Mohamedovic

Bonjour, j'ai perdu les 2 rapports de delfix,par ce que j'ai désinstallé l’outil avant de sauvegarder. enfin il a supprimé tout les autre outils. mais l'icone de delfix est toujours présente sur le bureau! j'ai fait a mise à jour de windows, java,... Merci beaucoup pour votre aide.

Salut, voila j'ai fait tout ce que vous m'avez demandé 1- voila le rapport ZHP SUPPRIME Folder: C:\Documents and Settings\Administrateur\Local Settings\Application Data\MediaGet2 SUPPRIME Temporaires Windows: : 4 SUPPRIME Flash Cookies: 7 ========== Fichier(s) ========== ABSENT Folder/File: c:\program files\mcafee security scan\2.0.181\ssscheduler.exe 820] SUPPRIME File: c:\adwcleaner[s1].txt SUPPRIME File: c:\adwcleaner[r2].txt SUPPRIME File: c:\adwcleaner[r1].txt SUPPRIME File: c:\combofix.txt SUPPRIME File: c:\windows\pev.exe SUPPRIME File: c:\windows\mbr.exe SUPPRIME File: c:\windows\grep.exe SUPPRIME File: c:\windows\sed.exe SUPPRIME File: c:\windows\zip.exe SUPPRIME File: c:\program files\groove games\combat\system\combat.exe SUPPRIME File: c:\documents and settings\administrateur\bureau\adwcleaner0.rar SUPPRIME Reboot c:\documents and settings\administrateur\bureau\combofix.exe ABSENT Folder/File: c:\documents and settings\administrateur\bureau\adwcleaner0.exe b9aa7122293bcee2f1e3543d41466da] .swearware - combofix nsis installer.) -- c:\documents a SUPPRIME Temporaires Windows: : 17 SUPPRIME Flash Cookies: 5 ========== Récapitulatif ========== 6 : Clé(s) du Registre 6 : Valeur(s) du Registre 4 : Dossier(s) 16 : Fichier(s) 1 : Logiciel(s) End of clean in 00mn 36s ========= Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 08/10/2011 22:34:19 [2573] ___________ _____________ 2- j'ai téléchargé TFC il a terminé son travail. et le PC a redémarré. il a affiché 142000 mb enfin c'est 142 milles et qulque chose désoler j'ai pas retenu le numéro. __________ 3- 'ai un Examen complet de MBAM il a rien trouvé. et voici le rapport qu'ila donné Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Version de la base de données: 7900 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 08/10/2011 23:19:31 mbam-log-2011-10-08 (23-19-30).txt Type d'examen: Examen complet (C:\|D:\|) Elément(s) analysé(s): 167833 Temps écoulé: 27 minute(s), 1 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) = MERCI

Hi, merci pour votre aide. voila le rapport: Lien CJoint.com 0Jiucdxq1Yn

Bonjour, mon PC est très lent. après un scan avec MBAM, il a trouvé un virus sous le nom de "Pup.Wpakill" .il a été supprimé avec succès. mais mon PC rest toujours lent. voila le rapport Hijackthis: _____________________________ Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:32:08, on 08/10/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\WINDOWS\system32\osk.exe C:\WINDOWS\system32\MSSWCHX.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrateur\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 3136 bytes _____________________________ Merci.

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:21:22, on 19/11/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\VistaDrive\VistaDrive.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\System32\W--SS--.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\System32\W--SS--.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\W--SS--.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Kubernesis infected R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [winlogon.dll] C:\WINDOWS\winlogon.dll.vbe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\winlogon.vbe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: winlogon.vbe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 5799 bytes Edition Thanos: Mohamedovic, pour reçevoir une réponse, je te conseille d'éditer ton message, d'y mettre une petite formule de politesse du type " bonjour..." et de préciser quels problèmes tu rencontres

Oui,il Fonctionne trés bien Merci infiniment.

[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\TB.txt: trouvé ! C:\UsbFix.txt: trouvé ! C:\Combofix: trouvé ! C:\Qoobox: trouvé ! C:\Toolbar SD: trouvé ! C:\UsbFix: trouvé ! C:\Rsit: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé ! C:\Documents and Settings\meriem\Bureau\HijackThis.lnk: trouvé ! C:\Documents and Settings\meriem\Bureau\ComboFix.exe: trouvé ! C:\Documents and Settings\meriem\Bureau\ToolBarSD.exe: trouvé ! C:\Documents and Settings\meriem\Bureau\UsbFix.exe: trouvé ! C:\Documents and Settings\meriem\Bureau\Rsit.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé ! C:\Qoobox\Quarantine\catchme.log: trouvé ! ــــــــــــــــــــــــــــــــــــــــــ Rapport TCleaner Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\TB.txt: trouvé ! C:\UsbFix.txt: trouvé ! C:\Combofix: trouvé ! C:\Qoobox: trouvé ! C:\Toolbar SD: trouvé ! C:\UsbFix: trouvé ! C:\Rsit: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé ! C:\Documents and Settings\meriem\Bureau\HijackThis.lnk: trouvé ! C:\Documents and Settings\meriem\Bureau\ComboFix.exe: trouvé ! C:\Documents and Settings\meriem\Bureau\ToolBarSD.exe: trouvé ! C:\Documents and Settings\meriem\Bureau\UsbFix.exe: trouvé ! C:\Documents and Settings\meriem\Bureau\Rsit.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé ! C:\Qoobox\Quarantine\catchme.log: trouvé ! --------------------------------- --> Suppression: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé ! C:\Documents and Settings\meriem\Bureau\HijackThis.lnk: supprimé ! C:\Documents and Settings\meriem\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !! C:\Documents and Settings\meriem\Bureau\ToolBarSD.exe: supprimé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé ! C:\TB.txt: supprimé ! C:\UsbFix.txt: supprimé ! C:\Documents and Settings\meriem\Bureau\UsbFix.exe: supprimé ! C:\Documents and Settings\meriem\Bureau\Rsit.exe: supprimé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé ! C:\Qoobox\Quarantine\catchme.log: supprimé ! C:\Combofix: supprimé ! C:\Qoobox: supprimé ! C:\Toolbar SD: supprimé ! C:\UsbFix: supprimé ! C:\Rsit: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé ! C:\Program Files\Trend Micro\HijackThis: supprimé !

voila le rapport HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:30:19, on 22/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{6E63ACB0-9402-4F9C-9A9A-68DDC81D663E}: NameServer = 208.67.222.222 193.55.10.102 O17 - HKLM\System\CS1\Services\Tcpip\..\{6E63ACB0-9402-4F9C-9A9A-68DDC81D663E}: NameServer = 208.67.222.222 193.55.10.102 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- End of file - 3613 bytes

il m'a demandé d'envoyer un fichier et c ce que j'ai fait mais il m'a pas donner aucun rapport en+ cette fois ya pas de freez je travail normal sur le PC qui a eté infecté!!

Voila le rqpport de USBFix ############################## | UsbFix V6.036 | User : meriem (Administrateurs) # M-693D75C748D14 Update on 21/09/2009 by Chiquitine29, C_XX & Chimay8 Start at: 10:40:03 | 22/09/2009 Website : http://pagesperso-orange.fr/NosTools/index.html Intel® Pentium® 4 CPU 2.80GHz Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Enabled AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ] A:\ -> Lecteur de disquettes 3 ½ pouces C:\ -> Disque fixe local # 13,67 Go (4,72 Go free) # NTFS D:\ -> Disque fixe local # 12,69 Go (9,92 Go free) [youcef] # NTFS E:\ -> Disque fixe local # 11,91 Go (4,8 Go free) [mahrane] # NTFS F:\ -> Disque amovible # 16,46 Mo (3,04 Mo free) [PHONE] # FAT G:\ -> Disque CD-ROM # 588,18 Mo (0 Mo free) # CDFS H:\ -> Disque amovible # 911,81 Mo (1,44 Mo free) [PHONE CARD] # FAT ############################## | Processus actifs | C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe ################## | Fichiers # Dossiers infectieux | G:\autorun.inf ################## | Registre # Clés Run infectieuses | ################## | Registre # Mountpoints2 | HKCU\..\..\Explorer\MountPoints2\{2bb6d2ef-2863-11de-a759-806d6172696f} Shell\AutoRun\command =G:\AUTORUN.EXE HKCU\..\..\Explorer\MountPoints2\{2bb6d2f0-2863-11de-a759-806d6172696f} Shell\AutoRun\command =F:\abqk2c3i.bat Shell\explore\Command =F:\abqk2c3i.bat Shell\open\Command =F:\abqk2c3i.bat HKCU\..\..\Explorer\MountPoints2\{32d2f0d4-3ca0-11de-8dc5-00010222aba4} Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKCU\..\..\Explorer\MountPoints2\{4ce5c6a4-596f-11de-8e39-00010222aba4} shELl\autOpLAy\comMaND =rplsvn.pif shELl\AutoRun\command =rplsvn.pif shELl\expLoRe\coMmand =rplsvn.pif shELl\opEn\cOmMAnd =rplsvn.pif HKCU\..\..\Explorer\MountPoints2\{dce762f0-58ff-11de-8e36-00010222aba4} Shell\AuToplAy\CoMMaND =F:\vkka.exe Shell\AutoRun\command =F:\vkka.exe Shell\ExplORe\commANd =F:\vkka.exe Shell\open\Command =F:\vkka.exe ################## | ! Fin du rapport # UsbFix V6.036 ! |

j'ai utilisé RSIT Le Rapport log Logfile of random's system information tool 1.06 (written by random/random) Run by meriem at 2009-09-22 09:43:35 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 5 GB (35%) free of 14 GB Total RAM: 351 MB (48% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:43:41, on 22/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\TUProgSt.exe C:\Documents and Settings\meriem\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\meriem.exe O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CS2\Services\Tcpip\..\{6E63ACB0-9402-4F9C-9A9A-68DDC81D663E}: NameServer = 208.67.222.222 193.55.10.102 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- End of file - 3242 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-764733703-725345543-1003Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-764733703-725345543-1003UA.job C:\WINDOWS\tasks\Maintenance en 1 clic.job C:\WINDOWS\tasks\User_Feed_Synchronization-{52C55431-7300-4F29-B6B1-DB9D7D883570}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-06-11 312928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 25088] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv] C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "E:\install\games\car\attaccar\attaccar\car.exe"="E:\install\games\car\attaccar\attaccar\car.exe:*:Enabled:car" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4" "E:\install\games\MIDTOWN\MIDTOWN.EXE"="E:\install\games\MIDTOWN\MIDTOWN.EXE:*:Enabled:Midtown Madness! Executable" "G:\jeu d'echec\coolchess\Cool Chess.exe"="G:\jeu d'echec\coolchess\Cool Chess.exe:*:Enabled:Cool Chess" "C:\Program Files\counter strike lan\hl.exe"="C:\Program Files\counter strike lan\hl.exe:*:Enabled:Half-Life Launcher" "C:\Program Files\counter strike lan\hltv.exe"="C:\Program Files\counter strike lan\hltv.exe:*:Enabled:HLTV Launcher" "C:\Program Files\counter strike lan\hlds.exe"="C:\Program Files\counter strike lan\hlds.exe:*:Enabled:HLDS Launcher" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "E:\call of doty 2\setup\data\CoD2MP_s.exe"="E:\call of doty 2\setup\data\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger" "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server" "D:\programe\nfs\nfshs.exe"="D:\programe\nfs\nfshs.exe:*:Enabled:Need For Speed High Stakes for Win32" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bb6d2ef-2863-11de-a759-806d6172696f}] shell\AutoRun\command - G:\AUTORUN.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bb6d2f0-2863-11de-a759-806d6172696f}] shell\AutoRun\command - F:\abqk2c3i.bat shell\explore\command - F:\abqk2c3i.bat shell\open\command - F:\abqk2c3i.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32d2f0d4-3ca0-11de-8dc5-00010222aba4}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ce5c6a4-596f-11de-8e39-00010222aba4}] shell\autOpLAy\command - rplsvn.pif shell\AutoRun\command - rplsvn.pif shell\expLoRe\command - rplsvn.pif shell\opEn\command - rplsvn.pif [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dce762f0-58ff-11de-8e36-00010222aba4}] shell\AuToplAy\command - F:\vkka.exe shell\AutoRun\command - F:\vkka.exe shell\ExplORe\command - F:\vkka.exe shell\open\command - F:\vkka.exe ======File associations====== .js - edit - ======List of files/folders created in the last 1 months====== 2009-09-22 09:43:35 ----D---- C:\rsit 2009-09-22 08:36:57 ----SD---- C:\ComboFix 2009-09-22 08:36:56 ----A---- C:\WINDOWS\system32\CF6209.exe 2009-09-22 08:34:24 ----A---- C:\WINDOWS\zip.exe 2009-09-22 08:34:24 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-09-22 08:34:24 ----A---- C:\WINDOWS\SWSC.exe 2009-09-22 08:34:24 ----A---- C:\WINDOWS\SWREG.exe 2009-09-22 08:34:24 ----A---- C:\WINDOWS\sed.exe 2009-09-22 08:34:24 ----A---- C:\WINDOWS\PEV.exe 2009-09-22 08:34:24 ----A---- C:\WINDOWS\NIRCMD.exe 2009-09-22 08:34:24 ----A---- C:\WINDOWS\grep.exe 2009-09-22 08:34:22 ----D---- C:\WINDOWS\ERDNT 2009-09-22 08:34:19 ----A---- C:\WINDOWS\system32\CF2298.exe 2009-09-22 08:28:17 ----D---- C:\Qoobox 2009-09-22 08:24:39 ----A---- C:\WINDOWS\ntbtlog.txt 2009-09-21 18:04:04 ----A---- C:\TB2.txt 2009-09-21 17:26:25 ----D---- C:\Documents and Settings\meriem\Application Data\Malwarebytes 2009-09-21 17:26:17 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-09-21 17:26:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-09-21 16:26:02 ----A---- C:\TB.txt 2009-09-21 16:22:41 ----D---- C:\ToolBar SD 2009-09-21 13:01:39 ----D---- C:\Program Files\Trend Micro 2009-09-16 11:51:48 ----D---- C:\Program Files\RY's Games 2009-09-16 11:50:35 ----D---- C:\Program Files\sierra 2009-09-06 18:51:48 ----D---- C:\Program Files\Bricks of Camelot 2009-09-06 18:40:16 ----D---- C:\Program Files\Bricks of Atlantis 2009-09-06 18:40:05 ----D---- C:\Program Files\ReflexiveArcade ======List of files/folders modified in the last 1 months====== 2009-09-22 09:41:37 ----D---- C:\WINDOWS\Prefetch 2009-09-22 09:03:59 ----D---- C:\WINDOWS\Temp 2009-09-22 08:56:08 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-22 08:36:58 ----D---- C:\WINDOWS\system32 2009-09-22 08:34:24 ----D---- C:\WINDOWS 2009-09-21 20:39:21 ----SHD---- C:\System Volume Information 2009-09-21 20:39:21 ----D---- C:\WINDOWS\system32\Restore 2009-09-21 17:26:20 ----D---- C:\WINDOWS\system32\drivers 2009-09-21 17:26:16 ----RD---- C:\Program Files 2009-09-21 15:37:40 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-09-21 13:00:18 ----D---- C:\Documents and Settings\meriem\Application Data\Skype 2009-09-21 11:50:47 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-20 16:56:12 ----D---- C:\Program Files\Mozilla Firefox 2009-09-20 16:51:52 ----D---- C:\Documents and Settings\meriem\Application Data\skypePM 2009-09-19 18:47:32 ----D---- C:\WINDOWS\Debug 2009-09-19 18:41:43 ----A---- C:\WINDOWS\win.ini 2009-09-19 18:33:09 ----D---- C:\Documents and Settings\meriem\Application Data\uTorrent 2009-09-19 18:07:32 ----D---- C:\WINDOWS\Minidump 2009-09-16 13:55:22 ----D---- C:\Program Files\counter strike lan 2009-09-06 15:36:53 ----D---- C:\Documents and Settings\meriem\Application Data\Real 2009-09-05 15:45:53 ----D---- C:\Program Files\SeekappSrch 2009-09-03 22:49:01 ----SHD---- C:\Documents and Settings\meriem\Application Data\.# 2009-08-29 22:08:45 ----D---- C:\Program Files\DAS_CACOBATPH 2009-08-29 16:42:18 ----D---- C:\WINDOWS\Help 2009-08-26 21:07:25 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-06-04 75096] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424] R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-08-02 659228] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 EL90XBC;Pilote de la carte EtherLink XL 90XB/C 3Com; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591] R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-08-03 166912] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] S3 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-07-24 604416] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-07-24 361216] S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-09 24636] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S4 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe [2008-11-15 6447744] -----------------EOF----------------- ــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ INFO info.txt logfile of random's system information tool 1.06 2009-09-22 09:43:44 ======Uninstall list====== _GTA 3 (By RY's)-->D:\programe\GTA3~1\UNWISE.EXE D:\programe\GTA3~1\INSTALL.LOG -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\S3Inc\P4M266\P4M266.isu" -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 183689-->MsiExec.exe /X{22A7ADC5-73A3-4C2D-83BB-A27BC003B6AC} 7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe" Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe Adobe® Photoshop® Album Edition Découverte 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} ALMOMAYAZ DICTIONARY-->C:\PROGRA~1\GENDIC\UNWISE.EXE C:\PROGRA~1\GENDIC\INSTALL.LOG Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} Avance AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CDImage GUI-->C:\WINDOWS\iun6002.exe "C:\Program Files\CDImage GUI\irunin.ini" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" CPUID CPU-Z 1.51-->"C:\Program Files\CPUID\CPU-Z\unins000.exe" CueClub-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\Real\RealGames\CueClub\setup.exe" DAS magnétique CACOBATPH V 1.0-->"C:\Program Files\DAS_CACOBATPH\unins000.exe" DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC EA.com Matchup-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F173C40-563E-11D4-89C5-0010ADDAAC33}\setup.exe" -l0x0 Uninstall EA.com Update-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB97F52-512B-43EF-AAEC-4825C17B32ED}\setup.exe" -l0x0 Uninstall EPSON PhotoQuicker3.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x9 uninst EPSON PRINT Image Framer Tool2.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x9 anything EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything ESC45 Reference Guide-->C:\Program Files\EPSON\TPMANUAL\ESC45\REF_G\DOCUNINS.EXE ESC45 Software Guide-->C:\Program Files\EPSON\TPMANUAL\ESC45\PQU_G\DOCUNINS.EXE FIFA 99 'Game House Edition'-->MsiExec.exe /I{96D12492-7982-419F-AC31-31011B3B34CC} FLV Player-->"C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml" FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google©SearchTool v.1.9.3.0 Beta-->"C:\Program Files\Google©SearchTool\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D} J2SE Runtime Environment 5.0 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070} jetAudio Plus VX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0xc0c -removeonly Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76} Macromedia Flash 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C93C363-414E-11D4-9756-00C04F8EEB39}\Setup.exe" UNINSTALL Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Moto Racer 'Game Edition'-->MsiExec.exe /I{B107D14A-608E-49F4-8C70-1845638DB6EA} Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} NBA Action 'Game House Edition'-->MsiExec.exe /I{903965F3-3D18-40FC-AC1B-5E6DCD914C22} Need For Speed-->C:\WINDOWS\ISUN040C.EXE -f"d:\programe\nfs\Uninst.isu" -c"d:\programe\nfs\uninst.dll" F Notepad++-->C:\Program Files\Notepad++\uninstall.exe Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} PIF DESIGNER2.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A7124DF-F8A4-405B-904F-CFD3D3DFB5AE}\SETUP.EXE" -l0x9 anything Poket Tanks 'By Game House'-->MsiExec.exe /I{61C6B9CF-8065-40F5-A708-0013E4E5E84B} QuickTime-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1036 RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 ScanToWeb-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG Seekapp 1.0 build 151-->C:\Program Files\SeekappSrch\uninstall.exe Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748} Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Soft Chess-->C:\Program Files\Soft Chess\uninstall.exe Super DX-Ball v1.1-->"C:\Program Files\Super DX-Ball\unins000.exe" SweetIM for Messenger 2.7-->MsiExec.exe /X{D16ECDF4-DA6F-418F-947A-C1652B5CFD96} SweetIM Toolbar for Internet Explorer 3.3-->MsiExec.exe /X{266C7330-C0F4-49E5-8F20-A56F9F822875} TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe VistaMizer 3.3.0.0-->C:\WINDOWS\VistaMizer\Uninstall.exe WampServer 2.0-->"c:\wamp\unins000.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7} Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG =====HijackThis Backups===== R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-09-21] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search/ [2009-09-21] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.cherche.us/ [2009-09-21] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-09-21] O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-09-21] O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2009-09-21] O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-09-21] R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll [2009-09-21] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2009-09-21] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchgateway.net/search/ [2009-09-21] O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL [2009-09-21] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com [2009-09-21] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s [2009-09-21] O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-09-21] O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2009-09-21] R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL [2009-09-21] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-09-21] R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens [2009-09-21] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/ [2009-09-21] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank [2009-09-21] O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll [2009-09-21] O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2009-09-21] O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-09-21] O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot [2009-09-21] O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; FunWebProducts; SIMBAR={79023CD5-4549-11DE-8DE5-00010222ABA4}; InfoPath.2; .NET CLR 2.0.50727)" -"http://www.jouerjeux.net/jeux/Street-Fighter-Online_3610.html" [2009-09-21] O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE [2009-09-21] O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF [2009-09-21] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [2009-09-21] O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2009-09-21] O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45" [2009-09-21] O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2009-09-21] O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-09-21] O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2009-09-21] O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2009-09-21] O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [2009-09-21] O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h [2009-09-21] O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe [2009-09-21] O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\meriem\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [2009-09-21] O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000 [2009-09-21] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll [2009-09-21] O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\meriem\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-09-21] O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab [2009-09-21] O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2009-09-21] O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2009-09-21] O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe [2009-09-21] O15 - Trusted Zone: *.chat-land.org [2009-09-21] R3 - Default URLSearchHook is missing [2009-09-21] O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot [2009-09-21] O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [2009-09-21] O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') [2009-09-21] O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') [2009-09-21] O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') [2009-09-21] O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') [2009-09-21] O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) [2009-09-21] O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-09-21] ======Security center information====== AV: Avira AntiVir PersonalEdition Classic ======System event log====== Computer Name: M-693D75C748D14 Event Code: 7036 Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution. Record Number: 1879 Source Name: Service Control Manager Time Written: 20090825203609.000000+060 Event Type: Informations User: Computer Name: M-693D75C748D14 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application. Record Number: 1878 Source Name: Service Control Manager Time Written: 20090825203609.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: M-693D75C748D14 Event Code: 7036 Message: Le service Acquisition d'image Windows (WIA) est entré dans l'état : en cours d'exécution. Record Number: 1877 Source Name: Service Control Manager Time Written: 20090825203609.000000+060 Event Type: Informations User: Computer Name: M-693D75C748D14 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Acquisition d'image Windows (WIA). Record Number: 1876 Source Name: Service Control Manager Time Written: 20090825203608.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: M-693D75C748D14 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant. Record Number: 1875 Source Name: Service Control Manager Time Written: 20090825203605.000000+060 Event Type: Informations User: M-693D75C748D14\meriem =====Application event log===== Computer Name: M-693D75C748D14 Event Code: 4113 Message: AntiVir a détecté dans le fichier D:\System Volume Information\_restore{1B6AE929-E6E6-4A35-B4E0-82CB5FDF5C2C}\RP11\A0010664.inf un code suspect avec la désignation 'TR/Autorun.G.2'! Record Number: 1940 Source Name: Avira AntiVir Time Written: 20090813120409.000000+060 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: M-693D75C748D14 Event Code: 4113 Message: AntiVir a détecté dans le fichier D:\System Volume Information\_restore{1B6AE929-E6E6-4A35-B4E0-82CB5FDF5C2C}\RP11\A0009668.inf un code suspect avec la désignation 'TR/Autorun.G.2'! Record Number: 1939 Source Name: Avira AntiVir Time Written: 20090813120407.000000+060 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: M-693D75C748D14 Event Code: 4113 Message: AntiVir a détecté dans le fichier D:\System Volume Information\_restore{1B6AE929-E6E6-4A35-B4E0-82CB5FDF5C2C}\RP11\A0009451.inf un code suspect avec la désignation 'TR/Autorun.G.2'! Record Number: 1938 Source Name: Avira AntiVir Time Written: 20090813120404.000000+060 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: M-693D75C748D14 Event Code: 4113 Message: AntiVir a détecté dans le fichier D:\System Volume Information\_restore{1B6AE929-E6E6-4A35-B4E0-82CB5FDF5C2C}\RP10\A0009444.inf un code suspect avec la désignation 'TR/Autorun.G.2'! Record Number: 1937 Source Name: Avira AntiVir Time Written: 20090813120401.000000+060 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: M-693D75C748D14 Event Code: 4113 Message: AntiVir a détecté dans le fichier D:\System Volume Information\_restore{1B6AE929-E6E6-4A35-B4E0-82CB5FDF5C2C}\RP10\A0008456.inf un code suspect avec la désignation 'TR/Autorun.G.2'! Record Number: 1936 Source Name: Avira AntiVir Time Written: 20090813120348.000000+060 Event Type: Avertissement User: AUTORITE NT\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel "PROCESSOR_REVISION"=0209 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=C:\JBuilder9\jdk1.4\jre\lib\ext\QTJava.zip "QTJAVA"=C:\JBuilder9\jdk1.4\jre\lib\ext\QTJava.zip -----------------EOF-----------------

bonjour, c toujours le meme problème j'ai allumé le PC ce matin....il marche trés bien hors connexion mais des que je me connecte sur internet et cette fois c'est aprés exactement 1m et 25 seconds le PC FREEZ.il me donne meme pas le temps d'effectué une mise à jour à l'antivirus ..et tu peut rien faire meme....ctrl+alt+suppr ça marche pas j'ai rien compris !!!

non toujour le meme problème le PC a bloqué pendant le telechargement de mise à jour et lorsque le PC a été hors connecxion il a pas bloqué pendant 7 heures !!

oui c'est très claire.merci infiniment pour ton aide alors,après tous ça mon PC doit pas être infecté?

-c'est bon j'ai fait tous ce que tu m'a dit. est ce que je doit activer le restauration system après le redémarrage du PC?

Désactive puis réactive la restauration système sur tous les lecteurs. -Comment faire ça?

Rapport ODM All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== FILES ========== c:\documents and settings\all users\application data\seekappsrch\seekapp151.exe moved successfully. c:\documents and settings\all users\application data\SeekappSrch moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SeekappSrch Service\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: meriem ->Temp folder emptied: 114688 bytes ->Temporary Internet Files folder emptied: 5849333 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 45341094 bytes ->Google Chrome cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes C:\WINDOWS\msdownld.tmp folder deleted successfully. %systemroot% .tmp files removed: 2205159 bytes %systemroot%\System32 .tmp files removed: 4485120 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 55,34 mb OTM by OldTimer - Version 3.0.0.6 log created on 09212009_183402 Files moved on Reboot... Registry entries deleted on Reboot... ــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ Rapport MBAM Malwarebytes' Anti-Malware 1.41 Version de la base de données: 2775 Windows 5.1.2600 Service Pack 2 21/09/2009 19:41:13 mbam-log-2009-09-21 (19-41-13).txt Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|H:\|) Eléments examinés: 187318 Temps écoulé: 1 hour(s), 2 minute(s), 27 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 32 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Program Files\Trend Micro\HijackThis\backups\backup-20090921-153712-635.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\Trend Micro\HijackThis\backups\backup-20090921-153712-535.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP101\A0263650.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP101\A0263651.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263697.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263666.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263669.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263673.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263674.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263676.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263681.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263682.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263683.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263684.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263685.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263686.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263688.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263689.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263690.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263691.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263692.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263693.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263694.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263695.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263696.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263698.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263708.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7F91F8E-EB66-4276-89E7-3EA33826935D}\RP102\A0263709.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\ToolBar SD\Backup-TB\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\ToolBar SD\Backup-TB\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully. ــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ Rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:44:22, on 21/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\TUProgSt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- End of file - 4076 bytes

ok,voila toolbar en option 2 -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.80GHz ) BIOS : Phoenix - AwardBIOS v6.00PG USER : meriem ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:13 Go (Free:4 Go) D:\ (Local Disk) - NTFS - Total:12 Go (Free:9 Go) E:\ (Local Disk) - NTFS - Total:11 Go (Free:4 Go) G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [2] ( 21/09/2009|18:04 ) -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ Extensions (meriem) - {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} => foxytunes (meriem) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus (meriem) - {EEE6C361-6118-11DC-9C72-001320C79847} => sweetim-toolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.msn.com/"'>http://www.msn.com/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 21/09/2009|16:26 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 21/09/2009|17:09 - Option : [2] 3 - "C:\ToolBar SD\TB_3.txt" - 21/09/2009|18:03 - Option : [2] 4 - "C:\ToolBar SD\TB_4.txt" - 21/09/2009|18:05 - Option : [2] -----------\\ Fin du rapport a 18:05:31,60 et le nouveau rapport de Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:06:08, on 21/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp151.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SeekappSrch\seekappsrch.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.chat-land.org O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp151.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe -- End of file - 4470 bytes

Voila le rapport de MBAM Malwarebytes' Anti-Malware 1.41 Version de la base de données: 2775 Windows 5.1.2600 Service Pack 2 21/09/2009 17:34:24 mbam-log-2009-09-21 (17-34-24).txt Type de recherche: Examen rapide Eléments examinés: 89808 Temps écoulé: 5 minute(s), 49 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 11 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Fichiers communs\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Program Files\Fichiers communs\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully. C:\Documents and Settings\meriem\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully. C:\autorun.inf (SuspectAutorun.Rootdrive.H) -> Quarantined and deleted successfully. et voila le nouveau rapport de HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:39:57, on 21/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp151.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SeekappSrch\seekappsrch.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.chat-land.org O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp151.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe -- End of file - 4503 bytes

comment?

voila le rapport de Toolbar -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.80GHz ) BIOS : Phoenix - AwardBIOS v6.00PG USER : meriem ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:13 Go (Free:4 Go) D:\ (Local Disk) - NTFS - Total:12 Go (Free:9 Go) E:\ (Local Disk) - NTFS - Total:11 Go (Free:4 Go) F:\ (USB) - FAT - Total:16 Mo (Free:0 Go) G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) H:\ (USB) - FAT - Total:911 Mo (Free:0 Go) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [1] ( 21/09/2009|16:26 ) -----------\\ Recherche de Fichiers / Dossiers ... [service] MyWebSearchService C:\DOCUME~1\meriem\APPLIC~1\FunWebProducts C:\DOCUME~1\meriem\APPLIC~1\FunWebProducts\Data C:\DOCUME~1\meriem\APPLIC~1\FunWebProducts\Data\meriem C:\DOCUME~1\meriem\APPLIC~1\FunWebProducts\Data\meriem\avatar.dat C:\DOCUME~1\meriem\APPLIC~1\FunWebProducts\Data\meriem\register.dat C:\DOCUME~1\meriem\APPLIC~1\FunWebProducts\Data\meriem\zbucks.dat C:\Program Files\FunWebProducts C:\Program Files\FunWebProducts\ScreenSaver C:\Program Files\FunWebProducts\Shared C:\Program Files\FunWebProducts\ScreenSaver\Images C:\Program Files\FunWebProducts\Shared\Cache C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar C:\Program Files\MyWebSearch\bar\1.bin C:\Program Files\MyWebSearch\bar\Avatar C:\Program Files\MyWebSearch\bar\Cache C:\Program Files\MyWebSearch\bar\Game C:\Program Files\MyWebSearch\bar\History C:\Program Files\MyWebSearch\bar\icons C:\Program Files\MyWebSearch\bar\Message C:\Program Files\MyWebSearch\bar\Notifier C:\Program Files\MyWebSearch\bar\Settings C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL C:\Program Files\MyWebSearch\bar\Avatar\COMMON C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico C:\Program Files\MyWebSearch\bar\Cache\008C6345.bin C:\Program Files\MyWebSearch\bar\Cache\008C73BF.bin C:\Program Files\MyWebSearch\bar\Cache\008C7EBC.bin C:\Program Files\MyWebSearch\bar\Cache\008C89B8.bin C:\Program Files\MyWebSearch\bar\Cache\00B1C372 C:\Program Files\MyWebSearch\bar\Cache\00B303E1.bin C:\Program Files\MyWebSearch\bar\Cache\00B30BC1.bin C:\Program Files\MyWebSearch\bar\Cache\00B34474.bin C:\Program Files\MyWebSearch\bar\Cache\00B35146.bin C:\Program Files\MyWebSearch\bar\Cache\00B35BD5.bin C:\Program Files\MyWebSearch\bar\Cache\00B36182.bin C:\Program Files\MyWebSearch\bar\Cache\00B3671F.bin C:\Program Files\MyWebSearch\bar\Cache\00B36CEC.bin C:\Program Files\MyWebSearch\bar\Cache\00B373C2.bin C:\Program Files\MyWebSearch\bar\Cache\files.ini C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S C:\Program Files\MyWebSearch\bar\History\search3 C:\Program Files\MyWebSearch\bar\icons\CM.ICO C:\Program Files\MyWebSearch\bar\icons\MFC.ICO C:\Program Files\MyWebSearch\bar\icons\PSS.ICO C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO C:\Program Files\MyWebSearch\bar\icons\WB.ICO C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO C:\Program Files\MyWebSearch\bar\Message\COMMON C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\WINDOWS\iun6002.exe C:\WINDOWS\System32\f3PSSavr.scr C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll -----------\\ Extensions (meriem) - {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} => foxytunes (meriem) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus (meriem) - {EEE6C361-6118-11DC-9C72-001320C79847} => sweetim-toolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.msn.com/"'>http://www.msn.com/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 21/09/2009|16:26 - Option : [1] -----------\\ Fin du rapport a 16:26:54,79

voila le rapport ToolbarSD ToolBar S&D 1.2.9 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.80GHz ) BIOS : Phoenix - AwardBIOS v6.00PG USER : meriem ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:13 Go (Free:4 Go) D:\ (Local Disk) - NTFS - Total:12 Go (Free:9 Go) E:\ (Local Disk) - NTFS - Total:11 Go (Free:4 Go) F:\ (USB) - FAT - Total:16 Mo (Free:0 Go) G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go) H:\ (USB) - FAT - Total:911 Mo (Free:0 Go) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [1] ( 21/09/2009|16:26 ) -----------\\ Recherche de Fichiers / Dossiers ... [service] MyWebSearchService C:\DOCUME~1\meriem\APPLIC~1\FunWebProducts C:\DOCUME~1\meriem\APPLIC~1\FunWebProducts\Data C:\DOCUME~1\meriem\APPLIC~1\FunWebProducts\Data\meriem C:\DOCUME~1\meriem\APPLIC~1\FunWebProducts\Data\meriem\avatar.dat C:\DOCUME~1\meriem\APPLIC~1\FunWebProducts\Data\meriem\register.dat C:\DOCUME~1\meriem\APPLIC~1\FunWebProducts\Data\meriem\zbucks.dat C:\Program Files\FunWebProducts C:\Program Files\FunWebProducts\ScreenSaver C:\Program Files\FunWebProducts\Shared C:\Program Files\FunWebProducts\ScreenSaver\Images C:\Program Files\FunWebProducts\Shared\Cache C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar C:\Program Files\MyWebSearch\bar\1.bin C:\Program Files\MyWebSearch\bar\Avatar C:\Program Files\MyWebSearch\bar\Cache C:\Program Files\MyWebSearch\bar\Game C:\Program Files\MyWebSearch\bar\History C:\Program Files\MyWebSearch\bar\icons C:\Program Files\MyWebSearch\bar\Message C:\Program Files\MyWebSearch\bar\Notifier C:\Program Files\MyWebSearch\bar\Settings C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL C:\Program Files\MyWebSearch\bar\Avatar\COMMON C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico C:\Program Files\MyWebSearch\bar\Cache\008C6345.bin C:\Program Files\MyWebSearch\bar\Cache\008C73BF.bin C:\Program Files\MyWebSearch\bar\Cache\008C7EBC.bin C:\Program Files\MyWebSearch\bar\Cache\008C89B8.bin C:\Program Files\MyWebSearch\bar\Cache\00B1C372 C:\Program Files\MyWebSearch\bar\Cache\00B303E1.bin C:\Program Files\MyWebSearch\bar\Cache\00B30BC1.bin C:\Program Files\MyWebSearch\bar\Cache\00B34474.bin C:\Program Files\MyWebSearch\bar\Cache\00B35146.bin C:\Program Files\MyWebSearch\bar\Cache\00B35BD5.bin C:\Program Files\MyWebSearch\bar\Cache\00B36182.bin C:\Program Files\MyWebSearch\bar\Cache\00B3671F.bin C:\Program Files\MyWebSearch\bar\Cache\00B36CEC.bin C:\Program Files\MyWebSearch\bar\Cache\00B373C2.bin C:\Program Files\MyWebSearch\bar\Cache\files.ini C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S C:\Program Files\MyWebSearch\bar\History\search3 C:\Program Files\MyWebSearch\bar\icons\CM.ICO C:\Program Files\MyWebSearch\bar\icons\MFC.ICO C:\Program Files\MyWebSearch\bar\icons\PSS.ICO C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO C:\Program Files\MyWebSearch\bar\icons\WB.ICO C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO C:\Program Files\MyWebSearch\bar\Message\COMMON C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\WINDOWS\iun6002.exe C:\WINDOWS\System32\f3PSSavr.scr C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll -----------\\ Extensions (meriem) - {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} => foxytunes (meriem) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus (meriem) - {EEE6C361-6118-11DC-9C72-001320C79847} => sweetim-toolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.msn.com/"'>http://www.msn.com/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 21/09/2009|16:26 - Option : [1] -----------\\ Fin du rapport a 16:26:54,79

bonjour, quand je démarre mon PC il marche normal mais des que je me connecte sur internet et après 10 à 15 minutes mon PC se bloque et je peut absolument rien faire ni fermer les fenetres ni arrêter le PC normalement. alors que sur mon PC portable je me connecte sans aucun problème j'ai fait un scan avec Avira et voila le rapport: ــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ Avira AntiVir Personal Date de création du fichier de rapport : lundi 21 septembre 2009 09:34 La recherche porte sur 1729942 souches de virus. Détenteur de la licence :Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows XP Version de Windows :(Service Pack 2) [5.1.2600] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur :M-693D75C748D14 Informations de version : BUILD.DAT : 8.2.0.61 17752 Bytes 25/05/2009 13:47:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 07:21:00 AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 12:44:27 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 11:44:16 LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 06:30:27 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 18:30:29 ANTIVIR2.VDF : 7.1.6.1 3857920 Bytes 16/09/2009 20:33:57 ANTIVIR3.VDF : 7.1.6.13 181248 Bytes 18/09/2009 20:33:57 Version du moteur: 8.2.1.19 AEVDF.DLL : 8.1.1.2 106867 Bytes 19/09/2009 20:35:06 AESCRIPT.DLL : 8.1.2.31 475513 Bytes 09/09/2009 22:49:58 AESCN.DLL : 8.1.2.5 127346 Bytes 05/09/2009 23:15:04 AERDL.DLL : 8.1.2.4 430452 Bytes 19/07/2009 14:04:06 AEPACK.DLL : 8.2.0.0 422261 Bytes 19/09/2009 20:34:52 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 18/06/2009 20:23:36 AEHEUR.DLL : 8.1.0.155 1921400 Bytes 20/08/2009 20:02:26 AEHELP.DLL : 8.1.7.0 237940 Bytes 05/09/2009 23:14:45 AEGEN.DLL : 8.1.1.63 364916 Bytes 19/09/2009 20:33:57 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 09:05:56 AECORE.DLL : 8.1.8.1 184693 Bytes 19/09/2009 20:33:57 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 09:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 07:40:02 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 08:27:58 AVREP.DLL : 8.0.0.3 155688 Bytes 17/04/2009 17:20:51 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 10:26:37 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 07:29:19 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 11:27:46 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 16:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 11:49:36 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 11:05:07 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 06:23:16 RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 09:08:43 Configuration pour la recherche actuelle : Nom de la tâche..................: Contrôle intégral du système Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp Documentation....................: bas Action principale................: interactif Action secondaire................: ignorer Recherche sur les secteurs d'amorçage maître: marche Recherche sur les secteurs d'amorçage: marche Secteurs d'amorçage..............: C:, D:, E:, Recherche dans les programmes actifs: marche Recherche en cours sur l'enregistrement: marche Recherche de Rootkits............: arrêt Fichier mode de recherche........: Sélection de fichiers intelligente Recherche sur les archives.......: marche Limiter la profondeur de récursivité: 20 Archive Smart Extensions.........: marche Heuristique de macrovirus........: marche Heuristique fichier..............: moyen Début de la recherche : lundi 21 septembre 2009 09:34 La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'wmpnetwk.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'seekappsrch.exe' - '1' module(s) sont contrôlés Processus de recherche 'TUProgSt.exe' - '1' module(s) sont contrôlés Processus de recherche 'seekapp151.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsnfier.exe' - '1' module(s) sont contrôlés Processus de recherche 'wmpnscfg.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'GoogleUpdate.exe' - '1' module(s) sont contrôlés Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés Processus de recherche 'MWSOEMON.EXE' - '1' module(s) sont contrôlés Processus de recherche 'M3SRCHMN.EXE' - '1' module(s) sont contrôlés Processus de recherche 'realsched.exe' - '1' module(s) sont contrôlés Processus de recherche 'SweetIM.exe' - '1' module(s) sont contrôlés Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'E_S4I3T1.EXE' - '1' module(s) sont contrôlés Processus de recherche 'SOUNDMAN.EXE' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '37' processus ont été contrôlés avec '37' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'D:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'E:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence. Le registre a été contrôlé ( '59' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' C:\hiberfil.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P8W1T83T\upgrade[1].cab [0] Type d'archive: CAB (Microsoft) --> upgrade.exe [1] Type d'archive: NSIS --> [unknownDir]/seekapp.dll [RESULTAT] Contient le cheval de Troie TR/Spy.589824.23 [REMARQUE] Fichier supprimé. Recherche débutant dans 'D:\' <youcef> D:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! Recherche débutant dans 'E:\' <mahrane> E:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! Fin de la recherche : lundi 21 septembre 2009 10:25 Temps nécessaire: 51:16 Minute(s) La recherche a été effectuée intégralement 6920 Les répertoires ont été contrôlés 260397 Des fichiers ont été contrôlés 1 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 1 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 0 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 4 Impossible de contrôler des fichiers 260392 Fichiers non infectés 1710 Les archives ont été contrôlées 4 Avertissements 1 Consignes ــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ et voila aussi le rapport de Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:02:04, on 21/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\meriem\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp151.exe C:\WINDOWS\System32\TUProgSt.exe C:\Program Files\SeekappSrch\seekappsrch.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Documents and Settings\meriem\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.cherche.us/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchgateway.net/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\meriem\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; FunWebProducts; SIMBAR={79023CD5-4549-11DE-8DE5-00010222ABA4}; InfoPath.2; .NET CLR 2.0.50727)" -"http://www.jouerjeux.net/jeux/Street-Fighter-Online_3610.html" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\meriem\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.chat-land.org O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe O23 - Service: SeekappSrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp151.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe -- End of file - 10230 bytes Merci