Votre question

pc trés lent virus en vu n'est ce pas?

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Novembre 2008 15:23:03

Salut a vous les sécu,

Dite mio j'ai un pc trés lent en possession la je pense que c'est un virus voila un rapport hijackthis juste aprés un coup de Ccleaner :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:21:16, on 23/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\poste\local settings\application data\kiqos.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Poste\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [kiqos] "c:\documents and settings\poste\local settings\application data\kiqos.exe" kiqos
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher 2.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flas...
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.fnacphoto.com/ectelechargement/xupload/XUplo...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: (no name) -  TtwyxxHrU5n-M:http://voyages.caradisiac.com/images/aphotos/la_reunion.jpg" rel="nofollow" target="_blank">http://tbn0.google.com/images?q=tbn:p TtwyxxHrU5n-M:http...

--
End of file - 11611 bytes



Merci a vous les gens

Autres pages sur : tres lent virus

a b 8 Sécurité
23 Novembre 2008 16:15:14

Bonjour,

Télécharge Toolbar-S&D ([#ff0000]Team IDN[/#ff]) sur ton Bureau.

  • Lance l'installation du programme en exécutant le fichier téléchargé.
  • Double-clique maintenant sur le raccourci de Toolbar-S&D.
  • Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  • Poste le rapport généré. (C:\TB.txt)
    23 Novembre 2008 17:56:38

    ok je fait sa merci encore

    (il faudrais que j'apprenne a lire cest rapport hijack sa m'éviterais de vous demander a chaque fois qu'une personnee demande de repparer sont ordi !!

    Voilà le rapport

    k sa m'éviterais de vous demandez a chaque foi qu'une personne me demande de repparer son ordi !!
    -----------\\ ToolBar S&D 1.2.5 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : Poste ( Administrator )
    BOOT : Normal boot
    Antivirus : Bitdefender Antivirus 8.0 (Activated)
    Firewall : ActiveArmor Firewall 1.0 (Not Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:232 Go (Free:145 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)

    "C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
    Option : [1] ( 23/11/2008|17:55 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    [Service] MyWebSearchService
    C:\Program Files\FunWebProducts
    C:\Program Files\FunWebProducts\ScreenSaver
    C:\Program Files\FunWebProducts\Shared
    C:\Program Files\FunWebProducts\ScreenSaver\Images
    C:\Program Files\FunWebProducts\Shared\Cache
    C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html
    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar
    C:\Program Files\MyWebSearch\SrchAstt
    C:\Program Files\MyWebSearch\bar\1.bin
    C:\Program Files\MyWebSearch\bar\Avatar
    C:\Program Files\MyWebSearch\bar\Cache
    C:\Program Files\MyWebSearch\bar\Game
    C:\Program Files\MyWebSearch\bar\History
    C:\Program Files\MyWebSearch\bar\icons
    C:\Program Files\MyWebSearch\bar\Message
    C:\Program Files\MyWebSearch\bar\Notifier
    C:\Program Files\MyWebSearch\bar\Settings
    C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
    C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
    C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
    C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
    C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Cache\001B757A.bin
    C:\Program Files\MyWebSearch\bar\Cache\001B8142.bin
    C:\Program Files\MyWebSearch\bar\Cache\001B8401.bin
    C:\Program Files\MyWebSearch\bar\Cache\001B8614.bin
    C:\Program Files\MyWebSearch\bar\Cache\0090FAFD
    C:\Program Files\MyWebSearch\bar\Cache\0091031B
    C:\Program Files\MyWebSearch\bar\Cache\009104F0.bin
    C:\Program Files\MyWebSearch\bar\Cache\00910780.bin
    C:\Program Files\MyWebSearch\bar\Cache\00910B0A.bin
    C:\Program Files\MyWebSearch\bar\Cache\009111D1.bin
    C:\Program Files\MyWebSearch\bar\Cache\0091150D
    C:\Program Files\MyWebSearch\bar\Cache\files.ini
    C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
    C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
    C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
    C:\Program Files\MyWebSearch\bar\History\search3
    C:\Program Files\MyWebSearch\bar\icons\CM.ICO
    C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
    C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
    C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
    C:\Program Files\MyWebSearch\bar\icons\WB.ICO
    C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
    C:\Program Files\MyWebSearch\bar\Message\COMMON
    C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
    C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
    C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
    C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
    C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
    C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
    C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
    C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
    C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
    C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
    C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
    C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
    C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
    C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
    C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
    C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
    C:\Program Files\MyWebSearch\SrchAstt\1.bin
    C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    C:\WINDOWS\System32\f3PSSavr.scr
    C:\Program Files\Internet Explorer\msimg32.dll
    C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
    C:\DOCUME~1\Poste\LOCALS~1\Temp\mcgAC5.tmp

    -----------\\ Extensions

    (Poste) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
    "Start Page"="http://www.01net.com/telecharger/"
    "Url"="http://go.microsoft.com/fwlink/?LinkID=68928"
    "Url"="http://go.microsoft.com/fwlink/?LinkID=44406"
    "Url"="http://go.microsoft.com/fwlink/?LinkID=68929"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.01net.com/telecharger/"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Start Page"="http://www.01net.com/telecharger/"


    --------------------\\ Recherche d'autres infections

    C:\Program Files\InternetGameBox
    C:\Program Files\InternetGameBox\InternetGameBox.exe
    C:\Program Files\InternetGameBox\language
    C:\Program Files\InternetGameBox\ressources
    C:\Program Files\InternetGameBox\skins
    C:\Program Files\InternetGameBox\uninst.exe
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Conditions g‚n‚rales.url
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Confidentialit‚.url
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\D‚sinstaller.lnk
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\InternetGameBox.lnk
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Website.url

    C:\DOCUME~1\Poste\LOCALS~1\APPLIC~1\kiqos.dat
    C:\DOCUME~1\Poste\LOCALS~1\APPLIC~1\kiqos.exe
    C:\DOCUME~1\Poste\LOCALS~1\APPLIC~1\kiqos_nav.dat
    C:\DOCUME~1\Poste\LOCALS~1\APPLIC~1\kiqos_navps.dat
    ==> EGDACCESS <==




    1 - "C:\ToolBar SD\TB_1.txt" - 23/11/2008|17:55 - Option : [1]

    -----------\\ Fin du rapport a 17:55:45,65

    Contenus similaires
    a b 8 Sécurité
    24 Novembre 2008 18:33:34

    Re,

    Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
    [#ff0000]! Ne ferme pas la fenêtre lors de la suppression ! [/#f]
    Un rapport sera généré, poste son contenu ici.
    24 Novembre 2008 18:44:43

    je ferais sa dans le week end je pense puisque je n'aurais certainement pazas accés au pc avant merci encore

    ps : je vous ai envoyer un message perso :) 
    24 Novembre 2008 19:21:31

    -----------\\ ToolBar S&D 1.2.5 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : Poste ( Administrator )
    BOOT : Normal boot
    Antivirus : Bitdefender Antivirus 8.0 (Activated)
    Firewall : ActiveArmor Firewall 1.0 (Not Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:232 Go (Free:145 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)

    "C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
    Option : [2] ( 24/11/2008|19:04 )

    -----------\\ SUPPRESSION

    Supprime! - [Service] MyWebSearchService
    Supprime! - C:\Program Files\FunWebProducts\ScreenSaver
    Supprime! - C:\Program Files\FunWebProducts\Shared
    Echec ! - C:\Program Files\MyWebSearch\bar
    Supprime! - C:\Program Files\MyWebSearch\SrchAstt
    Echec ! - C:\Program Files\MyWebSearch\bar\1.bin
    Echec ! - C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    Echec ! - C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    Supprime! - C:\WINDOWS\System32\f3PSSavr.scr
    Supprime! - C:\Program Files\Internet Explorer\msimg32.dll
    Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
    Supprime! - C:\DOCUME~1\Poste\LOCALS~1\Temp\mcgAC5.tmp
    Supprime! - C:\Program Files\FunWebProducts
    Echec ! - C:\Program Files\MyWebSearch

    -----------\\ DEUXIEME PASSAGE

    Echec ! - C:\Program Files\MyWebSearch\bar
    Echec ! - C:\Program Files\MyWebSearch\bar\1.bin
    Echec ! - C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    Echec ! - C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    Echec ! - C:\Program Files\MyWebSearch

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar
    C:\Program Files\MyWebSearch\bar\1.bin
    C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL

    -----------\\ Extensions

    (Poste) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
    "Start Page"="http://www.01net.com/telecharger/"
    "Url"="http://go.microsoft.com/fwlink/?LinkID=68928"
    "Url"="http://go.microsoft.com/fwlink/?LinkID=44406"
    "Url"="http://go.microsoft.com/fwlink/?LinkID=68929"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.01net.com/telecharger/"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Start Page"="http://www.msn.com/"


    --------------------\\ Recherche d'autres infections

    C:\Program Files\InternetGameBox
    C:\Program Files\InternetGameBox\InternetGameBox.exe
    C:\Program Files\InternetGameBox\language
    C:\Program Files\InternetGameBox\ressources
    C:\Program Files\InternetGameBox\skins
    C:\Program Files\InternetGameBox\uninst.exe
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Conditions g‚n‚rales.url
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Confidentialit‚.url
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\D‚sinstaller.lnk
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\InternetGameBox.lnk
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Website.url

    C:\DOCUME~1\Poste\LOCALS~1\APPLIC~1\kiqos.dat
    C:\DOCUME~1\Poste\LOCALS~1\APPLIC~1\kiqos.exe
    C:\DOCUME~1\Poste\LOCALS~1\APPLIC~1\kiqos_nav.dat
    C:\DOCUME~1\Poste\LOCALS~1\APPLIC~1\kiqos_navps.dat
    ==> EGDACCESS <==




    1 - "C:\ToolBar SD\TB_1.txt" - 23/11/2008|17:55 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 24/11/2008|19:05 - Option : [2]

    -----------\\ Fin du rapport a 19:05:59,31


    elle me la envoyer par le voila merci encore
    a b 8 Sécurité
    25 Novembre 2008 12:58:48

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    9 Décembre 2008 21:41:46

    ComboFix 08-12-07.04 - Poste 2008-12-09 21:38:06.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.493 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Poste\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé
    * Resident AV is active

    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox
    c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.url
    c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.url
    c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Désinstaller.lnk
    c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk
    c:\documents and settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Website.url
    c:\documents and settings\Poste\Favoris\.url
    c:\documents and settings\Poste\Local Settings\Application Data\sauemem.dat
    c:\documents and settings\Poste\Local Settings\Application Data\sauemem.exe
    c:\documents and settings\Poste\Local Settings\Application Data\sauemem_nav.dat
    c:\documents and settings\Poste\Local Settings\Application Data\sauemem_navps.dat
    c:\program files\internetgamebox
    c:\program files\internetgamebox\InternetGameBox.exe
    c:\program files\internetgamebox\language
    c:\program files\internetgamebox\ressources\AttenteOff.html
    c:\program files\internetgamebox\ressources\AttenteOn.html
    c:\program files\internetgamebox\ressources\configv2_en.xml
    c:\program files\internetgamebox\ressources\configv2_es.xml
    c:\program files\internetgamebox\ressources\configv2_fr.xml
    c:\program files\internetgamebox\ressources\favoris\defaultv2.swf
    c:\program files\internetgamebox\ressources\NoS2F.bin
    c:\program files\internetgamebox\skins\skinv2.skn
    c:\program files\internetgamebox\uninst.exe
    c:\program files\MyWebSearch
    c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-09 au 2008-12-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-01 12:23 . 2006-09-05 19:06 90,800 -ra------ c:\windows\system32\drivers\se59unic.sys
    2008-12-01 12:23 . 2006-09-05 19:06 4,128 -ra------ c:\windows\system32\drivers\se59cr.sys
    2008-12-01 12:22 . 2006-09-05 19:08 88,624 -ra------ c:\windows\system32\drivers\se59mgmt.sys
    2008-12-01 12:20 . 2006-09-05 19:09 86,432 -ra------ c:\windows\system32\drivers\se59obex.sys
    2008-12-01 12:19 . 2006-09-05 19:07 97,088 -ra------ c:\windows\system32\drivers\se59mdm.sys
    2008-12-01 12:19 . 2006-09-05 19:07 9,360 -ra------ c:\windows\system32\drivers\se59mdfl.sys
    2008-12-01 12:19 . 2006-09-05 19:09 6,240 -ra------ c:\windows\system32\drivers\se59cmnt.sys
    2008-12-01 12:19 . 2006-09-05 19:09 6,240 -ra------ c:\windows\system32\drivers\se59cm.sys
    2008-12-01 12:18 . 2006-09-05 19:07 61,536 -ra------ c:\windows\system32\drivers\se59bus.sys
    2008-12-01 12:18 . 2006-09-05 19:06 5,872 -ra------ c:\windows\system32\drivers\se59whnt.sys
    2008-12-01 12:18 . 2006-09-05 19:06 5,872 -ra------ c:\windows\system32\drivers\se59wh.sys
    2008-11-24 19:02 . 2008-11-24 19:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2008-11-23 17:54 . 2008-11-24 19:05 <REP> d-------- C:\ToolBar SD
    2008-11-23 15:16 . 2008-11-23 15:16 <REP> d-------- c:\program files\Yahoo!
    2008-11-22 18:32 . 2008-11-22 18:32 <REP> d-------- c:\program files\QuickTime
    2008-11-22 18:32 . 2008-11-22 18:32 <REP> d-------- c:\program files\Fichiers communs\Apple
    2008-11-22 18:32 . 2008-11-22 18:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
    2008-11-22 18:31 . 2008-11-22 18:31 <REP> d-------- c:\program files\Apple Software Update
    2008-11-22 18:31 . 2008-11-22 18:31 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
    2008-11-11 17:13 . 2008-11-11 17:13 <REP> d-------- c:\program files\CCleaner

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-09 18:56 81,984 ----a-w c:\windows\system32\bdod.bin
    2008-11-21 20:33 --------- d-----w c:\program files\LimeWire
    2008-11-16 00:15 --------- d-----w c:\program files\eMule
    2008-10-30 15:10 --------- d-----w c:\program files\EkoSoftware
    2007-12-10 15:43 604 ----a-w c:\documents and settings\Poste\Application Data\wklnhst.dat
    2004-10-01 14:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
    "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 103712]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 103712]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-16 368640]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
    "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Exif Launcher 2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-05-28 294912]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Ares\\Ares.exe"=
    "c:\\StubInstaller.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2008-01-25 86792]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79dc864e-33d9-11dc-902a-0018f3c7fe2c}]
    \Shell\AutoRun\command - J:\LaunchU3.exe -a

    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Tâches planifiées'

    2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2008-12-09 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-WOOKIT - c:\progra~1\Wanadoo\Shell.exe
    HKCU-Run-sauemem - c:\documents and settings\poste\local settings\application data\sauemem.exe
    HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe


    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.01net.com/telecharger/
    mWindow Title =
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    LSP: %SYSTEMROOT%\system32\nvappfilter.dll

    c:\windows\Downloaded Program Files\GoPetsWeb.ocx - O16 -: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8}
    hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    c:\windows\Downloaded Program Files\GoPetsWeb.inf
    FireFox -: Profile - c:\documents and settings\Poste\Application Data\Mozilla\Firefox\Profiles\ds41xt6r.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
    FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-09 21:39:21
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'lsass.exe'(948)
    c:\windows\system32\nvappfilter.dll
    .
    Heure de fin: 2008-12-09 21:39:58
    ComboFix-quarantined-files.txt 2008-12-09 20:39:54

    Avant-CF: 156 110 508 032 octets libres
    Après-CF: 156,179,095,552 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect /usepmtimer

    169 --- E O F --- 2008-06-27 21:19:53



    voila par contre je suis pas sur que l'antivirus (bitdefendeer a mon grand regret... :) ) était bien désactivé j'esper que sa n'auras pas fausser tout les résultat merci encore et dsl du retard mais j'avais pas vu la réponse il n'était plus dans mais sujet suivi désolé
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS