Sujet Précédent Sujet Suivant

Cheval de Troie

med_salah Messages postés 57 Statut Membre -  
kduc Messages postés 1537 Statut Membre -
Bonsoir tout le monde svp aider moi moi d'éliminer ce cheval de Troie de mon pc :olmarik.MF -->cheval de Troie
Merci d'avance .

5 réponses

Réponse 1 / 5
kduc Messages postés 1537 Statut Membre 133
 
Salut,

Comment réagit l' antivirus ... si tu en as un !
0
med_salah Messages postés 57 Statut Membre
 
J'ai nod 32 ,il m'a averti de présence de ce cheval ,mai sil ne pas le supprimer .
0
Réponse 2 / 5
kduc Messages postés 1537 Statut Membre 133
 
Salut,

Clique droit sur ce lien pour installer ComboFix (par sUBs) :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Choisis "Enregistrer sous" (dans IE c'est "Enregistrer la cible/le lien sous..")
et sauvegarde-le (Enregistrer dans) sur le Bureau.

Important : dans "Nom du fichier" enregistre (renomme) "combofix" en combo-fix.exe

Prends connaissance de ce tutoriel : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Ferme toutes les fenêtres et applications.
Déconnecte-toi du net et désactive tes protections résidentes :
https://forum.pcastuces.com/default.asp

Sur le bureau, double clique combo-fix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
ComboFix redémarrera ton PC.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse.

PS : Le rapport se trouve également ici : C:\Combofix.txt

Ne clique pas dans la fenêtre de Combofix durant l’analyse : cela pourrait provoquer le gel du programme !

Ensuite, ...

Télécharge, installe et mets à jour Malwarebytes Anti-Malwares
http://forum.telecharger.01net.com/microhebdo/6/tuto-securite/tuto-malwaresbytes-anti-malware-352008/messages-1.html puis, lance un scan COMPLET et poste le rapport.

PS : si MalwareByte's a détecté des infections, clique sur Afficher les résultats,
puis sur Supprimer la sélection.
0
med_salah Messages postés 57 Statut Membre
 
Maintenant voila le rapport de Malwarebytes Anti-Malwares :
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2938
Windows 5.1.2600 Service Pack 3

10/10/2009 18:16:04
mbam-log-2009-10-10 (18-16-04).txt

Type de recherche: Examen rapide
Eléments examinés: 107680
Temps écoulé: 7 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 61
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\Mozilla Firefox\components\WWShow.dll (Trojan.BHO) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{26a98aa8-07fe-46e6-b6df-26704f3b895f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_CPV.dll (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Mozilla Firefox\components\WWShow.dll (Trojan.BHO) -> Delete on reboot.
0
Réponse 3 / 5
med_salah Messages postés 57 Statut Membre
 
Salut kduc je vous remercie pour votre aide ,je crois que ce cheval de Troie est supprimé ,voila le rapport de combofix :
ComboFix 09-10-08.04 - Med_Salah 09/10/2009 15:00.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1604 [GMT 2:00]
Lancé depuis: c:\documents and settings\Med_Salah\Bureau\Combo-Fix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Un antivirus résident est actif

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Med_Salah\Application Data\cft
c:\documents and settings\Med_Salah\Application Data\pridl
c:\documents and settings\Med_Salah\Application Data\ShoppingReport
c:\documents and settings\Med_Salah\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Med_Salah\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Med_Salah\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Med_Salah\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Med_Salah\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Med_Salah\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Med_Salah\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\documents and settings\Med_Salah\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Med_Salah\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\autorun.inf
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Cache\000C12C2.jpg
c:\program files\FunWebProducts\ScreenSaver\Cache\files.ini
c:\program files\FunWebProducts\ScreenSaver\Images\000B41E5.urr
c:\program files\FunWebProducts\ScreenSaver\Images\000C11B8.urr
c:\program files\FunWebProducts\ScreenSaver\Images\000DE669.dat
c:\program files\FunWebProducts\ScreenSaver\Images\101x135\000DE669.jpg
c:\program files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
c:\program files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\Jcore
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\3.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\3.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\3.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\3.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\3.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\3.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\3.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\3.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\3.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\3.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\3.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00020015
c:\program files\MyWebSearch\bar\Cache\000203EE.bin
c:\program files\MyWebSearch\bar\Cache\00020A66.bin
c:\program files\MyWebSearch\bar\Cache\00020D35.bin
c:\program files\MyWebSearch\bar\Cache\00021B1F.bin
c:\program files\MyWebSearch\bar\Cache\0007821E
c:\program files\MyWebSearch\bar\Cache\013C0D9B.bin
c:\program files\MyWebSearch\bar\Cache\013C101C.bin
c:\program files\MyWebSearch\bar\Cache\013C1377.bin
c:\program files\MyWebSearch\bar\Cache\013C1636.bin
c:\program files\MyWebSearch\bar\Cache\013DFAD5
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Uninst.exe
c:\program files\WWShow
c:\program files\WWShow\WWSHow.dll
c:\slimen\PHP\Arab formation php\-_FILE~1\Desktop_.ini
c:\slimen\PHP\Arab formation php\_FILES~1\Desktop_.ini
c:\slimen\PHP\Arab formation php\_FILES~2\Desktop_.ini
c:\slimen\PHP\Arab formation php\Desktop_.ini
c:\slimen\PHP\Arab formation php\MYSQL_~1\Desktop_.ini
c:\slimen\PHP\Arab formation php\MYSQL_~2\Desktop_.ini
c:\slimen\PHP\Arab formation php\OOP_FI~1\Desktop_.ini
c:\slimen\PHP\Arab formation php\PHP__F~1\Desktop_.ini
c:\slimen\PHP\Arab formation php\PHP_files\Desktop_.ini
c:\slimen\PHP\Arab formation php\PHP~1._FI\Desktop_.ini
c:\slimen\PHP\Arab formation php\REGIST~1\Desktop_.ini
c:\slimen\PHP\Arab formation php\The Text Counter_files\Desktop_.ini
c:\slimen\PHP\PHP Manual\CVS\Desktop_.ini
c:\slimen\PHP\PHP Manual\Desktop_.ini
c:\slimen\PHP\W - Developer Shed Network\Desktop_.ini
c:\windows\a3kebook.ini
c:\windows\AegisP.inf
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\autorun.inf
c:\windows\msa.exe
c:\windows\system32\config\systemprofile\Application Data\ShoppingReport
c:\windows\system32\config\systemprofile\Application Data\ShoppingReport\cs\Config.xml
c:\windows\system32\config\systemprofile\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\windows\system32\config\systemprofile\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\windows\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\windows\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\windows\system32\drivers\kbiwkmbpjewsrn.sys
c:\windows\system32\drivers\kmfurcgjbtmuq.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\kbiwkmmqshqqdp.dll
c:\windows\system32\kbiwkmorfprkda.dll
c:\windows\system32\kbiwkmrfwowfvx.dll
c:\windows\system32\kbiwkmsxrhovjy.dat
c:\windows\system32\kbiwkmtwhmoycf.dat
c:\windows\system32\kbiwkmupqoqxmv.dll
c:\windows\system32\kbiwkmxmitetir.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kbiwkmvdyibquw
-------\Legacy_kbiwkmvdyibquw
-------\Legacy_BFNUKGBVUWGN
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_SYNSEND
-------\Service_MyWebSearchService
-------\Service_synsend

((((((((((((((((((((((((((((( Fichiers créés du 2009-09-09 au 2009-10-09 ))))))))))))))))))))))))))))))))))))
.

2009-10-08 22:30 . 2009-10-08 22:31 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\GetRightToGo
2009-10-08 22:30 . 2009-10-08 22:30 -------- d-----w- C:\Downloads
2009-10-08 21:59 . 2002-06-02 15:05 38912 ----a-w- c:\windows\system32\ProSoftLK.dll
2009-10-08 21:59 . 1999-09-28 18:42 1050896 ----a-w- c:\windows\system32\msjet35.dll
2009-10-08 21:59 . 1999-09-09 19:06 252688 ----a-w- c:\windows\system32\msexcl35.dll
2009-10-08 21:59 . 1999-08-03 21:00 24848 ----a-w- c:\windows\system32\msjter35.dll
2009-10-08 21:59 . 1999-08-03 21:00 123664 ----a-w- c:\windows\system32\msjint35.dll
2009-10-08 21:59 . 1998-09-15 22:12 262144 ----a-w- c:\windows\system32\msrd2x35.dll
2009-10-08 21:59 . 1998-06-16 21:00 94285 ----a-w- c:\windows\system32\MSVCIRTD.DLL
2009-10-08 21:59 . 1998-06-16 21:00 929844 ----a-w- c:\windows\system32\MFC42D.DLL
2009-10-08 21:59 . 1998-06-16 21:00 798773 ----a-w- c:\windows\system32\MFCO42D.DLL
2009-10-08 21:59 . 1998-06-16 21:00 385100 ----a-w- c:\windows\system32\MSVCRTD.DLL
2009-10-08 21:59 . 1998-06-16 21:00 274485 ----a-w- c:\windows\system32\MFCD42D.DLL
2009-10-08 21:58 . 1997-11-19 12:49 303616 ----a-w- c:\windows\IsUninst.exe
2009-10-08 12:48 . 2009-10-08 12:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-10-08 06:24 . 2009-10-08 06:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-07 22:38 . 2009-10-07 22:38 -------- dc-h--w- c:\windows\ie8
2009-10-05 18:08 . 2009-10-05 18:08 -------- d-----w- C:\Convertedpsp
2009-10-05 18:08 . 2009-10-05 18:08 -------- d-----w- C:\Converted
2009-10-04 21:19 . 2009-10-04 21:19 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\Phoeniixz
2009-10-04 18:10 . 2009-10-04 18:10 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
2009-10-04 18:10 . 2009-10-04 18:10 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2009-10-04 14:35 . 2009-10-04 14:35 -------- d-----w- C:\spoolerlogs
2009-10-04 14:32 . 2009-10-04 14:32 18432 ----a-w- c:\windows\ss3unstl.exe
2009-10-04 14:32 . 2009-10-04 14:32 4179888 ----a-w- c:\windows\system32\Nacho Libre.scr
2009-09-30 22:00 . 2009-09-30 22:00 -------- d-----w- c:\program files\Pinnacle
2009-09-30 22:00 . 2009-09-30 22:00 -------- d-----w- c:\program files\Fichiers communs\Yahoo!
2009-09-30 22:00 . 2009-09-30 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle VideoSpin
2009-09-30 21:58 . 2009-09-30 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2009-09-30 21:58 . 2009-09-30 21:58 -------- d-----w- c:\documents and settings\Med_Salah\Local Settings\Application Data\Downloaded Installations
2009-09-30 21:18 . 2005-07-13 18:42 161280 ----a-w- c:\windows\system32\fmod.dll
2009-09-30 21:18 . 2001-04-27 21:11 24576 ----a-w- c:\windows\system32\smartsubclass.dll
2009-09-30 21:18 . 1999-09-08 23:51 40208 ----a-w- c:\windows\system32\dsetup.dll
2009-09-30 21:14 . 2009-09-30 21:30 -------- d-----w- c:\program files\Web Photo Album
2009-09-25 23:26 . 2009-09-25 23:26 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\Nvu
2009-09-25 23:21 . 2009-09-25 23:21 -------- d-----w- c:\program files\Crimson Editor
2009-09-25 10:45 . 2009-09-27 19:49 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\FileZilla
2009-09-25 10:45 . 2009-09-25 10:45 -------- d-----w- c:\program files\FileZilla Client
2009-09-23 17:27 . 2009-10-07 11:28 -------- d-----w- c:\documents and settings\Med_Salah\Local Settings\Application Data\Temp
2009-09-22 22:46 . 2009-09-22 22:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-09-22 21:35 . 2009-09-22 21:35 -------- d-----w- c:\documents and settings\Med_Salah\Local Settings\Application Data\ESET
2009-09-22 21:34 . 2009-09-22 21:34 -------- d-----w- c:\program files\ESET
2009-09-22 21:34 . 2009-09-22 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-09-22 20:38 . 2009-09-22 20:38 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\Uniblue
2009-09-21 10:25 . 2009-09-21 10:25 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\Windows Live Writer
2009-09-21 10:25 . 2009-09-21 10:25 -------- d-----w- c:\documents and settings\Med_Salah\Local Settings\Application Data\Windows Live Writer
2009-09-17 22:10 . 2009-09-17 22:10 -------- d-----w- c:\program files\IMProDeskTop
2009-09-15 21:28 . 2009-09-15 21:29 -------- d-----w- c:\program files\FaceMorpher Lite
2009-09-15 21:18 . 2009-09-15 21:18 -------- d-----w- c:\documents and settings\Med_Salah\Local Settings\Application Data\MAGIX
2009-09-15 21:18 . 2009-09-15 21:18 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\MAGIX
2009-09-15 21:18 . 2003-04-18 13:46 1233920 ----a-w- c:\windows\system32\msxml4.dll
2009-09-15 21:18 . 2003-04-18 13:29 82432 ----a-w- c:\windows\system32\msxml4r.dll
2009-09-15 21:18 . 2003-04-18 13:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-09-15 21:18 . 2009-09-15 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
2009-09-15 21:18 . 2009-09-15 21:18 -------- d-----w- c:\program files\MAGIX
2009-09-15 21:18 . 2007-04-27 07:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2009-09-15 21:18 . 2009-09-15 21:18 -------- d-----w- c:\windows\system32\MAGIX
2009-09-15 21:18 . 2008-04-15 13:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2009-09-15 21:17 . 2009-09-15 21:18 -------- d-----w- c:\program files\Lovely Cats
2009-09-15 20:04 . 2009-09-15 20:04 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2009-09-14 13:14 . 2009-10-09 12:04 -------- d-----w- c:\documents and settings\Med_Salah\Tracing
2009-09-14 12:58 . 2009-09-14 12:58 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-14 12:58 . 2009-09-14 12:58 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-14 12:57 . 2009-08-05 20:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-09-14 12:57 . 2009-09-14 12:57 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-14 12:56 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-14 12:56 . 2009-09-14 12:56 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-14 12:55 . 2009-09-14 12:58 -------- d-----w- c:\program files\Microsoft
2009-09-14 12:55 . 2009-09-14 12:55 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-14 12:54 . 2009-09-14 12:57 -------- d-----w- c:\program files\Windows Live
2009-09-14 12:33 . 2009-09-14 12:33 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-09-12 12:25 . 2009-09-12 12:25 -------- d-----w- c:\windows\Sun
2009-09-11 20:07 . 2009-10-05 18:15 -------- d-----w- c:\program files\Total Video Converter
2009-09-11 19:16 . 2009-09-11 19:16 -------- d-----w- C:\My Videos
2009-09-11 19:16 . 2009-09-11 19:16 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\aHisoft
2009-09-11 19:16 . 2009-09-11 19:16 -------- d-----w- c:\program files\aHisoft
2009-09-11 17:52 . 2009-09-20 15:11 -------- d-----w- C:\UsbFix

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 13:17 . 2009-09-07 14:53 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\Skype
2009-10-09 13:03 . 2008-04-14 12:00 81028 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-09 13:03 . 2008-04-14 12:00 502196 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-09 12:58 . 2009-08-31 11:56 -------- d-----w- c:\program files\SuperCopier2
2009-10-09 08:14 . 2009-09-07 16:26 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\skypePM
2009-10-07 22:25 . 2009-08-31 11:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PowerAMC 12
2009-10-01 00:17 . 2009-09-07 13:12 -------- d-----w- c:\program files\Google
2009-09-30 22:03 . 2009-07-26 12:41 96152 ----a-w- c:\documents and settings\Med_Salah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-22 23:55 . 2009-09-05 16:14 -------- d-----w- c:\program files\MSN Messenger
2009-09-20 12:03 . 2009-07-26 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-18 20:27 . 2009-09-03 11:00 -------- d-----w- c:\program files\EasyPHP 3.0
2009-09-18 20:18 . 2009-07-28 14:13 -------- d-----w- c:\program files\URUSoft
2009-09-16 20:09 . 2009-09-06 13:15 -------- d-----w- c:\program files\Hotspot Shield
2009-09-15 20:04 . 2009-07-02 02:34 37376 ----a-w- c:\windows\system32\drivers\hssdrv.sys
2009-09-07 16:26 . 2009-09-07 16:26 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-07 13:12 . 2009-09-07 13:11 -------- d-----r- c:\program files\Skype
2009-09-07 13:12 . 2009-09-07 13:12 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-09-07 13:11 . 2009-09-07 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-07 13:03 . 2009-07-26 14:08 -------- d-----w- c:\program files\MSBuild
2009-09-07 13:03 . 2009-09-07 13:03 -------- d-----w- c:\program files\Reference Assemblies
2009-09-06 21:20 . 2009-07-29 18:16 -------- d-----w- c:\program files\Java
2009-09-06 21:09 . 2009-09-06 21:09 0 ----a-w- c:\windows\system32\cd.dat
2009-09-06 13:16 . 2009-09-06 13:16 -------- d-----w- c:\program files\Hotspot_Shield
2009-09-06 13:16 . 2009-09-06 13:16 -------- d-----w- c:\program files\Conduit
2009-09-05 16:17 . 2009-09-05 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2009-09-03 15:00 . 2009-08-31 11:22 -------- d-----w- c:\program files\Sybase
2009-08-31 12:03 . 2009-08-31 12:03 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\Winamp
2009-08-31 12:00 . 2009-08-31 12:00 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\Notepad++
2009-08-31 11:22 . 2009-07-26 12:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-29 09:58 . 2009-08-25 08:12 -------- d-----w- c:\program files\Microsoft Etudes
2009-08-25 08:11 . 2009-08-25 08:11 -------- d-----w- c:\program files\Learning Essentials
2009-08-18 15:46 . 2009-08-18 15:44 -------- d-----w- c:\program files\Satsuki Decoder Pack
2009-08-12 18:27 . 2009-08-04 18:41 -------- d-----w- c:\documents and settings\Med_Salah\Application Data\f2fElementary
2009-08-05 09:00 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 15:34 . 2009-08-01 15:34 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-08-01 15:34 . 2009-08-01 15:34 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-07-29 04:35 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:35 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-27 07:40 . 2009-07-27 07:40 0 --sh--w- c:\windows\SF6E0144B.tmp
2009-07-26 20:13 . 2009-07-26 20:13 0 ----a-w- c:\windows\nsreg.dat
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-26 13:18 . 2009-07-26 13:18 0 ----a-w- c:\windows\ativpsrm.bin
2009-07-26 13:15 . 2009-07-26 13:15 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-07-26 13:15 . 2009-07-26 13:15 21361 ----a-w- c:\windows\AegisP.sys
2009-07-26 13:15 . 2009-07-26 13:09 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2009-07-26 12:53 . 2009-07-26 12:53 315392 ----a-w- c:\windows\HideWin.exe
2009-07-26 12:31 . 2009-07-26 12:31 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-25 03:23 . 2009-07-29 18:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 19:13 . 2009-07-22 19:13 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-17 19:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 10:21 . 2008-04-14 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 10:07 . 2009-07-13 10:07 89600 ----a-w- c:\program files\mozilla firefox\components\WWShow.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHots.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2009-07-02 08:18 2215960 ----a-w- c:\program files\Hotspot_Shield\tbHots.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-09-06 13:16 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHots.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHots.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"L08FXLRD_7241359"="d:\microsoft encarta\microsoft encarta\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" [2007-06-12 351000]
"WPPChanger"="d:\program files\WallPapa\WPPChanger.exe" [2009-06-12 896512]
"WPPAgent"="d:\program files\WallPapa\WPPAgent.exe" [2009-06-12 22016]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-29 16132608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Med_Salah\\Bureau\\eclipse\\eclipse.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\c\\Program Files\\EasyPHP 3.0\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\EasyPHP 3.0\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"d:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"d:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14/05/2009 15:49 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14/05/2009 15:47 731840]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14/09/2009 14:57 54752]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [15/09/2009 22:04 331824]
R3 taphss;Anchorfree HSS Adapter;c:\windows\system32\drivers\taphss.sys [15/09/2009 22:04 32768]
S2 bfnukgbvuwgn;bfnukgbvuwgn;\??\c:\windows\system32\drivers\kmfurcgjbtmuq.sys --> c:\windows\system32\drivers\kmfurcgjbtmuq.sys [?]
S2 gupdate1ca2fbcec4a39c8;Service Google Update (gupdate1ca2fbcec4a39c8);c:\program files\Google\Update\GoogleUpdate.exe [07/09/2009 15:12 133104]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [15/09/2009 22:29 57640]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [14/06/2008 10:13 576680]
S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [22/07/2009 21:13 28592]
S3 Tomcat6;Apache Tomcat;"d:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe" //RS//Tomcat6 --> d:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [?]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 13:12]

2009-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 13:12]

2009-10-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-09-07 20:18]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZRfox000&ptb=G4ZNsnpAaS2AJ06t8LrXNA
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRfox000&fl=0&ptb=G4ZNsnpAaS2AJ06t8LrXNA&url=https://hp.mywebsearch.com/mywebsearch/index.html{searchTerms}
uInternet Settings,ProxyServer = 172.16.128.1:8080
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Med_Salah\Application Data\Mozilla\Firefox\Profiles\vwskd2aw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRfox000&fl=0&ptb=G4ZNsnpAaS2AJ06t8LrXNA&url=https://hp.mywebsearch.com/mywebsearch/index.html
FF - prefs.js: network.proxy.http - 172.16.128.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Med_Salah\Application Data\Mozilla\Firefox\Profiles\vwskd2aw.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\Mozilla Firefox\components\WWShow.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-L08FXLRD_2285093 - d:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
HKLM-Run-WinampAgent - e:\winamp\winampa.exe
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe
AddRemove-Apache Tomcat 6.0 - d:\program files\Apache Software Foundation\Tomcat 6.0\Uninstall.exe
AddRemove-AVI ReComp - d:\program files\AVI ReComp\Uninstall.exe
AddRemove-Avisynth - d:\program files\AviSynth 2.5\Uninstall.exe
AddRemove-DebugMode Wink - d:\program files\DebugMode\Wink\uninst.exe
AddRemove-DivX Content Uploader - d:\program files\DivX\DivXContentUploaderUninstall.exe
AddRemove-TMM70 - d:\program files\Auralog\TELL ME MORE SI PLUS\Bin\unsetup.exe
AddRemove-VobSub - d:\program files\Gabest\VobSub\uninstall.exe
AddRemove-WampServer 2_is1 - d:\wamp\unins000.exe
AddRemove-Xvid_is1 - d:\program files\Xvid\unins000.exe
AddRemove-{7585478E9D9B42108671C12F8714CEFE} - d:\program files\DivX\ConverterUninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - d:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - d:\program files\DivX\DivXPlayerUninstall.exe
AddRemove-{B13A7C41581B411290FBC0395694E2A9} - d:\program files\DivX\ConverterUninstall.exe
AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - d:\program files\DivX\DivXWebPlayerUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-09 15:15
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\MED_SA~1\LOCALS~1\Temp\mc2C.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1156)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(3812)
c:\program files\SuperCopier2\SC2Hook.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\docume~1\MED_SA~1\LOCALS~1\temp\RtkBtMnt.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Heure de fin: 2009-10-09 15:20 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-09 13:20

Avant-CF: 75 563 913 216 octets libres
Après-CF: 75 696 259 072 octets libres

460 --- E O F --- 2009-09-07 13:09
0
Réponse 4 / 5
kduc Messages postés 1537 Statut Membre 133
 
Salut,

Fais un scan HijackThis :
http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ... et poste le rapport.
0
med_salah Messages postés 57 Statut Membre
 
Salut kduc ,voila le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:19:00, on 12/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
d:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\wscntfy.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\alg.exe
C:\windows\RTHDCPL.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\microsoft encarta\microsoft encarta\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
D:\Program Files\WallPapa\WPPAgent.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\DOCUME~1\MED_SA~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Satsuki Decoder Pack\mpc\mplayerc.exe
d:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.128.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "d:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [L08FXLRD_7241359] "D:\microsoft encarta\microsoft encarta\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [WPPChanger] D:\Program Files\WallPapa\WPPChanger.exe --next
O4 - HKCU\..\Run: [WPPAgent] D:\Program Files\WallPapa\WPPAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Autorun-inf.lnk = D:\Program Files\Prg Chris\Anti-Autorun.inf\Anti-Autorun.inf.exe
O4 - Startup: ZooskDesktop.lnk = D:\Program Files\ZooskDesktop\ZooskDesktop.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Service Google Update (gupdate1ca2fbcec4a39c8) (gupdate1ca2fbcec4a39c8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - d:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Apache Tomcat (Tomcat6) - Unknown owner - d:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe (file missing)
O23 - Service: wampapache - Unknown owner - d:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - d:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe (file missing)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
kduc Messages postés 1537 Statut Membre 133
 
Salut,

(si ce n’ est déjà fait) Télécharge CCleaner :
http://www.filehippo.com/download_ccleaner.html
("Download Latest Version", sur la droite) et laisse-toi guider.
A un moment, il te sera demandé de cocher :
"Ajouter la barre d' outils Yahoo". Refuse et …
Laisse-le s’ installer tel que …

-------
Redémarre le PC en mode sans échec ...
https://www.pcastuces.com/pratique/windows/mode_sans_echec/page2.html
(méthode F8 de préférence)

--------------------------------------------
Tu n' auras pas accès à Internet pendant le "mode sans échec".
Aussi, copie/colle la procédure dans un fichier texte (word) et mets-la
sur le "bureau" pour l' avoir à ta disposition.
--------------------------------------------

Ferme toutes les fenêtres et applications.
Relance HijackThis et clique sur > Do a system scan only puis, coche
les cases devant les lignes qui suivent (et uniquement ces lignes), si tjrs présentes :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Anti-Autorun-inf.lnk = D:\Program Files\Prg Chris\Anti-Autorun.inf\Anti-Autorun.inf.exe
O23 - Service: wampapache - Unknown owner - d:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - d:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe (file missing)

Ensuite, clique sur > Fix checked et valide par "Yes". Referme HijackThis.

Lance CCleaner ...
Clique sur > Analyser > Nettoyer, puis sur OK dans la fenêtre qui s' affiche.
(re)Lance le nettoyage et (re)confirme par OK.

Redémarre le PC en mode normal ...

Relance un scan Malwarebytes et poste le rapport.

Fais de même avec Nod32.
0

Discussions similaires

expressions francaises
bifaka -
lanonyme -

4 réponses
Cheval de troie comment le supprimer?
sonia -
^^Marie^^ -

28 réponses
virus: comment supprimer ccxprocess (virus cheval de troie)
grrlesang -
bazfile -

1 réponse
cheval dans oblivion
sernaldo53 -
sernaldo53 -

12 réponses
comment se debarasser d un cheval de troie
jennyfer1 -
MrMaDGaME -

66 réponses