Vundo/virtumonde

Résolu
onepunk -  
 onepunk -
Bonjour,
je suis infecté par le trojan virtumonde j'ai suivi les instruction de ce site http://site-naheulbeuk.com/ mais quand jarrive à la fin du scan de Vundofix il me trouve aucun fichier infecté alors que j'ai Trojan remover qui sert a détecté des trojan et à les supprimer comme le nom l'indique^^ et il me dit que je suis infecté

13 réponses

Réponse 1 / 13
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Salut,

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 2 / 13
onepunk
 
merci alors voila les rapports

le log:
Logfile of random's system information tool 1.05 (written by random/random)
Run by John at 2009-01-13 21:23:09
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 16 GB (21%) free of 76 GB
Total RAM: 2046 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:11, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\Lycosa\razertra.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John\Bureau\RSIT.exe
C:\Program Files\trend micro\John.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\rqroMedE.dll
O2 - BHO: (no name) - {7395749F-D512-49E8-9AFD-3E6B1D87B32B} - C:\WINDOWS\system32\rqRlkkHX.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: milehighads - {acdf36c1-e89d-ae05-b1ac-980268fa3d08} - C:\WINDOWS\system32\nse2F.dll
O2 - BHO: {4ad9c8c0-7609-d12b-df64-46f529e4405c} - {c5044e92-5f64-46fd-b21d-90670c8c9da4} - C:\WINDOWS\system32\mpinmt.dll
O2 - BHO: milehighads browser enhancer - {C5F5CBEF-1E8D-8073-CD31-6D17ADFD872B} - C:\WINDOWS\system32\xrcheewoamxdsnspf.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hgbvqxfldrkxtk] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\xrcheewoamxdsnspf.dll"
O4 - HKLM\..\Run: [586aa16a] rundll32.exe "C:\WINDOWS\system32\buphyaqh.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1230535385_b20c968a9b8f3ae6f6470b4fd9ed0729&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{933C9364-5A6D-4FFB-AB2C-EEA7C149950E}: NameServer = 212.27.40.240,212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2A00023-2B2D-4CFE-B864-AAFDFC2E5E4A}: NameServer = 212.27.40.240,212.27.40.241
O20 - AppInit_DLLs: mpinmt.dll
O20 - Winlogon Notify: rqroMedE - C:\WINDOWS\SYSTEM32\rqroMedE.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
0
Réponse 3 / 13
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Tu peux me poster l'autre partie du rapport log.txt ?
0
Réponse 4 / 13
onepunk
 
======List of files/folders created in the last 1 months======

2009-01-13 21:23:09 ----D---- C:\rsit
2009-01-13 21:23:09 ----D---- C:\Program Files\trend micro
2009-01-13 20:47:55 ----D---- C:\Documents and Settings\John\Application Data\Yahoo!
2009-01-13 20:47:55 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-01-13 20:47:53 ----D---- C:\Program Files\Yahoo!
2009-01-13 20:47:51 ----D---- C:\Program Files\CCleaner
2009-01-13 20:40:28 ----D---- C:\VundoFix Backups
2009-01-13 20:40:28 ----A---- C:\VundoFix.txt
2009-01-13 19:51:52 ----SH---- C:\WINDOWS\system32\hqayhpub.ini
2009-01-13 19:51:50 ----A---- C:\WINDOWS\system32\buphyaqh.dll
2009-01-13 19:49:30 ----A---- C:\WINDOWS\system32\mpinmt.dll
2009-01-13 19:49:29 ----A---- C:\WINDOWS\system32\optjkdyk.dll
2009-01-13 19:48:50 ----ASH---- C:\WINDOWS\system32\XHkklRqr.ini2
2009-01-13 19:48:50 ----ASH---- C:\WINDOWS\system32\XHkklRqr.ini
2009-01-13 19:48:48 ----A---- C:\WINDOWS\system32\rqRlkkHX.dll
2009-01-13 19:40:35 ----A---- C:\WINDOWS\system32\yhtlij.dll
2009-01-13 19:40:35 ----A---- C:\WINDOWS\system32\spxsprmx.dll
2009-01-13 19:37:50 ----A---- C:\WINDOWS\system32\burugdry.dll.vir
2009-01-11 20:33:18 ----A---- C:\WINDOWS\system32\mflzpo.dll
2009-01-11 20:33:18 ----A---- C:\WINDOWS\system32\hdmmxctp.dll
2009-01-11 20:32:49 ----A---- C:\WINDOWS\system32\53496514-.txt
2009-01-11 20:32:29 ----A---- C:\WINDOWS\system32\mlJddccc.dll.vir
2009-01-11 20:27:28 ----D---- C:\Documents and Settings\John\Application Data\Babylon
2009-01-11 20:27:28 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon
2009-01-11 20:27:26 ----A---- C:\WINDOWS\system32\rQhEurol.dll
2009-01-11 20:27:25 ----A---- C:\WINDOWS\system32\rqroMedE.dll
2009-01-11 20:25:16 ----A---- C:\WINDOWS\system32\cont_milehighads-remove.exe
2009-01-11 20:25:15 ----A---- C:\WINDOWS\system32\tcsvdtmtyctbjzpg.exe
2009-01-10 09:26:55 ----D---- C:\Documents and Settings\John\Application Data\Apple Computer
2009-01-10 09:26:51 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-01-10 09:26:40 ----D---- C:\Program Files\iPod
2009-01-10 09:26:37 ----D---- C:\Program Files\iTunes
2009-01-10 09:26:37 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-10 09:26:30 ----D---- C:\Program Files\Bonjour
2009-01-10 09:26:12 ----D---- C:\Program Files\QuickTime
2009-01-10 09:26:11 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-10 09:26:06 ----D---- C:\Program Files\Apple Software Update
2009-01-10 09:25:34 ----D---- C:\Program Files\Fichiers communs\Apple
2009-01-10 09:25:34 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-01-08 21:25:24 ----A---- C:\DARE.INI
2009-01-08 21:17:08 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2009-01-08 21:17:03 ----D---- C:\Documents and Settings\All Users\Application Data\Ubisoft
2009-01-08 21:05:49 ----D---- C:\Program Files\Ubisoft
2009-01-05 19:22:06 ----A---- C:\WINDOWS\system32\nse2F.dll
2009-01-05 18:38:26 ----D---- C:\Documents and Settings\John\Application Data\Disney Interactive Studios
2009-01-05 18:36:06 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-01-05 18:36:06 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-01-05 18:36:06 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-01-05 18:36:06 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-01-05 18:36:06 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-01-05 18:36:06 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-01-05 18:36:06 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-01-05 18:36:05 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-01-05 18:36:05 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-01-05 18:36:05 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-01-05 18:36:05 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-01-05 18:36:05 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-01-05 18:36:05 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-01-05 18:36:04 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-01-05 18:36:04 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-01-05 18:36:04 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-01-05 18:36:04 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-01-05 18:36:04 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-01-05 18:36:04 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-01-05 18:36:04 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-01-05 18:36:04 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-01-05 18:36:03 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-01-05 18:36:03 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-01-05 18:36:03 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-01-05 18:36:03 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-01-05 18:36:03 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-01-05 18:36:03 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-01-05 18:36:02 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-01-05 18:36:02 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-01-05 18:36:02 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-01-05 18:36:02 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-01-05 18:36:02 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-01-05 18:36:02 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-01-05 18:36:01 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-01-05 18:36:01 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-01-05 18:36:01 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-01-05 18:36:01 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-01-05 18:36:01 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-01-05 18:36:01 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-01-05 18:36:00 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-01-05 18:35:59 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-01-05 18:35:59 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-01-05 18:35:58 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-01-05 18:35:57 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-01-05 18:35:57 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-01-05 18:35:57 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-01-05 18:35:56 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-01-05 18:35:56 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-01-05 18:34:09 ----D---- C:\WINDOWS\Logs
2009-01-05 18:34:06 ----HD---- C:\WINDOWS\msdownld.tmp
2009-01-05 16:02:21 ----D---- C:\Program Files\Pure
2009-01-05 15:14:47 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-01-05 15:14:47 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-01-05 15:14:46 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-01-05 15:14:46 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-01-05 15:14:46 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-01-05 15:14:40 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-01-05 15:14:40 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-01-05 15:14:40 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-01-05 15:14:40 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-01-05 15:14:40 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-01-05 15:14:39 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-01-05 15:14:39 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-01-05 15:14:39 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-01-05 15:14:39 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-01-05 15:14:37 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-01-05 15:07:56 ----D---- C:\Program Files\CAPCOM
2009-01-05 14:46:04 ----D---- C:\Documents and Settings\John\Application Data\LimeWire
2009-01-05 14:45:54 ----D---- C:\Program Files\LimeWire
2009-01-05 14:21:58 ----D---- C:\Program Files\eMule
2009-01-04 21:22:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-04 21:21:27 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2009-01-04 21:21:27 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2009-01-04 21:21:27 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2009-01-04 21:21:27 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2009-01-04 21:21:27 ----A---- C:\WINDOWS\system32\unacev2.dll
2009-01-04 21:21:25 ----D---- C:\Program Files\Trojan Remover
2009-01-04 21:21:25 ----D---- C:\Documents and Settings\John\Application Data\Simply Super Software
2009-01-04 21:21:25 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2009-01-04 10:38:17 ----D---- C:\Program Files\VTFEdit
2009-01-01 21:44:06 ----D---- C:\Program Files\Guitar Pro 5
2008-12-30 16:59:17 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-12-30 16:59:16 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-12-30 16:58:43 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Games
2008-12-29 08:28:27 ----D---- C:\Users
2008-12-29 08:21:54 ----D---- C:\WINDOWS\Sun
2008-12-29 08:21:45 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-29 08:21:45 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-29 08:21:45 ----A---- C:\WINDOWS\system32\java.exe
2008-12-29 08:21:45 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-29 08:21:37 ----D---- C:\Program Files\Java
2008-12-29 08:21:13 ----D---- C:\Documents and Settings\John\Application Data\Sun
2008-12-25 13:12:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-25 13:12:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-24 18:59:27 ----D---- C:\WINDOWS\Prefetch
2008-12-24 18:57:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-24 18:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-24 18:57:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-24 18:57:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-24 18:57:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-24 18:57:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-24 18:57:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-24 18:57:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-24 18:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-24 18:57:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-24 18:57:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-24 18:57:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-24 18:56:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-24 18:56:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-24 18:56:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-24 18:56:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-24 18:56:46 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-24 18:56:44 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-24 18:55:03 ----D---- C:\WINDOWS\system32\fr
2008-12-24 18:55:03 ----D---- C:\WINDOWS\system32\bits
2008-12-24 18:55:03 ----D---- C:\WINDOWS\l2schemas
2008-12-24 18:54:01 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-24 18:51:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-23 20:11:10 ----A---- C:\WINDOWS\system32\xrcheewoamxdsnspf.dll
2008-12-23 10:45:24 ----D---- C:\Documents and Settings\John\Application Data\Macromedia
2008-12-23 10:45:23 ----D---- C:\Documents and Settings\John\Application Data\Adobe
2008-12-22 18:32:00 ----A---- C:\WINDOWS\system32\muweb.dll
2008-12-22 18:32:00 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-22 18:32:00 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-21 20:49:11 ----D---- C:\Program Files\Messenger Plus! Live
2008-12-21 20:39:48 ----D---- C:\WINDOWS\ie7updates
2008-12-21 20:39:37 ----D---- C:\WINDOWS\WBEM
2008-12-21 20:39:36 ----D---- C:\WINDOWS\system32\fr-fr
2008-12-21 20:39:26 ----HDC---- C:\WINDOWS\ie7
2008-12-21 20:39:18 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-21 20:39:09 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-21 20:38:54 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-12-21 20:38:53 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-12-21 20:38:24 ----D---- C:\WINDOWS\network diagnostic
2008-12-21 20:38:23 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-12-21 20:38:20 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-12-21 20:37:25 ----D---- C:\Program Files\Microsoft
2008-12-21 20:37:12 ----D---- C:\Program Files\Windows Live SkyDrive
2008-12-21 20:36:54 ----D---- C:\Program Files\Windows Live
2008-12-21 20:33:08 ----D---- C:\Program Files\Fichiers communs\Windows Live
2008-12-21 20:30:28 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-12-21 20:28:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-21 20:28:34 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-12-21 20:09:15 ----D---- C:\Documents and Settings\John\Application Data\WinRAR
2008-12-21 20:08:57 ----D---- C:\Program Files\WinRAR
2008-12-21 19:53:17 ----D---- C:\WINDOWS\pss
2008-12-21 19:47:36 ----D---- C:\Program Files\UxTheme Multipatcher Fr
2008-12-21 19:28:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-12-21 19:27:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-12-21 19:27:55 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-12-21 19:27:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-12-21 19:27:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-21 19:27:46 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-21 19:27:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-21 19:27:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-12-21 19:27:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-21 19:27:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-12-21 19:27:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-12-21 19:27:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-12-21 19:27:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-12-21 19:26:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-21 19:26:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-12-21 19:26:51 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-12-21 19:26:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-12-21 19:26:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-12-21 19:26:41 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-12-21 19:26:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2008-12-21 19:26:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-12-21 19:26:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-12-21 19:26:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2008-12-21 19:26:17 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-12-21 19:25:53 ----SHD---- C:\RECYCLER
2008-12-21 19:25:16 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2008-12-21 19:25:16 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2008-12-21 19:25:16 ----A---- C:\WINDOWS\system32\MFC71.dll
2008-12-21 19:25:16 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-12-21 19:25:15 ----D---- C:\Program Files\Alwil Software
2008-12-21 19:08:38 ----D---- C:\Program Files\Steam
2008-12-21 19:02:43 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-21 19:02:43 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-21 19:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-21 19:02:41 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-21 19:01:12 ----D---- C:\Program Files\Marvell
2008-12-21 18:57:49 ----RA---- C:\WINDOWS\system32\PostProc.dll
2008-12-21 18:57:45 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-12-21 18:57:38 ----N---- C:\WINDOWS\system32\wdmioctl.dll
2008-12-21 18:57:38 ----N---- C:\WINDOWS\system32\SMMedia.dll
2008-12-21 18:57:37 ----N---- C:\WINDOWS\system32\DSndUp.exe
2008-12-21 18:57:37 ----N---- C:\WINDOWS\system32\CleanUp.exe
2008-12-21 18:57:37 ----D---- C:\Program Files\Analog Devices
2008-12-21 18:57:12 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2008-12-21 18:57:12 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-21 18:55:31 ----D---- C:\WINDOWS\ASUSInstAll
2008-12-21 18:51:32 ----RA---- C:\WINDOWS\system32\idecoiins.dll
2008-12-21 18:51:32 ----RA---- C:\WINDOWS\system32\idecoi.dll
2008-12-21 18:51:30 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-21 18:51:27 ----RA---- C:\WINDOWS\system32\fdco1ins.dll
2008-12-21 18:51:27 ----RA---- C:\WINDOWS\system32\fdco1.dll
2008-12-21 18:51:25 ----A---- C:\WINDOWS\system32\nvunrm.exe
2008-12-21 18:51:21 ----D---- C:\Program Files\NVIDIA Corporation
2008-12-21 18:50:55 ----RA---- C:\WINDOWS\system32\nvconrm.dll
2008-12-21 18:50:54 ----RA---- C:\WINDOWS\system32\bdco1ins.dll
2008-12-21 18:50:54 ----RA---- C:\WINDOWS\system32\bdco1.dll
2008-12-21 18:50:53 ----A---- C:\WINDOWS\system32\nvusmb.exe
2008-12-21 18:50:50 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-12-21 18:50:48 ----D---- C:\Documents and Settings\John\Application Data\InstallShield
2008-12-21 18:50:18 ----A---- C:\WINDOWS\Ascd_log.ini
2008-12-21 18:49:42 ----A---- C:\WINDOWS\Ascd_tmp.ini
2008-12-21 18:47:55 ----D---- C:\Documents and Settings\John\Application Data\ATI
2008-12-21 18:47:55 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2008-12-21 18:47:48 ----D---- C:\Documents and Settings\John\Application Data\Identities
2008-12-21 18:47:33 ----SD---- C:\Documents and Settings\John\Application Data\Microsoft
2008-12-21 18:47:33 ----ASH---- C:\Documents and Settings\John\Application Data\desktop.ini
2008-12-21 18:46:37 ----D---- C:\Documents and Settings\All Users\Application Data\Razer
2008-12-21 18:45:14 ----D---- C:\Program Files\DIFX
2008-12-21 18:45:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-21 18:45:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-21 18:45:04 ----D---- C:\Program Files\Razer
2008-12-21 18:39:55 ----D---- C:\Program Files\Fichiers communs\ATI Technologies
2008-12-21 18:38:43 ----RSD---- C:\WINDOWS\assembly
2008-12-21 18:38:29 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-21 18:38:01 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-12-21 18:37:37 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2008-12-21 18:37:35 ----RA---- C:\WINDOWS\system32\atiiiexx.dll
2008-12-21 18:37:33 ----RA---- C:\WINDOWS\system32\ATIDEMGX.dll
2008-12-21 18:37:05 ----D---- C:\Program Files\ATI Technologies
2008-12-21 18:37:04 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-21 18:36:33 ----D---- C:\Program Files\Fichiers communs\InstallShield
2008-12-21 18:36:31 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-21 18:35:18 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-12-21 18:33:49 ----A---- C:\WINDOWS\system32\usbui.dll
2008-12-21 18:33:08 ----SHD---- C:\WINDOWS\Installer
2008-12-21 18:33:08 ----D---- C:\Program Files\Fichiers communs\ODBC
2008-12-21 18:33:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-21 18:33:08 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-21 18:33:03 ----D---- C:\Program Files\Fichiers communs\SpeechEngines
2008-12-21 18:33:02 ----RD---- C:\Program Files
2008-12-21 18:33:02 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2008-12-21 18:33:02 ----D---- C:\Program Files\Fichiers communs
2008-12-21 18:32:58 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-12-21 18:32:58 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-12-21 18:32:58 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-12-21 18:32:55 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-12-21 18:32:54 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-12-21 18:32:54 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-12-21 18:32:54 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-12-21 18:32:54 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-12-21 18:32:54 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-12-21 18:32:54 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-12-21 18:32:54 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-12-21 18:32:54 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-12-21 18:32:54 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-12-21 18:32:54 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-12-21 18:32:54 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-12-21 18:32:50 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-12-21 18:32:50 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-12-21 18:32:50 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-12-21 18:32:50 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-12-21 18:32:50 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-12-21 18:32:50 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-12-21 18:32:50 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-12-21 18:32:47 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-12-21 18:32:47 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-12-21 18:32:47 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-12-21 18:32:47 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-12-21 18:32:47 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-12-21 18:32:44 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-12-21 18:32:44 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-12-21 18:32:44 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-12-21 18:32:43 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-12-21 18:32:43 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-12-21 18:32:43 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-12-21 18:32:43 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-12-21 18:32:43 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-12-21 18:32:43 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-12-21 18:32:43 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-12-21 18:32:43 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-12-21 18:32:43 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-12-21 18:32:43 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-12-21 18:32:41 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-21 18:32:41 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-21 18:32:40 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-21 18:32:40 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-21 18:32:40 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-12-21 18:32:37 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-12-21 18:32:37 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-12-21 18:32:36 ----A---- C:\WINDOWS\system32\batt.dll
2008-12-21 18:32:35 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-21 18:32:35 ----A---- C:\WINDOWS\notepad.exe
2008-12-21 18:32:29 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-12-21 18:30:49 ----RA---- C:\WINDOWS\SET8.tmp
2008-12-21 18:30:47 ----RA---- C:\WINDOWS\SET4.tmp
2008-12-21 18:30:46 ----RA---- C:\WINDOWS\SET3.tmp
2008-12-21 18:30:42 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-21 18:30:42 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-21 18:30:37 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-21 18:30:11 ----SHD---- C:\System Volume Information
2008-12-21 18:30:11 ----D---- C:\Documents and Settings
2008-12-21 18:23:43 ----SH---- C:\boot.ini
2008-12-21 18:20:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-21 18:20:34 ----RSD---- C:\WINDOWS\Fonts
2008-12-21 18:20:34 ----RD---- C:\WINDOWS\Web
2008-12-21 18:20:34 ----HD---- C:\WINDOWS\inf
2008-12-21 18:20:34 ----D---- C:\WINDOWS\WinSxS
2008-12-21 18:20:34 ----D---- C:\WINDOWS\twain_32
2008-12-21 18:20:34 ----D---- C:\WINDOWS\Temp
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\wins
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\wbem
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\usmt
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\spool
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\ShellExt
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\Setup
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\ras
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\oobe
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\npp
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\mui
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\IME
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\icsxml
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\ias
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\export
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\drivers
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\dhcp
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\config
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\3com_dmi
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\3076
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\2052
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\1054
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\1042
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\1041
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\1037
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\1036
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\1033
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\1031
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\1028
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32\1025
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system32
2008-12-21 18:20:34 ----D---- C:\WINDOWS\system
2008-12-21 18:20:34 ----D---- C:\WINDOWS\security
2008-12-21 18:20:34 ----D---- C:\WINDOWS\Resources
2008-12-21 18:20:34 ----D---- C:\WINDOWS\repair
2008-12-21 18:20:34 ----D---- C:\WINDOWS\Provisioning
2008-12-21 18:20:34 ----D---- C:\WINDOWS\PeerNet
2008-12-21 18:20:34 ----D---- C:\WINDOWS\pchealth
2008-12-21 18:20:34 ----D---- C:\WINDOWS\mui
2008-12-21 18:20:34 ----D---- C:\WINDOWS\msapps
2008-12-21 18:20:34 ----D---- C:\WINDOWS\msagent
2008-12-21 18:20:34 ----D---- C:\WINDOWS\Media
2008-12-21 18:20:34 ----D---- C:\WINDOWS\java
2008-12-21 18:20:34 ----D---- C:\WINDOWS\ime
2008-12-21 18:20:34 ----D---- C:\WINDOWS\Help
2008-12-21 18:20:34 ----D---- C:\WINDOWS\ehome
2008-12-21 18:20:34 ----D---- C:\WINDOWS\Driver Cache
2008-12-21 18:20:34 ----D---- C:\WINDOWS\Debug
2008-12-21 18:20:34 ----D---- C:\WINDOWS\Cursors
2008-12-21 18:20:34 ----D---- C:\WINDOWS\Connection Wizard
2008-12-21 18:20:34 ----D---- C:\WINDOWS\Config
2008-12-21 18:20:34 ----D---- C:\WINDOWS\AppPatch
2008-12-21 18:20:34 ----D---- C:\WINDOWS\addins
2008-12-21 18:20:34 ----D---- C:\WINDOWS
2008-12-21 17:44:42 ----HD---- C:\Program Files\Uninstall Information
2008-12-21 17:43:23 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-21 17:43:21 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-21 17:43:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-21 17:41:11 ----D---- C:\WINDOWS\system32\xircom
2008-12-21 17:41:11 ----D---- C:\Program Files\xerox
2008-12-21 17:41:11 ----D---- C:\Program Files\microsoft frontpage
2008-12-21 17:40:56 ----A---- C:\WINDOWS\control.ini
2008-12-21 17:40:56 ----A---- C:\AUTOEXEC.BAT
2008-12-21 17:40:46 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-12-21 17:40:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-21 17:40:15 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-21 17:40:15 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-21 17:40:12 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-21 17:40:09 ----HD---- C:\Program Files\WindowsUpdate
2008-12-21 17:40:06 ----D---- C:\Program Files\Services en ligne
2008-12-21 17:39:56 ----D---- C:\WINDOWS\system32\DirectX
2008-12-21 17:39:42 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-21 17:39:40 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-21 17:39:40 ----A---- C:\WINDOWS\desktop.ini
2008-12-21 17:39:34 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-21 17:39:33 ----D---- C:\Program Files\Fichiers communs\Services
2008-12-21 17:39:33 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-21 17:39:31 ----SD---- C:\WINDOWS\Tasks
2008-12-21 17:39:31 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-21 17:39:30 ----D---- C:\Program Files\Fichiers communs\MSSoap
2008-12-21 17:39:27 ----D---- C:\WINDOWS\system32\Macromed
2008-12-21 17:39:27 ----D---- C:\WINDOWS\srchasst
2008-12-21 17:39:25 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-12-21 17:39:25 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-21 17:39:25 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-21 17:39:25 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-12-21 17:39:25 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-21 17:39:24 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-21 17:39:24 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-12-21 17:39:24 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-21 17:39:24 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-21 17:39:24 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-21 17:39:24 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-21 17:39:24 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-21 17:39:24 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-21 17:39:22 ----D---- C:\Program Files\Movie Maker
2008-12-21 17:39:19 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-21 17:39:19 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-21 17:39:18 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-21 17:39:18 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-21 17:39:16 ----D---- C:\WINDOWS\system32\Restore
2008-12-21 17:39:16 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-21 17:39:16 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-21 17:39:16 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-21 17:39:16 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-12-21 17:39:16 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-12-21 17:39:15 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-21 17:39:15 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-21 17:39:15 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-21 17:39:15 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-21 17:39:15 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-21 17:39:15 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-21 17:39:11 ----D---- C:\Program Files\NetMeeting
2008-12-21 17:39:11 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-21 17:39:11 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-21 17:39:09 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-21 17:39:08 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-21 17:39:05 ----D---- C:\Program Files\Outlook Express
2008-12-21 17:39:05 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-21 17:39:05 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-21 17:39:05 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-21 17:39:04 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-21 17:39:04 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-21 17:39:04 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-21 17:39:03 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-21 17:38:55 ----D---- C:\Program Files\Fichiers communs\System
2008-12-21 17:38:53 ----D---- C:\Program Files\Internet Explorer
2008-12-21 17:38:31 ----D---- C:\Program Files\ComPlus Applications
2008-12-21 17:38:30 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-21 17:38:30 ----A---- C:\WINDOWS\vb.ini
2008-12-21 17:38:26 ----D---- C:\WINDOWS\Registration
2008-12-21 17:38:21 ----D---- C:\Program Files\Windows Media Player
2008-12-21 17:38:21 ----D---- C:\Program Files\Online Services
2008-12-21 17:38:17 ----D---- C:\Program Files\Messenger
2008-12-21 17:38:14 ----D---- C:\Program Files\MSN Gaming Zone
2008-12-21 17:38:14 ----A---- C:\WINDOWS\system32\write.exe
2008-12-21 17:38:08 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-21 17:38:08 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-21 17:38:08 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-21 17:38:08 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-21 17:38:08 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-21 17:38:07 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-21 17:38:02 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-21 17:38:02 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-21 17:38:02 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-21 17:38:02 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-21 17:38:01 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-21 17:38:01 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-21 17:38:01 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-21 17:38:01 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-21 17:38:01 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-21 17:38:01 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-21 17:38:01 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-21 17:38:01 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-21 17:38:01 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-21 17:38:01 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-21 17:38:01 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-21 17:38:00 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-21 17:38:00 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-21 17:38:00 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-21 17:38:00 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-21 17:38:00 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-21 17:38:00 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-21 17:38:00 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-21 17:38:00 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-21 17:38:00 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-21 17:37:59 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-21 17:37:59 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-21 17:37:59 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-21 17:37:59 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-21 17:37:59 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-21 17:37:59 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-21 17:37:59 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-21 17:37:58 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-21 17:37:55 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-21 17:37:49 ----D---- C:\Program Files\MSN
2008-12-21 17:37:48 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-21 17:37:48 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-21 17:37:48 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-21 17:37:48 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-21 17:37:47 ----D---- C:\Program Files\Windows NT
2008-12-21 17:37:47 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-21 17:37:47 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-21 17:37:47 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-21 17:37:47 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-21 17:37:46 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-21 17:37:46 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-21 17:37:46 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-21 17:37:46 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-21 17:37:46 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-21 17:37:46 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-21 17:37:46 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-21 17:37:46 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-21 17:37:46 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-21 17:37:46 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-21 17:37:46 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-21 17:37:46 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-21 17:37:46 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-21 17:37:45 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-21 17:37:45 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-21 17:37:45 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-21 17:37:45 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-21 17:37:45 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-21 17:37:45 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-21 17:37:45 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-21 17:37:45 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-21 17:37:45 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-21 17:37:45 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-21 17:37:44 ----D---- C:\WINDOWS\system32\Com
2008-12-21 17:37:44 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-21 17:37:44 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-21 17:37:44 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-21 17:37:43 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-21 17:37:43 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-21 17:37:43 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-21 17:37:43 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-21 17:37:43 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-21 17:37:38 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-21 17:37:38 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-21 17:37:38 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-21 17:37:38 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2008-12-21 19:53:32 ----A---- C:\WINDOWS\win.ini
2008-12-21 19:53:32 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-12-08 139776]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-06 93952]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-01 3266560]
R3 DAdderFltr;DeathAdder Mouse; C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 22784]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Lycosa HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LycoFltr;Lycosa Keyboard; C:\WINDOWS\System32\Drivers\Lycosa.sys [2007-09-27 21888]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-28 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-10-12 54144]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-10-12 22016]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-01 573440]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-29 152984]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-31 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

-----------------EOF-----------------
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:files
C:\VundoFix Backups
C:\VundoFix.txt
C:\WINDOWS\system32\hqayhpub.ini
C:\WINDOWS\system32\buphyaqh.dll
C:\WINDOWS\system32\mpinmt.dll
C:\WINDOWS\system32\optjkdyk.dll
C:\WINDOWS\system32\XHkklRqr.ini2
C:\WINDOWS\system32\XHkklRqr.ini
C:\WINDOWS\system32\rqRlkkHX.dll
C:\WINDOWS\system32\yhtlij.dll
C:\WINDOWS\system32\spxsprmx.dll
C:\WINDOWS\system32\burugdry.dll.vir
C:\WINDOWS\system32\mflzpo.dll
C:\WINDOWS\system32\hdmmxctp.dll
C:\WINDOWS\system32\53496514-.txt
C:\WINDOWS\system32\mlJddccc.dll.vir
C:\WINDOWS\system32\rQhEurol.dll
C:\WINDOWS\system32\rqroMedE.dll
C:\WINDOWS\system32\cont_milehighads-remove.exe
C:\WINDOWS\system32\tcsvdtmtyctbjzpg.exe
C:\WINDOWS\tasks\gcjqfkzl.job
C:\WINDOWS\system32\nse2F.dll
C:\WINDOWS\system32\xrcheewoamxdsnspf.dll

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7395749F-D512-49E8-9AFD-3E6B1D87B32B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{acdf36c1-e89d-ae05-b1ac-980268fa3d08}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5044e92-5f64-46fd-b21d-90670c8c9da4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5F5CBEF-1E8D-8073-CD31-6D17ADFD872B}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hgbvqxfldrkxtk"=-
"586aa16a"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqroMedE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\lsa]
"Authentication Packages"= hex(7):6d,73,76,31,5f,30,00,00

:commands
[purity]
[emptytemp]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 6 / 13
ezekielo Messages postés 153 Date d'inscription   Statut Membre Dernière intervention   7
 
suis c est conseil il et cooooooooool desirio5 !
0
Réponse 7 / 13
onepunk
 
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\VundoFix Backups moved successfully.
C:\VundoFix.txt moved successfully.
C:\WINDOWS\system32\hqayhpub.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\buphyaqh.dll
C:\WINDOWS\system32\buphyaqh.dll NOT unregistered.
C:\WINDOWS\system32\buphyaqh.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mpinmt.dll
C:\WINDOWS\system32\mpinmt.dll NOT unregistered.
C:\WINDOWS\system32\mpinmt.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\optjkdyk.dll
C:\WINDOWS\system32\optjkdyk.dll NOT unregistered.
C:\WINDOWS\system32\optjkdyk.dll moved successfully.
C:\WINDOWS\system32\XHkklRqr.ini2 moved successfully.
C:\WINDOWS\system32\XHkklRqr.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqRlkkHX.dll
C:\WINDOWS\system32\rqRlkkHX.dll NOT unregistered.
C:\WINDOWS\system32\rqRlkkHX.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yhtlij.dll
C:\WINDOWS\system32\yhtlij.dll NOT unregistered.
C:\WINDOWS\system32\yhtlij.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\spxsprmx.dll
C:\WINDOWS\system32\spxsprmx.dll NOT unregistered.
C:\WINDOWS\system32\spxsprmx.dll moved successfully.
C:\WINDOWS\system32\burugdry.dll.vir moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mflzpo.dll
C:\WINDOWS\system32\mflzpo.dll NOT unregistered.
C:\WINDOWS\system32\mflzpo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hdmmxctp.dll
C:\WINDOWS\system32\hdmmxctp.dll NOT unregistered.
C:\WINDOWS\system32\hdmmxctp.dll moved successfully.
C:\WINDOWS\system32\53496514-.txt moved successfully.
C:\WINDOWS\system32\mlJddccc.dll.vir moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rQhEurol.dll
C:\WINDOWS\system32\rQhEurol.dll NOT unregistered.
C:\WINDOWS\system32\rQhEurol.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqroMedE.dll
C:\WINDOWS\system32\rqroMedE.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\rqroMedE.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\cont_milehighads-remove.exe moved successfully.
C:\WINDOWS\system32\tcsvdtmtyctbjzpg.exe moved successfully.
C:\WINDOWS\tasks\gcjqfkzl.job moved successfully.
C:\WINDOWS\system32\nse2F.dll unregistered successfully.
C:\WINDOWS\system32\nse2F.dll moved successfully.
C:\WINDOWS\system32\xrcheewoamxdsnspf.dll unregistered successfully.
C:\WINDOWS\system32\xrcheewoamxdsnspf.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7395749F-D512-49E8-9AFD-3E6B1D87B32B}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{acdf36c1-e89d-ae05-b1ac-980268fa3d08}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5044e92-5f64-46fd-b21d-90670c8c9da4}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5F5CBEF-1E8D-8073-CD31-6D17ADFD872B}\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hgbvqxfldrkxtk not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\586aa16a deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqroMedE\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ deleted successfully.
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\lsa\\"Authentication Packages"| hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\John\LOCALS~1\Temp\10.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\John\LOCALS~1\Temp\1B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\John\LOCALS~1\Temp\1C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\John\LOCALS~1\Temp\44.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\John\LOCALS~1\Temp\46.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\John\LOCALS~1\Temp\5A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\John\LOCALS~1\Temp\5B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\John\LOCALS~1\Temp\5F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\John\LOCALS~1\Temp\~DF6545.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\John\LOCALS~1\Temp\~DF6DAC.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_270.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5c8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01132009_213950

Files moved on Reboot...
LoadLibrary failed for C:\WINDOWS\system32\rqroMedE.dll
C:\WINDOWS\system32\rqroMedE.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\rqroMedE.dll scheduled to be moved on reboot.
C:\DOCUME~1\John\LOCALS~1\Temp\10.tmp moved successfully.
C:\DOCUME~1\John\LOCALS~1\Temp\1B.tmp moved successfully.
C:\DOCUME~1\John\LOCALS~1\Temp\1C.tmp moved successfully.
C:\DOCUME~1\John\LOCALS~1\Temp\44.tmp moved successfully.
C:\DOCUME~1\John\LOCALS~1\Temp\46.tmp moved successfully.
C:\DOCUME~1\John\LOCALS~1\Temp\5A.tmp moved successfully.
C:\DOCUME~1\John\LOCALS~1\Temp\5B.tmp moved successfully.
C:\DOCUME~1\John\LOCALS~1\Temp\5F.tmp moved successfully.
C:\DOCUME~1\John\LOCALS~1\Temp\~DF6545.tmp moved successfully.
C:\DOCUME~1\John\LOCALS~1\Temp\~DF6DAC.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_270.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_5c8.dat not found!
0
Réponse 8 / 13
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
0
Réponse 9 / 13
onepunk
 
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1648
Windows 5.1.2600 Service Pack 3

13/01/2009 21:51:51
mbam-log-2009-01-13 (21-51-51).txt

Type de recherche: Examen rapide
Eléments examinés: 50256
Temps écoulé: 1 minute(s), 17 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqromede (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\rqroMedE.dll (Trojan.Vundo.H) -> Delete on reboot.
0
Réponse 10 / 13
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
---> Redémarre et refais un examen rapide pour vérifier que MBAM a bien pu supprimer les infections trouvées.
0
Réponse 11 / 13
onepunk
 
oui c'est bon tout est niquel merci pour ta rapidité aussi
0
Réponse 12 / 13
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
1/

---> Relance MBAM, va dans Quarantaine et supprime tout.

---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


2/

---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


3/

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php


4/

Je te conseille de mettre Antivir à la place d'Avast :
http://www.commentcamarche.net/telecharger/telecharger 55 antivir

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Tu peux utiliser l'extension Noscript pour plus de sécurité.

Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Onglet Mises à jour automatiques).

Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC :
http://www.commentcamarche.net/faq/sujet 5993 modifier son fichier hosts
https://blog.sosordi.net/category/articles

Par rapport au P2P :
http://www.libellules.ch/...

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) :
https://www.malekal.com/fichiers/projetantimalwares/prevention-protection.pdf


Sois plus vigilant sur Internet ;)
0
Réponse 13 / 13
onepunk
 
ok merci
0

Discussions similaires

Virtumonde.dll/.sci virus ?
core_quad -
scaravenger -

4 réponses
Surinfection Win32:Virut,Win32:Rootkit-gen,tr
gorgutz -
gorgutz -

29 réponses
[virus] infecté par trojan vundo
j-mi57 -
j-mi57 -

15 réponses