Virus : win32 rootkit-gen rtk • page 2

yagami · le 08 Avr 2010 21:09

Ok, je viens de réactiver la notification WSC.

J'ai aussi suivi les étapes décrites dans ton précédent message, et le rapport texte qui s'affiche est vide.

Est ce un bon signe ?

jeanmimigab · le 08 Avr 2010 21:55

hello,
c'est peut être un bug..

regarde à la racine du disque c:\ tu dois avoir un rapport TDSSKiller******* :wink:

yagami · le 08 Avr 2010 21:58

C'est vrai, le voici :

20:05:13:984 3832 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
20:05:13:984 3832 ================================================================================
20:05:13:984 3832 SystemInfo:

20:05:13:984 3832 OS Version: 5.1.2600 ServicePack: 2.0
20:05:13:984 3832 Product type: Workstation
20:05:13:984 3832 ComputerName: youn-92D5D711
20:05:13:984 3832 UserName: youn
20:05:13:984 3832 Windows directory: C:\WINDOWS
20:05:13:984 3832 Processor architecture: Intel x86
20:05:13:984 3832 Number of processors: 2
20:05:13:984 3832 Page size: 0x1000
20:05:13:984 3832 Boot type: Normal boot
20:05:13:984 3832 ================================================================================
20:05:14:000 3832 UnloadDriverW: NtUnloadDriver error 2
20:05:14:000 3832 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
20:05:14:015 3832 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
20:05:14:015 3832 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:05:14:015 3832 wfopen_ex: Trying to KLMD file open
20:05:14:015 3832 wfopen_ex: File opened ok (Flags 2)
20:05:14:015 3832 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
20:05:14:015 3832 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:05:14:015 3832 wfopen_ex: Trying to KLMD file open
20:05:14:015 3832 wfopen_ex: File opened ok (Flags 2)
20:05:14:015 3832 Initialize success
20:05:14:015 3832
20:05:14:015 3832 Scanning Services ...
20:05:14:453 3832 Raw services enum returned 341 services
20:05:14:468 3832
20:05:14:468 3832 Scanning Kernel memory ...
20:05:14:468 3832 Devices to scan: 5
20:05:14:468 3832
20:05:14:468 3832 Driver Name: Disk
20:05:14:468 3832 IRP_MJ_CREATE : BA0EEC30
20:05:14:468 3832 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
20:05:14:468 3832 IRP_MJ_CLOSE : BA0EEC30
20:05:14:468 3832 IRP_MJ_READ : BA0E8D9B
20:05:14:468 3832 IRP_MJ_WRITE : BA0E8D9B
20:05:14:468 3832 IRP_MJ_QUERY_INFORMATION : 804F4282
20:05:14:468 3832 IRP_MJ_SET_INFORMATION : 804F4282
20:05:14:468 3832 IRP_MJ_QUERY_EA : 804F4282
20:05:14:468 3832 IRP_MJ_SET_EA : 804F4282
20:05:14:468 3832 IRP_MJ_FLUSH_BUFFERS : BA0E9366
20:05:14:468 3832 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
20:05:14:468 3832 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
20:05:14:468 3832 IRP_MJ_DIRECTORY_CONTROL : 804F4282
20:05:14:468 3832 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
20:05:14:468 3832 IRP_MJ_DEVICE_CONTROL : BA0E944D
20:05:14:468 3832 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECFC3
20:05:14:468 3832 IRP_MJ_SHUTDOWN : BA0E9366
20:05:14:484 3832 IRP_MJ_LOCK_CONTROL : 804F4282
20:05:14:484 3832 IRP_MJ_CLEANUP : 804F4282
20:05:14:484 3832 IRP_MJ_CREATE_MAILSLOT : 804F4282
20:05:14:484 3832 IRP_MJ_QUERY_SECURITY : 804F4282
20:05:14:484 3832 IRP_MJ_SET_SECURITY : 804F4282
20:05:14:484 3832 IRP_MJ_POWER : BA0EAEF3
20:05:14:484 3832 IRP_MJ_SYSTEM_CONTROL : BA0EFA24
20:05:14:484 3832 IRP_MJ_DEVICE_CHANGE : 804F4282
20:05:14:484 3832 IRP_MJ_QUERY_QUOTA : 804F4282
20:05:14:484 3832 IRP_MJ_SET_QUOTA : 804F4282
20:05:14:500 3832 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
20:05:14:500 3832
20:05:14:500 3832 Driver Name: Disk
20:05:14:500 3832 IRP_MJ_CREATE : BA0EEC30
20:05:14:500 3832 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
20:05:14:500 3832 IRP_MJ_CLOSE : BA0EEC30
20:05:14:500 3832 IRP_MJ_READ : BA0E8D9B
20:05:14:500 3832 IRP_MJ_WRITE : BA0E8D9B
20:05:14:500 3832 IRP_MJ_QUERY_INFORMATION : 804F4282
20:05:14:500 3832 IRP_MJ_SET_INFORMATION : 804F4282
20:05:14:500 3832 IRP_MJ_QUERY_EA : 804F4282
20:05:14:500 3832 IRP_MJ_SET_EA : 804F4282
20:05:14:500 3832 IRP_MJ_FLUSH_BUFFERS : BA0E9366
20:05:14:500 3832 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
20:05:14:500 3832 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
20:05:14:500 3832 IRP_MJ_DIRECTORY_CONTROL : 804F4282
20:05:14:500 3832 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
20:05:14:500 3832 IRP_MJ_DEVICE_CONTROL : BA0E944D
20:05:14:500 3832 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECFC3
20:05:14:500 3832 IRP_MJ_SHUTDOWN : BA0E9366
20:05:14:500 3832 IRP_MJ_LOCK_CONTROL : 804F4282
20:05:14:500 3832 IRP_MJ_CLEANUP : 804F4282
20:05:14:500 3832 IRP_MJ_CREATE_MAILSLOT : 804F4282
20:05:14:500 3832 IRP_MJ_QUERY_SECURITY : 804F4282
20:05:14:500 3832 IRP_MJ_SET_SECURITY : 804F4282
20:05:14:500 3832 IRP_MJ_POWER : BA0EAEF3
20:05:14:500 3832 IRP_MJ_SYSTEM_CONTROL : BA0EFA24
20:05:14:500 3832 IRP_MJ_DEVICE_CHANGE : 804F4282
20:05:14:500 3832 IRP_MJ_QUERY_QUOTA : 804F4282
20:05:14:500 3832 IRP_MJ_SET_QUOTA : 804F4282
20:05:14:500 3832 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
20:05:14:500 3832
20:05:14:500 3832 Driver Name: Disk
20:05:14:500 3832 IRP_MJ_CREATE : BA0EEC30
20:05:14:500 3832 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
20:05:14:500 3832 IRP_MJ_CLOSE : BA0EEC30
20:05:14:500 3832 IRP_MJ_READ : BA0E8D9B
20:05:14:500 3832 IRP_MJ_WRITE : BA0E8D9B
20:05:14:500 3832 IRP_MJ_QUERY_INFORMATION : 804F4282
20:05:14:500 3832 IRP_MJ_SET_INFORMATION : 804F4282
20:05:14:500 3832 IRP_MJ_QUERY_EA : 804F4282
20:05:14:500 3832 IRP_MJ_SET_EA : 804F4282
20:05:14:500 3832 IRP_MJ_FLUSH_BUFFERS : BA0E9366
20:05:14:500 3832 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
20:05:14:500 3832 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
20:05:14:500 3832 IRP_MJ_DIRECTORY_CONTROL : 804F4282
20:05:14:500 3832 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
20:05:14:500 3832 IRP_MJ_DEVICE_CONTROL : BA0E944D
20:05:14:500 3832 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECFC3
20:05:14:500 3832 IRP_MJ_SHUTDOWN : BA0E9366
20:05:14:500 3832 IRP_MJ_LOCK_CONTROL : 804F4282
20:05:14:500 3832 IRP_MJ_CLEANUP : 804F4282
20:05:14:500 3832 IRP_MJ_CREATE_MAILSLOT : 804F4282
20:05:14:500 3832 IRP_MJ_QUERY_SECURITY : 804F4282
20:05:14:500 3832 IRP_MJ_SET_SECURITY : 804F4282
20:05:14:500 3832 IRP_MJ_POWER : BA0EAEF3
20:05:14:500 3832 IRP_MJ_SYSTEM_CONTROL : BA0EFA24
20:05:14:500 3832 IRP_MJ_DEVICE_CHANGE : 804F4282
20:05:14:500 3832 IRP_MJ_QUERY_QUOTA : 804F4282
20:05:14:500 3832 IRP_MJ_SET_QUOTA : 804F4282
20:05:14:515 3832 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
20:05:14:515 3832
20:05:14:515 3832 Driver Name: Disk
20:05:14:515 3832 IRP_MJ_CREATE : BA0EEC30
20:05:14:515 3832 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
20:05:14:515 3832 IRP_MJ_CLOSE : BA0EEC30
20:05:14:515 3832 IRP_MJ_READ : BA0E8D9B
20:05:14:515 3832 IRP_MJ_WRITE : BA0E8D9B
20:05:14:515 3832 IRP_MJ_QUERY_INFORMATION : 804F4282
20:05:14:515 3832 IRP_MJ_SET_INFORMATION : 804F4282
20:05:14:515 3832 IRP_MJ_QUERY_EA : 804F4282
20:05:14:515 3832 IRP_MJ_SET_EA : 804F4282
20:05:14:515 3832 IRP_MJ_FLUSH_BUFFERS : BA0E9366
20:05:14:515 3832 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
20:05:14:515 3832 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
20:05:14:515 3832 IRP_MJ_DIRECTORY_CONTROL : 804F4282
20:05:14:515 3832 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
20:05:14:515 3832 IRP_MJ_DEVICE_CONTROL : BA0E944D
20:05:14:515 3832 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA0ECFC3
20:05:14:515 3832 IRP_MJ_SHUTDOWN : BA0E9366
20:05:14:515 3832 IRP_MJ_LOCK_CONTROL : 804F4282
20:05:14:515 3832 IRP_MJ_CLEANUP : 804F4282
20:05:14:515 3832 IRP_MJ_CREATE_MAILSLOT : 804F4282
20:05:14:515 3832 IRP_MJ_QUERY_SECURITY : 804F4282
20:05:14:515 3832 IRP_MJ_SET_SECURITY : 804F4282
20:05:14:515 3832 IRP_MJ_POWER : BA0EAEF3
20:05:14:515 3832 IRP_MJ_SYSTEM_CONTROL : BA0EFA24
20:05:14:515 3832 IRP_MJ_DEVICE_CHANGE : 804F4282
20:05:14:515 3832 IRP_MJ_QUERY_QUOTA : 804F4282
20:05:14:515 3832 IRP_MJ_SET_QUOTA : 804F4282
20:05:14:515 3832 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
20:05:14:515 3832
20:05:14:515 3832 Driver Name: atapi
20:05:14:515 3832 IRP_MJ_CREATE : 8AD651F8
20:05:14:515 3832 IRP_MJ_CREATE_NAMED_PIPE : 804F4282
20:05:14:515 3832 IRP_MJ_CLOSE : 8AD651F8
20:05:14:515 3832 IRP_MJ_READ : 804F4282
20:05:14:515 3832 IRP_MJ_WRITE : 804F4282
20:05:14:515 3832 IRP_MJ_QUERY_INFORMATION : 804F4282
20:05:14:515 3832 IRP_MJ_SET_INFORMATION : 804F4282
20:05:14:515 3832 IRP_MJ_QUERY_EA : 804F4282
20:05:14:515 3832 IRP_MJ_SET_EA : 804F4282
20:05:14:515 3832 IRP_MJ_FLUSH_BUFFERS : 804F4282
20:05:14:515 3832 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
20:05:14:515 3832 IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
20:05:14:515 3832 IRP_MJ_DIRECTORY_CONTROL : 804F4282
20:05:14:515 3832 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
20:05:14:515 3832 IRP_MJ_DEVICE_CONTROL : 8AD651F8
20:05:14:515 3832 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8AD651F8
20:05:14:515 3832 IRP_MJ_SHUTDOWN : 804F4282
20:05:14:515 3832 IRP_MJ_LOCK_CONTROL : 804F4282
20:05:14:515 3832 IRP_MJ_CLEANUP : 804F4282
20:05:14:515 3832 IRP_MJ_CREATE_MAILSLOT : 804F4282
20:05:14:515 3832 IRP_MJ_QUERY_SECURITY : 804F4282
20:05:14:515 3832 IRP_MJ_SET_SECURITY : 804F4282
20:05:14:515 3832 IRP_MJ_POWER : 8AD651F8
20:05:14:515 3832 IRP_MJ_SYSTEM_CONTROL : 8AD651F8
20:05:14:515 3832 IRP_MJ_DEVICE_CHANGE : 804F4282
20:05:14:515 3832 IRP_MJ_QUERY_QUOTA : 804F4282
20:05:14:515 3832 IRP_MJ_SET_QUOTA : 804F4282
20:05:14:546 3832 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
20:05:14:546 3832
20:05:14:562 3832 Completed
20:05:14:562 3832
20:05:14:562 3832 Results:
20:05:14:562 3832 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
20:05:14:562 3832 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
20:05:14:562 3832 File objects infected / cured / cured on reboot: 0 / 0 / 0
20:05:14:562 3832
20:05:14:562 3832 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
20:05:14:562 3832 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
20:05:14:562 3832 KLMD(ARK) unloaded successfully

jeanmimigab · le 08 Avr 2010 22:13

re,
aucune trace de TDSS mais la dernière variante TDSS3 arrive à finter TDSSKiller...

fais cela stp..

Supprime manuellement ce fichier en gras >> c:\windows\iwexec.exe et vide ta corbeille.

* Fait un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

%SYSTEMDRIVE%\explorer.exe /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5

* Cliques sur l'icône "RunScan" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

yagami · le 08 Avr 2010 22:24

Seul OTL.txt, que voici, a été créé:

OTL logfile created on: 08/04/2010 21:18:30 - Run 2
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Youn.Youn-92D5D711\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 83,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 3,77 Gb Free Space | 19,32% Space Free | Partition Type: NTFS
Drive D: | 192,88 Gb Total Space | 23,07 Gb Free Space | 11,96% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
Drive G: | 19,53 Gb Total Space | 5,04 Gb Free Space | 25,80% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: Youn-92D5D711
Current User Name: Youn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Youn.Youn-92D5D711\Local Settings\temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe ()
PRC - C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
PRC - C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\WINDOWS\system32\lxdncoms.exe ( )
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Program Files\Menara\dslmon.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (ADSLAutoconnect) -- C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe ()
SRV - (Adobe LM Service) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (lxdn_device) -- C:\WINDOWS\System32\lxdncoms.exe ( )
SRV - (lxdnCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe ()
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (O2SDRDR) -- C:\WINDOWS\system32\drivers\o2sd.sys (O2Micro )
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro )
DRV - (IntcHdmiAddService) Intel(R) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (NETw5x32) Pilote de carte Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)
DRV - (adiusbaw) -- C:\WINDOWS\system32\drivers\adiusbaw.sys (Analog Devices Inc.)
DRV - (XBCD) -- C:\WINDOWS\system32\drivers\xbcd.sys (Redcl0ud)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ADILOADER) General Purpose USB Driver (adildr.sys) -- C:\WINDOWS\system32\drivers\adildr.sys (Analog Deivces)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-861567501-1004336348-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www2.firesearch.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: toolbar@alexa.com:1.4.9
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {B97F57B9-1B42-4aed-9475-0022600C62DC}:2.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {63b70e6a-ea9d-4de2-8166-d6c4308099ee}:1.0.12
FF - prefs.js..network.proxy.http: "shop2be01.ikoula.com"
FF - prefs.js..network.proxy.http_port: 3128

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/07 14:39:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/08 09:38:28 | 000,000,000 | ---D | M]

[2009/12/23 16:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Mozilla\Extensions
[2010/04/08 18:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions
[2010/02/28 13:08:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/12/23 17:57:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/06 16:17:37 | 000,000,000 | ---D | M] (Affiliate Espionage) -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{63b70e6a-ea9d-4de2-8166-d6c4308099ee}
[2010/03/04 15:35:34 | 000,000,000 | ---D | M] (Subtile) -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{88ce39f5-1e54-477c-809d-93d411720f0c}
[2010/03/22 19:15:12 | 000,000,000 | ---D | M] (Google Global) -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}
[2010/03/24 23:40:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/24 15:28:00 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/01/07 21:02:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/20 21:24:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\{ec9CEB59-8266-438b-91D9-82F56D595E15}
[2010/03/15 13:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\firebug@software.joehewitt.com
[2010/03/20 14:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\firefox-extension@shareaholic.com
[2010/03/18 19:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\personas@christopher.beard
[2010/02/21 12:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\savecomplete@perlprogrammer(2).com
[2010/03/09 14:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\toolbar@alexa.com
[2010/03/20 14:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\firefox-extension@shareaholic.com\chrome
[2010/03/20 14:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\extensions\firefox-extension@shareaholic.com\defaults
[2009/12/23 19:06:52 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Mozilla\Firefox\Profiles\byc9hw48.default\searchplugins\daemon-search.xml
[2010/01/12 18:38:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/13 14:22:35 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/03/13 14:22:35 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/03/13 14:22:35 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/03/13 14:22:35 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/03/23 19:44:13 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/04/08 18:27:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKU\S-1-5-21-861567501-1004336348-682003330-1003\..\Toolbar\WebBrowser: (no name) - {00000000-0002-0002-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-1004336348-682003330-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-861567501-1004336348-682003330-1003..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKU\S-1-5-21-861567501-1004336348-682003330-1003..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe (http://www.emule-project.net)
O4 - HKU\S-1-5-21-861567501-1004336348-682003330-1003..\Run: [RocketDock] C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-861567501-1004336348-682003330-1003..\Run: [SkwatAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk = C:\Program Files\Menara\dslmon.exe ()
O4 - Startup: C:\Documents and Settings\Youn.Youn-92D5D711\Menu Démarrer\Programmes\Démarrage\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Youn.Youn-92D5D711\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-1004336348-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-861567501-1004336348-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-861567501-1004336348-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-861567501-1004336348-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O7 - HKU\S-1-5-21-861567501-1004336348-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Télécharger avec Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Youn~1.YOU/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
O24 - Desktop Components:1 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Youn.Youn-92D5D711\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Youn.Youn-92D5D711\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/01 12:26:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/07 19:14:00 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/04/07 19:14:00 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/04/07 19:14:01 | 000,000,000 | R--D | M] - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/08 20:04:41 | 000,000,000 | ---D | C] -- C:\tdsskiller
[2010/04/08 18:30:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/08 18:27:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/08 11:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\Outsource Method
[2010/04/07 19:56:43 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\OTL.exe
[2010/04/07 19:50:35 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\TFC.exe
[2010/04/07 19:14:00 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2010/04/07 19:02:10 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010/04/07 18:26:36 | 000,000,000 | ---D | C] -- C:\Ad-Remover
[2010/04/07 18:26:11 | 001,328,219 | ---- | C] (C_XX) -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\AD-R.exe
[2010/04/07 17:38:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/07 17:36:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/07 17:36:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/07 17:36:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/07 17:36:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/07 17:36:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/07 17:33:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/07 15:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/07 13:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\Affiliate espionage
[2010/04/05 19:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\Nouveau dossier
[2010/04/03 23:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2010/03/28 23:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\vlc
[2010/03/28 19:29:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Malwarebytes
[2010/03/28 19:29:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/28 19:29:49 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 19:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/03/28 19:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/27 12:55:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/03/26 14:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\Overnight CPA Riches
[2010/03/25 18:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\fscapture
[2010/03/25 18:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\Documents
[2010/03/25 16:36:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Youn.Youn-92D5D711\Local Settings\Application Data\LearnPulse
[2010/03/25 16:21:39 | 000,000,000 | ---D | C] -- C:\tempocapt
[2010/03/25 16:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Capturino
[2010/03/23 21:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\SimpleOCR
[2010/03/22 16:53:02 | 000,348,160 | ---- | C] (DGP) -- C:\WINDOWS\System32\MEnc.ocx
[2010/03/22 16:53:02 | 000,348,160 | ---- | C] (DevPower Development Tools) -- C:\WINDOWS\System32\FlatBtn6.ocx
[2010/03/22 16:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\WAV to MP3 Encoder
[2010/03/20 16:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/03/20 16:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe AIR
[2010/03/17 13:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\arriere plan
[2010/03/17 13:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\Jeux
[2010/03/16 14:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Lx_cats
[2010/03/16 14:51:50 | 000,000,000 | ---D | C] -- C:\logs
[2010/03/16 14:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2010/03/16 14:50:31 | 000,102,400 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdnwupd.dll
[2010/03/16 14:50:31 | 000,017,064 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdnwupd.exe
[2010/03/16 14:50:18 | 000,524,288 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdnutil.dll
[2010/03/16 14:50:18 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
[2010/03/16 14:50:18 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
[2010/03/16 14:50:18 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2010/03/16 14:50:17 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2010/03/16 14:50:17 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2010/03/16 14:50:17 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
[2010/03/16 14:50:16 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2010/03/16 14:50:16 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2010/03/16 14:50:16 | 000,200,704 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdninsb.dll
[2010/03/16 14:50:16 | 000,147,456 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdnjswr.dll
[2010/03/16 14:50:15 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2010/03/16 14:50:15 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
[2010/03/16 14:50:15 | 000,176,128 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdnins.dll
[2010/03/16 14:50:15 | 000,114,688 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdninsr.dll
[2010/03/16 14:50:14 | 000,983,121 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lxdngf.dll
[2010/03/16 14:50:14 | 000,090,112 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdncub.dll
[2010/03/16 14:50:13 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2010/03/16 14:50:13 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
[2010/03/16 14:50:13 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2010/03/16 14:50:13 | 000,077,824 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdncu.dll
[2010/03/16 14:50:13 | 000,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxdncur.dll
[2010/03/16 14:50:12 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe
[2010/03/16 14:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 2600 Series
[2010/03/16 14:47:41 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiafbdrv.dll
[2010/03/16 14:47:41 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2010/03/16 14:47:41 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/03/15 12:29:31 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2010/03/13 22:20:03 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/13 22:20:03 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/13 22:20:03 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/13 22:19:49 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/13 22:19:49 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/03/13 13:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/03/11 21:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Apple Computer
[2010/03/11 14:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/11 14:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
[2010/03/11 14:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Apple
[2010/03/11 14:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Youn.Youn-92D5D711\Local Settings\Application Data\Apple
[2010/03/11 14:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/03/11 14:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
[2010/03/11 14:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Youn.Youn-92D5D711\Local Settings\Application Data\Apple Computer
[2009/10/01 13:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2009/10/01 13:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2009/10/01 12:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/10/01 12:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/10/01 12:26:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/01 12:26:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1998/06/29 09:03:36 | 000,099,840 | ---- | C] ( ) -- C:\WINDOWS\System32\Zipdll.dll
[1998/06/29 09:03:36 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\Unzdll.dll

========== Files - Modified Within 30 Days ==========

[2010/04/08 20:39:56 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\NTUSER.DAT
[2010/04/08 20:37:11 | 001,190,665 | ---- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\affiliategameplan.rar
[2010/04/08 20:04:37 | 000,845,916 | ---- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\Load_tdsskiller.exe
[2010/04/08 19:47:12 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\Registry Winner.lnk
[2010/04/08 18:33:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/08 18:32:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/08 18:31:44 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\ntuser.ini
[2010/04/08 18:27:46 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/08 18:27:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/08 15:56:50 | 000,672,768 | ---- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\My Goals.doc
[2010/04/08 09:38:49 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Adobe Reader 9.lnk
[2010/04/07 22:44:20 | 000,178,688 | ---- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/07 21:34:01 | 000,315,392 | ---- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Mes documents\perte de poids.msam
[2010/04/07 19:56:54 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\OTL.exe
[2010/04/07 19:50:54 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\TFC.exe
[2010/04/07 19:14:02 | 000,016,871 | ---- | M] () -- C:\UsbFix_Upload_Me_Youn-92D5D711.zip
[2010/04/07 19:01:51 | 001,776,011 | ---- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\UsbFix.exe
[2010/04/07 18:26:24 | 001,328,219 | ---- | M] (C_XX) -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\AD-R.exe
[2010/04/07 17:38:28 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/04/07 17:32:13 | 003,909,453 | R--- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\ComboFix.exe
[2010/04/07 15:36:21 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\HijackThis.lnk
[2010/04/07 14:30:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/06 11:48:05 | 027,241,668 | ---- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\Squeeze pages creator (optinease.com).zip
[2010/04/05 19:09:33 | 000,145,920 | ---- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\finasteride.doc
[2010/04/04 19:51:30 | 367,040,512 | ---- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\The.Mentalist.S02E17.FASTSUB.VOSTFR.HDTV.XviD-PTN-wWw.Extreme-Down.Com.avi
[2010/04/03 23:22:34 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Market Samurai.lnk
[2010/03/31 14:29:07 | 000,558,229 | ---- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Mes documents\pass3.pdf
[2010/03/31 13:52:10 | 000,491,752 | ---- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\Brune.pdf
[2010/03/30 19:21:05 | 366,993,408 | ---- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\Chuck.S03E11.VOSTFR.HDTV.XviD-DRAGONS-wWw.Extreme-Down.Com(2).avi
[2010/03/30 18:14:49 | 366,989,312 | ---- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\Chuck.S03E12.VOSTFR.HDTV.XviD-DRAGONS-wWw.Extreme-Down.Com.avi
[2010/03/28 19:29:54 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/26 19:56:52 | 000,001,367 | ---- | M] () -- C:\WINDOWS\ProxyChecker.INI
[2010/03/21 01:18:14 | 049,585,419 | ---- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\Secrets of Millionaire Investors.pdf
[2010/03/20 16:31:35 | 000,032,608 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/17 23:31:31 | 367,011,840 | ---- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\House.S06E14.VOSTFR.HDTV.XviD-DRAGONS-wWw.Extreme-Down.Com.avi
[2010/03/17 21:38:25 | 367,042,560 | ---- | M] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\House.S06E15.FASTSUB.VOSTFR.HDTV.XviD-ATeam-wWw.Extreme-Down.Com.avi
[2010/03/16 14:51:54 | 000,017,160 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/03/13 22:20:03 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== Files Created - No Company Name ==========

[2010/04/08 20:36:47 | 001,190,665 | ---- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\affiliategameplan.rar
[2010/04/08 20:04:28 | 000,845,916 | ---- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\Load_tdsskiller.exe
[2010/04/08 09:38:29 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Adobe Reader 9.lnk
[2010/04/07 21:21:11 | 000,315,392 | ---- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Mes documents\perte de poids.msam
[2010/04/07 19:14:02 | 000,016,871 | ---- | C] () -- C:\UsbFix_Upload_Me_Youn-92D5D711.zip
[2010/04/07 19:01:27 | 001,776,011 | ---- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\UsbFix.exe
[2010/04/07 17:38:28 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/04/07 17:38:24 | 000,263,488 | ---- | C] () -- C:\cmldr
[2010/04/07 17:36:59 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/07 17:36:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/07 17:36:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/07 17:36:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/07 17:36:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/07 17:31:05 | 003,909,453 | R--- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\ComboFix.exe
[2010/04/07 15:36:21 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\HijackThis.lnk
[2010/04/06 11:43:41 | 027,241,668 | ---- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\Squeeze pages creator (optinease.com).zip
[2010/04/04 18:33:27 | 367,040,512 | ---- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\The.Mentalist.S02E17.FASTSUB.VOSTFR.HDTV.XviD-PTN-wWw.Extreme-Down.Com.avi
[2010/04/03 23:22:34 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Market Samurai.lnk
[2010/04/03 10:28:49 | 000,145,920 | ---- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\finasteride.doc
[2010/03/31 14:28:31 | 000,558,229 | ---- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Mes documents\pass3.pdf
[2010/03/31 13:52:10 | 000,491,752 | ---- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\Brune.pdf
[2010/03/30 18:19:56 | 366,993,408 | ---- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\Chuck.S03E11.VOSTFR.HDTV.XviD-DRAGONS-wWw.Extreme-Down.Com(2).avi
[2010/03/30 17:01:01 | 366,989,312 | ---- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\Chuck.S03E12.VOSTFR.HDTV.XviD-DRAGONS-wWw.Extreme-Down.Com.avi
[2010/03/28 19:29:54 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/03/28 16:10:24 | 000,672,768 | ---- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\My Goals.doc
[2010/03/26 14:59:23 | 049,585,419 | ---- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\Secrets of Millionaire Investors.pdf
[2010/03/20 16:31:35 | 000,032,608 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/17 21:50:18 | 367,011,840 | ---- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\House.S06E14.VOSTFR.HDTV.XviD-DRAGONS-wWw.Extreme-Down.Com.avi
[2010/03/17 19:49:18 | 367,042,560 | ---- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Bureau\House.S06E15.FASTSUB.VOSTFR.HDTV.XviD-ATeam-wWw.Extreme-Down.Com.avi
[2010/03/16 14:51:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2010/03/16 14:51:30 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdncoin.dll
[2010/03/16 14:51:19 | 000,080,861 | ---- | C] () -- C:\WINDOWS\System32\lxdnprpr.chm
[2010/03/16 14:51:05 | 000,000,252 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\FastPics.log
[2010/03/16 14:50:29 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini
[2010/03/16 14:50:19 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
[2010/03/16 14:50:19 | 000,017,160 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/03/16 14:50:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2010/03/16 14:50:12 | 000,001,633 | ---- | C] () -- C:\WINDOWS\System32\lxdn.loc
[2010/03/06 13:50:27 | 000,001,367 | ---- | C] () -- C:\WINDOWS\ProxyChecker.INI
[2010/02/25 15:29:53 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swf2avi.INI
[2010/02/25 15:29:48 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/02 22:17:49 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/12 16:19:02 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/12/27 11:47:29 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/23 19:05:44 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/12/23 17:50:41 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2009/12/23 16:44:48 | 000,178,688 | ---- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/23 16:42:20 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2009/12/23 16:42:20 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2009/12/23 16:42:17 | 000,000,989 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2009/12/23 16:42:16 | 000,000,169 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2009/12/23 16:42:16 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2009/12/23 16:37:46 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\ntuser.dat.LOG
[2009/12/23 16:37:46 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\ntuser.ini
[2009/12/23 16:37:44 | 007,340,032 | ---- | C] () -- C:\Documents and Settings\Youn.Youn-92D5D711\NTUSER.DAT
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/01 16:41:38 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/06/19 20:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/11/21 00:02:39 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2007/11/20 23:44:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2007/10/02 22:51:09 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2007/04/01 09:00:28 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/04/01 08:41:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/08/03 22:54:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 09:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/03/13 22:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/02/05 13:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon
[2009/12/23 17:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Broadcom
[2009/12/28 14:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Codemasters
[2009/12/23 19:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite
[2009/12/29 19:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\eFax Messenger 4.4 Output
[2010/02/01 21:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FreeDownloadManager.ORG
[2010/01/12 16:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LogSys
[2009/12/23 17:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ralink
[2010/02/25 16:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/12/29 18:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\Softland
[2010/02/20 13:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Affilorama
[2010/02/05 13:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Babylon
[2010/03/25 16:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Capturino
[2009/12/25 15:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\DAEMON Tools Lite
[2009/12/29 19:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\eFax Messenger
[2010/04/07 19:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\FileZilla
[2010/04/08 21:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Free Download Manager
[2010/03/05 12:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\GrabPro
[2010/02/22 18:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\gtk-2.0
[2010/03/04 15:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Hensense.com
[2009/12/29 19:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\j2 Global
[2010/02/02 20:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Leawo
[2010/01/12 16:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\LogSys
[2010/03/20 16:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/12/23 17:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Notepad++
[2010/03/04 16:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Orbit
[2009/12/29 18:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Softland
[2010/01/12 16:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\Thinstall
[2010/04/01 21:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\uTorrent
[2010/03/09 14:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Youn.Youn-92D5D711\Application Data\VoipBuster

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\explorer.exe /s /md5 >
[2004/08/03 22:54:50 | 000,978,432 | ---- | M] (Microsoft Corporation) MD5=9F3B76C8CF787449A47F05ABAB4E13E6 -- C:\WINDOWS\explorer.exe
[2004/08/03 22:54:50 | 000,978,432 | ---- | M] (Microsoft Corporation) MD5=9F3B76C8CF787449A47F05ABAB4E13E6 -- C:\WINDOWS\system32\dllcache\explorer.exe

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0029\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0030\DriverFiles\i386\atapi.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:F288433A
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:94E74D1A
< End of report >

jeanmimigab · le 08 Avr 2010 22:35

hello,

Tu n'es plus infecté.... :wink:

Fais un scan avec ton anti-virus et si rien de suspect apparait, demain on désinstalle de manière automatique tous les tools utilisés pour la désinfection.

tu auras surement des alertes durant le scan qui t'indiqueront des points de restaurations infectés (system volume information) ou des zone de quarantaine des tools utilisés (\quarantine\ ou \qoobox\ etc..)

bonne nuit à demain :wink:

yagami · le 08 Avr 2010 22:43

Merci d'avoir prit de ton temps pour m'aider à désinfecter mon ordinateur.
Je lancerai un "scanne minutieux" de avast avant d'aller dormir.
J'attends demain pour que tu me dise comment me débarrasser de tous les outils que j'ai installé durant la phase de désinfection.

Bonne nuit et à demain.

yagami · le 09 Avr 2010 19:28

Juste pour dire que le scan Avast n'a rien relevé de suspect.

jeanmimigab · le 09 Avr 2010 21:27

bonsoir,

Il nous reste a désinstaller de manière automatique tous les outils utilisés pour la désinfection...

pour cela...

télécharge >>> ToolsCleaner <<< (de A.Rothstein & dj QUIOU)

Fais un double-clique dessus pour lancer le programme

Clique sur Recherche et laisse le scan se terminer (il peut durer une dizaine de minutes au maximum).

une fois la recherche lancée, ne clique pas dans la fenêtre, cela provoquerait un léger bug du programme.

Si toutes fois la mention (ne réponds pas) apparaissait dans le titre de la fenêtre ToolsCleaner, ne t'en occupes pas et laisse quand même le programme terminer son travail

Ensuite clique sur Suppression

une fois cela terminé, supprimes manuellement les fichiers suivants:

- (emplacement de ton choix) \ ToolsCleaner.exe (le fichier que tu as télécharger)
- C:\TCleaner.txt
- C:\Quoobox (si tu le trouve)

ensuite...

Pour nettoyer les fichiers temporaires,souvent source de problèmes divers,utilises:
>>Atf Cleaner<<.pas d'installation,juste un exécutable.clique sur Select All puis
sur Empty Selected,une nouvelle fenêtre va apparaître,clique sur Ok.
opération à effectuer dans chaque onglet actif de Atf Cleaner et après
chaque séance de surf sur le net.
tu peut aussi nettoyer les fichiers temporaire de firefox en cliquant sur "firefox" (en haut) et en cochant les éléments à supprimer ( ne coche pas firefox saved passewords )

ensuite

Il faut purger ta Restauration du système pour qu'elle soit exempte d'infections.
pour ce faire clique simultanément sur les touches Windows + Pause du clavier.puis coche la case
indiquée(désactiver la restauration.....)>>Appliquer>>Ok.Redémarre l'ordi>>maintenant décoche la case(désactiver la restauration.....)>>Appliquer>>Ok.

Ne pas oublier de créer un point de restauration après cette manip.

Pour ce faire Démarrer>>Exécuter>>saisir: restore/rstrui.exe valider par Entrée>>
cocher Créer un point de restauration>>cliquer sur Suivant

Saisir un nom(par exemple "pc propre") pour le point de restauration puis cliquer sur Créer.

Si tu as des questions, n'hésite pas... :wink:

bon weekend

yagami · le 09 Avr 2010 22:07

Merci encore une fois pour ton aide.

J'ai bien suivi toutes les instructions mais il reste encore quelques fichiers et dossiers créés dans "c:\" que j'aimerai bien supprimer mais avant j'aimerai avoir ton avis avant de faire une boulette :

Dossiers :
_Backup.RC
autorun.inf
Config.Msi
logs
tdsskiller
tempocapt

Fichiers :
cmldr
Boot.bak

Aussi je me demandais comment faire pour désinstaller ComboFix ?

jeanmimigab · le 10 Avr 2010 19:54

hello,

supprimes uniquement >> TDSKiller

pense à activer la protections des dossier/fichier (si tu vois autorun.inf c'est que les fichiers cachés sont affichés) :wink:

Normalement toolsclanner à désinstaller combofix, mais par sécurité tu peux faire Démarrer >> exécuter et tu coller cette citation dans la fenêtre

combofix /u

@++

Virus : win32 rootkit-gen rtk • page 2

Re: Virus : win32 rootkit-gen rtk

Re: Virus : win32 rootkit-gen rtk

Re: Virus : win32 rootkit-gen rtk

Re: Virus : win32 rootkit-gen rtk

Re: Virus : win32 rootkit-gen rtk

Re: Virus : win32 rootkit-gen rtk

Re: Virus : win32 rootkit-gen rtk

Re: Virus : win32 rootkit-gen rtk

Re: Virus : win32 rootkit-gen rtk

Re: Virus : win32 rootkit-gen rtk

Re: Virus : win32 rootkit-gen rtk

Sujets similaires

Qui est en ligne