Sujet Précédent Sujet Suivant

Mauvaise direction de recherche : Virus

Fermé
zoé - 9 nov. 2009 à 23:13
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 11 nov. 2009 à 19:11
Bonjour,

J'ai un souci que je n'arrive absolument pas à régler et mes recherches sur ce forum restent vaines...alors je me résouds à poster une question :

Voici mon problème : lorsque je fais une recherche dans Google Chrome ou dans Mozilla, les résultats sont déjà bizarres, mais le pire c'est lorsque je clic sur un de ces résultas : une fois sur 2 la page qui s'ouvre ne correspond pas au lien, mais à des sites qui ressemblent à des spams.

Je ne sais vraiment pas quoi faire.

J'ai fais un scan Hijack que je mets dans cette questio, histoire d'avancer un peu.

Merci d'avance pour votre aide :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09:00, on 09/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\audrey becourt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{00C4ED67-D35F-4D72-BF51-671FE9217755}: NameServer = 85.255.112.116,85.255.112.157
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDD105DF-D326-4EE7-98E8-15ACD79012D0}: NameServer = 85.255.112.116,85.255.112.157
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.116,85.255.112.157
O17 - HKLM\System\CS1\Services\Tcpip\..\{00C4ED67-D35F-4D72-BF51-671FE9217755}: NameServer = 85.255.112.116,85.255.112.157
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.116,85.255.112.157
O17 - HKLM\System\CS2\Services\Tcpip\..\{00C4ED67-D35F-4D72-BF51-671FE9217755}: NameServer = 85.255.112.116,85.255.112.157
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.116,85.255.112.157
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_n21.dll
O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
A voir également:

5 réponses

Réponse 1 / 5
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
9 nov. 2009 à 23:15
Bonjour,

--> Désinstalle Search Settings.

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
0
zoé
10 nov. 2009 à 01:25
bonsoir et merci pour ta réponse.

Voici le rapport de combofix
par contre g encore des petits soucis, mais j'imagine que la desinfection n'est pas terminée :

ComboFix 09-11-08.03 - audrey becourt 10/11/2009 1:02.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.958.181 [GMT 1:00]
Lancé depuis: c:\documents and settings\audrey becourt\Mes documents\Téléchargements\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 091109-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\audrey becourt\Application Data\DriveCleaner 2006 Free
c:\documents and settings\audrey becourt\Application Data\DriveCleaner 2006 Free\Logs\update.log
c:\documents and settings\audrey becourt\Bureau\FICHIER dernier ko
c:\documents and settings\audrey becourt\Bureau\FICHIER dernier ko
c:\progra~1\FICHIE~1\{A0D3E~1
c:\program files\BulletProofSoft.com
c:\program files\BulletProofSoft.com\Youtube Video Grabber\Clip.exe
c:\program files\BulletProofSoft.com\Youtube Video Grabber\Help.chm
c:\program files\BulletProofSoft.com\Youtube Video Grabber\Main.swf
c:\program files\BulletProofSoft.com\Youtube Video Grabber\Parse.wvi
c:\program files\BulletProofSoft.com\Youtube Video Grabber\unins000.dat
c:\program files\BulletProofSoft.com\Youtube Video Grabber\unins000.exe
c:\program files\BulletProofSoft.com\Youtube Video Grabber\YG VideoGrabber.exe
c:\windows\dobe~1
c:\windows\icroso~1.net
c:\windows\system32\clrviddc.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\lo2.txtt
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
-------\Service_gaopdxserv.sys


((((((((((((((((((((((((((((( Fichiers créés du 2009-10-10 au 2009-11-10 ))))))))))))))))))))))))))))))))))))
.

2009-11-09 23:27 . 2009-11-09 23:27 -------- d-----w- c:\documents and settings\LocalService\Bureau
2009-11-09 23:19 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-09 23:18 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-09 22:57 . 2009-11-09 23:18 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-09 22:40 . 2009-11-09 22:40 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla
2009-11-09 21:57 . 2009-11-09 21:57 -------- d-----w- c:\program files\Trend Micro
2009-11-09 21:39 . 2009-11-09 23:45 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 1
2009-11-06 07:26 . 1998-07-12 23:00 15872 ----a-w- c:\windows\system32\WINSKFR.DLL
2009-11-06 07:26 . 1998-07-12 23:00 6656 ----a-w- c:\windows\system32\STDFTFR.DLL
2009-10-12 12:15 . 1999-05-07 17:49 32768 ----a-w- c:\windows\system32\Mrosm32.dll
2009-10-12 10:22 . 2009-10-12 10:39 -------- d-----w- c:\program files\VirtualDJ

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-10 00:17 . 2009-09-29 07:45 -------- d-----w- c:\documents and settings\audrey becourt\Application Data\Skype
2009-11-09 23:17 . 2008-02-18 08:21 -------- d-----w- c:\program files\Lavasoft
2009-11-09 23:01 . 2009-09-29 07:46 -------- d-----w- c:\documents and settings\audrey becourt\Application Data\skypePM
2009-11-09 21:59 . 2007-07-14 15:10 -------- d-----w- c:\program files\Lexmark Toolbar
2009-11-06 07:26 . 2009-01-04 11:00 -------- d-----w- c:\program files\ZNsoft Corporation
2009-11-04 19:55 . 2007-07-14 15:14 -------- d-----w- c:\program files\lx_cats
2009-11-01 09:03 . 2005-12-09 05:49 85256 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-01 09:03 . 2005-12-09 05:49 511392 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-17 08:33 . 2007-07-12 13:01 -------- d-----w- c:\documents and settings\audrey becourt\Application Data\U3
2009-10-15 18:18 . 2006-09-11 18:24 -------- d-----w- c:\documents and settings\audrey becourt\Application Data\Azureus
2009-10-15 12:55 . 2006-12-25 15:58 129224 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-10-12 12:15 . 2008-01-19 18:26 -------- d-----w- c:\program files\Steinberg
2009-10-05 14:11 . 2009-10-05 14:11 -------- d-----w- c:\program files\Audacity
2009-10-01 13:10 . 2009-10-01 13:10 -------- d-----w- c:\program files\US122_Install
2009-09-29 07:46 . 2009-09-29 07:46 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-29 07:44 . 2009-09-29 07:43 -------- d-----r- c:\program files\Skype
2009-09-29 07:43 . 2009-09-29 07:43 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-09-29 07:43 . 2009-09-29 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-24 19:12 . 2009-09-24 19:12 -------- d-----w- c:\program files\Sibelius Software
2009-09-16 10:14 . 2009-09-16 10:14 20299296 ----a-w- c:\documents and settings\audrey becourt\Application Data\TomTom\HOME\Profiles\ptz0844z.default\Updates\v2_7_2_1825_win.exe
2007-03-23 11:44 . 2007-03-23 11:44 604 -c-ha-w- c:\program files\STLL Notifier
2002-09-18 01:28 . 2006-12-25 15:12 3205496 -c----w- c:\program files\F.msi
1996-12-02 15:44 . 1996-12-02 15:44 582144 ----a-w- c:\program files\Fichiers communs\dao350.dll
2009-08-08 23:11 . 2009-08-08 23:11 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-08-08 23:30 . 2009-08-08 23:30 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-02-19 1471728]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]
"Google Update"="c:\documents and settings\audrey becourt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-01 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"MPSWiFiManager"="c:\program files\Club-Internet\Agent Wifi\AgentWifi.exe" [2005-04-11 135168]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\audrey felix\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - c:\program files\Club-Internet\Lanceur\lanceur.exe [2006-10-5 5484544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Nike+ Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Nike+ Utility.lnk
backup=c:\windows\pss\Nike+ Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3629:UDP"= 3629:UDP:Windows Media Format SDK (wmplayer.exe)
"3628:UDP"= 3628:UDP:Windows Media Format SDK (wmplayer.exe)
"3631:UDP"= 3631:UDP:Windows Media Format SDK (wmplayer.exe)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/11/2009 00:19 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [07/04/2008 10:37 114768]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 00:45 124832]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/04/2008 10:37 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1169232]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 11:38 92008]
S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\AUDREY~2\LOCALS~1\Temp\mdxgthkn.sys --> c:\docume~1\AUDREY~2\LOCALS~1\Temp\mdxgthkn.sys [?]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [13/02/2003 12:40 215708]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [13/02/2003 12:45 17263]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [13/02/2003 12:40 84092]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contenu du dossier 'Tâches planifiées'

2009-11-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06]

2009-08-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3117846246-626433616-840302518-1006Core.job
- c:\documents and settings\audrey becourt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-01 06:48]

2009-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3117846246-626433616-840302518-1006UA.job
- c:\documents and settings\audrey becourt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-01 06:48]

2006-05-12 c:\windows\Tasks\Rappel d'enregistrement 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-12-09 02:34]

2006-05-12 c:\windows\Tasks\Rappel d'enregistrement 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-12-09 02:34]

2006-05-12 c:\windows\Tasks\Rappel d'enregistrement 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-12-09 02:34]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\audrey becourt\Application Data\Mozilla\Firefox\Profiles\wt54lii5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\audrey becourt\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_15\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_15\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_15\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_15\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_15\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_15\bin\NPJPI150_15.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -

AddRemove-BulletProofSoft Youtube Video Grabber Trial Version_is1 - c:\program files\BulletProofSoft.com\Youtube Video Grabber\unins000.exe
AddRemove-Convert Image To PDF_is1 - c:\program files\Softinterface



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-10 01:15
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85D4F7F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x85d4f7f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3412)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\eappprxy.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\lxcycoms.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Heure de fin: 2009-11-10 1:24 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-10 00:24

Avant-CF: 11 548 139 520 octets libres
Après-CF: 11 399 086 080 octets libres

- - End Of File - - ECC122580BC87991A209E25D6CF04876
0
Réponse 2 / 5
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
10 nov. 2009 à 02:51
--> Télécharge mbr.exe (de Gmer) sur ton Bureau.

/!\ Désactive tes protections (Antivirus...) et coupe la connexion. /!\

--> Double-clique sur mbr.exe. Un rapport sera généré, poste-le : mbr.log
En cas d'infection, ce message "MBR rootkit code detected" va apparaître.
0
Réponse 3 / 5
zoe felix Messages postés 1 Date d'inscription mardi 10 novembre 2009 Statut Membre Dernière intervention 10 novembre 2009
10 nov. 2009 à 08:39
1er rapport :
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

2° rapport
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Mais je ne suis pas sure d'avoir correctement fait ce qu'il fallait car lorsque j'ai executé ta commande, j'ai eu un message d'erreur (document introuvable)

Merci et le pb est-il réglé quand meme?
0
Réponse 4 / 5
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
10 nov. 2009 à 15:16
/!\ Seul zoe felix peut suivre cette procédure. /!\


1/

---> Ouvre le Bloc-notes.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :






KillAll::

Driver::
mdxgthkn

File::
c:\docume~1\AUDREY~2\LOCALS~1\Temp\mdxgthkn.sys






--> Colle la sélection dans le Bloc-notes.

--> Enregistre ce fichier sur le Bureau (Impératif).

--> Nom du fichier : CFScript
--> Type du fichier : tous les fichiers
--> Clique sur Enregistrer.
--> Quitte le Bloc-notes.


2/

--> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

--> Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

--> Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

--> Une fois le scan achevé, un rapport va s'afficher : poste-le.

--> Si le fichier ne s'ouvre pas, il se trouve ici C:\Combofix.txt
0
zoe
11 nov. 2009 à 16:39
ComboFix 09-11-09.02 - audrey becourt 11/11/2009 16:18.2.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.958.503 [GMT 1:00]
Lancé depuis: c:\documents and settings\audrey becourt\Mes documents\Téléchargements\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\audrey becourt\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 091111-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\docume~1\AUDREY~2\LOCALS~1\Temp\mdxgthkn.sys"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_MDXGTHKN
-------\Service_mdxgthkn


((((((((((((((((((((((((((((( Fichiers créés du 2009-10-11 au 2009-11-11 ))))))))))))))))))))))))))))))))))))
.

2009-11-10 07:53 . 2009-11-10 07:51 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-10 07:50 . 2009-11-10 07:50 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-10 07:49 . 2009-11-10 07:49 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-10 07:49 . 2009-11-10 07:49 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-10 07:49 . 2009-11-10 07:49 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-10 07:48 . 2009-11-10 07:48 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-10 07:48 . 2009-11-10 07:48 640608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-10 07:48 . 2009-11-10 07:48 815760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-10 07:48 . 2009-11-10 07:48 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-10 07:48 . 2009-11-10 07:48 1638104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-10 07:48 . 2009-11-10 07:48 788368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-10 07:48 . 2009-11-10 07:48 1179232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-10 07:36 . 2008-12-16 12:31 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll
2009-11-10 07:36 . 2008-04-21 21:15 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-11-09 23:27 . 2009-11-09 23:27 -------- d-----w- c:\documents and settings\LocalService\Bureau
2009-11-09 23:19 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-09 23:18 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-09 22:57 . 2009-11-09 23:18 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-09 22:40 . 2009-11-09 22:40 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla
2009-11-09 21:57 . 2009-11-09 21:57 -------- d-----w- c:\program files\Trend Micro
2009-11-09 21:39 . 2009-11-11 15:08 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 1
2009-11-06 07:26 . 1998-07-12 23:00 15872 ----a-w- c:\windows\system32\WINSKFR.DLL
2009-11-06 07:26 . 1998-07-12 23:00 6656 ----a-w- c:\windows\system32\STDFTFR.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-11 15:32 . 2009-09-29 07:45 -------- d-----w- c:\documents and settings\audrey becourt\Application Data\Skype
2009-11-11 15:06 . 2009-09-29 07:46 -------- d-----w- c:\documents and settings\audrey becourt\Application Data\skypePM
2009-11-11 14:27 . 2005-12-16 05:15 -------- d-----w- c:\program files\Microsoft Works
2009-11-09 23:17 . 2008-02-18 08:21 -------- d-----w- c:\program files\Lavasoft
2009-11-09 21:59 . 2007-07-14 15:10 -------- d-----w- c:\program files\Lexmark Toolbar
2009-11-06 07:26 . 2009-01-04 11:00 -------- d-----w- c:\program files\ZNsoft Corporation
2009-11-04 19:55 . 2007-07-14 15:14 -------- d-----w- c:\program files\lx_cats
2009-11-01 09:03 . 2005-12-09 05:49 85256 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-01 09:03 . 2005-12-09 05:49 511392 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-17 08:33 . 2007-07-12 13:01 -------- d-----w- c:\documents and settings\audrey becourt\Application Data\U3
2009-10-15 18:18 . 2006-09-11 18:24 -------- d-----w- c:\documents and settings\audrey becourt\Application Data\Azureus
2009-10-15 12:55 . 2006-12-25 15:58 129224 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-10-12 12:15 . 2008-01-19 18:26 -------- d-----w- c:\program files\Steinberg
2009-10-12 10:39 . 2009-10-12 10:22 -------- d-----w- c:\program files\VirtualDJ
2009-10-05 14:11 . 2009-10-05 14:11 -------- d-----w- c:\program files\Audacity
2009-10-01 13:10 . 2009-10-01 13:10 -------- d-----w- c:\program files\US122_Install
2009-09-29 07:46 . 2009-09-29 07:46 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-29 07:44 . 2009-09-29 07:43 -------- d-----r- c:\program files\Skype
2009-09-29 07:43 . 2009-09-29 07:43 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-09-29 07:43 . 2009-09-29 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-24 19:12 . 2009-09-24 19:12 -------- d-----w- c:\program files\Sibelius Software
2009-09-16 10:14 . 2009-09-16 10:14 20299296 ----a-w- c:\documents and settings\audrey becourt\Application Data\TomTom\HOME\Profiles\ptz0844z.default\Updates\v2_7_2_1825_win.exe
2009-09-11 14:18 . 2005-12-09 05:48 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-20 14:09 . 2009-08-20 14:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2007-03-23 11:44 . 2007-03-23 11:44 604 -c-ha-w- c:\program files\STLL Notifier
2002-09-18 01:28 . 2006-12-25 15:12 3205496 -c----w- c:\program files\F.msi
1996-12-02 15:44 . 1996-12-02 15:44 582144 ----a-w- c:\program files\Fichiers communs\dao350.dll
2009-08-08 23:11 . 2009-08-08 23:11 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-08-08 23:30 . 2009-08-08 23:30 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-10_00.14.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 18:41 . 2009-07-11 18:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-11-11 15:27 . 2009-11-11 15:27 16384 c:\windows\Temp\Perflib_Perfdata_744.dat
+ 2005-12-09 05:48 . 2009-06-25 08:26 54272 c:\windows\system32\wdigest.dll
+ 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2007-02-08 13:52 . 2007-11-30 12:39 18296 c:\windows\system32\spmsg.dll
- 2007-02-08 13:52 . 2007-11-30 11:19 18296 c:\windows\system32\spmsg.dll
+ 2005-12-09 05:48 . 2009-06-25 08:26 56832 c:\windows\system32\secur32.dll
+ 2005-12-09 05:48 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2009-06-25 08:26 . 2009-06-25 08:26 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-25 08:26 . 2009-06-25 08:26 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2008-11-03 08:16 . 2009-11-10 07:56 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-03 08:16 . 2008-11-03 08:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-12-12 10:08 . 2008-11-03 08:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2005-12-12 10:08 . 2009-11-10 07:56 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2009-11-10 07:44 . 2009-11-10 07:56 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-12-12 10:08 . 2008-11-03 08:17 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-06-24 18:56 . 2009-06-24 18:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2008-05-27 23:49 . 2008-05-27 23:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-13 19:58 . 2007-04-13 19:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-13 19:57 . 2007-04-13 19:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2008-05-27 23:49 . 2008-05-27 23:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-13 19:57 . 2007-04-13 19:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-27 23:49 . 2008-05-27 23:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 00:30 . 2008-05-28 00:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2007-04-13 20:30 . 2007-04-13 20:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-07-12 17:24 . 2009-11-11 14:24 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2007-07-12 17:24 . 2009-04-10 15:32 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2007-07-12 17:24 . 2009-11-11 14:24 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2007-07-12 17:24 . 2009-04-10 15:32 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2007-07-12 17:24 . 2009-11-11 14:24 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2007-07-12 17:24 . 2009-04-10 15:32 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2007-07-12 17:24 . 2009-11-11 14:24 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2007-07-12 17:24 . 2009-04-10 15:32 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2007-07-12 17:24 . 2009-11-11 14:24 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2007-07-12 17:24 . 2009-04-10 15:32 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2007-07-12 17:24 . 2009-11-11 14:24 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2007-07-12 17:24 . 2009-04-10 15:32 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2007-07-12 17:24 . 2009-11-11 14:24 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2007-07-12 17:24 . 2009-04-10 15:32 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2005-12-16 05:16 . 2009-11-11 14:27 17534 c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\gtngstrtd.exe
- 2005-12-16 05:16 . 2008-12-12 12:37 17534 c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\gtngstrtd.exe
- 2005-12-16 05:16 . 2008-12-12 12:37 65536 c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\_E1162A70C607_43DE_9F42_B6251572BE19.exe
+ 2005-12-16 05:16 . 2009-11-11 14:27 65536 c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\_E1162A70C607_43DE_9F42_B6251572BE19.exe
- 2005-12-16 05:16 . 2008-12-12 12:37 65536 c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\_6DF36F952F03_4D8B_8F27_6EBBF01EA476.exe
+ 2005-12-16 05:16 . 2009-11-11 14:27 65536 c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\_6DF36F952F03_4D8B_8F27_6EBBF01EA476.exe
+ 2005-12-16 05:16 . 2009-11-11 14:27 65536 c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\_30113DE266A8_443A_A6B0_3DC98697B0DB.exe
- 2005-12-16 05:16 . 2008-12-12 12:37 65536 c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\_30113DE266A8_443A_A6B0_3DC98697B0DB.exe
+ 2009-11-11 14:32 . 2009-11-11 14:32 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_e8bcfac7\System.Drawing.Design.dll
+ 2009-11-11 14:32 . 2009-11-11 14:32 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7cec73a4\CustomMarshalers.dll
+ 2008-05-05 06:25 . 2008-05-05 06:25 3072 c:\windows\system32\xpsp4res.dll
- 2007-07-12 17:24 . 2009-04-10 15:32 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2007-07-12 17:24 . 2009-11-11 14:24 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2007-07-12 17:24 . 2009-04-10 15:32 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2007-07-12 17:24 . 2009-11-11 14:24 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2007-07-12 17:24 . 2009-04-10 15:32 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2007-07-12 17:24 . 2009-11-11 14:24 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2005-12-16 05:16 . 2008-12-12 12:37 4710 c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\WSBico.exe
+ 2005-12-16 05:16 . 2009-11-11 14:27 4710 c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\WSBico.exe
- 2005-12-16 05:16 . 2008-12-12 12:37 4710 c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\Win2Kico.exe
+ 2005-12-16 05:16 . 2009-11-11 14:27 4710 c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\Win2Kico.exe
- 2005-12-09 05:48 . 2008-04-14 02:33 354304 c:\windows\system32\winhttp.dll
+ 2005-12-09 05:48 . 2008-12-16 12:31 354304 c:\windows\system32\winhttp.dll
+ 2005-12-09 05:48 . 2009-06-25 08:26 147456 c:\windows\system32\schannel.dll
+ 2005-12-09 05:48 . 2009-04-15 14:53 585216 c:\windows\system32\rpcrt4.dll
+ 2005-12-09 05:48 . 2009-08-05 09:00 205312 c:\windows\system32\mswebdvd.dll
+ 2005-12-09 05:48 . 2009-06-25 08:26 736768 c:\windows\system32\lsasrv.dll
+ 2005-12-09 05:48 . 2009-06-25 08:26 301568 c:\windows\system32\kerberos.dll
+ 2005-12-09 05:48 . 2009-08-13 15:20 512000 c:\windows\system32\jscript.dll
- 2005-12-09 05:48 . 2008-05-09 10:55 512000 c:\windows\system32\jscript.dll
+ 2005-12-09 06:54 . 2009-11-11 15:03 388000 c:\windows\system32\FNTCACHE.DAT
- 2005-12-09 06:54 . 2009-10-12 12:39 388000 c:\windows\system32\FNTCACHE.DAT
+ 2008-12-05 06:57 . 2009-06-25 08:26 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:53 . 2009-04-15 14:53 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-08-05 09:00 . 2009-08-05 09:00 205312 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:26 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-06-25 08:26 . 2009-06-25 08:26 736768 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:26 . 2009-06-25 08:26 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2008-05-09 10:55 . 2009-08-13 15:20 512000 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:55 . 2008-05-09 10:55 512000 c:\windows\system32\dllcache\jscript.dll
- 2007-04-13 19:58 . 2007-04-13 19:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-27 23:49 . 2008-05-27 23:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-27 23:48 . 2008-05-27 23:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-13 19:56 . 2007-04-13 19:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-13 20:30 . 2007-04-13 20:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2008-05-28 00:30 . 2008-05-28 00:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2009-11-11 14:16 . 2009-11-11 14:16 248832 c:\windows\Installer\b9ad7.msi
- 2007-07-12 17:24 . 2009-04-10 15:32 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2007-07-12 17:24 . 2009-11-11 14:24 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2007-07-12 17:24 . 2009-04-10 15:32 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2007-07-12 17:24 . 2009-11-11 14:24 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2005-12-16 05:16 . 2008-12-12 12:37 184320 c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\_A5AC17ADC9FC_483E_BECB_C92E71F01A48.exe
+ 2005-12-16 05:16 . 2009-11-11 14:27 184320 c:\windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\_A5AC17ADC9FC_483E_BECB_C92E71F01A48.exe
+ 2009-11-11 14:33 . 2009-11-11 14:33 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f8b0cc1c\System.Drawing.dll
+ 2009-11-11 14:33 . 2009-11-11 14:33 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_aeb05593\System.Drawing.Design.dll
+ 2009-11-11 14:33 . 2009-11-11 14:33 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7302e245\CustomMarshalers.dll
+ 2005-12-09 05:48 . 2009-04-19 19:50 1847296 c:\windows\system32\win32k.sys
- 2005-12-09 05:48 . 2008-08-14 13:23 2191232 c:\windows\system32\ntoskrnl.exe
+ 2005-12-09 05:48 . 2009-08-04 21:58 2191232 c:\windows\system32\ntoskrnl.exe
- 2004-08-04 00:48 . 2008-08-14 13:23 2068096 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 00:48 . 2009-08-04 17:28 2068096 c:\windows\system32\ntkrnlpa.exe
+ 2008-10-15 09:29 . 2009-04-19 19:50 1847296 c:\windows\system32\dllcache\win32k.sys
- 2008-10-15 09:29 . 2008-08-14 13:23 2191232 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-15 09:29 . 2009-08-04 21:58 2191232 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-15 09:29 . 2008-08-14 13:23 2025984 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 09:29 . 2009-08-04 17:27 2025984 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 09:29 . 2009-08-04 17:28 2068096 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-15 09:29 . 2008-08-14 13:23 2068096 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-15 09:29 . 2008-08-14 13:23 2147328 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-15 09:29 . 2009-08-04 17:27 2147328 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-05-28 00:35 . 2008-05-28 00:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-13 20:35 . 2007-04-13 20:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 00:35 . 2008-05-28 00:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-13 20:35 . 2007-04-13 20:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-27 23:48 . 2008-05-27 23:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-13 19:57 . 2007-04-13 19:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-27 23:48 . 2008-05-27 23:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-13 19:57 . 2007-04-13 19:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-13 19:50 . 2007-04-13 19:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-05-27 23:43 . 2008-05-27 23:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-09-17 13:06 . 2009-09-17 13:06 4873728 c:\windows\Installer\b9b30.msp
+ 2009-04-29 14:03 . 2009-04-29 14:03 8404992 c:\windows\Installer\b9b18.msp
+ 2009-08-20 14:27 . 2009-08-20 14:27 3622400 c:\windows\Installer\b9b04.msp
+ 2009-09-10 21:44 . 2009-09-10 21:44 6704640 c:\windows\Installer\b9af0.msp
+ 2008-10-15 09:29 . 2009-08-04 21:58 2191232 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-15 09:29 . 2008-08-14 13:23 2191232 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-15 09:29 . 2008-08-14 13:23 2025984 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 09:29 . 2009-08-04 17:27 2025984 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 09:29 . 2009-08-04 17:28 2068096 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-15 09:29 . 2008-08-14 13:23 2068096 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-15 09:29 . 2008-08-14 13:23 2147328 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-15 09:29 . 2009-08-04 17:27 2147328 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-11-11 14:31 . 2009-11-11 14:31 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_33b8778e\System.dll
+ 2009-11-11 14:33 . 2009-11-11 14:33 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_1e7221d8\System.dll
+ 2009-11-11 14:34 . 2009-11-11 14:34 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e9694430\System.Xml.dll
+ 2009-11-11 14:32 . 2009-11-11 14:32 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_2d71ab86\System.Xml.dll
+ 2009-11-11 14:33 . 2009-11-11 14:33 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_7b781f26\System.Windows.Forms.dll
+ 2009-11-11 14:32 . 2009-11-11 14:32 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_3d389544\System.Windows.Forms.dll
+ 2009-11-11 14:34 . 2009-11-11 14:34 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_7756094f\System.Drawing.dll
+ 2009-11-11 14:33 . 2009-11-11 14:33 1466368 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_7cf6810b\System.Design.dll
+ 2009-11-11 14:34 . 2009-11-11 14:34 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_48b857c7\System.Design.dll
+ 2009-11-11 14:34 . 2009-11-11 14:34 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a3cd3113\mscorlib.dll
+ 2009-11-11 14:33 . 2009-11-11 14:33 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_96d187b8\mscorlib.dll
+ 2009-11-11 14:30 . 2009-11-11 14:30 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2007-08-21 13:21 . 2007-08-21 13:21 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2007-08-21 13:21 . 2007-08-21 13:21 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-11-11 14:30 . 2009-11-11 14:30 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-08-10 20:08 . 2009-08-10 20:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-08-10 13:09 . 2009-08-10 13:09 17254912 c:\windows\Installer\b9b46.msp
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-02-19 1471728]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"MPSWiFiManager"="c:\program files\Club-Internet\Agent Wifi\AgentWifi.exe" [2005-04-11 135168]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\audrey felix\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - c:\program files\Club-Internet\Lanceur\lanceur.exe [2006-10-5 5484544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Nike+ Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Nike+ Utility.lnk
backup=c:\windows\pss\Nike+ Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3629:UDP"= 3629:UDP:Windows Media Format SDK (wmplayer.exe)
"3628:UDP"= 3628:UDP:Windows Media Format SDK (wmplayer.exe)
"3631:UDP"= 3631:UDP:Windows Media Format SDK (wmplayer.exe)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/11/2009 00:19 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [07/04/2008 10:37 114768]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 00:45 124832]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/04/2008 10:37 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1179232]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 11:38 92008]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [13/02/2003 12:40 215708]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [13/02/2003 12:45 17263]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [13/02/2003 12:40 84092]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mbr
.
Contenu du dossier 'Tâches planifiées'

2009-11-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 07:48]

2009-08-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3117846246-626433616-840302518-1006Core.job
- c:\documents and settings\audrey becourt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-01 06:48]

2009-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3117846246-626433616-840302518-1006UA.job
- c:\documents and settings\audrey becourt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-01 06:48]

2006-05-12 c:\windows\Tasks\Rappel d'enregistrement 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-12-09 02:34]

2006-05-12 c:\windows\Tasks\Rappel d'enregistrement 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-12-09 02:34]

2006-05-12 c:\windows\Tasks\Rappel d'enregistrement 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-12-09 02:34]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\audrey becourt\Application Data\Mozilla\Firefox\Profiles\wt54lii5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - plugin: c:\documents and settings\audrey becourt\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_15\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_15\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_15\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_15\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_15\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_15\bin\NPJPI150_15.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", true);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.6 Beta 1\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-11 16:28
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85B5F3C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x85b5f3c8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1024)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\lxcycoms.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\notepad.exe
c:\program files\Mozilla Firefox 3.6 Beta 1\firefox.exe
.
**************************************************************************
.
Heure de fin: 2009-11-11 16:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-11 15:40
ComboFix2.txt 2009-11-10 00:24

Avant-CF: 10 540 990 464 octets libres
Après-CF: 10 505 830 400 octets libres

- - End Of File - - 88F605D55A6533117E461DD4FB4B6E9B
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
11 nov. 2009 à 19:11
---> Menu Démarrer > Exécuter > Tape ComboFix /u et valide.

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
0

Discussions similaires

recherche à partir de la barre d'adresse
Sylviane -
Lulin -

11 réponses
document html
Utilisateur anonyme -
brucine -

1 réponse
1fichier
titi342 -
bazfile -

1 réponse
comment trouver une personne sur facebook
samir8013 -
iceman94260 -

3 réponses
la barre d'adresse google chrome
zakariah -
chuck norris -

21 réponses