PC infecté

Aide à la désinfection pour supprimer les virus, adwares, ransomwares, trojans.

Modérateurs : Mods Windows, Helper

hamza

PC infecté

par hamza »

je le soupçonne sérieusement de m'avoir infecte par trojans. En effet mon pc a un comportement bizarre depuis quelques temps.quand je veux suppression de n'importe quel fichier sous vista. la fenêtre "Suppression 1 élément" s'ouvre mais reste ouverte et la suppression du fichier se fait quand même. Seulement je suis obligé d'ouvrir le gestionnaire des taches pour faire Fin de tache de cette fenêtre ce qui est vraiment pénible.

j'ai fait un analyses avec OTL et voila le rapport

SVP c Urgent

Merci d'avance pour l'aider
OTL logfile created on: 16/11/2013 14:22:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hassanin\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19483)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,87 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 34,02% Memory free
5,95 Gb Paging File | 3,78 Gb Available in Paging File | 63,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,78 Gb Total Space | 14,38 Gb Free Space | 9,60% Space Free | Partition Type: NTFS
Drive D: | 11,46 Gb Total Space | 1,61 Gb Free Space | 14,03% Space Free | Partition Type: NTFS
Drive F: | 1,79 Gb Total Space | 1,70 Gb Free Space | 94,99% Space Free | Partition Type: NTFS
Drive G: | 135,06 Gb Total Space | 12,05 Gb Free Space | 8,92% Space Free | Partition Type: NTFS

Computer Name: PC-DE-HASSANIN | User Name: Hassanin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/16 10:59:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hassanin\Desktop\OTL.exe
PRC - [2013/11/15 16:11:22 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/11/15 16:11:20 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/11/06 08:04:46 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/10/13 14:35:31 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Users\Hassanin\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/10/08 20:18:36 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/10/22 07:08:43 | 001,208,320 | ---- | M] (http://www.IslamicFinder.org) -- C:\Program Files\Athan\Athan.exe
PRC - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/01/21 03:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/02 13:34:44 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/15 16:11:41 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/11/06 08:04:46 | 003,368,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/10/08 20:18:35 | 016,233,864 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/08/07 20:25:24 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2013/07/10 17:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2010/03/08 21:08:28 | 000,282,697 | ---- | M] () -- C:\Program Files\Athan\vbp.dll
MOD - [2004/12/25 12:37:22 | 000,258,121 | ---- | M] () -- C:\Program Files\Athan\vbh.dll
MOD - [2004/03/20 13:49:40 | 000,229,444 | ---- | M] () -- C:\Program Files\Athan\vbq.dll


========== Services (SafeList) ==========

SRV - [2013/11/15 16:11:20 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/11/06 08:04:46 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/08 20:18:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/01/04 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/12/09 03:51:08 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Hassanin\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2013/11/16 10:21:58 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/11/15 16:11:48 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/11/15 16:11:48 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/11/15 16:11:48 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/11/15 16:11:48 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/11/15 16:11:48 | 000,049,944 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/11/15 16:11:47 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/11/15 16:11:47 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/11/15 16:11:47 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/20 08:46:04 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(http://www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudserd.sys -- (ssudserd)
DRV - [2011/07/20 08:46:04 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(http://www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/07/20 08:46:04 | 000,077,624 | ---- | M] (DEVGURU Co., LTD.(http://www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/07/20 08:45:58 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2011/07/20 08:45:58 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2011/07/20 08:45:58 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2011/07/20 08:45:58 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2011/07/20 08:45:52 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/07/20 08:45:52 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/07/20 08:45:52 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/07/20 08:45:52 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/11/05 03:13:08 | 000,541,800 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/04/22 12:46:42 | 003,482,112 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/03/08 23:51:00 | 007,764,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/08 21:42:42 | 000,099,968 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hxctlflt.sys -- (hxctlflt)
DRV - [2009/02/02 19:59:28 | 000,020,848 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc.pkms -- (PCDSRVC{4F253FFC-7957E8FC-06000000}_0)
DRV - [2008/11/12 18:02:46 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/11/12 18:02:18 | 000,146,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/08/01 13:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 10:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/04/23 09:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2005/05/27 10:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 10:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=Llyx&dpi ... earchTerms}
IE - HKLM\..\SearchScopes\{3558675E-3BE5-4FFD-8E7B-8A35EE727FEE}: "URL" = http://slirsredirect.search.aol.com/sli ... tie7-fr-fr
IE - HKLM\..\SearchScopes\{74E404C7-7331-48F9-ABCA-05923022275C}: "URL" = http://fr.search.yahoo.com/search?p={se ... ype=ie2008
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2567681
IE - HKLM\..\SearchScopes\{B4D8A115-64B8-48D0-8480-9151204DAB9C}: "URL" = http://fr.kelkoopartners.net/ctl/do/sea ... d=96913932
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/sli ... 0winampie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
IE - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://r.orange.fr/r/Ohome_portail?ref= ... ultPage_IE
IE - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\..\SearchScopes,DefaultScope = {814C76CB-2623-43F4-AAD0-58A0E5190A20}
IE - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=Llyx&dpi ... earchTerms}
IE - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... 665C4AA393
IE - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp= ... earchTerms}
IE - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\..\SearchScopes\{74E404C7-7331-48F9-ABCA-05923022275C}: "URL" = http://fr.search.yahoo.com/search?p={se ... ype=ie2008
IE - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\..\SearchScopes\{814C76CB-2623-43F4-AAD0-58A0E5190A20}: "URL" = http://r.orange.fr/r?ref=O_OI_hook_open ... earchTerms}
IE - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2567681
IE - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\..\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}: "URL" = http://www.fissa.com/en/results/?s=b&c= ... earchTerms}
IE - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\..\SearchScopes\{B4D8A115-64B8-48D0-8480-9151204DAB9C}: "URL" = http://fr.kelkoopartners.net/ctl/do/sea ... d=96913932
IE - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/sli ... 0winampie7
IE - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\..\SearchScopes\{FD3B2798-B140-49C4-B0F7-76BB2CA747BC}: "URL" = http://www.bing.com/search?FORM=WLETDF& ... -SearchBox
IE - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Orange"
FF - prefs.js..browser.search.defaultthis.engineName: "douniamusic.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... earchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Orange"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "https://www.google.fr/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {9764bb84-7272-11dd-8eb6-20d155d89550}:2.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {b9e20919-fa55-471f-989b-b107bf8de785}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://r.orange.fr/r?ref=O_OI_hook_open ... nge?rdata="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Hassanin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hassanin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hassanin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/15 16:11:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/06 08:04:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Hassanin\AppData\Roaming\Hide IP NG\firefox_plugin\ [2010/04/20 15:03:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9764bb84-7272-11dd-8eb6-20d155d89550}: C:\Users\Hassanin\AppData\Roaming\Hide IP NG\firefox_plugin\ [2010/04/20 15:03:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/06 08:04:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Hassanin\AppData\Roaming\IDM\idmmzcc3

[2010/08/30 19:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hassanin\AppData\Roaming\mozilla\Extensions
[2010/08/30 19:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hassanin\AppData\Roaming\mozilla\Extensions\[email protected]
[2013/11/15 08:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hassanin\AppData\Roaming\mozilla\Firefox\Profiles\316j4hzt.default\extensions
[2013/04/03 12:12:06 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Hassanin\AppData\Roaming\mozilla\Firefox\Profiles\316j4hzt.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2013/11/15 08:09:54 | 000,000,000 | ---D | M] (MessengerPlusLive France TB) -- C:\Users\Hassanin\AppData\Roaming\mozilla\Firefox\Profiles\316j4hzt.default\extensions\{b9e20919-fa55-471f-989b-b107bf8de785}
[2013/09/08 11:38:47 | 000,000,000 | ---D | M] (douniamusic.com Community Toolbar) -- C:\Users\Hassanin\AppData\Roaming\mozilla\Firefox\Profiles\316j4hzt.default\extensions\{fa4acd63-fdbf-4ee2-85e1-cad95e77cdf0}
[2011/05/08 15:01:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Hassanin\AppData\Roaming\mozilla\Firefox\Profiles\316j4hzt.default\extensions\[email protected]
[2010/09/12 19:42:23 | 000,000,000 | ---D | M] (Fissa) -- C:\Users\Hassanin\AppData\Roaming\mozilla\Firefox\Profiles\316j4hzt.default\extensions\FissaPlugin-trash
[2012/02/05 11:31:13 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Hassanin\AppData\Roaming\mozilla\firefox\profiles\316j4hzt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2010/09/04 10:57:12 | 000,002,384 | ---- | M] () -- C:\Users\Hassanin\AppData\Roaming\mozilla\firefox\profiles\316j4hzt.default\searchplugins\askcom.xml
[2010/10/26 15:41:00 | 000,003,436 | ---- | M] () -- C:\Users\Hassanin\AppData\Roaming\mozilla\firefox\profiles\316j4hzt.default\searchplugins\bing.xml
[2011/10/10 16:08:12 | 000,000,933 | ---- | M] () -- C:\Users\Hassanin\AppData\Roaming\mozilla\firefox\profiles\316j4hzt.default\searchplugins\conduit.xml
[2010/09/13 07:39:50 | 000,002,559 | ---- | M] () -- C:\Users\Hassanin\AppData\Roaming\mozilla\firefox\profiles\316j4hzt.default\searchplugins\fissa.xml
[2012/11/16 09:53:22 | 000,001,130 | ---- | M] () -- C:\Users\Hassanin\AppData\Roaming\mozilla\firefox\profiles\316j4hzt.default\searchplugins\orange.xml
[2009/04/19 17:32:30 | 000,003,915 | ---- | M] () -- C:\Users\Hassanin\AppData\Roaming\mozilla\firefox\profiles\316j4hzt.default\searchplugins\sweetim.xml
[2013/01/12 20:05:05 | 000,021,631 | ---- | M] () -- C:\Users\Hassanin\AppData\Roaming\mozilla\firefox\profiles\316j4hzt.default\searchplugins\Web Search.xml
[2010/09/04 17:19:46 | 000,001,196 | ---- | M] () -- C:\Users\Hassanin\AppData\Roaming\mozilla\firefox\profiles\316j4hzt.default\searchplugins\winamp-search.xml
[2013/11/06 08:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/06 08:04:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/06 08:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/06 08:04:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/06 08:04:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions
[2013/11/06 08:04:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/11/06 08:04:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/11/16 03:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2013/11/16 03:55:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/16 03:55:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/11/16 03:55:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/16 03:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\defaults\profile\extensions
[2013/11/16 03:55:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Program Files\Mozilla Firefox\updated\defaults\profile\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/11/16 03:55:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\updated\defaults\profile\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/05/20 20:52:34 | 000,002,127 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Hassanin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Hassanin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Hassanin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jafdhbipfdlldljdanpnlipdinjcjjid\1.0_0\
CHR - Extension: No name found = C:\Users\Hassanin\AppData\Local\Google\Chrome\User Data\Default\Extensions\janmfndmohbaaoocpcgfbghioojoakjg\0.2_0\
CHR - Extension: No name found = C:\Users\Hassanin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: No name found = C:\Users\Hassanin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0\
CHR - Extension: No name found = C:\Users\Hassanin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkdglgjjpicgkbfdflchobhdiblbjgf\1.0_1\
CHR - Extension: No name found = C:\Users\Hassanin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: No name found = C:\Users\Hassanin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Athan] C:\Program Files\Athan\Athan.exe (http://www.IslamicFinder.org)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3468922937-642280892-3681444828-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Ajouter à vos favoris Orange - C:\Users\Hassanin\AppData\Roaming\Orange\OrangeInside\src\addfavorites_html\addfavorites.html File not found
O8 - Extra context menu item: Envoyer le texte sélectionné par sms - C:\Users\Hassanin\AppData\Roaming\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html File not found
O8 - Extra context menu item: Envoyer par sms - C:\Users\Hassanin\AppData\Roaming\Orange\OrangeInside\src\sendsms_html\sendsms.html File not found
O8 - Extra context menu item: Envoyer un mail - C:\Users\Hassanin\AppData\Roaming\Orange\OrangeInside\src\sendmail_html\sendmail.html File not found
O8 - Extra context menu item: orange.fr - C:\Users\Hassanin\AppData\Roaming\Orange\OrangeInside\src\orange_html\orange.html File not found
O8 - Extra context menu item: Rechercher le texte sélectionné - C:\Users\Hassanin\AppData\Roaming\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html File not found
O8 - Extra context menu item: Traduire le texte sélectionné - C:\Users\Hassanin\AppData\Roaming\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF2A5878-0BC3-41A2-B1A7-7436FC71F203}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hassanin\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hassanin\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/16 10:59:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hassanin\Desktop\OTL.exe
[2013/11/16 10:21:39 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/11/16 10:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/16 10:21:26 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/11/16 10:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/11/15 16:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/15 16:11:57 | 000,774,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/15 16:11:57 | 000,403,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/11/15 16:11:57 | 000,070,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/15 16:11:57 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/15 16:11:57 | 000,035,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/15 16:11:56 | 000,054,832 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/11/15 16:11:44 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/14 21:28:40 | 000,000,000 | ---D | C] -- C:\Users\Hassanin\Desktop\activation 2050
[2013/11/14 21:28:18 | 000,000,000 | ---D | C] -- C:\Users\Hassanin\Desktop\keys_avast
[2013/11/14 17:58:11 | 000,000,000 | ---D | C] -- C:\Users\Hassanin\AppData\Roaming\AVAST Software
[2013/11/14 17:56:17 | 000,269,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/14 17:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/11/14 17:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/11/14 10:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2013/11/14 10:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2013/11/12 21:34:27 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/11/12 05:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/11/11 21:40:26 | 000,000,000 | ---D | C] -- C:\Users\Hassanin\AppData\Roaming\vlc
[2013/11/11 21:30:29 | 000,000,000 | ---D | C] -- C:\Users\Hassanin\AppData\Local\Orange Player
[2013/11/11 21:01:36 | 000,000,000 | ---D | C] -- C:\Users\Hassanin\Documents\Transferts vers le Cloud d'Orange
[2013/11/11 21:01:13 | 000,000,000 | ---D | C] -- C:\Users\Hassanin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Application
[2013/11/11 21:01:11 | 000,000,000 | ---D | C] -- C:\Users\Hassanin\AppData\Roaming\Orange
[2013/11/11 21:01:07 | 000,000,000 | ---D | C] -- C:\Users\Hassanin\AppData\Roaming\Orange-France
[2013/11/11 21:00:12 | 000,000,000 | ---D | C] -- C:\Users\Hassanin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Le Cloud d'Orange - Transfert de fichiers
[2013/11/11 21:00:09 | 000,000,000 | ---D | C] -- C:\Users\Hassanin\AppData\Local\Le Cloud Orange
[2013/11/11 20:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\Orange
[2013/11/07 19:23:34 | 000,000,000 | ---D | C] -- C:\Users\Hassanin\AppData\Roaming\Apple Computer
[2013/11/07 19:23:34 | 000,000,000 | ---D | C] -- C:\Users\Hassanin\AppData\Local\Apple Computer
[2013/11/07 19:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/07 19:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/07 19:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/07 19:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/11/07 19:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/11/07 19:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/11/07 19:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/11/07 19:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/11/06 08:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/10/27 20:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/27 20:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/10/27 20:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
[2013/10/27 20:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/16 14:04:09 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/16 13:41:42 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3468922937-642280892-3681444828-1000UA.job
[2013/11/16 13:41:28 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/16 13:37:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/16 13:37:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/16 11:48:04 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3468922937-642280892-3681444828-1000UA.job
[2013/11/16 10:59:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hassanin\Desktop\OTL.exe
[2013/11/16 10:21:58 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/11/16 10:21:29 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/16 09:46:40 | 000,166,912 | ---- | M] () -- C:\Users\Hassanin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/16 04:41:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/15 23:48:01 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3468922937-642280892-3681444828-1000Core.job
[2013/11/15 16:12:36 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/15 16:11:48 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/15 16:11:48 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/11/15 16:11:48 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/15 16:11:48 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/15 16:11:48 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/15 16:11:47 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/15 16:11:47 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/11/15 16:11:47 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/15 16:11:44 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/15 16:11:44 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/15 15:41:08 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3468922937-642280892-3681444828-1000Core.job
[2013/11/15 15:36:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/15 15:36:43 | 3085,414,400 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/14 19:12:21 | 000,680,108 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013/11/14 19:12:21 | 000,607,448 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/14 19:12:21 | 000,129,838 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013/11/14 19:12:21 | 000,107,862 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/14 17:06:43 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/11/14 16:26:23 | 000,014,014 | ---- | M] () -- C:\Users\Hassanin\Desktop\ScreenHunter_004.jpg
[2013/11/14 16:26:16 | 000,013,219 | ---- | M] () -- C:\Users\Hassanin\Desktop\ScreenHunter_003.jpg
[2013/11/14 16:26:06 | 000,000,287 | ---- | M] () -- C:\Users\Hassanin\Desktop\ScreenHunter_002.jpg
[2013/11/14 16:25:43 | 000,013,965 | ---- | M] () -- C:\Users\Hassanin\Desktop\ScreenHunter_001.jpg
[2013/11/14 10:13:42 | 000,074,703 | ---- | M] () -- C:\Windows\System32\mfc45.dat
[2013/11/12 05:49:17 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/11/11 21:30:14 | 000,002,011 | ---- | M] () -- C:\Users\Hassanin\Desktop\Orange Player.lnk
[2013/11/07 19:23:03 | 000,001,630 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/23 20:49:12 | 000,230,854 | ---- | M] () -- C:\Users\Hassanin\Desktop\photo.php
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/16 10:21:29 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/15 16:12:36 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/15 16:11:57 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/11/15 16:11:57 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/11/14 21:28:18 | 126,692,656 | ---- | C] () -- C:\Users\Hassanin\Desktop\avast_internet_security_setup.exe
[2013/11/14 17:06:43 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/11/14 16:26:23 | 000,014,014 | ---- | C] () -- C:\Users\Hassanin\Desktop\ScreenHunter_004.jpg
[2013/11/14 16:26:16 | 000,013,219 | ---- | C] () -- C:\Users\Hassanin\Desktop\ScreenHunter_003.jpg
[2013/11/14 16:26:06 | 000,000,287 | ---- | C] () -- C:\Users\Hassanin\Desktop\ScreenHunter_002.jpg
[2013/11/14 16:25:43 | 000,013,965 | ---- | C] () -- C:\Users\Hassanin\Desktop\ScreenHunter_001.jpg
[2013/11/14 10:13:42 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dat
[2013/11/13 15:03:14 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2013/11/12 05:49:17 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/11/11 21:30:14 | 000,002,041 | ---- | C] () -- C:\Users\Hassanin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orange Player.lnk
[2013/11/11 21:30:14 | 000,002,011 | ---- | C] () -- C:\Users\Hassanin\Desktop\Orange Player.lnk
[2013/11/07 19:23:02 | 000,001,630 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/23 20:49:14 | 000,230,854 | ---- | C] () -- C:\Users\Hassanin\Desktop\photo.php
[2013/01/12 20:13:58 | 000,000,097 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/01/12 20:09:52 | 000,034,815 | ---- | C] () -- C:\Program Files\Common Files\plugin.crx
[2012/04/20 12:50:25 | 000,022,032 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2011/07/30 15:44:10 | 000,162,632 | ---- | C] () -- C:\Users\Hassanin\AppData\Roaming\VideoPad.dmp
[2011/04/03 09:21:35 | 000,006,944 | ---- | C] () -- C:\Users\Hassanin\AppData\Local\d3d9caps.dat
[2010/04/26 14:51:20 | 000,000,664 | RHS- | C] () -- C:\Users\Hassanin\ntuser.pol
[2010/04/18 12:48:43 | 000,000,166 | ---- | C] () -- C:\Users\Hassanin\AppData\Roaming\wklnhst.dat
[2010/04/17 19:55:33 | 000,000,760 | ---- | C] () -- C:\Users\Hassanin\AppData\Roaming\setup_ldm.iss
[2010/04/17 16:56:36 | 000,166,912 | ---- | C] () -- C:\Users\Hassanin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/11 11:54:10 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\Audacity
[2013/11/14 17:58:11 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\AVAST Software
[2011/07/21 19:57:38 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/11/01 10:37:14 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\DMCache
[2013/10/08 06:08:26 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\Dropbox
[2013/11/05 21:25:02 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\FileZilla
[2010/10/01 08:09:52 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\FissaSearch
[2010/09/12 19:55:57 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\freeTVRadio
[2010/04/20 15:14:51 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\GetRightToGo
[2010/04/20 15:03:38 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\Hide IP NG
[2011/06/22 13:24:54 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\Image Zone Express
[2010/08/30 19:46:45 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\MaxTV Technologies
[2013/01/30 18:01:39 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\OpenCandy
[2013/11/12 17:41:32 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\Orange
[2013/11/11 21:01:07 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\Orange-France
[2010/10/27 19:19:29 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\PowerCinema
[2010/12/09 13:44:42 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\Printer Info Cache
[2011/07/30 09:19:33 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\Samsung
[2010/04/18 12:48:43 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\Template
[2013/01/30 18:04:04 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\TuneUp Software
[2013/01/12 20:14:03 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\WebPlayerBdd
[2011/07/22 19:04:23 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\Xilisoft
[2010/04/18 22:15:13 | 000,000,000 | ---D | M] -- C:\Users\Hassanin\AppData\Roaming\_MDLogs
[2010/06/01 21:05:48 | 000,000,000 | ---D | M] -- C:\Users\hayet\AppData\Roaming\PowerCinema

========== Purity Check ==========



< End of report >
Avatar de l’utilisateur
angelique
Messages : 31165
Inscription : 28 févr. 2008 13:58
Localisation : Breizhilienne

Re: PC infecter

par angelique »

pas infecté .

1. faire un chkdsk , voir > https://www.malekal.com/chkdsk-erreur-r ... -disque/2/


2 . Faire Adwcleaner , onglet scan puis ensuite suppression ... un redémarrage peut être demandé. , voir >
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Ne soyez pas Rat!Je fais parti des millions de pauvres en France
Image
hamza

Re: PC infecter

par hamza »

Je fait tout ce que vous m'avez demander mais j'ai toujours le même problème

merci
hamza

Re: PC infecter

par hamza »

Quand je lance adwclenar il se plante
Vous ne pouvez pas consulter les pièces jointes insérées à ce message.
Avatar de l’utilisateur
angelique
Messages : 31165
Inscription : 28 févr. 2008 13:58
Localisation : Breizhilienne

Re: PC infecter

par angelique »

hamza a écrit :Quand je lance adwclenar il se plante
comment? faut le laisser faire , toute fenetre fermée, navigateur etc....
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Ne soyez pas Rat!Je fais parti des millions de pauvres en France
Image
hamza

Re: PC infecter

par hamza »

Oui je les laisser mais rein , j'ai installer AVG et il a decouvert que je suis infecter par le cheval de troie: Dropper Generic7.BXAZ

et chaque que je veux effacer un ficher toujours la même choses , je dois utiliser toujours gestionnaire de tache

je suis bloque
Vous ne pouvez pas consulter les pièces jointes insérées à ce message.
Malekal_morte
Messages : 110619
Inscription : 10 sept. 2005 13:57

Re: PC infecter

par Malekal_morte »

Tu as des erreurs HD tune dans l'onglet Health ?
=> http://forum.malekal.com/tune-monitorer ... 43963.html
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
hamza

Re: PC infecter

par hamza »

j'ai telecharger ce logiceil et j'ai fait chkdsk
il a corriger tous les problème de disque mais le problème et toujours pour la suppression des fichier
Avatar de l’utilisateur
angelique
Messages : 31165
Inscription : 28 févr. 2008 13:58
Localisation : Breizhilienne

Re: PC infecter

par angelique »

supprime c:\recycler , et redémarre , windows va recréer recycler.
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Ne soyez pas Rat!Je fais parti des millions de pauvres en France
Image
hamza

Re: PC infecter

par hamza »

je la supprime a partir du DOS ou Windows
hamza

Re: PC infecter

par hamza »

EST ce que ce sa SVP
Vous ne pouvez pas consulter les pièces jointes insérées à ce message.
Avatar de l’utilisateur
angelique
Messages : 31165
Inscription : 28 févr. 2008 13:58
Localisation : Breizhilienne

Re: PC infecter

par angelique »

t'as pas dossier jaune recycler ?
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Ne soyez pas Rat!Je fais parti des millions de pauvres en France
Image
hamza

Re: PC infecter

par hamza »

Non j'ai pas
Avatar de l’utilisateur
angelique
Messages : 31165
Inscription : 28 févr. 2008 13:58
Localisation : Breizhilienne

Re: PC infecter

par angelique »

ouvre une invite de commande cmd < clic droit executer en tant qu'administrateur

tape et valide chaque ligne ci dessous et enter

cd\
dir /a


copie_colle le contenu qui s'affiche ou fait une capture :
Vous ne pouvez pas consulter les pièces jointes insérées à ce message.
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Ne soyez pas Rat!Je fais parti des millions de pauvres en France
Image
hamza

Re: PC infecter

par hamza »

Voila


Microsoft Windows [version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. Tous droits réservés.

C:\Windows\system32>cd\

C:\>dir /a
Le volume dans le lecteur C s'appelle COMPAQ
Le numéro de série du volume est A4F0-9DC2

Répertoire de C:\

16/11/2013 19:36 <REP> $AVG
04/09/2011 23:42 <REP> $Recycle.Bin
16/11/2013 22:08 <REP> AdwCleaner
18/09/2006 22:43 24 autoexec.bat
24/02/2012 13:39 <REP> Boot
11/04/2009 07:36 333 257 bootmgr
11/05/2009 18:25 8 192 BOOTSECT.BAK
16/11/2013 22:02 <REP> Config.Msi
18/09/2006 22:43 10 config.sys
12/12/2012 13:21 <REP> d2649c4efe054626c64806
02/11/2006 13:59 <JONCTION> Documents and Settings [C:\Users]
30/03/2013 11:12 <REP> Hayet
16/11/2013 22:10 3 085 365 248 hiberfil.sys
10/10/2010 18:36 <REP> Hide Your IP Address
31/05/2010 09:25 <REP> hp
10/05/2010 12:25 <REP> IDE
17/04/2010 21:14 21 339 Installer.log
23/04/2010 15:14 0 IO.SYS
20/04/2012 17:05 30 kt
17/04/2010 21:12 183 LogiSetup.log
23/04/2010 15:14 0 MSDOS.SYS
10/05/2010 12:22 <REP> MSOCache
16/11/2013 22:10 3 399 237 632 pagefile.sys
21/01/2008 03:43 <REP> PerfLogs
17/11/2013 10:48 <REP> Program Files
16/11/2013 19:36 <REP> ProgramData
04/09/2011 13:06 <REP> Qoobox
12/07/2011 21:22 <REP> SCOPA
16/11/2013 20:35 <REP> System Volume Information
04/09/2011 14:25 63 688 TDSSKiller.2.5.17.0_04.09.2011_15.21.04_log.
txt
30/03/2013 11:13 <REP> temp
11/05/2009 09:54 349 updatedatfix.log
01/06/2010 21:04 <REP> Users
16/11/2013 22:02 <REP> Windows
26/08/2008 13:37 458 Windows Sidebar
14 fichier(s) 6 485 030 410 octets
21 Rép(s) 11 956 817 920 octets libres

C:\>
  • Sujets similaires
    Réponses
    Vues
    Dernier message

Revenir à « Supprimer/Desinfecter les virus (Trojan, Adwares, Ransomwares, Backdoor, Spywares) »