Cheval de Troie

med_salah Messages postés 57 Statut Membre -  
kduc Messages postés 1537 Statut Membre -
Bonsoir tout le monde svp aider moi moi d'éliminer ce cheval de Troie de mon pc :olmarik.MF -->cheval de Troie
Merci d'avance .
Configuration: Windows XP
Firefox 3.5.3

5 réponses

  1. kduc Messages postés 1537 Statut Membre 133
     
    Salut,

    Comment réagit l' antivirus ... si tu en as un !
    0
    1. med_salah Messages postés 57 Statut Membre
       
      J'ai nod 32 ,il m'a averti de présence de ce cheval ,mai sil ne pas le supprimer .
      0
  2. kduc Messages postés 1537 Statut Membre 133
     
    Salut,

    Clique droit sur ce lien pour installer ComboFix (par sUBs) :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Choisis "Enregistrer sous" (dans IE c'est "Enregistrer la cible/le lien sous..")
    et sauvegarde-le (Enregistrer dans) sur le Bureau.

    Important : dans "Nom du fichier" enregistre (renomme) "combofix" en combo-fix.exe

    Prends connaissance de ce tutoriel : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Ferme toutes les fenêtres et applications.
    Déconnecte-toi du net et désactive tes protections résidentes :
    https://forum.pcastuces.com/default.asp

    Sur le bureau, double clique combo-fix.exe.
    Tape sur la touche Y (Yes) pour démarrer le scan.
    ComboFix redémarrera ton PC.
    Lorsque le scan sera complété, un rapport apparaîtra.
    Copie/colle ce rapport dans ta prochaine réponse.

    PS : Le rapport se trouve également ici : C:\Combofix.txt

    Ne clique pas dans la fenêtre de Combofix durant l’analyse : cela pourrait provoquer le gel du programme !

    Ensuite, ...

    Télécharge, installe et mets à jour Malwarebytes Anti-Malwares
    http://forum.telecharger.01net.com/microhebdo/6/tuto-securite/tuto-malwaresbytes-anti-malware-352008/messages-1.html puis, lance un scan COMPLET et poste le rapport.

    PS : si MalwareByte's a détecté des infections, clique sur Afficher les résultats,
    puis sur Supprimer la sélection.
    0
    1. med_salah Messages postés 57 Statut Membre
       
      Maintenant voila le rapport de Malwarebytes Anti-Malwares :
      Malwarebytes' Anti-Malware 1.41
      Version de la base de données: 2938
      Windows 5.1.2600 Service Pack 3

      10/10/2009 18:16:04
      mbam-log-2009-10-10 (18-16-04).txt

      Type de recherche: Examen rapide
      Eléments examinés: 107680
      Temps écoulé: 7 minute(s), 9 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 1
      Clé(s) du Registre infectée(s): 61
      Valeur(s) du Registre infectée(s): 2
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 1

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      C:\Program Files\Mozilla Firefox\components\WWShow.dll (Trojan.BHO) -> Delete on reboot.

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\AppID\{26a98aa8-07fe-46e6-b6df-26704f3b895f} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\AppID\BHO_CPV.dll (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\Program Files\Mozilla Firefox\components\WWShow.dll (Trojan.BHO) -> Delete on reboot.
      0
  3. med_salah Messages postés 57 Statut Membre
     
    Salut kduc je vous remercie pour votre aide ,je crois que ce cheval de Troie est supprimé ,voila le rapport de combofix :
    ComboFix 09-10-08.04 - Med_Salah 09/10/2009 15:00.1.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1604 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Med_Salah\Bureau\Combo-Fix.exe
    AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    * Un antivirus résident est actif

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Med_Salah\Application Data\cft
    c:\documents and settings\Med_Salah\Application Data\pridl
    c:\documents and settings\Med_Salah\Application Data\ShoppingReport
    c:\documents and settings\Med_Salah\Application Data\ShoppingReport\cs\Config.xml
    c:\documents and settings\Med_Salah\Application Data\ShoppingReport\cs\db\Aliases.dbs
    c:\documents and settings\Med_Salah\Application Data\ShoppingReport\cs\db\Sites.dbs
    c:\documents and settings\Med_Salah\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    c:\documents and settings\Med_Salah\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    c:\documents and settings\Med_Salah\Application Data\ShoppingReport\cs\report\send_storage.xml
    c:\documents and settings\Med_Salah\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
    c:\documents and settings\Med_Salah\Local Settings\Temporary Internet Files\bestwiner.stt
    c:\documents and settings\Med_Salah\Local Settings\Temporary Internet Files\fbk.sts
    c:\program files\autorun.inf
    c:\program files\FunWebProducts
    c:\program files\FunWebProducts\ScreenSaver\Cache\000C12C2.jpg
    c:\program files\FunWebProducts\ScreenSaver\Cache\files.ini
    c:\program files\FunWebProducts\ScreenSaver\Images\000B41E5.urr
    c:\program files\FunWebProducts\ScreenSaver\Images\000C11B8.urr
    c:\program files\FunWebProducts\ScreenSaver\Images\000DE669.dat
    c:\program files\FunWebProducts\ScreenSaver\Images\101x135\000DE669.jpg
    c:\program files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
    c:\program files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
    c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
    c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
    c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
    c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
    c:\program files\Jcore
    c:\program files\MyWebSearch
    c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
    c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
    c:\program files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
    c:\program files\MyWebSearch\bar\3.bin\F3BKGERR.JPG
    c:\program files\MyWebSearch\bar\3.bin\F3HKSTUB.DLL
    c:\program files\MyWebSearch\bar\3.bin\F3REGHK.DLL
    c:\program files\MyWebSearch\bar\3.bin\F3SPACER.WMV
    c:\program files\MyWebSearch\bar\3.bin\F3WALLPP.DAT
    c:\program files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL
    c:\program files\MyWebSearch\bar\3.bin\FWPBUDDY.PNG
    c:\program files\MyWebSearch\bar\3.bin\M3AUXSTB.DLL
    c:\program files\MyWebSearch\bar\3.bin\M3DLGHK.DLL
    c:\program files\MyWebSearch\bar\3.bin\M3FFXTBR.JAR
    c:\program files\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST
    c:\program files\MyWebSearch\bar\3.bin\M3NTSTBR.MANIFEST
    c:\program files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE
    c:\program files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE
    c:\program files\MyWebSearch\bar\3.bin\MWSBAR.DLL
    c:\program files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL
    c:\program files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL
    c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
    c:\program files\MyWebSearch\bar\Cache\00020015
    c:\program files\MyWebSearch\bar\Cache\000203EE.bin
    c:\program files\MyWebSearch\bar\Cache\00020A66.bin
    c:\program files\MyWebSearch\bar\Cache\00020D35.bin
    c:\program files\MyWebSearch\bar\Cache\00021B1F.bin
    c:\program files\MyWebSearch\bar\Cache\0007821E
    c:\program files\MyWebSearch\bar\Cache\013C0D9B.bin
    c:\program files\MyWebSearch\bar\Cache\013C101C.bin
    c:\program files\MyWebSearch\bar\Cache\013C1377.bin
    c:\program files\MyWebSearch\bar\Cache\013C1636.bin
    c:\program files\MyWebSearch\bar\Cache\013DFAD5
    c:\program files\MyWebSearch\bar\Cache\files.ini
    c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
    c:\program files\MyWebSearch\bar\Game\CHESS.F3S
    c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
    c:\program files\MyWebSearch\bar\History\search3
    c:\program files\MyWebSearch\bar\icons\CM.ICO
    c:\program files\MyWebSearch\bar\icons\MFC.ICO
    c:\program files\MyWebSearch\bar\icons\PSS.ICO
    c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
    c:\program files\MyWebSearch\bar\icons\WB.ICO
    c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
    c:\program files\MyWebSearch\bar\Message\COMMON.F3S
    c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
    c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
    c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
    c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
    c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
    c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
    c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
    c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
    c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
    c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
    c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
    c:\program files\MyWebSearch\bar\Settings\s_pid.dat
    c:\program files\ShoppingReport
    c:\program files\ShoppingReport\Uninst.exe
    c:\program files\WWShow
    c:\program files\WWShow\WWSHow.dll
    c:\slimen\PHP\Arab formation php\-_FILE~1\Desktop_.ini
    c:\slimen\PHP\Arab formation php\_FILES~1\Desktop_.ini
    c:\slimen\PHP\Arab formation php\_FILES~2\Desktop_.ini
    c:\slimen\PHP\Arab formation php\Desktop_.ini
    c:\slimen\PHP\Arab formation php\MYSQL_~1\Desktop_.ini
    c:\slimen\PHP\Arab formation php\MYSQL_~2\Desktop_.ini
    c:\slimen\PHP\Arab formation php\OOP_FI~1\Desktop_.ini
    c:\slimen\PHP\Arab formation php\PHP__F~1\Desktop_.ini
    c:\slimen\PHP\Arab formation php\PHP_files\Desktop_.ini
    c:\slimen\PHP\Arab formation php\PHP~1._FI\Desktop_.ini
    c:\slimen\PHP\Arab formation php\REGIST~1\Desktop_.ini
    c:\slimen\PHP\Arab formation php\The Text Counter_files\Desktop_.ini
    c:\slimen\PHP\PHP Manual\CVS\Desktop_.ini
    c:\slimen\PHP\PHP Manual\Desktop_.ini
    c:\slimen\PHP\W - Developer Shed Network\Desktop_.ini
    c:\windows\a3kebook.ini
    c:\windows\AegisP.inf
    c:\windows\akebook.ini
    c:\windows\ANS2000.INI
    c:\windows\autorun.inf
    c:\windows\msa.exe
    c:\windows\system32\config\systemprofile\Application Data\ShoppingReport
    c:\windows\system32\config\systemprofile\Application Data\ShoppingReport\cs\Config.xml
    c:\windows\system32\config\systemprofile\Application Data\ShoppingReport\cs\db\Aliases.dbs
    c:\windows\system32\config\systemprofile\Application Data\ShoppingReport\cs\db\Sites.dbs
    c:\windows\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    c:\windows\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\send_storage.xml
    c:\windows\system32\drivers\kbiwkmbpjewsrn.sys
    c:\windows\system32\drivers\kmfurcgjbtmuq.sys
    c:\windows\system32\drivers\str.sys
    c:\windows\system32\kbiwkmmqshqqdp.dll
    c:\windows\system32\kbiwkmorfprkda.dll
    c:\windows\system32\kbiwkmrfwowfvx.dll
    c:\windows\system32\kbiwkmsxrhovjy.dat
    c:\windows\system32\kbiwkmtwhmoycf.dat
    c:\windows\system32\kbiwkmupqoqxmv.dll
    c:\windows\system32\kbiwkmxmitetir.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_kbiwkmvdyibquw
    -------\Legacy_kbiwkmvdyibquw
    -------\Legacy_BFNUKGBVUWGN
    -------\Legacy_MYWEBSEARCHSERVICE
    -------\Legacy_SYNSEND
    -------\Service_MyWebSearchService
    -------\Service_synsend

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-09 au 2009-10-09 ))))))))))))))))))))))))))))))))))))
    .

    2009-10-08 22:30 . 2009-10-08 22:31 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\GetRightToGo
    2009-10-08 22:30 . 2009-10-08 22:30 -------- d-----w- C:\Downloads
    2009-10-08 21:59 . 2002-06-02 15:05 38912 ----a-w- c:\windows\system32\ProSoftLK.dll
    2009-10-08 21:59 . 1999-09-28 18:42 1050896 ----a-w- c:\windows\system32\msjet35.dll
    2009-10-08 21:59 . 1999-09-09 19:06 252688 ----a-w- c:\windows\system32\msexcl35.dll
    2009-10-08 21:59 . 1999-08-03 21:00 24848 ----a-w- c:\windows\system32\msjter35.dll
    2009-10-08 21:59 . 1999-08-03 21:00 123664 ----a-w- c:\windows\system32\msjint35.dll
    2009-10-08 21:59 . 1998-09-15 22:12 262144 ----a-w- c:\windows\system32\msrd2x35.dll
    2009-10-08 21:59 . 1998-06-16 21:00 94285 ----a-w- c:\windows\system32\MSVCIRTD.DLL
    2009-10-08 21:59 . 1998-06-16 21:00 929844 ----a-w- c:\windows\system32\MFC42D.DLL
    2009-10-08 21:59 . 1998-06-16 21:00 798773 ----a-w- c:\windows\system32\MFCO42D.DLL
    2009-10-08 21:59 . 1998-06-16 21:00 385100 ----a-w- c:\windows\system32\MSVCRTD.DLL
    2009-10-08 21:59 . 1998-06-16 21:00 274485 ----a-w- c:\windows\system32\MFCD42D.DLL
    2009-10-08 21:58 . 1997-11-19 12:49 303616 ----a-w- c:\windows\IsUninst.exe
    2009-10-08 12:48 . 2009-10-08 12:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
    2009-10-08 06:24 . 2009-10-08 06:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-10-07 22:38 . 2009-10-07 22:38 -------- dc-h--w- c:\windows\ie8
    2009-10-05 18:08 . 2009-10-05 18:08 -------- d-----w- C:\Convertedpsp
    2009-10-05 18:08 . 2009-10-05 18:08 -------- d-----w- C:\Converted
    2009-10-04 21:19 . 2009-10-04 21:19 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\Phoeniixz
    2009-10-04 18:10 . 2009-10-04 18:10 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
    2009-10-04 18:10 . 2009-10-04 18:10 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
    2009-10-04 14:35 . 2009-10-04 14:35 -------- d-----w- C:\spoolerlogs
    2009-10-04 14:32 . 2009-10-04 14:32 18432 ----a-w- c:\windows\ss3unstl.exe
    2009-10-04 14:32 . 2009-10-04 14:32 4179888 ----a-w- c:\windows\system32\Nacho Libre.scr
    2009-09-30 22:00 . 2009-09-30 22:00 -------- d-----w- c:\program files\Pinnacle
    2009-09-30 22:00 . 2009-09-30 22:00 -------- d-----w- c:\program files\Fichiers communs\Yahoo!
    2009-09-30 22:00 . 2009-09-30 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle VideoSpin
    2009-09-30 21:58 . 2009-09-30 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
    2009-09-30 21:58 . 2009-09-30 21:58 -------- d-----w- c:\documents and settings\Med_Salah\Local Settings\Application Data\Downloaded Installations
    2009-09-30 21:18 . 2005-07-13 18:42 161280 ----a-w- c:\windows\system32\fmod.dll
    2009-09-30 21:18 . 2001-04-27 21:11 24576 ----a-w- c:\windows\system32\smartsubclass.dll
    2009-09-30 21:18 . 1999-09-08 23:51 40208 ----a-w- c:\windows\system32\dsetup.dll
    2009-09-30 21:14 . 2009-09-30 21:30 -------- d-----w- c:\program files\Web Photo Album
    2009-09-25 23:26 . 2009-09-25 23:26 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\Nvu
    2009-09-25 23:21 . 2009-09-25 23:21 -------- d-----w- c:\program files\Crimson Editor
    2009-09-25 10:45 . 2009-09-27 19:49 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\FileZilla
    2009-09-25 10:45 . 2009-09-25 10:45 -------- d-----w- c:\program files\FileZilla Client
    2009-09-23 17:27 . 2009-10-07 11:28 -------- d-----w- c:\documents and settings\Med_Salah\Local Settings\Application Data\Temp
    2009-09-22 22:46 . 2009-09-22 22:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
    2009-09-22 21:35 . 2009-09-22 21:35 -------- d-----w- c:\documents and settings\Med_Salah\Local Settings\Application Data\ESET
    2009-09-22 21:34 . 2009-09-22 21:34 -------- d-----w- c:\program files\ESET
    2009-09-22 21:34 . 2009-09-22 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
    2009-09-22 20:38 . 2009-09-22 20:38 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\Uniblue
    2009-09-21 10:25 . 2009-09-21 10:25 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\Windows Live Writer
    2009-09-21 10:25 . 2009-09-21 10:25 -------- d-----w- c:\documents and settings\Med_Salah\Local Settings\Application Data\Windows Live Writer
    2009-09-17 22:10 . 2009-09-17 22:10 -------- d-----w- c:\program files\IMProDeskTop
    2009-09-15 21:28 . 2009-09-15 21:29 -------- d-----w- c:\program files\FaceMorpher Lite
    2009-09-15 21:18 . 2009-09-15 21:18 -------- d-----w- c:\documents and settings\Med_Salah\Local Settings\Application Data\MAGIX
    2009-09-15 21:18 . 2009-09-15 21:18 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\MAGIX
    2009-09-15 21:18 . 2003-04-18 13:46 1233920 ----a-w- c:\windows\system32\msxml4.dll
    2009-09-15 21:18 . 2003-04-18 13:29 82432 ----a-w- c:\windows\system32\msxml4r.dll
    2009-09-15 21:18 . 2003-04-18 13:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
    2009-09-15 21:18 . 2009-09-15 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
    2009-09-15 21:18 . 2009-09-15 21:18 -------- d-----w- c:\program files\MAGIX
    2009-09-15 21:18 . 2007-04-27 07:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
    2009-09-15 21:18 . 2009-09-15 21:18 -------- d-----w- c:\windows\system32\MAGIX
    2009-09-15 21:18 . 2008-04-15 13:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
    2009-09-15 21:17 . 2009-09-15 21:18 -------- d-----w- c:\program files\Lovely Cats
    2009-09-15 20:04 . 2009-09-15 20:04 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
    2009-09-14 13:14 . 2009-10-09 12:04 -------- d-----w- c:\documents and settings\Med_Salah\Tracing
    2009-09-14 12:58 . 2009-09-14 12:58 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-09-14 12:58 . 2009-09-14 12:58 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
    2009-09-14 12:57 . 2009-08-05 20:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
    2009-09-14 12:57 . 2009-09-14 12:57 -------- d-----w- c:\program files\Microsoft Sync Framework
    2009-09-14 12:56 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2009-09-14 12:56 . 2009-09-14 12:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2009-09-14 12:55 . 2009-09-14 12:58 -------- d-----w- c:\program files\Microsoft
    2009-09-14 12:55 . 2009-09-14 12:55 -------- d-----w- c:\program files\Windows Live SkyDrive
    2009-09-14 12:54 . 2009-09-14 12:57 -------- d-----w- c:\program files\Windows Live
    2009-09-14 12:33 . 2009-09-14 12:33 -------- d-----w- c:\program files\Fichiers communs\Windows Live
    2009-09-12 12:25 . 2009-09-12 12:25 -------- d-----w- c:\windows\Sun
    2009-09-11 20:07 . 2009-10-05 18:15 -------- d-----w- c:\program files\Total Video Converter
    2009-09-11 19:16 . 2009-09-11 19:16 -------- d-----w- C:\My Videos
    2009-09-11 19:16 . 2009-09-11 19:16 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\aHisoft
    2009-09-11 19:16 . 2009-09-11 19:16 -------- d-----w- c:\program files\aHisoft
    2009-09-11 17:52 . 2009-09-20 15:11 -------- d-----w- C:\UsbFix

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-10-09 13:17 . 2009-09-07 14:53 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\Skype
    2009-10-09 13:03 . 2008-04-14 12:00 81028 ----a-w- c:\windows\system32\perfc00C.dat
    2009-10-09 13:03 . 2008-04-14 12:00 502196 ----a-w- c:\windows\system32\perfh00C.dat
    2009-10-09 12:58 . 2009-08-31 11:56 -------- d-----w- c:\program files\SuperCopier2
    2009-10-09 08:14 . 2009-09-07 16:26 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\skypePM
    2009-10-07 22:25 . 2009-08-31 11:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PowerAMC 12
    2009-10-01 00:17 . 2009-09-07 13:12 -------- d-----w- c:\program files\Google
    2009-09-30 22:03 . 2009-07-26 12:41 96152 ----a-w- c:\documents and settings\Med_Salah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-09-22 23:55 . 2009-09-05 16:14 -------- d-----w- c:\program files\MSN Messenger
    2009-09-20 12:03 . 2009-07-26 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-09-18 20:27 . 2009-09-03 11:00 -------- d-----w- c:\program files\EasyPHP 3.0
    2009-09-18 20:18 . 2009-07-28 14:13 -------- d-----w- c:\program files\URUSoft
    2009-09-16 20:09 . 2009-09-06 13:15 -------- d-----w- c:\program files\Hotspot Shield
    2009-09-15 20:04 . 2009-07-02 02:34 37376 ----a-w- c:\windows\system32\drivers\hssdrv.sys
    2009-09-07 16:26 . 2009-09-07 16:26 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2009-09-07 13:12 . 2009-09-07 13:11 -------- d-----r- c:\program files\Skype
    2009-09-07 13:12 . 2009-09-07 13:12 -------- d-----w- c:\program files\Fichiers communs\Skype
    2009-09-07 13:11 . 2009-09-07 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2009-09-07 13:03 . 2009-07-26 14:08 -------- d-----w- c:\program files\MSBuild
    2009-09-07 13:03 . 2009-09-07 13:03 -------- d-----w- c:\program files\Reference Assemblies
    2009-09-06 21:20 . 2009-07-29 18:16 -------- d-----w- c:\program files\Java
    2009-09-06 21:09 . 2009-09-06 21:09 0 ----a-w- c:\windows\system32\cd.dat
    2009-09-06 13:16 . 2009-09-06 13:16 -------- d-----w- c:\program files\Hotspot_Shield
    2009-09-06 13:16 . 2009-09-06 13:16 -------- d-----w- c:\program files\Conduit
    2009-09-05 16:17 . 2009-09-05 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Windows Live Toolbar
    2009-09-03 15:00 . 2009-08-31 11:22 -------- d-----w- c:\program files\Sybase
    2009-08-31 12:03 . 2009-08-31 12:03 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\Winamp
    2009-08-31 12:00 . 2009-08-31 12:00 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\Notepad++
    2009-08-31 11:22 . 2009-07-26 12:52 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-08-29 09:58 . 2009-08-25 08:12 -------- d-----w- c:\program files\Microsoft Etudes
    2009-08-25 08:11 . 2009-08-25 08:11 -------- d-----w- c:\program files\Learning Essentials
    2009-08-18 15:46 . 2009-08-18 15:44 -------- d-----w- c:\program files\Satsuki Decoder Pack
    2009-08-12 18:27 . 2009-08-04 18:41 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\f2fElementary
    2009-08-05 09:00 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-08-01 15:34 . 2009-08-01 15:34 4608 ----a-w- c:\windows\system32\w95inf32.dll
    2009-08-01 15:34 . 2009-08-01 15:34 2272 ----a-w- c:\windows\system32\w95inf16.dll
    2009-07-29 04:35 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-07-29 04:35 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-07-27 07:40 . 2009-07-27 07:40 0 --sh--w- c:\windows\SF6E0144B.tmp
    2009-07-26 20:13 . 2009-07-26 20:13 0 ----a-w- c:\windows\nsreg.dat
    2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
    2009-07-26 13:18 . 2009-07-26 13:18 0 ----a-w- c:\windows\ativpsrm.bin
    2009-07-26 13:15 . 2009-07-26 13:15 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2009-07-26 13:15 . 2009-07-26 13:15 21361 ----a-w- c:\windows\AegisP.sys
    2009-07-26 13:15 . 2009-07-26 13:09 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
    2009-07-26 12:53 . 2009-07-26 12:53 315392 ----a-w- c:\windows\HideWin.exe
    2009-07-26 12:31 . 2009-07-26 12:31 21892 ----a-w- c:\windows\system32\emptyregdb.dat
    2009-07-25 03:23 . 2009-07-29 18:10 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-22 19:13 . 2009-07-22 19:13 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
    2009-07-17 19:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-12 10:21 . 2008-04-14 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-13 10:07 . 2009-07-13 10:07 89600 ----a-w- c:\program files\mozilla firefox\components\WWShow.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHots.dll" [2009-07-02 2215960]

    [HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
    2009-07-02 08:18 2215960 ----a-w- c:\program files\Hotspot_Shield\tbHots.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
    2009-09-06 13:16 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHots.dll" [2009-07-02 2215960]

    [HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHots.dll" [2009-07-02 2215960]

    [HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
    "L08FXLRD_7241359"="d:\microsoft encarta\microsoft encarta\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" [2007-06-12 351000]
    "WPPChanger"="d:\program files\WallPapa\WPPChanger.exe" [2009-06-12 896512]
    "WPPAgent"="d:\program files\WallPapa\WPPAgent.exe" [2009-06-12 22016]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-29 16132608]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Documents and Settings\\Med_Salah\\Bureau\\eclipse\\eclipse.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\c\\Program Files\\EasyPHP 3.0\\mysql\\bin\\mysqld.exe"=
    "c:\\Program Files\\EasyPHP 3.0\\mysql\\bin\\mysqld.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "d:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
    "d:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
    "d:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 15:47 107256]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14/05/2009 15:49 94360]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14/05/2009 15:47 731840]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14/09/2009 14:57 54752]
    R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [15/09/2009 22:04 331824]
    R3 taphss;Anchorfree HSS Adapter;c:\windows\system32\drivers\taphss.sys [15/09/2009 22:04 32768]
    S2 bfnukgbvuwgn;bfnukgbvuwgn;\??\c:\windows\system32\drivers\kmfurcgjbtmuq.sys --> c:\windows\system32\drivers\kmfurcgjbtmuq.sys [?]
    S2 gupdate1ca2fbcec4a39c8;Service Google Update (gupdate1ca2fbcec4a39c8);c:\program files\Google\Update\GoogleUpdate.exe [07/09/2009 15:12 133104]
    S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
    S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [15/09/2009 22:29 57640]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [14/06/2008 10:13 576680]
    S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [22/07/2009 21:13 28592]
    S3 Tomcat6;Apache Tomcat;"d:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe" //RS//Tomcat6 --> d:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [?]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - mchInjDrv

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contenu du dossier 'Tâches planifiées'

    2009-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 13:12]

    2009-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 13:12]

    2009-10-09 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-09-07 20:18]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZRfox000&ptb=G4ZNsnpAaS2AJ06t8LrXNA
    uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRfox000&fl=0&ptb=G4ZNsnpAaS2AJ06t8LrXNA&url=https://hp.mywebsearch.com/mywebsearch/index.html{searchTerms}
    uInternet Settings,ProxyServer = 172.16.128.1:8080
    uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    FF - ProfilePath - c:\documents and settings\Med_Salah\Application Data\Mozilla\Firefox\Profiles\vwskd2aw.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRfox000&fl=0&ptb=G4ZNsnpAaS2AJ06t8LrXNA&url=https://hp.mywebsearch.com/mywebsearch/index.html
    FF - prefs.js: network.proxy.http - 172.16.128.1
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\Med_Salah\Application Data\Mozilla\Firefox\Profiles\vwskd2aw.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
    FF - component: c:\program files\Mozilla Firefox\components\WWShow.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-L08FXLRD_2285093 - d:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
    HKLM-Run-WinampAgent - e:\winamp\winampa.exe
    HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL
    HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe
    AddRemove-Apache Tomcat 6.0 - d:\program files\Apache Software Foundation\Tomcat 6.0\Uninstall.exe
    AddRemove-AVI ReComp - d:\program files\AVI ReComp\Uninstall.exe
    AddRemove-Avisynth - d:\program files\AviSynth 2.5\Uninstall.exe
    AddRemove-DebugMode Wink - d:\program files\DebugMode\Wink\uninst.exe
    AddRemove-DivX Content Uploader - d:\program files\DivX\DivXContentUploaderUninstall.exe
    AddRemove-TMM70 - d:\program files\Auralog\TELL ME MORE SI PLUS\Bin\unsetup.exe
    AddRemove-VobSub - d:\program files\Gabest\VobSub\uninstall.exe
    AddRemove-WampServer 2_is1 - d:\wamp\unins000.exe
    AddRemove-Xvid_is1 - d:\program files\Xvid\unins000.exe
    AddRemove-{7585478E9D9B42108671C12F8714CEFE} - d:\program files\DivX\ConverterUninstall.exe
    AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - d:\program files\DivX\DivXCodecUninstall.exe
    AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - d:\program files\DivX\DivXPlayerUninstall.exe
    AddRemove-{B13A7C41581B411290FBC0395694E2A9} - d:\program files\DivX\ConverterUninstall.exe
    AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - d:\program files\DivX\DivXWebPlayerUninstall.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-10-09 15:15
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\MED_SA~1\LOCALS~1\Temp\mc2C.tmp"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(1156)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\netprovcredman.dll

    - - - - - - - > 'explorer.exe'(3812)
    c:\program files\SuperCopier2\SC2Hook.dll
    c:\windows\system32\btmmhook.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Hotspot Shield\bin\openvpnas.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\docume~1\MED_SA~1\LOCALS~1\temp\RtkBtMnt.exe
    c:\program files\Skype\Plugin Manager\skypePM.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-10-09 15:20 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-10-09 13:20

    Avant-CF: 75 563 913 216 octets libres
    Après-CF: 75 696 259 072 octets libres

    460 --- E O F --- 2009-09-07 13:09
    0
  4. kduc Messages postés 1537 Statut Membre 133
     
    Salut,

    Fais un scan HijackThis :
    http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ... et poste le rapport.
    0
    1. med_salah Messages postés 57 Statut Membre
       
      Salut kduc ,voila le rapport :
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 00:19:00, on 12/10/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\windows\System32\smss.exe
      C:\windows\system32\csrss.exe
      C:\windows\system32\winlogon.exe
      C:\windows\system32\services.exe
      C:\windows\system32\lsass.exe
      C:\windows\system32\Ati2evxx.exe
      C:\windows\system32\svchost.exe
      C:\windows\system32\svchost.exe
      C:\windows\System32\svchost.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\windows\system32\svchost.exe
      C:\windows\system32\svchost.exe
      C:\windows\system32\Ati2evxx.exe
      C:\windows\system32\spoolsv.exe
      C:\windows\system32\svchost.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Hotspot Shield\bin\openvpnas.exe
      C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      d:\Program Files\CDBurnerXP\NMSAccessU.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\windows\system32\svchost.exe
      C:\windows\Explorer.EXE
      C:\windows\system32\wscntfy.exe
      C:\windows\system32\wbem\wmiprvse.exe
      C:\windows\System32\alg.exe
      C:\windows\RTHDCPL.EXE
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
      C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
      C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      C:\Program Files\SuperCopier2\SuperCopier2.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      D:\microsoft encarta\microsoft encarta\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
      D:\Program Files\WallPapa\WPPAgent.exe
      C:\windows\system32\ctfmon.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
      C:\DOCUME~1\MED_SA~1\LOCALS~1\Temp\RtkBtMnt.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Satsuki Decoder Pack\mpc\mplayerc.exe
      d:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\windows\system32\wbem\wmiprvse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.128.1:8080
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
      O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
      O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
      O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
      O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
      O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "d:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [L08FXLRD_7241359] "D:\microsoft encarta\microsoft encarta\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
      O4 - HKCU\..\Run: [WPPChanger] D:\Program Files\WallPapa\WPPChanger.exe --next
      O4 - HKCU\..\Run: [WPPAgent] D:\Program Files\WallPapa\WPPAgent.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Anti-Autorun-inf.lnk = D:\Program Files\Prg Chris\Anti-Autorun.inf\Anti-Autorun.inf.exe
      O4 - Startup: ZooskDesktop.lnk = D:\Program Files\ZooskDesktop\ZooskDesktop.exe
      O4 - Global Startup: BTTray.lnk = ?
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
      O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
      O23 - Service: Service Google Update (gupdate1ca2fbcec4a39c8) (gupdate1ca2fbcec4a39c8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
      O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
      O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: NMSAccessU - Unknown owner - d:\Program Files\CDBurnerXP\NMSAccessU.exe
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: Apache Tomcat (Tomcat6) - Unknown owner - d:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe (file missing)
      O23 - Service: wampapache - Unknown owner - d:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)
      O23 - Service: wampmysqld - Unknown owner - d:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe (file missing)
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. kduc Messages postés 1537 Statut Membre 133
     
    Salut,

    (si ce n’ est déjà fait) Télécharge CCleaner :
    http://www.filehippo.com/download_ccleaner.html
    ("Download Latest Version", sur la droite) et laisse-toi guider.
    A un moment, il te sera demandé de cocher :
    "Ajouter la barre d' outils Yahoo". Refuse et …
    Laisse-le s’ installer tel que …

    -------
    Redémarre le PC en mode sans échec ...
    https://www.pcastuces.com/pratique/windows/mode_sans_echec/page2.html
    (méthode F8 de préférence)

    --------------------------------------------
    Tu n' auras pas accès à Internet pendant le "mode sans échec".
    Aussi, copie/colle la procédure dans un fichier texte (word) et mets-la
    sur le "bureau" pour l' avoir à ta disposition.
    --------------------------------------------

    Ferme toutes les fenêtres et applications.
    Relance HijackThis et clique sur > Do a system scan only puis, coche
    les cases devant les lignes qui suivent (et uniquement ces lignes), si tjrs présentes :

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: Anti-Autorun-inf.lnk = D:\Program Files\Prg Chris\Anti-Autorun.inf\Anti-Autorun.inf.exe
    O23 - Service: wampapache - Unknown owner - d:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)
    O23 - Service: wampmysqld - Unknown owner - d:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe (file missing)

    Ensuite, clique sur > Fix checked et valide par "Yes". Referme HijackThis.

    Lance CCleaner ...
    Clique sur > Analyser > Nettoyer, puis sur OK dans la fenêtre qui s' affiche.
    (re)Lance le nettoyage et (re)confirme par OK.

    Redémarre le PC en mode normal ...

    Relance un scan Malwarebytes et poste le rapport.

    Fais de même avec Nod32.
    0