Infection par un cheval de troie
Fermé
Le Chalois45
Messages postés
1
Date d'inscription
jeudi 7 août 2008
Statut
Membre
Dernière intervention
7 août 2008
-
7 août 2008 à 19:06
lechalois45 - 15 août 2008 à 09:59
lechalois45 - 15 août 2008 à 09:59
A voir également:
- Infection par un cheval de troie
- Comment supprimer cheval de troie gratuitement - Télécharger - Antivirus & Antimalwares
- Message cheval de troie - Forum Virus
- Message alerte virus cheval de troie Mac ✓ - Forum MacOS
- Comment enlever un cheval de troie sur android ✓ - Forum Antivirus
- Ordinateur bloqué cheval de troie ✓ - Forum Réseau
6 réponses
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
7 août 2008 à 20:05
7 août 2008 à 20:05
Salut !!
Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread
= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection
un rapport s'ouvre le copier et le coller dans la réponse
Puis redémarrer le pc !!
ensuite :
télécharge combofix (par sUBs) ici :
https://forospyware.com
et enregistre le sur le Bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Et refais un nouveau rapport hijackthis stp
Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread
= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection
un rapport s'ouvre le copier et le coller dans la réponse
Puis redémarrer le pc !!
ensuite :
télécharge combofix (par sUBs) ici :
https://forospyware.com
et enregistre le sur le Bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Et refais un nouveau rapport hijackthis stp
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
13 août 2008 à 21:47
13 août 2008 à 21:47
Salut !!
relance hijackthis en cliquant sur scan only et coches ces lignes stp :
O2 - BHO: (no name) - {2B27DA27-4160-443E-80CD-9D860E85491E} - (no file)
O2 - BHO: (no name) - {45A7041A-5AC8-D4C4-AD38-C157F52ACCD3} - (no file)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: cbXNHYQk - cbXNHYQk.dll (file missing)
puis tu cliques sur fix checked.
vas faire les mises à niveau de java et adobe reader à ces adresses :
java : https://www.java.com/fr/download/manual.jsp
adobe reader XP : https://get2.adobe.com/reader/otherversions/
et ensuite désinstalles les versions antérieures.
est ce que tu as encore des problemes ??
relance hijackthis en cliquant sur scan only et coches ces lignes stp :
O2 - BHO: (no name) - {2B27DA27-4160-443E-80CD-9D860E85491E} - (no file)
O2 - BHO: (no name) - {45A7041A-5AC8-D4C4-AD38-C157F52ACCD3} - (no file)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: cbXNHYQk - cbXNHYQk.dll (file missing)
puis tu cliques sur fix checked.
vas faire les mises à niveau de java et adobe reader à ces adresses :
java : https://www.java.com/fr/download/manual.jsp
adobe reader XP : https://get2.adobe.com/reader/otherversions/
et ensuite désinstalles les versions antérieures.
est ce que tu as encore des problemes ??
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
14 août 2008 à 12:08
14 août 2008 à 12:08
Salut !!
as tu encore des problemes ??
as tu encore des problemes ??
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
14 août 2008 à 13:22
14 août 2008 à 13:22
ok...tu faire ceci pour terminer stp :
Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :
Télécharge toolscleaner sur ton Bureau :
(c est le numéro 15 en bas de la page) : https://www.androidworld.fr/
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
Désactive et réactive la Restauration du système :
1 Dans la barre des tâches de Windows, clique sur Démarrer.
2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.
3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"
4 Clique sur Appliquer.
5 Ensuite décoche "Désactiver la restauration du systeme"
6 clique sur appliquer puis ok
7 vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme.
Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :
Télécharge toolscleaner sur ton Bureau :
(c est le numéro 15 en bas de la page) : https://www.androidworld.fr/
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
Désactive et réactive la Restauration du système :
1 Dans la barre des tâches de Windows, clique sur Démarrer.
2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.
3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"
4 Clique sur Appliquer.
5 Ensuite décoche "Désactiver la restauration du systeme"
6 clique sur appliquer puis ok
7 vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
14 août 2008 à 14:07
14 août 2008 à 14:07
vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme----créer un point de restauration..
Et tu peux bien sure supprimer combofix ;-)
Et tu peux bien sure supprimer combofix ;-)
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
14 août 2008 à 14:08
14 août 2008 à 14:08
voici mon site web si ca peut te servir : https://www.androidworld.fr/
Bonjour,
Je viens de créer mon point de restauration, et j'ai lancer Toolscleaner.
Ci-joint le rapport:
-->- Recherche:
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Jean-Claude\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Jean-Claude\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Jean-Claude\Bureau\HJTInstall.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
Merci pour ce dépannage, cela fait très plaisir de tomber sur des personne compétante.
Par ailleurs lorsque j'ai ouvert mon PC ce matin, j'ai un ce message:
exploreur.exe - erreur application
l'exploreur exception logicielle inconnue (0x0ecfade) s'est produite dans l'application à l'emplacement 0x7c81205b
j'ai fait ok, et j'ai error 217 at 0000BD68.
Ensuite, j'ai eu:
l'instruction à "0x030edf2c" emploie l'adresse mémoire "0x030edf2c", la mémoire ne peut pas être read
ok pour terminer, ok pour déboguer, j'ai choisi le 2e!
Peux tu me renseigner?
Merci d'avance
Je viens de créer mon point de restauration, et j'ai lancer Toolscleaner.
Ci-joint le rapport:
-->- Recherche:
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Jean-Claude\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Jean-Claude\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Jean-Claude\Bureau\HJTInstall.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
Merci pour ce dépannage, cela fait très plaisir de tomber sur des personne compétante.
Par ailleurs lorsque j'ai ouvert mon PC ce matin, j'ai un ce message:
exploreur.exe - erreur application
l'exploreur exception logicielle inconnue (0x0ecfade) s'est produite dans l'application à l'emplacement 0x7c81205b
j'ai fait ok, et j'ai error 217 at 0000BD68.
Ensuite, j'ai eu:
l'instruction à "0x030edf2c" emploie l'adresse mémoire "0x030edf2c", la mémoire ne peut pas être read
ok pour terminer, ok pour déboguer, j'ai choisi le 2e!
Peux tu me renseigner?
Merci d'avance
13 août 2008 à 21:01
Tout d'abord merci pour avoir repondu a ma demande.
J'ai fait tout ce que tu m'as dit, mais le combo a tourné court. Tu trouveras ci-dessous toutes les restitutions et j'attend ton verdict.
1) Malwarebytes
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1034
Windows 5.1.2600 Service Pack 2
22:27:09 08/08/2008
mbam-log-8-8-2008 (22-27-09).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 184002
Temps écoulé: 2 hour(s), 15 minute(s), 53 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 25
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a596175d-bbc7-476a-a152-fba652b64505} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcns6j0e5ep (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcns6j0e5ep (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a596175d-bbc7-476a-a152-fba652b64505} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\rhcns6j0e5ep (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Claude\Application Data\rhcns6j0e5ep (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Claude\Application Data\rhcns6j0e5ep\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Claude\Application Data\rhcns6j0e5ep\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Claude\Application Data\rhcns6j0e5ep\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Claude\Application Data\rhcns6j0e5ep\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Claude\Application Data\rhcns6j0e5ep\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Claude\Application Data\rhcns6j0e5ep\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Claude\Application Data\rhcns6j0e5ep\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Claude\Application Data\rhcns6j0e5ep\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Claude\Application Data\rhcns6j0e5ep\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Claude\Application Data\rhcns6j0e5ep\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP1726\A0886321.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP1726\A0886322.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP1726\A0886323.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP1726\A0886324.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP1726\A0886325.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP1726\A0886326.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP1727\A0886436.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51C5CDE-3710-45ED-AEAF-4DBEE7E77752}\RP1727\A0886437.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\rhcns6j0e5ep\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcns6j0e5ep\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcns6j0e5ep\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcns6j0e5ep\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcns6j0e5ep\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcns6j0e5ep\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcns6j0e5ep\rhcns6j0e5ep.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcns6j0e5ep\rhcns6j0e5ep.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhcns6j0e5ep\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Local Settings\Temp\CmdLineExt02.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcjs6j0e5ep.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcjs6j0e5ep.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jean-Claude\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
2) combofix
----a-w 2,123 2008-08-11 07:17:27 C:\Program Files\Agfa\ScanWise 1_60\Chantal.dic
----a-w 2,157 2008-06-11 06:24:18 C:\Program Files\Agfa\ScanWise 1_60\Jean-Claude.dic
----a-w 46,398 2008-08-11 07:17:28 C:\Program Files\Agfa\ScanWise 1_60\jobconfig.dic
----a-w 0 2008-08-11 07:16:50 C:\Program Files\Agfa\ScanWise 1_60\scanwise.log
----a-w 221,184 2008-07-19 14:31:35 C:\Program Files\Alwil Software\Avast4\Aavm4h.dll
----a-w 188,416 2008-07-19 14:39:00 C:\Program Files\Alwil Software\Avast4\AavmGuih.dll
----a-w 20,992 2008-07-19 14:31:25 C:\Program Files\Alwil Software\Avast4\AavmRpch.dll
----a-w 35,840 2008-07-19 14:31:48 C:\Program Files\Alwil Software\Avast4\AhResMai.dll
----a-w 32,768 2008-07-19 14:34:03 C:\Program Files\Alwil Software\Avast4\ahResMes.dll
----a-w 31,744 2008-07-19 14:32:59 C:\Program Files\Alwil Software\Avast4\AhResNS.dll
----a-w 29,696 2008-07-19 14:38:19 C:\Program Files\Alwil Software\Avast4\AhResOut.dll
----a-w 33,280 2008-07-19 14:33:37 C:\Program Files\Alwil Software\Avast4\ahResP2P.dll
----a-w 43,008 2008-07-19 14:39:24 C:\Program Files\Alwil Software\Avast4\AhResStd.dll
----a-w 53,248 2008-07-19 14:32:01 C:\Program Files\Alwil Software\Avast4\AhResWS.dll
----a-w 65,536 2008-07-19 14:36:38 C:\Program Files\Alwil Software\Avast4\AhRuiMai.dll
----a-w 36,864 2008-07-19 14:34:00 C:\Program Files\Alwil Software\Avast4\ahRuiMes.dll
----a-w 36,864 2008-07-19 14:32:56 C:\Program Files\Alwil Software\Avast4\AhRuiNS.dll
----a-w 90,112 2008-07-19 14:37:04 C:\Program Files\Alwil Software\Avast4\AhRuiOut.dll
----a-w 22,528 2008-07-19 14:33:34 C:\Program Files\Alwil Software\Avast4\ahRuiP2P.dll
----a-w 57,344 2008-07-19 14:39:19 C:\Program Files\Alwil Software\Avast4\AhRuiStd.dll
----a-w 49,152 2008-07-19 14:34:17 C:\Program Files\Alwil Software\Avast4\AhRuiWS.dll
----a-w 270,520 2008-07-19 14:28:35 C:\Program Files\Alwil Software\Avast4\ashAvast.exe
----a-w 229,376 2008-07-19 14:24:17 C:\Program Files\Alwil Software\Avast4\ashBase.dll
----a-w 127,160 2008-07-19 14:29:03 C:\Program Files\Alwil Software\Avast4\ashBug.exe
----a-w 98,304 2008-07-19 14:27:41 C:\Program Files\Alwil Software\Avast4\ashCfgP.dll
----a-w 135,168 2008-07-19 14:28:05 C:\Program Files\Alwil Software\Avast4\ashCfgT.dll
----a-w 151,552 2008-07-19 14:28:15 C:\Program Files\Alwil Software\Avast4\ashChest.dll
----a-w 65,720 2008-07-19 14:29:22 C:\Program Files\Alwil Software\Avast4\ashChest.exe
----a-w 50,872 2008-07-19 14:29:12 C:\Program Files\Alwil Software\Avast4\ashCnsnt.exe
----a-w 78,008 2008-07-19 14:38:34 C:\Program Files\Alwil Software\Avast4\ashDisp.exe
----a-w 47,800 2008-07-19 14:28:45 C:\Program Files\Alwil Software\Avast4\ashLogV.exe
----a-w 250,040 2008-07-19 14:38:04 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
----a-w 200,888 2008-07-19 14:38:15 C:\Program Files\Alwil Software\Avast4\ashOutXt.dll
----a-w 204,984 2008-07-19 14:38:48 C:\Program Files\Alwil Software\Avast4\ashPopWz.exe
----a-w 278,712 2008-07-19 14:30:37 C:\Program Files\Alwil Software\Avast4\ashQuick.exe
----a-w 147,640 2008-07-19 14:38:28 C:\Program Files\Alwil Software\Avast4\ashServ.exe
----a-w 73,912 2008-07-19 14:30:42 C:\Program Files\Alwil Software\Avast4\ashShell.dll
----a-w 127,160 2008-07-19 14:29:34 C:\Program Files\Alwil Software\Avast4\ashSimp2.exe
----a-w 155,832 2008-07-19 14:31:12 C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
----a-w 18,432 2008-07-19 14:28:49 C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe
----a-w 61,440 2008-07-19 14:28:55 C:\Program Files\Alwil Software\Avast4\ashSkPck.exe
----a-w 53,248 2008-07-19 14:24:30 C:\Program Files\Alwil Software\Avast4\ashSODBC.dll
----a-w 233,472 2008-07-19 14:25:25 C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll
----a-w 48,128 2008-07-19 14:25:31 C:\Program Files\Alwil Software\Avast4\ashSXML.dll
----a-w 118,784 2008-07-19 14:24:40 C:\Program Files\Alwil Software\Avast4\ashTask.dll
----a-w 319,488 2008-07-19 14:27:23 C:\Program Files\Alwil Software\Avast4\ashUInt.dll
----a-w 65,720 2008-07-19 14:24:52 C:\Program Files\Alwil Software\Avast4\ashUpd.exe
----a-w 348,344 2008-07-23 14:25:45 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
----a-w 61,440 2008-07-19 14:35:56 C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll
----a-w 659,456 2008-07-19 14:24:23 C:\Program Files\Alwil Software\Avast4\aswAux.dll
----a-w 131,072 2008-07-19 14:20:23 C:\Program Files\Alwil Software\Avast4\aswCmnB.dll
----a-w 86,016 2008-07-19 14:20:15 C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll
----a-w 192,512 2008-07-19 14:20:35 C:\Program Files\Alwil Software\Avast4\aswCmnS.dll
----a-w 8,888 2008-07-19 14:25:01 C:\Program Files\Alwil Software\Avast4\aswIdle.dll
----a-w 22,528 2008-07-19 14:23:33 C:\Program Files\Alwil Software\Avast4\aswInteg.dll
----a-w 294,912 2008-07-19 14:21:03 C:\Program Files\Alwil Software\Avast4\aswRawFS.dll
----a-w 147,456 2008-07-19 14:19:53 C:\Program Files\Alwil Software\Avast4\aswRes.dll
----a-w 90,296 2008-07-18 12:38:19 C:\Program Files\Alwil Software\Avast4\aswRunDll.exe
----a-w 81,920 2008-07-19 14:23:10 C:\Program Files\Alwil Software\Avast4\aswScan.dll
----a-w 16,056 2008-07-19 14:25:06 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
----a-w 94,392 2008-07-19 14:30:53 C:\Program Files\Alwil Software\Avast4\AVASTSS.scr
----a-w 106,496 2008-07-19 14:33:25 C:\Program Files\Alwil Software\Avast4\avCommEx.dll
----a-w 10,936 2008-07-19 14:28:25 C:\Program Files\Alwil Software\Avast4\AVSSHOOK.dll
----a-w 21,098 2008-07-10 13:32:38 C:\Program Files\Alwil Software\Avast4\DefTasks.xml
----a-w 65,720 2008-07-19 14:42:33 C:\Program Files\Alwil Software\Avast4\sched.exe
----a-w 65,720 2008-07-19 14:30:47 C:\Program Files\Alwil Software\Avast4\VisthAux.exe
----a-w 50,360 2008-07-19 14:30:58 C:\Program Files\Alwil Software\Avast4\VisthLic.exe
----a-w 50,360 2008-07-19 14:30:18 C:\Program Files\Alwil Software\Avast4\VisthUpd.exe
----a-w 917,504 2008-05-15 23:08:25 C:\Program Files\Alwil Software\Avast4\XT1922.dll
----a-w 188,600 2008-08-13 14:36:16 C:\Program Files\Alwil Software\Avast4\DATA\aswar0.dll
----a-w 188,600 2008-07-30 16:37:53 C:\Program Files\Alwil Software\Avast4\DATA\aswar1.dll
----a-w 52,224 2008-08-05 19:25:23 C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db
----a-w 10,362 2008-08-13 17:17:02 C:\Program Files\Alwil Software\Avast4\DATA\avast4.ini
----a-w 391,216 2008-08-13 14:36:16 C:\Program Files\Alwil Software\Avast4\DATA\clnr0.dll
----a-w 273,592 2008-08-13 14:36:16 C:\Program Files\Alwil Software\Avast4\DATA\dllcc0.dat
----a-w 9,080 2008-08-13 14:36:16 C:\Program Files\Alwil Software\Avast4\DATA\exts0.dll
----a-w 70,766 2008-07-28 16:49:19 C:\Program Files\Alwil Software\Avast4\DATA\iNews.htm
----a-w 690,144 2008-07-19 09:13:44 C:\Program Files\Alwil Software\Avast4\DATA\chest\00000009
----a-w 1,010 2008-08-03 12:37:49 C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000A
----a-w 41,739 2008-08-03 19:55:58 C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000B
----a-w 41,739 2008-08-03 19:55:58 C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000C
----a-w 49,160 2008-08-03 19:59:38 C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000D
----a-w 163,336 2008-08-03 20:00:20 C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000E
----a-w 44,040 2008-08-03 20:02:26 C:\Program Files\Alwil Software\Avast4\DATA\chest\0000000F
----a-w 303,624 2008-08-03 20:12:04 C:\Program Files\Alwil Software\Avast4\DATA\chest\00000010
----a-w 34,696 2008-08-03 20:45:59 C:\Program Files\Alwil Software\Avast4\DATA\chest\00000011
----a-w 130,440 2008-08-03 20:45:59 C:\Program Files\Alwil Software\Avast4\DATA\chest\00000012
----a-w 322,824 2008-08-03 20:45:59 C:\Program Files\Alwil Software\Avast4\DATA\chest\00000013
----a-w 9,335 2008-08-03 20:46:02 C:\Program Files\Alwil Software\Avast4\DATA\chest\00000014
----a-w 9,420 2008-08-03 20:46:02 C:\Program Files\Alwil Software\Avast4\DATA\chest\00000015
----a-w 344,072 2008-08-03 21:09:43 C:\Program Files\Alwil Software\Avast4\DATA\chest\00000016
----a-w 34,696 2008-08-03 21:14:38 C:\Program Files\Alwil Software\Avast4\DATA\chest\00000017
----a-w 34,696 2008-08-03 21:14:44 C:\Program Files\Alwil Software\Avast4\DATA\chest\00000018
----a-w 34,696 2008-08-03 21:14:54 C:\Program Files\Alwil Software\Avast4\DATA\chest\00000019
----a-w 98,696 2008-08-03 21:15:18 C:\Program Files\Alwil Software\Avast4\DATA\chest\0000001A
----a-w 130,440 2008-08-03 21:15:54 C:\Program Files\Alwil Software\Avast4\DATA\chest\0000001B
----a-w 40,968 2008-08-03 21:16:55 C:\Program Files\Alwil Software\Avast4\DATA\chest\0000001C
----a-w 18,957 2008-08-05 16:58:10 C:\Program Files\Alwil Software\Avast4\DATA\chest\0000001D
----a-w 14,041 2008-08-05 16:58:15 C:\Program Files\Alwil Software\Avast4\DATA\chest\0000001E
----a-w 114,184 2008-08-05 17:09:25 C:\Program Files\Alwil Software\Avast4\DATA\chest\0000001F
----a-w 94,216 2008-08-05 17:09:40 C:\Program Files\Alwil Software\Avast4\DATA\chest\00000020
----a-w 34,696 2008-08-08 17:05:25 C:\Program Files\Alwil Software\Avast4\DATA\chest\00000021
----a-w 34,696 2008-08-08 17:05:32 C:\Program Files\Alwil Software\Avast4\DATA\chest\00000022
----a-w 34,696 2008-08-08 17:05:35 C:\Program Files\Alwil Software\Avast4\DATA\chest\00000023
----a-w 98,696 2008-08-08 17:05:37 C:\Program Files\Alwil Software\Avast4\DATA\chest\00000024
----a-w 130,440 2008-08-08 17:05:38 C:\Program Files\Alwil Software\Avast4\DATA\chest\00000025
----a-w 15,024 2008-08-08 17:05:38 C:\Program Files\Alwil Software\Avast4\DATA\chest\index.xml
----a-w 0 2008-08-13 08:27:34 C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws
----a-w 619 2008-08-12 20:31:43 C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws.ori
----a-w 80,700 2008-08-13 09:20:07 C:\Program Files\Alwil Software\Avast4\DATA\log\aswAr.log
----a-w 2,480 2008-08-03 21:17:49 C:\Program Files\Alwil Software\Avast4\DATA\log\aswBoot.log
----a-w 1,112 2008-08-13 17:21:51 C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log
----a-w 1,775 2008-08-13 17:15:32 C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.ori
----a-w 19,074 2008-08-12 17:05:43 C:\Program Files\Alwil Software\Avast4\DATA\log\Error.log
----a-w 28,446 2008-08-13 14:36:20 C:\Program Files\Alwil Software\Avast4\DATA\log\Notice.log
----a-w 750 2008-06-15 07:31:09 C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log
----a-w 0 2008-08-12 20:31:41 C:\Program Files\Alwil Software\Avast4\DATA\log\unp136519034.tmp.mdmp
----a-w 0 2008-06-16 09:20:41 C:\Program Files\Alwil Software\Avast4\DATA\log\unp137338758.tmp.mdmp
----a-w 0 2008-06-28 17:28:39 C:\Program Files\Alwil Software\Avast4\DATA\log\unp151611172.tmp.mdmp
----a-w 114,974 2008-06-12 19:21:35 C:\Program Files\Alwil Software\Avast4\DATA\log\unp156150656.tmp.mdmp
----a-w 0 2008-07-19 19:55:12 C:\Program Files\Alwil Software\Avast4\DATA\log\unp157426237.tmp.mdmp
----a-w 0 2008-07-04 20:51:34 C:\Program Files\Alwil Software\Avast4\DATA\log\unp161183955.tmp.mdmp
----a-w 103,066 2008-08-12 20:31:45 C:\Program Files\Alwil Software\Avast4\DATA\log\unp227667260.tmp.mdmp
----a-w 32,065 2008-08-12 17:05:43 C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log
----a-w 3,104 2008-08-03 21:17:45 C:\Program Files\Alwil Software\Avast4\DATA\report\aswBoot.txt
----a-w 70,165 2008-08-13 17:21:54 C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt
----a-w 98,304 2008-07-19 14:18:27 C:\Program Files\Alwil Software\Avast4\FRENCH\Base.dll
----a-w 17,920 2008-07-19 14:17:00 C:\Program Files\Alwil Software\Avast4\FRENCH\Boot.dll
----a-w 61,440 2008-07-19 14:18:22 C:\Program Files\Alwil Software\Avast4\FRENCH\LangMai.dll
----a-w 13,936 2008-07-19 14:45:27 C:\Program Files\Alwil Software\Avast4\FRENCH\HELP\CheckListSimple.chm
----a-w 196,737 2008-07-19 14:45:25 C:\Program Files\Alwil Software\Avast4\FRENCH\HELP\help.chm
----a-w 862,433 2008-07-28 16:46:07 C:\Program Files\Alwil Software\Avast4\Setup\avscan-32e.vpu
----a-w 192,846 2008-07-28 16:45:57 C:\Program Files\Alwil Software\Avast4\Setup\av_pro_hlp40c-243.vpu
----a-w 33,871 2008-07-28 16:46:14 C:\Program Files\Alwil Software\Avast4\Setup\jrog-45.vpu
----a-w 321 2008-07-28 16:43:27 C:\Program Files\Alwil Software\Avast4\Setup\part-jrog-45.vpu
----a-w 7,371 2008-07-28 16:43:26 C:\Program Files\Alwil Software\Avast4\Setup\part-prg_av_pro-4cd.vpu
----a-w 291 2008-07-28 16:43:27 C:\Program Files\Alwil Software\Avast4\Setup\part-setup_av_pro-4cd.vpu
----a-w 664 2008-08-13 14:34:34 C:\Program Files\Alwil Software\Avast4\Setup\part-vps-8081300.vpu
----a-w 645 2008-08-13 13:37:14 C:\Program Files\Alwil Software\Avast4\Setup\prod-av_pro.vpu
----a-w 40,543 2008-07-23 19:44:34 C:\Program Files\Alwil Software\Avast4\Setup\servers.def
----a-w 40,543 2008-07-23 19:44:34 C:\Program Files\Alwil Software\Avast4\Setup\servers.def.lkg
----a-w 2,583 2008-07-23 19:44:34 C:\Program Files\Alwil Software\Avast4\Setup\servers.def.vpu
----a-w 127,024 2008-07-28 16:43:41 C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll
----a-w 127,024 2008-07-28 16:48:12 C:\Program Files\Alwil Software\Avast4\Setup\setiface.ovr
----a-w 65,458 2008-07-28 16:43:32 C:\Program Files\Alwil Software\Avast4\Setup\setif_av_pro-4cd.vpu
----a-w 1,095 2008-08-13 14:36:20 C:\Program Files\Alwil Software\Avast4\Setup\setup.ini
----a-w 676,543 2008-07-28 16:43:36 C:\Program Files\Alwil Software\Avast4\Setup\setup_av_pro-4cd.vpu
----a-w 274 2008-08-13 14:36:20 C:\Program Files\Alwil Software\Avast4\Setup\summary.txt
----a-w 133 2008-08-13 14:35:24 C:\Program Files\Alwil Software\Avast4\Setup\vpsm-8081300.vpu
----a-w 26,944 2008-07-19 14:32:15 C:\Program Files\Alwil Software\Avast4\Setup\INF\Aavmker4.sys
----a-w 20,560 2008-07-19 14:37:42 C:\Program Files\Alwil Software\Avast4\Setup\INF\aswFsBlk.sys
----a-w 94,416 2008-07-19 14:37:21 C:\Program Files\Alwil Software\Avast4\Setup\INF\aswMon2.sys
----a-w 51,280 2008-07-19 14:36:03 C:\Program Files\Alwil Software\Avast4\Setup\INF\aswMonFlt.sys
----a-w 23,152 2008-07-19 14:33:42 C:\Program Files\Alwil Software\Avast4\Setup\INF\AswRdr.sys
----a-w 78,416 2008-07-19 14:35:18 C:\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys
----a-w 42,912 2008-07-19 14:32:36 C:\Program Files\Alwil Software\Avast4\Setup\INF\AswTdi.sys
----a-w 25,168 2008-07-19 14:32:26 C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\Aavmker4.sys
----a-w 22,096 2008-07-19 14:37:52 C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswFsBlk.sys
----a-w 75,856 2008-07-19 14:37:32 C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswMon2.sys
----a-w 63,568 2008-07-19 14:36:19 C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswMonFlt.sys
----a-w 27,216 2008-07-19 14:33:47 C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswRdr.sys
----a-w 89,168 2008-07-19 14:35:48 C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswSP.sys
----a-w 48,720 2008-07-19 14:32:42 C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswTdi.sys
----a-w 37,968 2008-07-19 14:37:47 C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswFsBlk.sys
----a-w 138,320 2008-07-19 14:36:12 C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswMonFlt.sys
----a-w 55,376 2008-07-19 14:33:51 C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswRdr.sys
----a-w 168,016 2008-07-19 14:35:35 C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswSP.sys
----a-w 103,504 2008-07-19 14:32:46 C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswTdi.sys
----a-w 1,201 2008-07-18 13:40:07 C:\Program Files\BitComet\BitComet.xml
----a-w 27,428 2008-07-21 16:59:11 C:\Program Files\BitComet\Downloads.xml
----a-w 308 2008-07-18 13:40:07 C:\Program Files\BitComet\rules\dhtnodes.dat
----a-w 2,234 2008-06-16 09:06:00 C:\Program Files\BitComet\torrents\Equipe160608.pdf.torrent
----a-w 1,623 2008-06-16 09:16:37 C:\Program Files\BitComet\torrents\Equipe160608.pdf.xml
----a-w 24,064 2008-06-26 01:27:58 C:\Program Files\CCleaner\lang-1036.dll
----a-w 114,509 2008-07-10 07:47:55 C:\Program Files\CCleaner\uninst.exe
----a-w 254,976 29092-01-23 07:27:56 C:\Program Files\IncrediMail\bin\xaudio.dll
----a-w 9,527 2008-07-30 16:46:52 C:\Program Files\Malwarebytes' Anti-Malware\changes.rtf
----a-w 21,793 2008-07-23 18:10:38 C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm
----a-w 61,048 2008-07-30 18:07:50 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
----a-w 73,336 2008-07-30 18:07:52 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
----a-w 110,200 2008-07-30 18:07:52 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
----a-w 372,344 2008-07-30 18:07:54 C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
----a-w 44,664 2008-07-30 18:07:54 C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll
----a-w 7,818 2008-08-08 16:36:07 C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat
----a-w 688,760 2008-08-08 16:34:47 C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
----a-w 13,753 2008-08-08 16:36:07 C:\Program Files\Malwarebytes' Anti-Malware\unins000.msg
----a-w 495,224 2008-07-30 18:07:54 C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
----a-w 77,944 2008-07-30 18:07:56 C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
----a-w 13,924 2008-07-03 09:10:26 C:\Program Files\Malwarebytes' Anti-Malware\Languages\albanian.lng
----a-w 12,542 2008-06-29 13:29:28 C:\Program Files\Malwarebytes' Anti-Malware\Languages\bulgarian.lng
----a-w 11,551 2008-06-24 22:49:16 C:\Program Files\Malwarebytes' Anti-Malware\Languages\czech.lng
----a-w 11,624 2008-05-17 09:09:12 C:\Program Files\Malwarebytes' Anti-Malware\Languages\finnish.lng
----a-w 13,558 2008-07-09 09:35:54 C:\Program Files\Malwarebytes' Anti-Malware\Languages\german.lng
----a-w 11,593 2008-07-01 13:47:42 C:\Program Files\Malwarebytes' Anti-Malware\Languages\norwegian.lng
----a-w 12,345 2008-06-15 12:04:12 C:\Program Files\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng
----a-w 11,779 2008-07-03 23:58:56 C:\Program Files\Malwarebytes' Anti-Malware\Languages\russian.lng
----a-w 11,599 2008-07-26 08:58:36 C:\Program Files\Malwarebytes' Anti-Malware\Languages\slovak.lng
----a-w 12,876 2008-07-11 13:26:06 C:\Program Files\Malwarebytes' Anti-Malware\Languages\spanish.lng
----a-w 11,960 2008-07-30 17:33:04 C:\Program Files\Malwarebytes' Anti-Malware\Languages\turkish.lng
----a-w 804 2008-05-18 15:26:36 C:\Program Files\Microsoft IntelliPoint\MSHWLog.txt
----a-w 1,739 2008-07-26 17:26:08 C:\Program Files\MSN Messenger\ErrorResponse.xml
----a-w 1,338 2008-07-23 12:37:08 C:\Program Files\PhotoFiltre\PhotoFiltre.ini
----a-w 129,767 2008-07-09 11:45:04 C:\Program Files\Picasa2\Uninstall.exe
----a-w 3,133 2008-07-09 11:45:32 C:\Program Files\Picasa2\buttons\core-lh2.pbz
----a-w 257 2008-07-09 11:45:32 C:\Program Files\Picasa2\runtime\defaults.ini
----a-w 3 2008-07-09 11:45:32 C:\Program Files\Picasa2\runtime\hlpsys.dll
----a-w 550 2008-05-27 14:52:32 C:\Program Files\Spybot - Search & Destroy\Includes\AdvWhite.sbs
----a-w 46,908 2008-06-17 12:37:58 C:\Program Files\Spybot - Search & Destroy\Includes\Adware.sbi
----a-w 5,719 2008-07-07 10:18:00 C:\Program Files\Spybot - Search & Destroy\Includes\AdwareC.sbi
----a-w 1,361 2008-06-03 12:52:10 C:\Program Files\Spybot - Search & Destroy\Includes\Cookies.sbi
----a-w 5,981 2008-06-12 10:44:50 C:\Program Files\Spybot - Search & Destroy\Includes\Cookies.sbs
----a-w 117,892 2008-06-03 12:52:24 C:\Program Files\Spybot - Search & Destroy\Includes\Dialer.sbi
----a-w 4,579 2008-07-07 10:19:06 C:\Program Files\Spybot - Search & Destroy\Includes\DialerC.sbi
----a-w 380,977 2008-07-08 08:36:04 C:\Program Files\Spybot - Search & Destroy\Includes\Domains.sbs
----a-w 95,791 2008-06-03 12:53:04 C:\Program Files\Spybot - Search & Destroy\Includes\HeavyDuty.sbi
----a-w 148,786 2008-07-08 08:36:06 C:\Program Files\Spybot - Search & Destroy\Includes\Hijackers.sbi
----a-w 1,645 2008-07-08 08:04:06 C:\Program Files\Spybot - Search & Destroy\Includes\HijackersC.sbi
----a-w 73,814 2008-06-25 08:29:18 C:\Program Files\Spybot - Search & Destroy\Includes\Keyloggers.sbi
----a-w 4,724 2008-07-08 11:05:02 C:\Program Files\Spybot - Search & Destroy\Includes\KeyloggersC.sbi
----a-w 394,246 2008-07-02 09:24:52 C:\Program Files\Spybot - Search & Destroy\Includes\Malware.sbi
----a-w 137,737 2008-07-08 11:03:32 C:\Program Files\Spybot - Search & Destroy\Includes\MalwareC.sbi
----a-w 84,862 2008-06-17 12:57:44 C:\Program Files\Spybot - Search & Destroy\Includes\PUPS.sbi
----a-w 111,924 2008-07-01 12:15:12 C:\Program Files\Spybot - Search & Destroy\Includes\PUPSC.sbi
----a-w 7,763 2008-06-10 13:25:06 C:\Program Files\Spybot - Search & Destroy\Includes\Security.sbi
----a-w 4,065 2008-07-08 11:04:12 C:\Program Files\Spybot - Search & Destroy\Includes\SecurityC.sbi
----a-w 64,647 2008-06-09 11:11:38 C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs
----a-w 560 2008-06-03 12:54:34 C:\Program Files\Spybot - Search & Destroy\Includes\Spybots.sbi
----a-w 579 2008-06-03 12:54:18 C:\Program Files\Spybot - Search & Destroy\Includes\SpybotsC.sbi
----a-w 116,205 2008-06-17 13:01:18 C:\Program Files\Spybot - Search & Destroy\Includes\Spyware.sbi
----a-w 6,435 2008-07-08 07:35:32 C:\Program Files\Spybot - Search & Destroy\Includes\SpywareC.sbi
----a-w 33,550 2008-06-03 12:53:24 C:\Program Files\Spybot - Search & Destroy\Includes\Tracks.uti
----a-w 488,177 2008-06-24 12:40:56 C:\Program Files\Spybot - Search & Destroy\Includes\Trojans.sbi
----a-w 186,623 2008-07-08 11:03:22 C:\Program Files\Spybot - Search & Destroy\Includes\TrojansC.sbi
----a-w 16,862 2008-06-27 14:13:50 C:\Program Files\Spybot - Search & Destroy\Includes\URL-Blacklist.sbs
----a-w 121,344 2008-12-24 17:23:20 C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
----a-w 9,047 2008-07-10 09:18:09 C:\Program Files\Spybot - Search & Destroy\Updates\downloaded.ini
----a-w 118,040 2008-06-03 04:58:02 C:\Program Files\Spybot - Search & Destroy\Updates\includes.dialer.zip
----a-w 148,945 2008-07-09 09:17:50 C:\Program Files\Spybot - Search & Destroy\Updates\includes.hijackers.zip
----a-w 73,965 2008-06-25 09:17:52 C:\Program Files\Spybot - Search & Destroy\Updates\includes.keyloggers.zip
----a-w 394,441 2008-07-02 09:17:54 C:\Program Files\Spybot - Search & Destroy\Updates\includes.malware.zip
----a-w 85,001 2008-06-18 09:17:56 C:\Program Files\Spybot - Search & Destroy\Updates\includes.pups.zip
----a-w 7,895 2008-06-11 09:17:56 C:\Program Files\Spybot - Search & Destroy\Updates\includes.security.zip
----a-w 164,027 2008-06-18 09:17:58 C:\Program Files\Spybot - Search & Destroy\Updates\includes.spybots.zip
----a-w 488,382 2008-06-25 09:18:04 C:\Program Files\Spybot - Search & Destroy\Updates\includes.trojans.zip
----a-w 598,528 2008-07-09 09:18:08 C:\Program Files\Spybot - Search & Destroy\Updates\includes.zip
----a-w 0 2008-08-04 04:59:53 C:\Program Files\Spybot - Search & Destroy\Updates\online.ini
----a-w 551,948 2008-07-09 09:18:00 C:\Program Files\Spybot - Search & Destroy\Updates\supplemental.zip
----a-w 396,288 2008-08-03 18:47:31 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
----a-w 11,729 2008-08-07 15:55:59 C:\Program Files\Trend Micro\HijackThis\hijackthis.log
----a-w 111 2008-07-19 17:32:30 C:\Program Files\Zylom Games\Cate West - The Vanishing Files Deluxe\profiles\profile1.sav
Entries: 250 (250)
Directories: 0 Files: 250
Bytes: 25,175,737 Blocks: 49,291
3)hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:58, on 13/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\NMSAccessU.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\FSScrCtl.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B27DA27-4160-443E-80CD-9D860E85491E} - (no file)
O2 - BHO: (no name) - {45A7041A-5AC8-D4C4-AD38-C157F52ACCD3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-56604596-1547963291-1499398264-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://photo.laredoute.fr/ImageUploader3.cab
O20 - Winlogon Notify: cbXNHYQk - cbXNHYQk.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Fichiers communs\NMSAccessU.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe