Sujet Précédent Sujet Suivant

Renvoi auto sur site malveillant

Fermé
BBrunes Messages postés 93 Date d'inscription lundi 11 février 2008 Statut Membre Dernière intervention 14 mars 2019 - 15 sept. 2010 à 14:27
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 25 sept. 2010 à 10:16
Bonjour,

Depuis qq jours je suis systématiquement redirigé sur le site http://64.111.196.126 (signalé comme souspicieux par mon "parfeu") à chaque fois que je click sur un lien à partir d'une page de recherche google ou yahoo.
Merci de m'écrire si vous avez eu à faire face à ce genre de prblm.

NB. je n'utilise pas d'antivirus mais il me semble quand même que je suis non plus "infecté" (j'ai éssayyer un scan avec Kaspersky scan tool et pas de gros prblms) . Je pense donc qu'un prgm malveillant? de passage sur mon ordi à du tripoter dans qq paramètres mysterieux de Windows...

A voir également:

14 réponses

Réponse 1 / 14
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 sept. 2010 à 14:38
slt

1/ pourquoi ne pas avoir d'antivirus?

2/
Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit


a plus
0
BBrunes Messages postés 93 Date d'inscription lundi 11 février 2008 Statut Membre Dernière intervention 14 mars 2019 3
16 sept. 2010 à 21:49
Bonjour,
1_ J'ai pas d'antivirus par ce que ça alourdi mon ordi. d'habitude je m'en sort suffisamment en faisant un peu attention....
2_ Pourquoi mon par feu (K9 web protection) bloque t-il le site que tu m'as donné plus haut comme "Spyware / Malware Sources ". Es tu confirme que c'est pas un truc dégeu :(
Merci et à bientôt.
0
Réponse 2 / 14
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
17 sept. 2010 à 09:15
c'est un logiciel permettant de voir si tu es infecté et donc ce n'est pas néfaste


sans antivirus tu passe de temps en temps un antivirus en ligne?
0
Réponse 3 / 14
BBrunes Messages postés 93 Date d'inscription lundi 11 février 2008 Statut Membre Dernière intervention 14 mars 2019 3
17 sept. 2010 à 11:38
Slt,
J'ai télécharger et executer le prgm. voici les rapport Log et info

****************Le fichier log.txt **********************
Logfile of random's system information tool 1.08 (written by random/random)
Run by skaterboy at 2010-09-17 11:32:15
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 6 GB (27%) free of 21 GB
Total RAM: 479 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:33:46, on 17/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Documents and Settings\skaterboy\Application Data\SystemProc\lsass.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\windows\lclock.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\windows\system32\svchost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
E:\Mes documents\RSIT.exe
C:\Program Files\trend micro\skaterboy.exe
C:\Program Files\uTorrent\uTorrent.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://arabia.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Babylon-English Toolbar - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\tbBaby.dll
O2 - BHO: (no name) - {7446E6D9-0DE2-46C6-A120-66CA84A73B54} - C:\windows\system32\encdec32.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: 60dbc311 - {BBEA67FB-582D-64C5-BF34-B64354270BF6} - C:\windows\system32\ff_vfw32.dll
O2 - BHO: Babylon-English Toolbar - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\tbBaby.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Babylon-English Toolbar - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\tbBaby.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Norton Ghost 15.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [EPSON Stylus S20 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE /FU "C:\WINDOWS\TEMP\E_S181.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\skaterboy\Application Data\SystemProc\lsass.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0081ADF5-94D0-40CC-B94A-7CEBF51B0026}: NameServer = 41.221.20.4 8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{0081ADF5-94D0-40CC-B94A-7CEBF51B0026}: NameServer = 41.221.20.4 8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\windows\system32\ff_vfw32.dll
O20 - Winlogon Notify: 10a89344989 - C:\windows\system32\ff_vfw32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\windows\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\windows\system32\services.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GenericMount Helper Service - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\windows\system32\services.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\windows\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\windows\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O24 - Desktop Component 1: le mouv' | le mouv' - http://www.lemouv.com/
0
Réponse 4 / 14
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
17 sept. 2010 à 13:55
colle un rapport de nettoyage avec le logiciel ad remover .
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
BBrunes
20 sept. 2010 à 11:15
Voici le rapport de scan de ad remover

======= RAPPORT D'AD-REMOVER 2.0.0.1,F | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 16/09/10 à 13:30
Contact: AdRemover.contact[AT]gmail.com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [2]) -> Lancé à 11:03:24 le 20/09/2010, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
skaterboy@PC ( )

============== RECHERCHE ==============


0,Dossier trouvé: C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
0,Fichier trouvé: C:\windows\Tasks\Scheduled Update for Ask Toolbar.job
0,Dossier trouvé: C:\Documents and Settings\skaterboy\Application Data\SystemProc
0,Fichier trouvé: C:\Documents and Settings\skaterboy\Application Data\Mozilla\FireFox\Profiles\ry355z65.default\searchplugins\askcom.xml
0,Dossier trouvé: C:\Program Files\Ask.com
0,Dossier trouvé: C:\Documents and Settings\skaterboy\Local Settings\Application Data\AskToolbar
0,Dossier trouvé: C:\Documents and Settings\skaterboy\Local Settings\Application Data\Conduit
0,Dossier trouvé: C:\Program Files\Conduit
3,Fichier trouvé: C:\windows\Installer\807314.msi

-- Fichier ouvert: C:\Documents and Settings\skaterboy\Application Data\Mozilla\FireFox\Profiles\ry355z65.default\Prefs.js --
Ligne trouvée: user_pref("CT2720081.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Ligne trouvée: user_pref("CT2720081.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272...
Ligne trouvée: user_pref("browser.search.defaultengine", "Ask.com");
Ligne trouvée: user_pref("browser.search.defaultenginename", "Ask.com");
Ligne trouvée: user_pref("browser.search.order.1", "Ask.com");
Ligne trouvée: user_pref("extensions.asktb.cbid", "OI");
Ligne trouvée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&o={o}&l={l}&...
Ligne trouvée: user_pref("extensions.asktb.dtid", "VIN006YYDZ");
Ligne trouvée: user_pref("extensions.asktb.fresh-install", false);
Ligne trouvée: user_pref("extensions.asktb.l", "dis");
Ligne trouvée: user_pref("extensions.asktb.last-config-req", "1283305955502");
Ligne trouvée: user_pref("extensions.asktb.locale", "fr_FR");
Ligne trouvée: user_pref("extensions.asktb.o", "16062");
Ligne trouvée: user_pref("extensions.asktb.options-lang", "fr");
Ligne trouvée: user_pref("extensions.asktb.options-locale", "UK");
Ligne trouvée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Ligne trouvée: user_pref("extensions.asktb.qsrc", "2871");
Ligne trouvée: user_pref("extensions.asktb.r", "3");
Ligne trouvée: user_pref("extensions.asktb.to", "16108");
Ligne trouvée: user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16062&locale=...
-- Fichier Fermé --


1,Clé trouvée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
1,Clé trouvée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
1,Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
1,Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
1,Clé trouvée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
1,Clé trouvée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
1,Clé trouvée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
1,Clé trouvée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
0,Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
0,Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
0,Clé trouvée: HKLM\Software\Classes\Toolbar.CT2720081
0,Clé trouvée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
1,Clé trouvée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
0,Clé trouvée: HKLM\Software\Conduit
0,Clé trouvée: HKCU\Software\Ask.com
0,Clé trouvée: HKCU\Software\AskToolbar
0,Clé trouvée: HKCU\Software\Conduit
0,Clé trouvée: HKCU\Software\AppDataLow\AskToolbarInfo
3,Clé trouvée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
3,Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
3,Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
3,Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
3,Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
0,Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

0,Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}
0,Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
0,Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.9 (fr)] **

-- C:\Documents and Settings\skaterboy\Application Data\Mozilla\FireFox\Profiles\ry355z65.default\Prefs.js --
browser.download.lastDir, C:\\TELECHARGEMENT
browser.search.defaultenginename, Ask.com
browser.search.defaulturl, hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-ushdl&p=
browser.search.selectedEngine, Google
browser.startup.homepage, hxxp://fr.yahoo.com/
browser.startup.homepage_override.mstone, rv:1.9.2.9
keyword.URL, hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16062&locale=fr_FR&q=

========================================

** Internet Explorer Version [6.0.2900.5512] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\windows\system32\blank.htm
Search bar: hxxp://www.google.fr/ie
Search Page: hxxp://search.msn.com/spbasic.htm
Show_ToolBar: yes
Start Page: hxxp://arabia.msn.com/
Use Custom Search URL: 1
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\windows\system32\blank.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 2 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 20/09/2010 (7090 Octet(s))
C:\Ad-Report-SCAN[2].txt - 20/09/2010 (5275 Octet(s))

Fin à: 11:10:54, 20/09/2010

============== E.O.F ==============
0
Réponse 6 / 14
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 sept. 2010 à 17:36
j avais demandé unrapport de nettoyage et non de recherche
0
Réponse 7 / 14
BBrunes
21 sept. 2010 à 11:29
Oui, le rapport de nettoyage, évidement :)
NB. le prblm persiste après le nettoyage et redémarrage de l'ordi.

======= RAPPORT D'AD-REMOVER 2.0.0.1,F | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 16/09/10 à 13:30
Contact: AdRemover.contact[AT]gmail.com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 11:15:06 le 21/09/2010, Mode normal

Microsoft Windows XP Professionnel Service Pack 3 (X86)
skaterboy@PC ( )

============== ACTION(S) ==============


0,Dossier supprimé: C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
0,Fichier supprimé: C:\windows\Tasks\Scheduled Update for Ask Toolbar.job
0,Dossier supprimé: C:\Documents and Settings\skaterboy\Application Data\SystemProc
0,Fichier supprimé: C:\Documents and Settings\skaterboy\Application Data\Mozilla\FireFox\Profiles\ry355z65.default\searchplugins\askcom.xml
0,Dossier supprimé: C:\Program Files\Ask.com
0,Dossier supprimé: C:\Documents and Settings\skaterboy\Local Settings\Application Data\AskToolbar
0,Dossier supprimé: C:\Documents and Settings\skaterboy\Local Settings\Application Data\Conduit
0,Dossier supprimé: C:\Program Files\Conduit
3,Fichier supprimé: C:\windows\Installer\807314.msi

(!) -- Fichiers temporaires supprimés.


-- Fichier ouvert: C:\Documents and Settings\skaterboy\Application Data\Mozilla\FireFox\Profiles\ry355z65.default\Prefs.js --
Ligne supprimée: user_pref("CT2720081.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Ligne supprimée: user_pref("CT2720081.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272...
Ligne supprimée: user_pref("browser.search.defaultengine", "Ask.com");
Ligne supprimée: user_pref("browser.search.defaultenginename", "Ask.com");
Ligne supprimée: user_pref("browser.search.order.1", "Ask.com");
Ligne supprimée: user_pref("extensions.asktb.cbid", "OI");
Ligne supprimée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&o={o}&l={l}&...
Ligne supprimée: user_pref("extensions.asktb.dtid", "VIN006YYDZ");
Ligne supprimée: user_pref("extensions.asktb.fresh-install", false);
Ligne supprimée: user_pref("extensions.asktb.l", "dis");
Ligne supprimée: user_pref("extensions.asktb.last-config-req", "1283305955502");
Ligne supprimée: user_pref("extensions.asktb.locale", "fr_FR");
Ligne supprimée: user_pref("extensions.asktb.o", "16062");
Ligne supprimée: user_pref("extensions.asktb.options-lang", "fr");
Ligne supprimée: user_pref("extensions.asktb.options-locale", "UK");
Ligne supprimée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Ligne supprimée: user_pref("extensions.asktb.qsrc", "2871");
Ligne supprimée: user_pref("extensions.asktb.r", "3");
Ligne supprimée: user_pref("extensions.asktb.to", "16108");
Ligne supprimée: user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16062&locale=...
-- Fichier Fermé --


1,Clé supprimée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
1,Clé supprimée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
1,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
1,Clé supprimée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
1,Clé supprimée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
1,Clé supprimée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
1,Clé supprimée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
0,Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
0,Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
0,Clé supprimée: HKLM\Software\Classes\Toolbar.CT2720081
0,Clé supprimée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
1,Clé supprimée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
0,Clé supprimée: HKLM\Software\Conduit
0,Clé supprimée: HKCU\Software\Ask.com
0,Clé supprimée: HKCU\Software\AskToolbar
0,Clé supprimée: HKCU\Software\Conduit
0,Clé supprimée: HKCU\Software\AppDataLow\AskToolbarInfo
3,Clé supprimée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
3,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
3,Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
3,Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
3,Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

0,Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}
0,Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
0,Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.6.9 (fr)] **

-- C:\Documents and Settings\skaterboy\Application Data\Mozilla\FireFox\Profiles\ry355z65.default\Prefs.js --
browser.download.lastDir, E:\\Image pour Site web
browser.search.defaulturl, hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-ushdl&p=
browser.search.selectedEngine, Google
browser.startup.homepage, hxxp://fr.yahoo.com/
browser.startup.homepage_override.mstone, rv:1.9.2.9

========================================

** Internet Explorer Version [6.0.2900.5512] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\windows\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 1
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\windows\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 26 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 21/09/2010 (3353 Octet(s))
C:\Ad-Report-SCAN[1].txt - 20/09/2010 (7090 Octet(s))
C:\Ad-Report-SCAN[2].txt - 20/09/2010 (7146 Octet(s))

Fin à: 11:18:58, 21/09/2010

============== E.O.F ==============
0
Réponse 8 / 14
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
21 sept. 2010 à 12:26
scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:


https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 9 / 14
BBrunes
22 sept. 2010 à 00:54
Salut, On dirai que ça marche. voici le rapport du nettoyage

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4665

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

22/09/2010 00:40:34
mbam-log-2010-09-22 (00-40-34).txt

Type d'examen: Examen complet (C:\|D:\|E:\|)
Elément(s) analysé(s): 192095
Temps écoulé: 2 heure(s), 53 minute(s), 8 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 49

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ff_vfw32.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\42.tmp (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\isrdbg3232.dll (Trojan.Tracur) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbea67fb-582d-64c5-bf34-b64354270bf6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bbea67fb-582d-64c5-bf34-b64354270bf6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\10a89344989 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bbea67fb-582d-64c5-bf34-b64354270bf6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7446e6d9-0de2-46c6-a120-66ca84a73b54} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7446e6d9-0de2-46c6-a120-66ca84a73b54} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7446e6d9-0de2-46c6-a120-66ca84a73b54} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\www.kutub.info_5799.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e8cfc029-8420-4eae-adef-915bdc77e1dc} (Spyware.AdaEbook) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\ff_vfw32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\ff_vfw32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ff_vfw32.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\drivers\46549822.sys (Rootkit.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\42.tmp (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\isrdbg3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Documents and Settings\skaterboy\Application Data\SystemProc\lsass.exe.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2C.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dsdmoprp32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ftlx041e32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxdiagn32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\encdec32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ifmon32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\inetcfg32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
E:\Mes documents\LimeWire\Saved\track001\play_mp3_setup.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
E:\Mes documents\fichiers pdf+word\www.kutub.info_5799.exe (Spyware.AdaEbook) -> Quarantined and deleted successfully.
E:\Prgms\Symantec Norton Ghost v15.0 FR - CORE\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1257425182v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1257425182v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1257425182v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1257425182v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1257425182v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1257425182v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1257425182v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1257425182v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1257425182v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1257425182v4.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1257425182v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1257425182v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1257425182v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1257425182v6.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1257425182v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1257425182v7.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1257425182v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1257425182v0.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1257425182v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1257425182v1.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1257425182v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1257425182v2.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1257425182v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1257425182v3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1257425182v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1257425182v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1257425182v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1257425182v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1257425182v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1257425182v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1257425182v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1257425182v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sl555307398 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
0
Réponse 10 / 14
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 sept. 2010 à 01:27
ok
cela va mieux?

les rapports obtenus avec le logiciel RSIt tu peux les mettre?
0
Réponse 11 / 14
BBrunes
Modifié par BBrunes le 23/09/2010 à 20:11
Je crois que j'ai parlé trop vite, selon les recherches je suis parfois redirigé vers le même site http://64.111.196.126/c.php?s=eNotlFmrg8oShX-QsO3B1u6H8xBNdqJGY2b15... d'autre fois non :( on dirai que c'est aléatoire.
et pour la rapport de Rsit :

Logfile of random's system information tool 1.08 (written by random/random)
Run by skaterboy at 2010-09-23 19:14:54
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 6 GB (30%) free of 21 GB
Total RAM: 479 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:15:53, on 23/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\windows\lclock.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\windows\system32\svchost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\windows\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
E:\Mes documents\RSIT.exe
C:\Program Files\trend micro\skaterboy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: Babylon-English Toolbar - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\tbBaby.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Babylon-English Toolbar - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\tbBaby.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Babylon-English Toolbar - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\tbBaby.dll
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [Norton Ghost 15.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [EPSON Stylus S20 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE /FU "C:\WINDOWS\TEMP\E_S181.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0081ADF5-94D0-40CC-B94A-7CEBF51B0026}: NameServer = 41.221.20.4 8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{0081ADF5-94D0-40CC-B94A-7CEBF51B0026}: NameServer = 41.221.20.4 8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\windows\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\windows\system32\services.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GenericMount Helper Service - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\windows\system32\services.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\windows\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\windows\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O24 - Desktop Component 1: le mouv' | le mouv' - https://www.mouv.fr/

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
Babylon IE plugin - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll [2010-08-10 253368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce18769b-c7fa-42d2-860d-17c4662c70ad}]
Babylon-English Toolbar - C:\Program Files\Babylon-English\tbBaby.dll [2010-06-13 2734688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-31 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ce18769b-c7fa-42d2-860d-17c4662c70ad} - Babylon-English Toolbar - C:\Program Files\Babylon-English\tbBaby.dll [2010-06-13 2734688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VMSnap3"=C:\WINDOWS\VMSnap3.EXE [2007-01-09 49152]
"Domino"=C:\WINDOWS\Domino.EXE [2007-01-09 49152]
"BigDog303"=C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) []
"Norton Ghost 15.0"=C:\Program Files\Norton Ghost\Agent\VProTray.exe [2010-03-03 2598760]
"AdobeCS4ServiceManager"=C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LClock"=C:\windows\lclock.exe [2004-12-08 65536]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-09-03 328568]
"EPSON Stylus S20 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE [2007-11-30 188928]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [2010-08-10 3824056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^skaterboy^Menu Démarrer^Programmes^Accessoires^Démarrage^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe [2010-08-19 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^skaterboy^Menu Démarrer^Programmes^Accessoires^Démarrage^_uninst_setup_9.0.0.722_22.06.2010_13-46.exe.lnk]
C:\Documents and Settings\skaterboy\Local Settings\Temp\_uninst_setup_9.0.0.722_22.06.2010_13-46.exe.bat []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^skaterboy^Menu Démarrer^Programmes^Démarrage^setup_9.0.0.722_22.06.2010_13-46.lnk]
C:\DOCUME~1\SKATER~1\Bureau\VIRUSR~1\SETUP_~1.201\startup.exe C:\Documents and Settings\skaterboy\Bureau\Virus Removal Tool\setup_9.0.0.722_22.06.2010_13-46\setup_9.0.0.722_22.06.2010_13-46.exe -gui -bl []

C:\Documents and Settings\skaterboy\Menu Démarrer\Programmes\Accessoires\Démarrage
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMBalloonTip"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Lecteur Windows Media"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\windows\explorer.exe"="C:\windows\explorer.exe:*:Enabled:Windows Shell"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\windows\explorer.exe"="C:\windows\explorer.exe:*:Enabled:Windows Shell"

======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 3 months======

2010-09-21 19:17:40 ----D---- C:\Documents and Settings\skaterboy\Application Data\Malwarebytes
2010-09-21 19:17:22 ----A---- C:\windows\system32\drivers\mbamswissarmy.sys
2010-09-21 19:17:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-09-21 19:17:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-21 19:17:12 ----A---- C:\windows\system32\drivers\mbam.sys
2010-09-21 11:31:07 ----A---- C:\Ad-Report-SCAN[3].txt
2010-09-21 11:15:13 ----A---- C:\Ad-Report-CLEAN[1].txt
2010-09-20 12:04:39 ----A---- C:\test.bat
2010-09-20 11:03:33 ----A---- C:\Ad-Report-SCAN[2].txt
2010-09-20 10:42:09 ----A---- C:\Ad-Report-SCAN[1].txt
2010-09-20 10:41:45 ----D---- C:\Program Files\Ad-Remover
2010-09-20 10:39:50 ----D---- C:\Nouveau travaux
2010-09-17 11:32:32 ----D---- C:\Program Files\trend micro
2010-09-17 11:32:15 ----D---- C:\rsit
2010-09-16 00:18:34 ----A---- C:\windows\system32\SSPng2.dll
2010-09-16 00:18:34 ----A---- C:\windows\system32\Msstkprp.dll
2010-09-16 00:18:34 ----A---- C:\windows\system32\DartWeb.dll
2010-09-16 00:18:34 ----A---- C:\windows\system32\DartSock.dll
2010-09-16 00:18:33 ----D---- C:\Program Files\Pop-Up
2010-09-05 22:41:52 ----D---- C:\windows\Sun
2010-09-03 12:22:13 ----SH---- C:\windows\system32\unrar.exe
2010-09-03 12:22:13 ----D---- C:\windows\system32\580580387
2010-08-31 23:11:55 ----D---- C:\Documents and Settings\skaterboy\Application Data\LimeWire
2010-08-31 23:04:04 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-08-31 23:03:55 ----D---- C:\Program Files\Fichiers communs\Java
2010-08-31 23:02:54 ----A---- C:\windows\system32\javaws.exe
2010-08-31 23:02:54 ----A---- C:\windows\system32\javaw.exe
2010-08-31 23:02:54 ----A---- C:\windows\system32\java.exe
2010-08-31 23:02:54 ----A---- C:\windows\system32\deploytk.dll
2010-08-31 23:01:48 ----D---- C:\Program Files\Java
2010-08-31 22:42:28 ----D---- C:\Documents and Settings\skaterboy\Application Data\Sun
2010-08-31 22:42:05 ----D---- C:\Program Files\LimeWire
2010-08-26 23:57:05 ----HD---- C:\windows\PIF
2010-08-23 23:52:39 ----D---- C:\Documents and Settings\skaterboy\Application Data\Help
2010-08-23 15:33:13 ----D---- C:\Documents and Settings\skaterboy\Application Data\Dev-Cpp
2010-08-23 15:31:19 ----D---- C:\Dev-Cpp
2010-08-15 22:19:20 ----D---- C:\Program Files\Babylon-English
2010-08-15 22:19:05 ----D---- C:\Program Files\Babylon
2010-08-15 22:15:55 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon
2010-08-15 22:15:54 ----D---- C:\Documents and Settings\skaterboy\Application Data\Babylon
2010-08-13 22:48:02 ----D---- C:\Documents and Settings\skaterboy\Application Data\Real
2010-08-13 12:55:29 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2010-08-13 12:42:24 ----D---- C:\Program Files\Adobe Media Player
2010-08-13 12:30:06 ----D---- C:\Program Files\Fichiers communs\Adobe AIR
2010-08-13 12:28:39 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-08-13 12:27:38 ----D---- C:\Program Files\Adobe
2010-08-13 12:26:11 ----D---- C:\Program Files\Fichiers communs\Macrovision Shared
2010-08-13 12:19:58 ----D---- C:\Program Files\Fichiers communs\Adobe
2010-08-12 01:40:44 ----D---- C:\Program Files\DivX
2010-08-12 01:38:35 ----D---- C:\Documents and Settings\All Users\Application Data\DivX
2010-08-12 01:33:12 ----D---- C:\Documents and Settings\skaterboy\Application Data\Apple Computer
2010-08-12 01:29:15 ----D---- C:\windows\Prefetch
2010-08-06 10:07:01 ----D---- C:\Documents and Settings\skaterboy\Application Data\Foxit Software
2010-08-03 22:30:07 ----D---- C:\Program Files\MagicISO
2010-07-31 09:38:50 ----D---- C:\TELECHARGEMENT
2010-07-30 12:51:01 ----D---- C:\windows\system32\xircom
2010-07-30 12:51:01 ----D---- C:\windows\srchasst
2010-07-30 12:51:01 ----D---- C:\Program Files\xerox
2010-07-30 12:51:00 ----D---- C:\Program Files\msn gaming zone
2010-07-30 12:50:59 ----D---- C:\Program Files\microsoft frontpage
2010-07-29 19:08:58 ----N---- C:\windows\system32\msxml6r.dll
2010-07-29 19:08:57 ----N---- C:\windows\system32\msxml6.dll
2010-07-29 19:08:38 ----D---- C:\Program Files\Messenger
2010-07-29 19:06:52 ----N---- C:\windows\system32\drivers\irbus.sys
2010-07-29 19:06:51 ----N---- C:\windows\system32\smtpapi.dll
2010-07-29 19:06:51 ----N---- C:\windows\system32\rwnh.dll
2010-07-29 19:06:51 ----N---- C:\windows\system32\comsdupd.exe
2010-07-29 19:06:31 ----N---- C:\windows\system32\ati2cqag.dll
2010-07-29 19:06:31 ----N---- C:\windows\system32\aaclient.dll
2010-07-29 19:06:30 ----N---- C:\windows\system32\ati2dvag.dll
2010-07-29 19:06:30 ----N---- C:\windows\system32\ati2dvaa.dll
2010-07-29 19:06:29 ----N---- C:\windows\system32\ati3duag.dll
2010-07-29 19:06:29 ----N---- C:\windows\system32\ati3d1ag.dll
2010-07-29 19:06:27 ----N---- C:\windows\system32\ativvaxx.dll
2010-07-29 19:06:27 ----N---- C:\windows\system32\ativtmxx.dll
2010-07-29 19:06:24 ----N---- C:\windows\system32\azroles.dll
2010-07-29 19:06:22 ----N---- C:\windows\system32\blastcln.exe
2010-07-29 19:06:22 ----N---- C:\windows\system32\bitsprx4.dll
2010-07-29 19:06:21 ----N---- C:\windows\system32\dimsntfy.dll
2010-07-29 19:06:21 ----N---- C:\windows\system32\dhcpqec.dll
2010-07-29 19:06:21 ----N---- C:\windows\system32\credssp.dll
2010-07-29 19:06:20 ----N---- C:\windows\system32\dot3ui.dll
2010-07-29 19:06:20 ----N---- C:\windows\system32\dot3svc.dll
2010-07-29 19:06:20 ----N---- C:\windows\system32\dot3msm.dll
2010-07-29 19:06:20 ----N---- C:\windows\system32\dot3gpclnt.dll
2010-07-29 19:06:20 ----N---- C:\windows\system32\dot3dlg.dll
2010-07-29 19:06:20 ----N---- C:\windows\system32\dot3cfg.dll
2010-07-29 19:06:20 ----N---- C:\windows\system32\dot3api.dll
2010-07-29 19:06:20 ----N---- C:\windows\system32\dimsroam.dll
2010-07-29 19:06:19 ----N---- C:\windows\system32\eapp3hst.dll
2010-07-29 19:06:19 ----N---- C:\windows\system32\eapolqec.dll
2010-07-29 19:06:17 ----N---- C:\windows\system32\eappprxy.dll
2010-07-29 19:06:17 ----N---- C:\windows\system32\eapphost.dll
2010-07-29 19:06:17 ----N---- C:\windows\system32\eappgnui.dll
2010-07-29 19:06:17 ----N---- C:\windows\system32\eappcfg.dll
2010-07-29 19:06:16 ----N---- C:\windows\system32\eapqec.dll
2010-07-29 19:06:15 ----N---- C:\windows\system32\eapsvc.dll
2010-07-29 19:06:10 ----N---- C:\windows\system32\hsfcisp2.dll
2010-07-29 19:06:05 ----N---- C:\windows\system32\kbdbhc.dll
2010-07-29 19:06:04 ----N---- C:\windows\system32\kbdiultn.dll
2010-07-29 19:06:02 ----N---- C:\windows\system32\kbdpash.dll
2010-07-29 19:06:02 ----N---- C:\windows\system32\kbdnepr.dll
2010-07-29 19:06:01 ----N---- C:\windows\system32\kmsvc.dll
2010-07-29 19:06:00 ----N---- C:\windows\system32\l2gpstore.dll
2010-07-29 19:05:59 ----N---- C:\windows\system32\mdmxsdk.dll
2010-07-29 19:05:58 ----N---- C:\windows\system32\microsoft.managementconsole.dll
2010-07-29 19:05:57 ----N---- C:\windows\system32\mmcex.dll
2010-07-29 19:05:56 ----N---- C:\windows\system32\mmcfxcommon.dll
2010-07-29 19:05:55 ----N---- C:\windows\system32\mmcperf.exe
2010-07-29 19:05:50 ----N---- C:\windows\system32\msshavmsg.dll
2010-07-29 19:05:50 ----N---- C:\windows\system32\mssha.dll
2010-07-29 19:05:49 ----N---- C:\windows\system32\mtxparhd.dll
2010-07-29 19:05:48 ----N---- C:\windows\system32\napipsec.dll
2010-07-29 19:05:47 ----N---- C:\windows\system32\napmontr.dll
2010-07-29 19:05:46 ----N---- C:\windows\system32\napstat.exe
2010-07-29 19:05:44 ----N---- C:\windows\system32\nv4_disp.dll
2010-07-29 19:05:43 ----N---- C:\windows\system32\p2p.dll
2010-07-29 19:05:43 ----N---- C:\windows\system32\onex.dll
2010-07-29 19:05:42 ----N---- C:\windows\system32\p2psvc.dll
2010-07-29 19:05:42 ----N---- C:\windows\system32\p2pnetsh.dll
2010-07-29 19:05:42 ----N---- C:\windows\system32\p2pgraph.dll
2010-07-29 19:05:42 ----N---- C:\windows\system32\p2pgasvc.dll
2010-07-29 19:05:41 ----N---- C:\windows\system32\photometadatahandler.dll
2010-07-29 19:05:40 ----N---- C:\windows\system32\qagentrt.dll
2010-07-29 19:05:40 ----N---- C:\windows\system32\qagent.dll
2010-07-29 19:05:40 ----N---- C:\windows\system32\pnrpnsp.dll
2010-07-29 19:05:39 ----N---- C:\windows\system32\qutil.dll
2010-07-29 19:05:39 ----N---- C:\windows\system32\qcliprov.dll
2010-07-29 19:05:38 ----N---- C:\windows\system32\rasqec.dll
2010-07-29 19:05:37 ----N---- C:\windows\system32\rhttpaa.dll
2010-07-29 19:05:35 ----N---- C:\windows\system32\slgen.dll
2010-07-29 19:05:35 ----N---- C:\windows\system32\slextspk.dll
2010-07-29 19:05:35 ----N---- C:\windows\system32\slcoinst.dll
2010-07-29 19:05:35 ----N---- C:\windows\system32\setupn.exe
2010-07-29 19:05:34 ----N---- C:\windows\system32\slserv.exe
2010-07-29 19:05:34 ----N---- C:\windows\system32\slrundll.exe
2010-07-29 19:05:32 ----N---- C:\windows\system32\verclsid.exe
2010-07-29 19:05:32 ----N---- C:\windows\system32\tzchange.exe
2010-07-29 19:05:32 ----N---- C:\windows\system32\tspkg.dll
2010-07-29 19:05:32 ----N---- C:\windows\system32\tsgqec.dll
2010-07-29 19:05:30 ----N---- C:\windows\system32\windowscodecs.dll
2010-07-29 19:05:29 ----N---- C:\windows\system32\windowscodecsext.dll
2010-07-29 19:05:27 ----N---- C:\windows\system32\wlanapi.dll
2010-07-29 19:05:26 ----N---- C:\windows\system32\wmphoto.dll
2010-07-29 19:05:19 ----N---- C:\windows\system32\xmllite.dll
2010-07-29 19:05:19 ----N---- C:\windows\slrundll.exe
2010-07-29 19:05:17 ----D---- C:\windows\system32\fr-fr
2010-07-29 19:05:01 ----D---- C:\Program Files\msn
2010-07-29 19:04:53 ----D---- C:\windows\l2schemas
2010-07-29 19:04:50 ----D---- C:\windows\system32\fr
2010-07-29 19:04:48 ----D---- C:\windows\system32\bits
2010-07-29 19:04:46 ----D---- C:\Program Files\movie maker
2010-07-29 18:59:30 ----D---- C:\windows\ServicePackFiles
2010-07-29 18:58:43 ----D---- C:\windows\system32\DllCache
2010-07-29 18:57:37 ----N---- C:\windows\system32\mplay32.exe
2010-07-29 18:56:51 ----N---- C:\windows\system32\shmedia.dll
2010-07-29 18:56:10 ----N---- C:\windows\system32\wmstream.dll
2010-07-29 18:56:10 ----N---- C:\windows\system32\wmsdmoe.dll
2010-07-29 18:56:05 ----N---- C:\windows\system32\drivers\adv09nt5.dll
2010-07-29 18:56:05 ----N---- C:\windows\system32\drivers\adv08nt5.dll
2010-07-29 18:56:05 ----N---- C:\windows\system32\drivers\adv07nt5.dll
2010-07-29 18:56:05 ----N---- C:\windows\system32\drivers\adv05nt5.dll
2010-07-29 18:56:05 ----N---- C:\windows\system32\drivers\adv02nt5.dll
2010-07-29 18:56:05 ----N---- C:\windows\system32\drivers\adv01nt5.dll
2010-07-29 18:56:05 ----D---- C:\windows\network diagnostic
2010-07-29 18:56:04 ----N---- C:\windows\system32\drivers\ati1tuxx.sys
2010-07-29 18:56:04 ----N---- C:\windows\system32\drivers\ati1ttxx.sys
2010-07-29 18:56:04 ----N---- C:\windows\system32\drivers\ati1snxx.sys
2010-07-29 18:56:04 ----N---- C:\windows\system32\drivers\ati1rvxx.sys
2010-07-29 18:56:04 ----N---- C:\windows\system32\drivers\ati1raxx.sys
2010-07-29 18:56:04 ----N---- C:\windows\system32\drivers\ati1pdxx.sys
2010-07-29 18:56:04 ----N---- C:\windows\system32\drivers\ati1mdxx.sys
2010-07-29 18:56:04 ----N---- C:\windows\system32\drivers\ati1btxx.sys
2010-07-29 18:56:04 ----N---- C:\windows\system32\drivers\adv11nt5.dll
2010-07-29 18:56:03 ----N---- C:\windows\system32\drivers\atinxbxx.sys
2010-07-29 18:56:03 ----N---- C:\windows\system32\drivers\atintuxx.sys
2010-07-29 18:56:03 ----N---- C:\windows\system32\drivers\atinttxx.sys
2010-07-29 18:56:03 ----N---- C:\windows\system32\drivers\atinsnxx.sys
2010-07-29 18:56:03 ----N---- C:\windows\system32\drivers\atinrvxx.sys
2010-07-29 18:56:03 ----N---- C:\windows\system32\drivers\atinraxx.sys
2010-07-29 18:56:03 ----N---- C:\windows\system32\drivers\atinpdxx.sys
2010-07-29 18:56:03 ----N---- C:\windows\system32\drivers\atinmdxx.sys
2010-07-29 18:56:03 ----N---- C:\windows\system32\drivers\atinbtxx.sys
2010-07-29 18:56:03 ----N---- C:\windows\system32\drivers\ati2mtag.sys
2010-07-29 18:56:03 ----N---- C:\windows\system32\drivers\ati2mtaa.sys
2010-07-29 18:56:03 ----N---- C:\windows\system32\drivers\ati1xsxx.sys
2010-07-29 18:56:03 ----N---- C:\windows\system32\drivers\ati1xbxx.sys
2010-07-29 18:56:02 ----N---- C:\windows\system32\drivers\ch7xxnt5.dll
2010-07-29 18:56:02 ----N---- C:\windows\system32\drivers\bthusb.sys
2010-07-29 18:56:02 ----N---- C:\windows\system32\drivers\bthprint.sys
2010-07-29 18:56:02 ----N---- C:\windows\system32\drivers\bthport.sys
2010-07-29 18:56:02 ----N---- C:\windows\system32\drivers\bthpan.sys
2010-07-29 18:56:02 ----N---- C:\windows\system32\drivers\bthmodem.sys
2010-07-29 18:56:02 ----N---- C:\windows\system32\drivers\bthenum.sys
2010-07-29 18:56:02 ----N---- C:\windows\system32\drivers\atv10nt5.dll
2010-07-29 18:56:02 ----N---- C:\windows\system32\drivers\atv06nt5.dll
2010-07-29 18:56:02 ----N---- C:\windows\system32\drivers\atv04nt5.dll
2010-07-29 18:56:02 ----N---- C:\windows\system32\drivers\atv02nt5.dll
2010-07-29 18:56:02 ----N---- C:\windows\system32\drivers\atv01nt5.dll
2010-07-29 18:56:02 ----N---- C:\windows\system32\drivers\atinxsxx.sys
2010-07-29 18:56:01 ----N---- C:\windows\system32\drivers\hsfdpsp2.sys
2010-07-29 18:56:01 ----N---- C:\windows\system32\drivers\hsfcxts2.sys
2010-07-29 18:56:01 ----N---- C:\windows\system32\drivers\hsfbs2s2.sys
2010-07-29 18:56:01 ----N---- C:\windows\system32\drivers\hidir.sys
2010-07-29 18:56:01 ----N---- C:\windows\system32\drivers\hidbth.sys
2010-07-29 18:56:01 ----N---- C:\windows\system32\drivers\hdaudbus.sys
2010-07-29 18:56:00 ----N---- C:\windows\system32\drivers\ntmtlfax.sys
2010-07-29 18:56:00 ----N---- C:\windows\system32\drivers\mutohpen.sys
2010-07-29 18:56:00 ----N---- C:\windows\system32\drivers\mtxparhm.sys
2010-07-29 18:56:00 ----N---- C:\windows\system32\drivers\mtlstrm.sys
2010-07-29 18:56:00 ----N---- C:\windows\system32\drivers\mtlmnt5.sys
2010-07-29 18:56:00 ----N---- C:\windows\system32\drivers\mdmxsdk.sys
2010-07-29 18:55:59 ----N---- C:\windows\system32\drivers\slnt7554.sys
2010-07-29 18:55:59 ----N---- C:\windows\system32\drivers\siint5.dll
2010-07-29 18:55:59 ----N---- C:\windows\system32\drivers\sffp_mmc.sys
2010-07-29 18:55:59 ----N---- C:\windows\system32\drivers\rndismpx.sys
2010-07-29 18:55:59 ----N---- C:\windows\system32\drivers\rfcomm.sys
2010-07-29 18:55:59 ----N---- C:\windows\system32\drivers\recagent.sys
2010-07-29 18:55:59 ----N---- C:\windows\system32\drivers\nv4_mini.sys
2010-07-29 18:55:58 ----N---- C:\windows\system32\drivers\watv06nt.sys
2010-07-29 18:55:58 ----N---- C:\windows\system32\drivers\wadv11nt.sys
2010-07-29 18:55:58 ----N---- C:\windows\system32\drivers\wadv09nt.sys
2010-07-29 18:55:58 ----N---- C:\windows\system32\drivers\wadv08nt.sys
2010-07-29 18:55:58 ----N---- C:\windows\system32\drivers\wadv07nt.sys
2010-07-29 18:55:58 ----N---- C:\windows\system32\drivers\wacompen.sys
2010-07-29 18:55:58 ----N---- C:\windows\system32\drivers\vchnt5.dll
2010-07-29 18:55:58 ----N---- C:\windows\system32\drivers\usbvideo.sys
2010-07-29 18:55:58 ----N---- C:\windows\system32\drivers\usb8023x.sys
2010-07-29 18:55:58 ----N---- C:\windows\system32\drivers\smbali.sys
2010-07-29 18:55:58 ----N---- C:\windows\system32\drivers\slwdmsup.sys
2010-07-29 18:55:58 ----N---- C:\windows\system32\drivers\slnthal.sys
2010-07-29 18:55:58 ----N---- C:\windows\system32\drivers\slntamr.sys
2010-07-29 18:55:57 ----N---- C:\windows\system32\drivers\watv10nt.sys
2010-07-29 18:54:07 ----A---- C:\windows\002427_.tmp
2010-07-29 18:44:06 ----HDC---- C:\windows\$NtServicePackUninstall$
2010-07-22 18:15:34 ----D---- C:\Program Files\Fichiers communs\Windows Live
2010-07-21 23:51:48 ----D---- C:\Program Files\Webshots
2010-07-21 23:51:48 ----D---- C:\Documents and Settings\skaterboy\Application Data\Webshots
2010-07-15 22:07:52 ----SHD---- C:\windows\ftpcache
2010-07-15 21:58:23 ----A---- C:\windows\system32\drivers\mcdbus.sys
2010-07-15 21:58:22 ----D---- C:\Program Files\MagicDisc
2010-07-14 20:09:59 ----A---- C:\windows\SYCLicense071115U.dll
2010-07-12 13:26:54 ----D---- C:\Documents and Settings\skaterboy\Application Data\WinRAR
2010-07-12 13:26:07 ----D---- C:\Program Files\WinRAR
2010-07-09 13:04:10 ----A---- C:\windows\system32\drivers\46549821.sys
2010-07-09 13:04:10 ----A---- C:\windows\system32\drivers\4654982.sys
2010-07-03 11:26:18 ----A---- C:\dt.exe
2010-07-02 22:49:34 ----D---- C:\windows\system32\boote
2010-07-02 22:49:34 ----A---- C:\info.bat
2010-06-30 23:11:05 ----A---- C:\windows\system32\ptpusb.dll
2010-06-30 23:11:04 ----A---- C:\windows\system32\ptpusd.dll
2010-06-30 23:11:03 ----A---- C:\windows\system32\drivers\usbscan.sys
2010-06-30 22:52:16 ----D---- C:\Program Files\PdfGrabber
2010-06-30 22:51:58 ----D---- C:\windows\Downloaded Installations
2010-06-28 14:40:59 ----D---- C:\Program Files\eMule
2010-06-28 12:04:32 ----D---- C:\Documents and Settings\skaterboy\Application Data\Mozilla
2010-06-27 23:55:35 ----D---- C:\Documents and Settings\skaterboy\Application Data\Media Player Classic
2010-06-27 23:54:19 ----A---- C:\windows\system32\rmoc3260.dll
2010-06-27 23:54:19 ----A---- C:\windows\system32\pndx5032.dll
2010-06-27 23:54:19 ----A---- C:\windows\system32\pndx5016.dll
2010-06-27 23:54:19 ----A---- C:\windows\system32\pncrt.dll
2010-06-27 23:54:17 ----A---- C:\windows\system32\unrar.dll
2010-06-27 23:54:16 ----A---- C:\windows\avisplitter.ini
2010-06-27 23:54:13 ----A---- C:\windows\system32\yv12vfw.dll
2010-06-27 23:54:13 ----A---- C:\windows\system32\xvidvfw.dll
2010-06-27 23:54:13 ----A---- C:\windows\system32\xvidcore.dll
2010-06-27 23:54:13 ----A---- C:\windows\system32\dpl100.dll
2010-06-27 23:54:12 ----A---- C:\windows\system32\ff_vfw.dll.manifest
2010-06-27 23:54:12 ----A---- C:\windows\system32\ff_vfw.dll
2010-06-27 23:54:12 ----A---- C:\windows\system32\divx.dll
2010-06-27 23:54:00 ----D---- C:\Program Files\K-Lite Codec Pack
2010-06-27 00:29:30 ----D---- C:\Documents and Settings\skaterboy\Application Data\Symantec
2010-06-26 20:06:28 ----D---- C:\Documents and Settings\skaterboy\Application Data\dvdcss
2010-06-26 19:15:56 ----RA---- C:\windows\patchw32.dll
2010-06-26 19:12:32 ----A---- C:\BESR2010PatchLog.txt
2010-06-26 19:10:46 ----RA---- C:\windows\pw32a.dll
2010-06-26 17:53:30 ----RSD---- C:\windows\assembly
2010-06-26 17:50:52 ----D---- C:\windows\Microsoft.NET
2010-06-26 14:21:15 ----A---- C:\windows\system32\capicom.dll
2010-06-26 14:21:13 ----A---- C:\windows\system32\MSVCR71.DLL
2010-06-26 14:21:13 ----A---- C:\windows\system32\MSVCP71.DLL
2010-06-26 14:21:12 ----A---- C:\windows\system32\MFC71.DLL
2010-06-26 14:21:10 ----D---- C:\Program Files\Symantec
2010-06-26 14:19:18 ----A---- C:\windows\system32\drivers\WimFltr.sys
2010-06-26 14:16:58 ----A---- C:\windows\system32\drivers\symsnap.sys
2010-06-26 14:15:33 ----A---- C:\windows\system32\drivers\vproeventmonitor.sys
2010-06-26 14:15:10 ----N---- C:\windows\system32\spmsgXP_2k3.dll
2010-06-26 14:15:07 ----HDC---- C:\windows\$NtUninstallWdf01009$
2010-06-26 14:14:32 ----A---- C:\windows\system32\GEARAspi.dll
2010-06-26 14:14:32 ----A---- C:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-26 14:13:17 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2010-06-26 14:11:39 ----D---- C:\Program Files\Norton Ghost
2010-06-26 14:11:39 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2010-06-26 14:11:39 ----D---- C:\Documents and Settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2010-06-26 14:06:06 ----HDC---- C:\windows\$MSI31Uninstall_KB893803v2$
2010-06-26 13:19:54 ----D---- C:\Program Files\Foxit Software
2010-06-26 13:15:03 ----D---- C:\Documents and Settings\All Users\Application Data\UDL
2010-06-26 13:11:54 ----D---- C:\Program Files\Fichiers communs\InstallShield
2010-06-26 13:10:34 ----A---- C:\windows\system32\PICSDK2.dll
2010-06-26 13:10:34 ----A---- C:\windows\system32\PICSDK.ini
2010-06-26 13:10:33 ----A---- C:\windows\system32\PICSDK.dll
2010-06-26 13:10:33 ----A---- C:\windows\system32\PICEntry.dll
2010-06-26 13:10:33 ----A---- C:\windows\system32\EpPicPrt.dll
2010-06-26 13:10:31 ----A---- C:\windows\system32\EPPicMgr.dll
2010-06-26 13:09:35 ----D---- C:\Program Files\EPSON
2010-06-26 13:08:14 ----A---- C:\windows\system32\E_DCINST.DLL
2010-06-26 13:08:13 ----A---- C:\windows\system32\E_FLBEAE.DLL
2010-06-26 13:08:13 ----A---- C:\windows\system32\E_FD4BEAE.DLL
2010-06-26 13:08:01 ----A---- C:\windows\system32\drivers\usbprint.sys
2010-06-26 13:06:13 ----D---- C:\Documents and Settings\All Users\Application Data\EPSON
2010-06-26 13:06:03 ----A---- C:\windows\CSES20.ini
2010-06-26 12:54:27 ----A---- C:\windows\system32\drivers\mstee.sys
2010-06-26 12:54:20 ----A---- C:\windows\system32\drivers\ndisip.sys
2010-06-26 12:54:18 ----A---- C:\windows\system32\drivers\streamip.sys
2010-06-26 12:54:14 ----A---- C:\windows\system32\drivers\slip.sys
2010-06-26 12:54:09 ----A---- C:\windows\system32\drivers\wstcodec.sys
2010-06-26 12:54:04 ----A---- C:\windows\system32\drivers\nabtsfec.sys
2010-06-26 12:54:00 ----A---- C:\windows\system32\drivers\ccdecode.sys
2010-06-26 12:53:29 ----D---- C:\windows\EffectResources
2010-06-26 12:53:25 ----A---- C:\windows\system32\vfwwdm32.dll
2010-06-26 12:51:58 ----A---- C:\windows\vmsnap3.exe
2010-06-26 12:51:58 ----A---- C:\windows\system32\vmcoinst_zc0301plh.dll
2010-06-26 12:51:58 ----A---- C:\windows\system32\DIFxAPI.dll
2010-06-26 12:51:58 ----A---- C:\windows\Domino.exe
2010-06-26 12:51:53 ----A---- C:\windows\VM303Cap.exe
2010-06-26 12:51:53 ----A---- C:\windows\system32\VM303STI.dll
2010-06-26 12:51:53 ----A---- C:\windows\system32\setupfilter.exe
2010-06-26 12:51:53 ----A---- C:\windows\system32\drivers\vmfilter303.sys
2010-06-26 12:51:53 ----A---- C:\windows\system32\drivers\usbVM303.sys
2010-06-26 12:51:53 ----A---- C:\windows\amcap.exe
2010-06-26 12:51:52 ----DC---- C:\windows\system32\DRVSTORE
2010-06-26 12:51:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-26 12:51:33 ----D---- C:\Program Files\Vimicro
2010-06-26 12:51:24 ----D---- C:\Documents and Settings\skaterboy\Application Data\InstallShield
2010-06-26 12:45:12 ----D---- C:\windows\RegisteredPackages
2010-06-26 12:44:58 ----A---- C:\windows\system32\wmpshell.dll
2010-06-26 12:44:58 ----A---- C:\windows\system32\wmpdxm.dll
2010-06-26 12:44:58 ----A---- C:\windows\system32\wmpcore.dll
2010-06-26 12:44:58 ----A---- C:\windows\system32\wmpcd.dll
2010-06-26 12:44:58 ----A---- C:\windows\system32\wmpasf.dll
2010-06-26 12:44:58 ----A---- C:\windows\system32\wmp.dll
2010-06-26 12:44:58 ----A---- C:\windows\system32\wmerror.dll
2010-06-26 12:44:58 ----A---- C:\windows\system32\asferror.dll
2010-06-26 12:44:57 ----A---- C:\windows\system32\wmpui.dll
2010-06-26 12:44:45 ----A---- C:\windows\system32\wmdmps.dll
2010-06-26 12:44:45 ----A---- C:\windows\system32\wmdmlog.dll
2010-06-26 12:44:45 ----A---- C:\windows\system32\mspmsp.dll
2010-06-26 12:44:45 ----A---- C:\windows\system32\mspmsnsv.dll
2010-06-26 12:44:45 ----A---- C:\windows\system32\cewmdm.dll
2010-06-26 12:44:44 ----A---- C:\windows\system32\mswmdm.dll
2010-06-26 12:44:44 ----A---- C:\windows\system32\msscp.dll
2010-06-26 12:44:41 ----A---- C:\windows\system32\wmvdmoe2.dll
2010-06-26 12:44:41 ----A---- C:\windows\system32\wmvdmod.dll
2010-06-26 12:44:41 ----A---- C:\windows\system32\wmspdmod.dll
2010-06-26 12:44:41 ----A---- C:\windows\system32\wmsdmod.dll
2010-06-26 12:44:41 ----A---- C:\windows\system32\wmadmod.dll
2010-06-26 12:44:41 ----A---- C:\windows\system32\mpg4dmod.dll
2010-06-26 12:44:41 ----A---- C:\windows\system32\mp4sdmod.dll
2010-06-26 12:44:41 ----A---- C:\windows\system32\mp43dmod.dll
2010-06-26 12:44:40 ----A---- C:\windows\system32\wmvcore.dll
2010-06-26 12:44:40 ----A---- C:\windows\system32\wmspdmoe.dll
2010-06-26 12:44:40 ----A---- C:\windows\system32\wmsdmoe2.dll
2010-06-26 12:44:40 ----A---- C:\windows\system32\wmnetmgr.dll
2010-06-26 12:44:40 ----A---- C:\windows\system32\wmidx.dll
2010-06-26 12:44:40 ----A---- C:\windows\system32\wmasf.dll
2010-06-26 12:44:40 ----A---- C:\windows\system32\wmadmoe.dll
2010-06-26 12:44:38 ----A---- C:\windows\system32\msnetobj.dll
2010-06-26 12:44:38 ----A---- C:\windows\system32\drmv2clt.dll
2010-06-26 12:44:38 ----A---- C:\windows\system32\blackbox.dll
2010-06-26 12:43:53 ----D---- C:\Program Files\7-Zip
2010-06-26 09:42:24 ----D---- C:\windows\system32\appmgmt
2010-06-26 00:56:40 ----D---- C:\windows\pss
2010-06-25 23:01:27 ----D---- C:\S3Graphics
2010-06-25 22:44:09 ----D---- C:\Program Files\ma-config.com
2010-06-25 22:44:09 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2010-06-25 22:22:44 ----D---- C:\Program Files\uTorrent
2010-06-25 22:21:08 ----D---- C:\Documents and Settings\skaterboy\Application Data\skypePM
2010-06-25 22:20:21 ----D---- C:\Documents and Settings\skaterboy\Application Data\uTorrent
2010-06-25 22:20:18 ----D---- C:\Documents and Settings\skaterboy\Application Data\Skype
2010-06-25 22:17:26 ----D---- C:\Program Files\Fichiers communs\Skype
2010-06-25 22:17:23 ----RD---- C:\Program Files\Skype
2010-06-25 21:49:17 ----D---- C:\Program Files\Microsoft Works
2010-06-25 21:49:02 ----D---- C:\Program Files\MSBuild
2010-06-25 21:48:34 ----D---- C:\Program Files\Microsoft Visual Studio
2010-06-25 21:48:34 ----D---- C:\Program Files\Fichiers communs\DESIGNER
2010-06-25 21:44:21 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-06-25 21:41:35 ----D---- C:\windows\SHELLNEW
2010-06-25 21:39:59 ----D---- C:\Program Files\Microsoft Office
2010-06-25 21:39:57 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-06-25 21:39:10 ----RHD---- C:\MSOCache
2010-06-25 19:31:54 ----A---- C:\windows\system32\drivers\VIAAGP1.SYS
2010-06-25 19:31:51 ----D---- C:\windows\system32\ReinstallBackups
2010-06-25 19:28:56 ----A---- C:\windows\IsUninst.exe
2010-06-25 19:27:34 ----A---- C:\windows\system32\drivers\splitter.sys
2010-06-25 19:27:30 ----A---- C:\windows\system32\drivers\dmusic.sys
2010-06-25 19:27:19 ----A---- C:\windows\system32\drivers\mskssrv.sys
2010-06-25 19:27:17 ----A---- C:\windows\system32\drivers\mspqm.sys
2010-06-25 19:27:14 ----A---- C:\windows\system32\drivers\mspclock.sys
2010-06-25 19:27:08 ----RA---- C:\windows\system32\drivers\viaudio.sys
2010-06-25 19:27:08 ----A---- C:\windows\system32\ksuser.dll
2010-06-25 19:27:03 ----D---- C:\Program Files\VIA Technologies, Inc
2010-06-25 19:27:03 ----A---- C:\windows\system32\UnAudioNT.dll
2010-06-25 19:26:35 ----A---- C:\windows\IsUn040c.exe
2010-06-25 19:25:55 ----HD---- C:\windows\system32\GroupPolicy
2010-06-25 19:25:52 ----A---- C:\windows\Ascd_tmp.ini
2010-06-25 19:25:50 ----A---- C:\windows\system32\drivers\ASUSHWIO.SYS
2010-06-25 17:34:01 ----D---- C:\Documents and Settings\skaterboy\Application Data\Adobe
2010-06-24 23:56:18 ----D---- C:\Documents and Settings\skaterboy\Application Data\vlc
2010-06-24 23:56:01 ----D---- C:\Program Files\Blue Coat K9 Web Protection
2010-06-24 23:53:31 ----D---- C:\Program Files\VideoLAN
2010-06-24 23:50:27 ----SHD---- C:\RECYCLER
2010-06-24 23:50:07 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 3 months======

2010-09-22 14:38:44 ----D---- C:\windows\system32
2010-09-22 13:33:47 ----SD---- C:\windows\Downloaded Program Files
2010-09-22 00:44:52 ----D---- C:\windows\system32\drivers
2010-09-22 00:40:33 ----D---- C:\WINDOWS
2010-09-21 21:32:08 ----D---- C:\windows\Temp
2010-09-21 19:17:12 ----RD---- C:\Program Files
2010-09-21 11:18:47 ----SHD---- C:\windows\Installer
2010-09-21 11:18:47 ----SD---- C:\windows\Tasks
2010-09-14 21:18:34 ----A---- C:\windows\win.ini
2010-09-14 14:24:00 ----D---- C:\windows\system32\CatRoot2
2010-09-04 16:09:38 ----SD---- C:\Documents and Settings\skaterboy\Application Data\Microsoft
2010-09-03 21:52:53 ----A---- C:\windows\system.ini
2010-08-31 23:03:55 ----D---- C:\Program Files\Fichiers communs
2010-08-13 13:07:18 ----HD---- C:\windows\inf
2010-08-13 13:07:18 ----D---- C:\windows\Help
2010-08-13 12:26:57 ----D---- C:\windows\WinSxS
2010-08-12 01:41:36 ----A---- C:\windows\SchedLgU.Txt
2010-08-08 12:36:40 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-07-30 12:51:49 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-07-30 12:51:30 ----A---- C:\windows\OEWABLog.txt
2010-07-30 12:51:01 ----D---- C:\windows\system32\wbem
2010-07-30 12:51:01 ----D---- C:\windows\ime
2010-07-30 12:51:01 ----D---- C:\Program Files\Windows NT
2010-07-30 12:50:27 ----D---- C:\windows\Debug
2010-07-30 12:48:46 ----D---- C:\windows\system32\Setup
2010-07-30 12:48:46 ----D---- C:\windows\AppPatch
2010-07-30 12:48:46 ----D---- C:\Program Files\Windows Media Player
2010-07-30 12:48:45 ----RSD---- C:\windows\Fonts
2010-07-29 19:31:24 ----A---- C:\windows\imsins.BAK
2010-07-29 19:25:39 ----D---- C:\windows\security
2010-07-29 19:19:46 ----D---- C:\windows\system32\CatRoot
2010-07-29 19:07:00 ----D---- C:\windows\ehome
2010-07-29 19:06:50 ----D---- C:\windows\system32\inetsrv
2010-07-29 19:05:17 ----D---- C:\windows\system32\usmt
2010-07-29 19:04:59 ----D---- C:\Program Files\Internet Explorer
2010-07-29 19:04:48 ----D---- C:\windows\PeerNet
2010-07-29 18:59:18 ----D---- C:\windows\system32\Restore
2010-07-29 18:59:18 ----D---- C:\windows\system32\npp
2010-07-29 18:59:16 ----D---- C:\Program Files\NetMeeting
2010-07-29 18:59:15 ----D---- C:\windows\system32\Com
2010-07-29 18:59:06 ----D---- C:\Program Files\Outlook Express
2010-07-29 18:58:55 ----D---- C:\Program Files\Fichiers communs\System
2010-07-29 18:58:16 ----D---- C:\windows\system32\oobe
2010-07-29 18:58:14 ----D---- C:\windows\system
2010-07-05 17:57:22 ----RD---- C:\windows\Web
2010-06-26 23:58:10 ----D---- C:\windows\repair
2010-06-26 23:45:02 ----D---- C:\windows\Registration
2010-06-26 17:51:18 ----D---- C:\windows\system32\mui
2010-06-26 12:53:29 ----D---- C:\windows\twain_32
2010-06-25 21:50:27 ----D---- C:\windows\system32\config
2010-06-25 21:49:16 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2010-06-25 21:47:19 ----D---- C:\windows\pchealth
2010-06-25 19:38:35 ----SHD---- C:\System Volume Information
2010-06-25 18:15:15 ----D---- C:\windows\LSD

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 symsnap;Symantec Volume Snap Shot Driver; C:\windows\system32\DRIVERS\symsnap.sys [2009-09-21 138592]
R0 viaagp;Filtre de bus AGP VIA; C:\windows\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
R0 viaagp1;VIA AGP Filter; C:\windows\system32\DRIVERS\viaagp1.sys [2002-07-24 32128]
R1 46549821;46549821; C:\windows\system32\DRIVERS\46549821.sys [2009-09-25 128016]
R1 AmdK7;Pilote de processeur AMD K7; C:\windows\system32\DRIVERS\amdk7.sys [2008-04-13 41856]
R1 bckd;bckd; C:\windows\system32\drivers\bckd.sys [2009-01-14 72992]
R1 setup_9.0.0.722_08.07.2010_23-52drv;setup_9.0.0.722_08.07.2010_23-52drv; C:\windows\system32\DRIVERS\4654982.sys [2009-10-09 315408]
R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\windows\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GEARAspiWDM;GearAspiWDM; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 GenericMount;Generic Mount Driver; C:\windows\system32\DRIVERS\GenericMount.sys [2010-02-12 57840]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;VIA AC'97 Enhanced Audio Controller (WDM); C:\windows\system32\drivers\viaudio.sys [2002-03-11 43776]
R3 vmfilter303;vmfilter303; C:\windows\system32\drivers\vmfilter303.sys [2006-04-25 428160]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\windows\System32\Drivers\wdf01000.sys [2009-07-14 444136]
R3 ZSMC303;USB PC Camera (Vimicro301 Neptune); C:\windows\System32\Drivers\usbVM303.sys [2006-12-01 392122]
S0 46549822;46549822 Boot Guard Driver; C:\windows\system32\DRIVERS\46549822.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\windows\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 S3Psddr;S3Psddr; C:\windows\system32\DRIVERS\s3gnbm.sys [2008-04-13 166912]
S3 S3SavageNB;S3SavageNB; C:\windows\system32\DRIVERS\s3gnbm.sys [2008-04-13 166912]
S3 SLIP;Détrameur décalage BDA; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VProEventMonitor;Symantec Event Monitor Driver; C:\windows\system32\DRIVERS\vproeventmonitor.sys [2009-09-21 15096]
S3 WimFltr;WimFltr; C:\windows\system32\DRIVERS\wimfltr.sys [2009-10-01 131000]
S3 WSTCODEC;Codec Teletext standard; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 bckwfs;Blue Coat K9 Web Protection; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2009-01-14 1078560]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-08-31 153376]
R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2010-03-03 4590432]
R3 SymSnapService;SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2009-09-21 1964528]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-13 655624]
S3 GenericMount Helper Service;GenericMount Helper Service; C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2010-02-12 1574408]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider; C:\WINDOWS\system32\dllhost.exe [2008-04-13 5120]

-----------------EOF-----------------
0
Réponse 12 / 14
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
23 sept. 2010 à 20:22
colle le rapport d'un antivirus en ligne comme panda ou bitdefender ou nod32
0
Réponse 13 / 14
BBrunes Messages postés 93 Date d'inscription lundi 11 février 2008 Statut Membre Dernière intervention 14 mars 2019 3
Modifié par BBrunes le 25/09/2010 à 00:33
Bjr,
Je crois que cette fois c'est la bonne. voici le raport du scan avec nod32

C:\WINDOWS\system32\autorun.inf INF/Autorun.gen cheval de troie nettoyé par suppression - mis en quarantaine
E:\Prgms\Symantec Ghost\Symantec Norton Ghost 15 FR Incl.Keymaker-CORE.rar une variante de Win32/Keygen.AC application supprimé - mis en quarantaine

C'est donc résolu (je sais pas où il fo le signaler) et merci encore
0
Réponse 14 / 14
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
Modifié par jlpjlp le 25/09/2010 à 10:17
pour vérifier , branche tes supports externes et colle un rapport de recherche avec le logiciel USBFIX

et évite les cracks dorénavant ...
0

Discussions similaires

Code de renvoi d'appel : Ooredo, Mobilis...
midoou07 -
Camille -

13 réponses
'Votre colis est dans le site de livraison qui dessert votre adresse' que faire
relakztek82 -
Unemeuf -

25 réponses
Renvoie code ooredoo
Aicha -
bazfile -

1 réponse
Colis en cours de transport vers votre site de livraison ?
Ninan_5568 -
senda -

8 réponses
Code Pour Renvoi D'appel Et Mesage
Hermes -
Frandzy -

2 réponses