TB_4.txt" - 22/05/2009|20:54 - Option : [2]

    -----------\\ Fin du rapport a 20:54:58,46



    merci encore pour ton aide !!
    Contenus similaires
    a c 295 8 Sécurité
    22 Mai 2009 21:16:25

  • Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    /!\ Déconnecte-toi et ferme toutes applications en cours /!\

  • Double-clique sur "Ad-R.exe", installe-le dans son emplacement par défaut (C:\Program files).
  • Double-clique sur l'icône AD-Remover située sur ton Bureau.
  • Au menu principal, choisis l'option L.
  • Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report-(date).log)

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Note :
    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    23 Mai 2009 16:35:04


    ------- RAPPORT D'AD-REMOVER 1.1.4.2 | UNIQUEMENT XP/VISTA -------

    Mit à jour part C_XX le 23/05/2009 à 13:40
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

    Lancé à: 16:13:56, 23/05/2009 | Normal
    Exécuté de: C:\Program Files\Ad-remover\
    Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
    Nom du PC: FALVET-1B695FD0
    Utilisateur actuel: Poste - Administrator

    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    .
    HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
    HKCR\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
    HKCR\MgMediaPlayer.GifAnimator
    HKCR\MgMediaPlayer.GifAnimator.1
    HKCR\SWEETIE.IEToolbar
    HKCR\SWEETIE.IEToolbar.1
    HKCR\SWEETIE.SWEETIE
    HKCR\SWEETIE.SWEETIE.1
    HKCR\ToolBand.SWEETIE
    HKCR\ToolBand.SWEETIE.1
    HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
    HKCR\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}
    HKCU\Software\FunWebProducts
    HKCU\Software\Grand Virtual
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
    HKCU\Software\SWEETIE
    HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
    HKLM\Software\Macrogaming
    HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{502358FB-0718-45BC-B142-7511F1694D58}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F6D63A65-BD23-46F3-B9A3-87F442423481}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker
    HKU\S-1-5-18\Software\SWEETIE
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetim
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetim
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    HKCR\Installer\Products\BF8532058170CB541B2457111F96D485
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\BF8532058170CB541B2457111F96D485
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
    .
    C:\Documents and Settings\All Users\Menudm~1\Progra~1\Everest Poker\Everest Poker.lnk
    C:\Documents and Settings\All Users\Menudm~1\Progra~1\Everest Poker\Uninstall Everest Poker.lnk
    C:\Documents and Settings\All Users\Menudm~1\Progra~1\Everest Poker
    C:\Program Files\Everest Poker\casino.exe
    C:\Program Files\Everest Poker\cstart.exe
    C:\Program Files\Everest Poker\data
    C:\Program Files\Everest Poker\Everest Poker.exe
    C:\Program Files\Everest Poker\gvbase.dll
    C:\Program Files\Everest Poker\gvcrt.dll
    C:\Program Files\Everest Poker\gvgfx-dib.dll
    C:\Program Files\Everest Poker\gvgfx.dll
    C:\Program Files\Everest Poker\gvmain.dll
    C:\Program Files\Everest Poker\gvmain.exe
    C:\Program Files\Everest Poker\gvnetwork.dll
    C:\Program Files\Everest Poker\gvsound.dll
    C:\Program Files\Everest Poker\history
    C:\Program Files\Everest Poker\init.ini
    C:\Program Files\Everest Poker\log.dat
    C:\Program Files\Everest Poker\settings.ini
    C:\Program Files\Everest Poker\toc_fr.ini
    C:\Program Files\Everest Poker\var
    C:\Program Files\Everest Poker\data\cpanel
    C:\Program Files\Everest Poker\data\fonts
    C:\Program Files\Everest Poker\data\mp-lobby
    C:\Program Files\Everest Poker\data\mp-poker
    C:\Program Files\Everest Poker\data\shared
    C:\Program Files\Everest Poker\data\startup
    C:\Program Files\Everest Poker\data\fonts\kgp-en.ttf
    C:\Program Files\Everest Poker\data\mp-lobby\fr.gvt
    C:\Program Files\Everest Poker\data\mp-lobby\shared.gvt
    C:\Program Files\Everest Poker\data\mp-poker\background
    C:\Program Files\Everest Poker\data\mp-poker\fr
    C:\Program Files\Everest Poker\data\mp-poker\shared.gvt
    C:\Program Files\Everest Poker\data\mp-poker\background\default.gvt
    C:\Program Files\Everest Poker\data\mp-poker\fr\bitmaps.gvt
    C:\Program Files\Everest Poker\data\mp-poker\fr\mp-poker_strings.txt
    C:\Program Files\Everest Poker\data\mp-poker\fr\mp-poker_tutorial.txt
    C:\Program Files\Everest Poker\data\shared\fr
    C:\Program Files\Everest Poker\data\shared\shared
    C:\Program Files\Everest Poker\data\shared\fr\country.txt
    C:\Program Files\Everest Poker\data\shared\fr\language.txt
    C:\Program Files\Everest Poker\data\shared\fr\ordinal.txt
    C:\Program Files\Everest Poker\data\shared\shared\bitmaps
    C:\Program Files\Everest Poker\data\shared\shared\sounds
    C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt
    C:\Program Files\Everest Poker\data\shared\shared\bitmaps\check.art
    C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art
    C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg
    C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg
    C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg
    C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg
    C:\Program Files\Everest Poker\data\startup\en
    C:\Program Files\Everest Poker\data\startup\fr
    C:\Program Files\Everest Poker\data\startup\shared
    C:\Program Files\Everest Poker\data\startup\en\startup_strings.txt
    C:\Program Files\Everest Poker\data\startup\fr\cstart.txt
    C:\Program Files\Everest Poker\data\startup\fr\startup_strings.txt
    C:\Program Files\Everest Poker\data\startup\shared\bitmaps
    C:\Program Files\Everest Poker\data\startup\shared\icons
    C:\Program Files\Everest Poker\data\startup\shared\sounds
    C:\Program Files\Everest Poker\data\startup\shared\bitmaps\splash_poker.art
    C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico
    C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg
    C:\Program Files\Everest Poker\history\11.txt
    C:\Program Files\Everest Poker\history\12.txt
    C:\Program Files\Everest Poker\history\13.txt
    C:\Program Files\Everest Poker\history\16.txt
    C:\Program Files\Everest Poker\history\17.txt
    C:\Program Files\Everest Poker\history\18.txt
    C:\Program Files\Everest Poker\history\2.txt
    C:\Program Files\Everest Poker\history\26.txt
    C:\Program Files\Everest Poker\history\27.txt
    C:\Program Files\Everest Poker\history\3.txt
    C:\Program Files\Everest Poker\history\30.txt
    C:\Program Files\Everest Poker\history\31.txt
    C:\Program Files\Everest Poker\history\4.txt
    C:\Program Files\Everest Poker\history\7.txt
    C:\Program Files\Everest Poker\var\content-fr.dat
    C:\Program Files\Everest Poker
    /!\ NON SUPPRIMÉ: C:\Program Files\Macrogaming\SweetIM
    C:\Program Files\Macrogaming\SweetIMBarForIE
    C:\Program Files\Macrogaming\SweetIM\conf
    C:\Program Files\Macrogaming\SweetIM\data
    C:\Program Files\Macrogaming\SweetIM\default.xml
    C:\Program Files\Macrogaming\SweetIM\logs
    /!\ NON SUPPRIMÉ: C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll
    C:\Program Files\Macrogaming\SweetIM\mgAIMAuto.dll
    C:\Program Files\Macrogaming\SweetIM\mgAIMMessengerAdapter.dll
    C:\Program Files\Macrogaming\SweetIM\mgArchive.dll
    C:\Program Files\Macrogaming\SweetIM\mgcommon.dll
    C:\Program Files\Macrogaming\SweetIM\mgcommunication.dll
    C:\Program Files\Macrogaming\SweetIM\mgconfig.dll
    C:\Program Files\Macrogaming\SweetIM\mgFlashPlayer.dll
    C:\Program Files\Macrogaming\SweetIM\mghooking.dll
    C:\Program Files\Macrogaming\SweetIM\mgIEPlayer.dll
    C:\Program Files\Macrogaming\SweetIM\mglogger.dll
    C:\Program Files\Macrogaming\SweetIM\mgMediaPlayer.dll
    C:\Program Files\Macrogaming\SweetIM\mgMsnAuto.dll
    C:\Program Files\Macrogaming\SweetIM\mgMsnMessengerAdapter.dll
    C:\Program Files\Macrogaming\SweetIM\mgSweetIM.dll
    C:\Program Files\Macrogaming\SweetIM\mgUpdateSupport.dll
    C:\Program Files\Macrogaming\SweetIM\mgxml_wrapper.dll
    C:\Program Files\Macrogaming\SweetIM\mgYahooAuto.dll
    C:\Program Files\Macrogaming\SweetIM\mgYahooMessengerAdapter.dll
    C:\Program Files\Macrogaming\SweetIM\msvcp71.dll
    /!\ NON SUPPRIMÉ: C:\Program Files\Macrogaming\SweetIM\msvcr71.dll
    C:\Program Files\Macrogaming\SweetIM\resources
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Macrogaming\SweetIM\update
    C:\Program Files\Macrogaming\SweetIM\conf\adapter.xml
    C:\Program Files\Macrogaming\SweetIM\conf\autoupdate.xml
    C:\Program Files\Macrogaming\SweetIM\conf\logger.xml
    C:\Program Files\Macrogaming\SweetIM\conf\messages.xml
    C:\Program Files\Macrogaming\SweetIM\conf\sweetim.xml
    C:\Program Files\Macrogaming\SweetIM\conf\sweetimapp.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users
    C:\Program Files\Macrogaming\SweetIM\conf\users\a.lacouette@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\j.jeannettedu49@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\jb.lauriane@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\la.marie.co@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\mili-milou@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\nicosava@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\parole-sage@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\pyroman-prod@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\zoobie@live.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\a.lacouette@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\a.lacouette@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\j.jeannettedu49@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\j.jeannettedu49@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\jb.lauriane@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\jb.lauriane@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\la.marie.co@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\la.marie.co@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\mili-milou@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\mili-milou@hotmail.fr\lastuse_SoundFX.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\mili-milou@hotmail.fr\lastuse_SpecialFX.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\mili-milou@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\nicosava@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\nicosava@hotmail.fr\lastuse_Emoticons.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\nicosava@hotmail.fr\lastuse_SpecialFX.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\nicosava@hotmail.fr\lastuse_Winks.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\nicosava@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\parole-sage@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\parole-sage@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\pyroman-prod@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\pyroman-prod@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\zoobie@live.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\zoobie@live.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\data\contentdb
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AD.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B2.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B3.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C8.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D8.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D9.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010101.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001010B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001010F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010111.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001011F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010819.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010840.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010845.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010846.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010849.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001084A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001084F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010859.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010865.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010893.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010896.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010897.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A0.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A1.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A9.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AB.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108B1.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108B3.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108B4.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108BC.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108BE.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C0.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C2.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C4.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108CC.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108CD.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108D4.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108D5.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108D6.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108E0.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108E5.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108E8.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020075.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020077.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C0.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020144.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020148.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020158.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020163.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020185.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002018E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201F6.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030049.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030063.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003006C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030075.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004001F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040024.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004003C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004003E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004005A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040063.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050004.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050005.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006007E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000600D1.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060135.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0008000B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\010108A7.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050001.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050002.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050007.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
    C:\Program Files\Macrogaming\SweetIM\resources\images
    C:\Program Files\Macrogaming\SweetIM\resources\images\AudibleButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\DisplayPicturesButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\EmoticonButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\NudgeButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\SoundFxButton.png
    C:\Program Files\Macrogaming\SweetIM\resources\images\WinksButton.png
    C:\Program Files\Macrogaming\SweetIMBarForIE\affid.dat
    C:\Program Files\Macrogaming\SweetIMBarForIE\basis.xml
    C:\Program Files\Macrogaming\SweetIMBarForIE\Bookmarks_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Cache
    C:\Program Files\Macrogaming\SweetIMBarForIE\Email_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Games_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Greetingcards_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Mobile_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Music_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\News_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Shoping_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\SmileySmile.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\SmileyWink.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\sweetimicons.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.crc
    C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.xml
    C:\Program Files\Macrogaming\SweetIMBarForIE\version.txt
    C:\Program Files\Macrogaming\SweetIMBarForIE\Cache\cd2005c66fba47ff715ecc444d3bc1fb.xml
    /!\ NON SUPPRIMÉ: C:\Program Files\Macrogaming
    C:\Program Files\MyWebSearch\bar
    C:\Program Files\MyWebSearch\bar\2.bin
    C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
    C:\Program Files\MyWebSearch
    C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar
    C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest
    C:\Documents and Settings\Poste\Bureau\MyFunCardsSetup2.3.50.22.ZUfox000(2).exe
    C:\Documents and Settings\Poste\Bureau\MyFunCardsSetup2.3.50.22.ZUfox000.exe
    C:\Documents and Settings\Poste\Bureau\MyFunCardsSetup2.3.50.26.ZUfox000.exe
    C:\WINDOWS\Installer\29c8186.msi
    C:\Program Files\Windows Live\Messenger\riched20.dll
    C:\Program Files\Windows Live\Messenger\msimg32.dll
    C:\WINDOWS\Prefetch\M3SRCHMN.EXE-03B14CD8.pf
    C:\Documents and Settings\Poste\Cookies\poste@www.sweetim[1].txt

    (!) -- Fichiers temporaires supprimés.

    .
    +-----------------| Scan additionnel:
    .

    ---- Mozilla FireFox Version 3.0.10 ----

    Nom du profil: ds41xt6r.default (Poste)
    .
    (Prefs.js) user_pref("browser.search.defaultenginename", "Google");
    (Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
    (Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/");
    (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.10");
    .
    .

    ---- Internet Explorer Version 7.0.5730.11 ----

    [HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    Tabs: res://ieframe.dll/tabswelcome.htm

    =========== Suspect (Cracks, Serials ... ) ==========

    .

    +---------------------------------------------------------------------------+

    25106 Octet(s) - C:\Ad-Report-23.05.2009.log

    18 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
    81 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE

    Fin à: 16:27:22 | 23/05/2009
    .
    +-----------------| E.O.F
    .


    voilà voilà
    a c 295 8 Sécurité
    23 Mai 2009 16:38:49

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS