Virus suite pubs intempestives sur Fireofx/google

Bonsoir


 


+++++++++


c'est une infection TDSS à mon avis...

1

Télécharge DDS et sauvegarde-le sur ton bureau.

Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.

Double-clique sur dds.scr pour lancer l'outil.

Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .

Clique Oui à la prochaine invite Optional Scan.

Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.

<@_@>**<@_@>**<@_@>**<@_@>**<@_@>**@_@>**<@_@><@_@>**<@_@>**<@_@>**<@_@>**

++

****
2


telecharge sur ton bureau http://support.kaspersky.com/downloads/utils/tdsskiller... , dezippe le et execute le , un rapport sera crée ici:

C:\TDSSKillerVersion_Date_Time_log.txt.<< copie_colle son contenu

tu as aussi directement l'executable là : http://support.kaspersky.com/downloads/utils/tdsskiller...

o execute le , La fenêtre suivante va s'ouvrir::



o Clique sur Start scan et laisse l'outil scanner ton disque dur sans l'interrompre et sans utiliser le PC.
o Si des fichiers infectés sont trouvées, une nouvelle fenêtre va s'ouvrir:



o Si TDSS.tdl2 est détecté l'option delete sera cochée par défaut.

o Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.

o Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.

o Si Suspicious file est indiqué, laisse l'option cochée sur Skip

o Clique sur Continue puis sur Reboot now pour redémarrer le PC.

o Copie-colle le rapport généré dans ta prochaine réponse (Il est aussi sauvegardé à la racine de ta partition système sous le nom C:\TDSSKiller_Quarantine\JJ.MM.AA_HH.MM.SS. (JJ.MM.AA date du passage de l'outil, HH.MM.SS heure de passage).

tutoriel--> http://support.kaspersky.com/viruses/solutions?qid=2082...



++++++++++++++++++++++++++++++++++++++++

bonsoir Sham,
merci de répondre,
je m'y mets et je te tiens au courant
a+

Bonsoir Sham


Post de DDS.TXT



DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by Patrice at 22:33:29 on 2011-05-22
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3067.2055 [GMT 2:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Pare-feu *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
K:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
svchost.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LGScsiCommandService.exe
k:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
K:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
K:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
K:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
K:\program files\Microsoft ActiveSync\wcescomm.exe
K:\program files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac
K:\PROGRA~1\MICROS~2\rapimgr.exe
K:\program files\BitTorrent\bittorrent.exe
K:\program files\Mozilla Firefox\firefox.exe
K:\program files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Patrice\Bureau\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title =
uURLSearchHooks: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBit1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: HistoryTriggerBHO Class: {21a88cb9-84d2-4020-a2d1-b25a21034884} - k:\program files\lg pc suite iv\linkair\LinkAirBrowserHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBit1.dll
TB: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBit1.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - k:\program files\bitdefender\bitdefender 2011\IEToolbar.dll
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "k:\program files\microsoft activesync\wcescomm.exe"
uRun: [DAEMON Tools Pro Agent] "k:\program files\daemon tools pro\DTProAgent.exe"
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [ArcSoft Connection Service] c:\program files\fichiers communs\arcsoft\connection service\bin\ACDaemon.exe
mRun: [BitDefender Antiphishing Helper] "k:\program files\bitdefender\bitdefender 2011\ieshow.exe"
mRun: [BDAgent] "k:\program files\bitdefender\bitdefender 2011\bdagent.exe"
mRun: [QuickTime Task] "k:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
mRun: [UnlockerAssistant] "k:\program files\unlocker\UnlockerAssistant.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\patrice\menu démarrer\programmes\démarrage\kill.bat
StartupFolder: c:\documents and settings\patrice\menu démarrer\programmes\démarrage\rld-da2k.exe
IE: Download with GetRight Pro - k:\program files\getright\GRdownload.htm
IE: Open with GetRight Pro Browser - k:\program files\getright\GRbrowse.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - k:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - k:\progra~1\micros~2\INetRepl.dll
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279900145687
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/...
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\patrice\application data\mozilla\firefox\profiles\rvzr2g7p.default\
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: k:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: k:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: k:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: k:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: k:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: k:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: k:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: k:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: k:\program files\quicktime\plugins\npqtplugin7.dll
FF - plugin: k:\program files\videolan\vlc\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2010-7-23 18472]
R1 BdRawPr;BdRawPr;c:\windows\system32\drivers\bdrawpr.sys [2011-2-12 12960]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [2010-11-9 47616]
R2 Updatesrv;BitDefender Desktop Update Service;k:\program files\bitdefender\bitdefender 2011\updatesrv.exe [2010-12-6 43936]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-4-22 149520]
S0 tqdk;tqdk;c:\windows\system32\drivers\orji.sys --> c:\windows\system32\drivers\orji.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-24 136176]
S3 AIDA32Driver;AIDA32Driver;\??\k:\program files\aida32 - personal system information\aida32.sys --> k:\program files\aida32 - personal system information\aida32.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-7-23 1691480]
S3 cpuz132;cpuz132;\??\c:\docume~1\patrice\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\patrice\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\k:\program files\lavalys\everest home edition\kerneld.wnt --> k:\program files\lavalys\everest home edition\kerneld.wnt [?]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-24 136176]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys --> c:\windows\system32\drivers\lgbtport.sys [?]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys --> c:\windows\system32\drivers\lgbtbus.sys [?]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys --> c:\windows\system32\drivers\lgvmodem.sys [?]
S3 Update Server;BitDefender Update Server v2;c:\program files\fichiers communs\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2010-10-11 307544]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-3-2 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2010-6-28 633424]
S4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2010-6-28 970320]
.
=============== Created Last 30 ================
.
2011-05-22 15:58:41 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-22 15:58:41 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-22 13:47:14 0 ----a-w- c:\documents and settings\patrice\application data\oembios.exe
2011-05-22 11:19:14 -------- d-sha-r- C:\cmdcons
2011-05-22 10:16:40 98816 ----a-w- c:\windows\sed.exe
2011-05-22 10:16:40 89088 ----a-w- c:\windows\MBR.exe
2011-05-22 10:16:40 256512 ----a-w- c:\windows\PEV.exe
2011-05-22 10:16:40 161792 ----a-w- c:\windows\SWREG.exe
2011-05-20 17:30:50 -------- d-----w- c:\program files\Ad-Remover
2011-05-20 17:11:57 -------- d-----w- C:\MyHosts
2011-05-19 18:04:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-16 18:53:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 09:36:55 -------- d-----w- c:\program files\fichiers communs\xing shared
2011-05-08 14:24:49 -------- d-----w- c:\documents and settings\patrice\application data\GetRight Pro
2011-05-07 17:26:51 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2011-05-06 20:38:12 -------- d-----w- c:\documents and settings\patrice\application data\Mount&Blade With Fire and Sword
2011-05-03 13:10:36 -------- d-----w- C:\Downloads
2011-05-02 20:14:12 -------- d-----w- c:\documents and settings\all users\application data\GetRight
2011-05-02 20:11:07 -------- d-----w- c:\documents and settings\patrice\application data\GetRight
2011-04-25 17:20:22 -------- d-----w- c:\program files\Trend Micro
.
==================== Find3M ====================
.
2011-05-19 18:04:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-10 09:36:25 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-03-07 23:05:39 106456 ----a-w- c:\windows\system32\drivers\bdhv.sys
2011-03-07 23:04:57 308152 ----a-w- c:\windows\system32\drivers\trufos.sys
2011-03-07 05:33:47 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36:19 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53:37 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:05:48 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:05:47 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:05:47 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:42:13 385024 ----a-w- c:\windows\system32\html.iec
2011-01-01 23:39:23 4796416 ----a-w- c:\program files\vlc-1.1.5-win32.exe
2010-07-08 08:37:14 101544 ----a-w- c:\program files\fichiers communs\LinkInstaller.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3500418AS rev.CC38 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-5
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x894A6ECC]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0xb2b14879; SUB DWORD [EBP-0x4], 0xb2b14135; PUSH EDI; CALL 0xffffffffffffdf2c; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A324AB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006e[0x8A54FF18]
5 ACPI[0xB7E73620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A4ACD98]
[0x8949F218] -> IRP_MJ_CREATE -> 0x894A6ECC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-5 -> \??\IDE#DiskST3500418AS_____________________________CC38____#5&290dbf24&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x894A6AF1
user & kernel MBR OK
sectors 976773166 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:34:16,56 ===============



Post de TDSSKiller.txt



2011/05/22 23:10:50.0734 4896 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/22 23:10:50.0843 4896 ================================================================================
2011/05/22 23:10:50.0843 4896 SystemInfo:
2011/05/22 23:10:50.0843 4896
2011/05/22 23:10:50.0843 4896 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/22 23:10:50.0843 4896 Product type: Workstation
2011/05/22 23:10:50.0843 4896 ComputerName: PATRICE-GUY
2011/05/22 23:10:50.0843 4896 UserName: Patrice
2011/05/22 23:10:50.0843 4896 Windows directory: C:\WINDOWS
2011/05/22 23:10:50.0843 4896 System windows directory: C:\WINDOWS
2011/05/22 23:10:50.0843 4896 Processor architecture: Intel x86
2011/05/22 23:10:50.0843 4896 Number of processors: 4
2011/05/22 23:10:50.0843 4896 Page size: 0x1000
2011/05/22 23:10:50.0843 4896 Boot type: Normal boot
2011/05/22 23:10:50.0843 4896 ================================================================================
2011/05/22 23:10:51.0046 4896 Initialize success
2011/05/22 23:11:10.0187 0896 ================================================================================
2011/05/22 23:11:10.0187 0896 Scan started
2011/05/22 23:11:10.0187 0896 Mode: Manual;
2011/05/22 23:11:10.0187 0896 ================================================================================
2011/05/22 23:11:10.0703 0896 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/22 23:11:10.0734 0896 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/22 23:11:10.0968 0896 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/22 23:11:11.0000 0896 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
2011/05/22 23:11:11.0046 0896 AFD (4d045f5129d7219dae08897a09fc7017) C:\WINDOWS\System32\drivers\afd.sys
2011/05/22 23:11:11.0046 0896 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 4d045f5129d7219dae08897a09fc7017, Fake md5: 7e775010ef291da96ad17ca4b17137d7
2011/05/22 23:11:11.0046 0896 AFD - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/05/22 23:11:11.0187 0896 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/05/22 23:11:11.0281 0896 AppleCharger (22e9a2616c86e9078a3e279b196d0d90) C:\WINDOWS\system32\DRIVERS\AppleCharger.sys
2011/05/22 23:11:11.0359 0896 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/22 23:11:11.0390 0896 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/22 23:11:11.0453 0896 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/22 23:11:11.0468 0896 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/22 23:11:11.0515 0896 avc3 (c6cf76384dfc739b0be55abb79ad4dc0) C:\WINDOWS\system32\drivers\avc3.sys
2011/05/22 23:11:11.0562 0896 avckf (b758a219e95c085405b1e356a8267610) C:\WINDOWS\system32\drivers\avckf.sys
2011/05/22 23:11:11.0609 0896 BDFM (54dbdd2ddb11776f1ebb85ccaba718bf) C:\WINDOWS\system32\DRIVERS\bdfm.sys
2011/05/22 23:11:11.0640 0896 bdfsfltr (4c44d82e372a87b3cb439a7f14cfef03) C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys
2011/05/22 23:11:11.0703 0896 Bdftdif (c23a8547d5ea6d0c3589961bfb7ff6d3) C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys
2011/05/22 23:11:11.0718 0896 BdRawPr (d077f523538c9fb83b3c3fae13861579) C:\WINDOWS\system32\DRIVERS\bdrawpr.sys
2011/05/22 23:11:11.0796 0896 bdselfpr (b6c3cb5978d91eabf405709fb0f0dbe9) K:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys
2011/05/22 23:11:11.0890 0896 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/22 23:11:11.0921 0896 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/05/22 23:11:11.0953 0896 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2011/05/22 23:11:11.0984 0896 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/05/22 23:11:12.0015 0896 BTHPORT (ef26202fee56f7607c6b794059df347a) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/05/22 23:11:12.0031 0896 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/05/22 23:11:12.0078 0896 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/22 23:11:12.0093 0896 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/22 23:11:12.0125 0896 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/22 23:11:12.0156 0896 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/22 23:11:12.0453 0896 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/22 23:11:12.0484 0896 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/22 23:11:12.0546 0896 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/22 23:11:12.0578 0896 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/22 23:11:12.0609 0896 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/22 23:11:12.0640 0896 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/22 23:11:12.0734 0896 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/22 23:11:12.0765 0896 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/22 23:11:12.0812 0896 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/22 23:11:12.0828 0896 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/22 23:11:12.0843 0896 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/22 23:11:12.0890 0896 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/22 23:11:12.0906 0896 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/22 23:11:12.0953 0896 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\WINDOWS\gdrv.sys
2011/05/22 23:11:12.0984 0896 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/22 23:11:13.0015 0896 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/22 23:11:13.0031 0896 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/22 23:11:13.0093 0896 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/22 23:11:13.0140 0896 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/22 23:11:13.0187 0896 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/22 23:11:13.0218 0896 InCDfs (7bfc3eda22190c0fe8c2ca19e5379da5) C:\WINDOWS\system32\drivers\InCDFs.sys
2011/05/22 23:11:13.0250 0896 InCDPass (fc4dbf18a4eb0d2fe3171471a3d0f9a8) C:\WINDOWS\system32\drivers\InCDPass.sys
2011/05/22 23:11:13.0281 0896 InCDrec (f8e7c551def07fdc12ca5cc7ae5d975b) C:\WINDOWS\system32\drivers\InCDrec.sys
2011/05/22 23:11:13.0328 0896 incdrm (31a5a3809249a326eb0ef58d563a9654) C:\WINDOWS\system32\drivers\InCDRm.sys
2011/05/22 23:11:13.0468 0896 IntcAzAudAddService (6806443ba8a66f63866f50e81ef685aa) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/22 23:11:13.0609 0896 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/22 23:11:13.0640 0896 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/22 23:11:13.0671 0896 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/22 23:11:13.0687 0896 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/22 23:11:13.0718 0896 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/22 23:11:13.0734 0896 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/22 23:11:13.0765 0896 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/22 23:11:13.0796 0896 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/22 23:11:13.0828 0896 JRAID (484836413c2348244c8008c962240c8d) C:\WINDOWS\system32\DRIVERS\jraid.sys
2011/05/22 23:11:13.0843 0896 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/22 23:11:13.0875 0896 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/22 23:11:13.0890 0896 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/22 23:11:13.0921 0896 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/22 23:11:14.0031 0896 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2011/05/22 23:11:14.0078 0896 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/22 23:11:14.0125 0896 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/22 23:11:14.0187 0896 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/05/22 23:11:14.0250 0896 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/22 23:11:14.0281 0896 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/22 23:11:14.0328 0896 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/22 23:11:14.0359 0896 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/22 23:11:14.0390 0896 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/22 23:11:14.0406 0896 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/22 23:11:14.0421 0896 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/22 23:11:14.0453 0896 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/22 23:11:14.0468 0896 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/22 23:11:14.0500 0896 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/22 23:11:14.0531 0896 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/22 23:11:14.0546 0896 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/22 23:11:14.0562 0896 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/22 23:11:14.0578 0896 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/22 23:11:14.0593 0896 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/22 23:11:14.0609 0896 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/22 23:11:14.0625 0896 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/22 23:11:14.0656 0896 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/22 23:11:14.0671 0896 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/22 23:11:14.0703 0896 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/22 23:11:14.0750 0896 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/22 23:11:14.0906 0896 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/22 23:11:15.0093 0896 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/22 23:11:15.0140 0896 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/22 23:11:15.0187 0896 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/22 23:11:15.0218 0896 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/22 23:11:15.0250 0896 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/22 23:11:15.0265 0896 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/22 23:11:15.0312 0896 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/22 23:11:15.0328 0896 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/22 23:11:15.0468 0896 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/22 23:11:15.0500 0896 project (d2a3683f5eb91fb9c38ccc8a4c7bc273) C:\WINDOWS\system32\Drivers\register.sys
2011/05/22 23:11:15.0515 0896 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/22 23:11:15.0531 0896 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/22 23:11:15.0562 0896 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/22 23:11:15.0656 0896 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/22 23:11:15.0671 0896 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/22 23:11:15.0687 0896 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/22 23:11:15.0703 0896 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/22 23:11:15.0718 0896 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/22 23:11:15.0734 0896 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/22 23:11:15.0750 0896 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/22 23:11:15.0781 0896 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/22 23:11:15.0828 0896 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/05/22 23:11:15.0875 0896 RTLE8023xp (6fc7ddf3b8d94fba7ac664452d6478d4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/05/22 23:11:15.0953 0896 SCDEmu (ee7a1b6e155258288d99be61190e1112) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/05/22 23:11:16.0000 0896 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/22 23:11:16.0015 0896 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/22 23:11:16.0031 0896 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/22 23:11:16.0062 0896 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/22 23:11:16.0125 0896 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/22 23:11:16.0218 0896 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/05/22 23:11:16.0218 0896 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/05/22 23:11:16.0218 0896 sptd - detected LockedFile.Multi.Generic (1)
2011/05/22 23:11:16.0250 0896 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/22 23:11:16.0296 0896 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/22 23:11:16.0328 0896 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/22 23:11:16.0343 0896 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/22 23:11:16.0421 0896 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/22 23:11:16.0453 0896 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/22 23:11:16.0484 0896 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/22 23:11:16.0515 0896 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/22 23:11:16.0531 0896 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/22 23:11:16.0609 0896 Trufos (29c497fc09c655b7bafcfafb6e76b8eb) C:\WINDOWS\system32\DRIVERS\Trufos.sys
2011/05/22 23:11:16.0640 0896 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/22 23:11:16.0703 0896 UnlockerDriver5 (b2af2ba8a3205a8458b61f638fb431dd) k:\Program Files\Unlocker\UnlockerDriver5.sys
2011/05/22 23:11:16.0750 0896 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/22 23:11:16.0812 0896 usbbus (f2dd4159715afa801c7916f85d2e2779) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2011/05/22 23:11:16.0843 0896 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/22 23:11:16.0859 0896 UsbDiag (41c12f229cf403a2bb2c8f4a05993c8f) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2011/05/22 23:11:16.0906 0896 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/22 23:11:16.0921 0896 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/22 23:11:16.0968 0896 USBModem (f8e0b715ecdcc4d426d1dc8bead6e0b8) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2011/05/22 23:11:17.0031 0896 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/22 23:11:17.0046 0896 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/22 23:11:17.0078 0896 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/22 23:11:17.0109 0896 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/22 23:11:17.0140 0896 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/22 23:11:17.0171 0896 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/22 23:11:17.0203 0896 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/05/22 23:11:17.0250 0896 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/22 23:11:17.0328 0896 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/22 23:11:17.0375 0896 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/22 23:11:17.0390 0896 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/22 23:11:17.0484 0896 ================================================================================
2011/05/22 23:11:17.0484 0896 Scan finished
2011/05/22 23:11:17.0484 0896 ================================================================================
2011/05/22 23:11:17.0484 4992 Detected object count: 2
2011/05/22 23:11:24.0250 4992 AFD (4d045f5129d7219dae08897a09fc7017) C:\WINDOWS\System32\drivers\afd.sys
2011/05/22 23:11:24.0250 4992 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 4d045f5129d7219dae08897a09fc7017, Fake md5: 7e775010ef291da96ad17ca4b17137d7
2011/05/22 23:11:24.0625 4992 Backup copy found, using it..
2011/05/22 23:11:24.0640 4992 C:\WINDOWS\System32\drivers\afd.sys - will be cured after reboot
2011/05/22 23:11:24.0640 4992 Rootkit.Win32.TDSS.tdl3(AFD) - User select action: Cure
2011/05/22 23:11:24.0640 4992 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/05/22 23:12:12.0406 0444 Deinitialize success


Là, je vais me faire dormir un peu les yeux
quand tu pourras, ta réponse sera la bienvenue

A+
et encore merci

bonsoir
pour ceux que ça intéresse parce que Sham ne s'est pas trompé, voilà un descriptif de ce virus qui explique comment cette sal..... peut maîtriser votre ordi. Très instructif

http://www.commentcamarche.net/faq/18103-supprimer-le-r...

Bonne lecture
A+

Bonsoir
encore un peu de ménage à faire:

Télécharge ComboFix de sUBs : Combofix
Sauvegarde-le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

<@_@>

bonjour Sham

ben j'ai 2 problèmes
- (avant Combofix) Windows refuse d'afficher les dossiers cachés

- je n'ai pas de fichier "combo.txt". A la place j'ai deux dossiers. 1 dossier Combofix et 1 dossier Qoobox . Que se passe-t-il? (j'avais déjà utilisé combofix il y a quelques jours et je pensais avoir supprimer toutes les occurrences.Est-ce que c'est ça? ou Bitedefender continue malgré que j'ai tout désactivé?)

Bonsoir
1

Télécharge Unhide.exe (de Grinler) sur ton Bureau.

Fais un double clic sur l'icône pour lancer Unhide.

Laisse l'outil tourner.



2

suprime les dossiers combofix, qoobox et recommence la procédure avec combofix.

Bonjour Sham
1 OK pour Unhide. Ça fonctionne

2
- j'ai supprimé les 2 dossiers et Combofix
- j'ai téléchargé COmbofix
- j'ai désactivé Bitdefender
- j'ai démarré Combofix

- il s’arrête en cours d'analyse sans créer de rapport
- il a recréé les 2 dossiers

- j'ai redémarré
- dans la console bios, j'ai redémarré avec la console de récupération sur c:\
- là, je suis de retour sur windows et je ne sais plus quoi faire
- j'ai oublié quelque chose? Reste-t-il des traces de Combofix dans la base de registres?

voili voilou

a +

Bonjour
laisse tomber Combofix, on va finir manuellement:

Télécharge OTL(de OldTimer) sur ton Bureau.

Double-clique sur OTL pour le lancer.

(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.

Coche également les cases à côté de Recherche Lop et Recherche Purity.

Enfin, clique sur le bouton Analyse. Le scan ne prendra pas beaucoup de temps.

Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

Héberge les rapports, puis donne leurs liens.
Utilise ceci pour les heberger: http://www.sendspace.com/

Re
voilà les fichiers d'OTL

fichier extras.txt

http://www.sendspace.com/file/my4kfx

ou
http://www.sendspace.com/file/gw8rpx

Fichier OTL.txt

http://www.sendspace.com/file/24rqme
ou
http://www.sendspace.com/file/24rqme

(Bitdefender m'avait bloqué sendspace !)

merci

re
J'ai le sentiment que tu dl tout et n'importe quoi avec ton pc, d'où tes multiples problèmes...
1

Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Sous l'onglet Personnalisation (dans le cadre blanc) en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\Patrice\Menu Démarrer\Programmes\Démarrage\kill.bat ()
O4 - Startup: C:\Documents and Settings\Patrice\Menu Démarrer\Programmes\Démarrage\rld-da2k.exe ()

:files
C:\Documents and Settings\Patrice\Application Data\sdra64.exe
C:\Documents and Settings\Patrice\Application Data\twex.exe
C:\Documents and Settings\Patrice\Application Data\twext.exe
C:\Documents and Settings\Patrice\Application Data\oembios.exe

:reg
[HKEY_CURRENT_USER\Control Panel\Desktop]
"MenuShowDelay"="100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"AlwaysUnloadDll"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"link"=hex:00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"EnableBalloonTips"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify]
"IconStreams"=-
"PastIconsStream"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole]
"SetCommand"=dword:00000001
"SecurityLevel"=dword:00000001
:commands
[emptytemp]
[reboot]

Puis clique sur le bouton Correction en haut de la fenêtre.

Laisse le programme travailler, redémarre une fois le fix terminé.

Poste le rapport qui s'affichera après redémarrage.


2

Rends toi sur ce lien : Virus Total

Clique sur Parcourir

Analyse ces fichiers en gras et poste moi les rapports. :
C:\Documents and Settings\Patrice\Bureau\s8p-angkor2000.exe
C:\Documents and Settings\Patrice\Bureau\shnk-angkor2000.exe
C:\Documents and Settings\Patrice\Bureau\home-angkor2000.exe


3

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées :

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.

Poste ce rapport.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!

[#FF0000]Aide :

Comment utiliser MBAM.

bonsoir Sham

c'est possible, on est plusieurs sur cet ordinateur et je ne vérifie pas souvent

1 - Post de OTL Personnalisation
OTL logfile created on: 25/05/2011 11:41:26 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Patrice\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 190,43 Gb Total Space | 171,40 Gb Free Space | 90,01% Space Free | Partition Type: NTFS
Drive K: | 275,33 Gb Total Space | 263,56 Gb Free Space | 95,73% Space Free | Partition Type: NTFS

Computer Name: PATRICE-GUY | User Name: Patrice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Patrice\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - K:\program files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - K:\program files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
PRC - K:\program files\BitDefender\BitDefender 2011\vsserv.exe (BitDefender S.R.L.)
PRC - K:\program files\BitDefender\BitDefender 2011\updatesrv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\system32\LGScsiCommandService.exe (Mobile Leader Co.,Ltd.)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - k:\program files\CDBurnerXP\NMSAccessU.exe ()
PRC - K:\program files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - K:\program files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - K:\program files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - K:\program files\Microsoft Office\Office\WINWORD.EXE (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Patrice\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll (Microsoft Corporation)
MOD - K:\program files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - K:\program files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - K:\program files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - K:\program files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - K:\program files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - K:\program files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - K:\program files\BitDefender\BitDefender 2011\Active Virus Control\Midas_000_001\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (VSSERV) -- K:\Program Files\BitDefender\BitDefender 2011\vsserv.exe (BitDefender S.R.L.)
SRV - (UPDATESRV) -- K:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe (BitDefender S.R.L.)
SRV - (Update Server) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender)
SRV - (ACDaemon) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (LGScsiCommandService) -- C:\WINDOWS\system32\LGScsiCommandService.exe (Mobile Leader Co.,Ltd.)
SRV - (wlidsvc) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (NMSAccessU) -- k:\program files\CDBurnerXP\NMSAccessU.exe ()
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (NMIndexingService) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (Nero AG)


========== Driver Services (SafeList) ==========

DRV - (Trufos) -- C:\WINDOWS\system32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (bdselfpr) -- K:\program files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender LLC)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (Bdftdif) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender)
DRV - (avckf) -- C:\WINDOWS\system32\drivers\avckf.sys (BitDefender)
DRV - (avc3) -- C:\WINDOWS\system32\drivers\avc3.sys (BitDefender)
DRV - (bdrawpr) -- C:\WINDOWS\system32\drivers\bdrawpr.sys (BITDEFENDER LLC)
DRV - (BDFM) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (AppleCharger) -- C:\WINDOWS\system32\drivers\AppleCharger.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1004\..\URLSearchHook: {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBit1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/07/24 21:58:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/17 18:26:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/17 18:26:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: K:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2011/05/25 09:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/10 11:36:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: K:\program files\Mozilla Firefox\components [2011/05/10 11:36:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: K:\program files\Mozilla Firefox\plugins [2011/05/19 20:04:14 | 000,000,000 | ---D | M]

[2011/04/03 14:57:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patrice\Application Data\Mozilla\Extensions
[2010/10/03 17:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patrice\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/04/10 09:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Patrice\Application Data\Mozilla\Firefox\Profiles\rvzr2g7p.default\extensions
[2011/04/07 11:48:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Patrice\Application Data\Mozilla\Firefox\Profiles\rvzr2g7p.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
File not found (No name found) --
[2011/05/10 11:36:53 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\DOCUMENTS AND SETTINGS\PATRICE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RVZR2G7P.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2011/05/19 20:04:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/19 20:04:16 | 000,000,000 | ---D | M] (Java Console) -- K:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/05/22 13:34:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - K:\program files\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (BittorrentBar_FR Toolbar) - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBit1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - K:\program files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (BittorrentBar_FR Toolbar) - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBit1.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (BittorrentBar_FR Toolbar) - {EF79F67A-6AD7-4715-A0F8-932FCA442023} - C:\Program Files\BittorrentBar_FR\tbBit1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (BittorrentBar_FR Toolbar) - {EF79F67A-6AD7-4715-A0F8-932FCA442023} - C:\Program Files\BittorrentBar_FR\tbBit1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1960408961-1767777339-839522115-1004\..\Toolbar\WebBrowser: (BittorrentBar_FR Toolbar) - {EF79F67A-6AD7-4715-A0F8-932FCA442023} - C:\Program Files\BittorrentBar_FR\tbBit1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BDAgent] K:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] K:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1004..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1004..\Run: [DAEMON Tools Pro Agent] K:\program files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1004..\Run: [H/PC Connection Agent] K:\program files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Patrice\Menu Démarrer\Programmes\Démarrage\kill.bat ()
O4 - Startup: C:\Documents and Settings\Patrice\Menu Démarrer\Programmes\Démarrage\rld-da2k.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-1767777339-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1960408961-1767777339-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Download with GetRight Pro - k:\program files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Pro Browser - k:\program files\GetRight\GRBrowse.htm ()
O9 - Extra 'Tools' menuitem : Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - K:\program files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - K:\program files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls... (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Co... (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-wind... (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-wind... (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-wind... (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Patrice\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patrice\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/23 21:24:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2ac588f3-ceee-11df-917d-6cf049b52535}\Shell\AutoRun\command - "" = L:\InstallTomTomHOME.exe
O33 - MountPoints2\{8f039415-969d-11df-925e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8f039415-969d-11df-925e-806d6172696f}\Shell\AutoRun\command - "" = D:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/25 11:39:10 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patrice\Bureau\OTL.exe
[2011/05/25 09:29:10 | 000,106,456 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdhv.sys.upd
[2011/05/25 08:47:10 | 000,012,960 | ---- | C] (BITDEFENDER LLC) -- C:\WINDOWS\System32\drivers\bdrawpr.sys
[2011/05/25 08:35:17 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/05/25 08:29:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/25 08:25:39 | 004,293,168 | R--- | C] (Swearware) -- C:\Documents and Settings\Patrice\Bureau\ComboFix.exe
[2011/05/24 13:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/05/24 13:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/05/22 23:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrice\Bureau\Anti virus
[2011/05/22 17:58:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Patrice\Recent
[2011/05/22 14:23:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/22 13:19:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/22 12:16:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/22 12:16:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/22 12:16:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/22 12:16:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/22 12:16:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/20 19:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2011/05/20 19:11:57 | 000,000,000 | ---D | C] -- C:\MyHosts
[2011/05/19 20:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java
[2011/05/19 20:04:14 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/19 20:04:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/19 20:04:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/19 20:04:14 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/16 20:53:49 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/15 21:03:48 | 000,590,401 | ---- | C] (CheatHappens) -- C:\Documents and Settings\Patrice\Bureau\shnk-angkor2000.exe
[2011/05/15 19:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrice\Bureau\Shank
[2011/05/14 15:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/14 12:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/10 11:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\xing shared
[2011/05/10 11:36:48 | 000,198,848 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/05/10 11:36:28 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/05/10 11:36:28 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/05/10 11:36:27 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/05/10 11:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Real
[2011/05/10 11:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011/05/10 11:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrice\Application Data\Real
[2011/05/08 16:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrice\Application Data\GetRight Pro
[2011/05/08 16:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\GetRight
[2011/05/07 21:00:07 | 000,746,008 | ---- | C] (CheatHappens) -- C:\Documents and Settings\Patrice\Bureau\s8p-angkor2000.exe
[2011/05/07 20:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrice\Bureau\section 8 prej
[2011/05/07 20:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\TimeGate Studios
[2011/05/06 22:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrice\Application Data\Mount&Blade With Fire and Sword
[2011/05/06 17:26:37 | 000,725,028 | ---- | C] (CheatHappens) -- C:\Documents and Settings\Patrice\Bureau\home-angkor2000.exe
[2011/05/06 16:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrice\Bureau\Homefront
[2011/05/05 22:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\THQ
[2011/05/05 18:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\EA
[2011/05/03 15:10:36 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/05/02 22:14:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GetRight
[2011/05/02 22:11:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrice\Application Data\GetRight
[2011/04/29 21:47:47 | 001,309,249 | ---- | C] (CheatHappens) -- C:\Documents and Settings\Patrice\Bureau\kill-angkor2000.exe
[2011/04/29 21:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrice\Bureau\killing floor
[2011/04/25 19:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/25 19:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis
[4 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2866 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/25 11:39:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrice\Bureau\OTL.exe
[2011/05/25 11:15:00 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/25 10:07:44 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-1767777339-839522115-1004.job
[2011/05/25 10:07:44 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-1767777339-839522115-1004.job
[2011/05/25 09:52:48 | 000,184,320 | ---- | M] () -- C:\Documents and Settings\Patrice\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/25 09:29:10 | 000,106,456 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdhv.sys.upd
[2011/05/25 08:53:43 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/25 08:53:43 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/05/25 08:53:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/25 08:47:18 | 001,049,713 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2011/05/25 08:44:24 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9E96C493-848B-43C7-8698-8BF9F22B501B}.job
[2011/05/25 08:42:30 | 000,000,360 | RHS- | M] () -- C:\boot.ini
[2011/05/25 08:36:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Patrice\Application Data\sdra64.exe
[2011/05/25 08:34:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Patrice\Application Data\twex.exe
[2011/05/25 08:29:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/25 08:28:57 | 000,137,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/25 08:25:47 | 004,293,168 | R--- | M] (Swearware) -- C:\Documents and Settings\Patrice\Bureau\ComboFix.exe
[2011/05/25 08:11:06 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Patrice\Bureau\Explorateur Windows.lnk
[2011/05/24 08:36:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Patrice\Application Data\twext.exe
[2011/05/22 23:02:21 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/05/22 15:47:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Patrice\Application Data\oembios.exe
[2011/05/22 13:34:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/19 20:04:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/05/19 20:04:04 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/19 20:04:04 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/19 20:04:04 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/19 20:04:04 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/05/19 19:57:29 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/19 10:12:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/15 21:34:16 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\Patrice\Bureau\Raccourci vers Shank.exe.lnk
[2011/05/15 10:12:24 | 000,590,401 | ---- | M] (CheatHappens) -- C:\Documents and Settings\Patrice\Bureau\shnk-angkor2000.exe
[2011/05/10 11:36:48 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/05/10 11:36:28 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/05/10 11:36:28 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/05/10 11:36:27 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/05/07 20:27:33 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Section 8 Prejudice.lnk
[2011/05/07 11:58:08 | 000,746,008 | ---- | M] (CheatHappens) -- C:\Documents and Settings\Patrice\Bureau\s8p-angkor2000.exe
[2011/05/06 08:25:12 | 000,725,028 | ---- | M] (CheatHappens) -- C:\Documents and Settings\Patrice\Bureau\home-angkor2000.exe
[2011/05/05 22:08:20 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Homefront.lnk
[2011/05/05 18:42:55 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Bulletstorm.lnk
[2011/05/01 15:07:50 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Patrice\Bureau\Raccourci (2) vers KillingFloor.exe.lnk
[2011/04/29 11:38:02 | 001,309,249 | ---- | M] (CheatHappens) -- C:\Documents and Settings\Patrice\Bureau\kill-angkor2000.exe
[2011/04/25 19:20:22 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Patrice\Bureau\HijackThis.lnk
[4 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2866 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/25 08:36:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Patrice\Application Data\sdra64.exe
[2011/05/25 08:34:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Patrice\Application Data\twex.exe
[2011/05/24 08:36:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Patrice\Application Data\twext.exe
[2011/05/22 15:47:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Patrice\Application Data\oembios.exe
[2011/05/22 13:19:18 | 000,000,250 | ---- | C] () -- C:\Boot.bak
[2011/05/22 13:19:17 | 000,263,488 | RHS- | C] () -- C:\cmldr
[2011/05/22 12:16:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/22 12:16:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/22 12:16:40 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/22 12:16:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/22 12:16:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/15 21:34:16 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Patrice\Bureau\Raccourci vers Shank.exe.lnk
[2011/05/14 12:17:47 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/05/14 12:17:47 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/05/07 20:27:33 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Section 8 Prejudice.lnk
[2011/05/07 16:56:06 | 000,156,160 | ---- | C] () -- C:\Documents and Settings\Patrice\Bureau\homefront_v1.0.378564_trn+7.exe
[2011/05/05 22:08:20 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Homefront.lnk
[2011/05/05 18:42:55 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Bulletstorm.lnk
[2011/05/01 15:07:50 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Patrice\Bureau\Raccourci (2) vers KillingFloor.exe.lnk
[2011/04/25 19:20:22 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Patrice\Bureau\HijackThis.lnk
[2011/03/08 09:30:26 | 000,000,114 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/02/12 21:07:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\imblacklist.dat
[2011/02/11 23:18:45 | 001,049,713 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2011/01/02 16:26:08 | 005,052,280 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/01/02 16:26:08 | 000,013,783 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/01/02 01:38:54 | 004,796,416 | ---- | C] () -- C:\Program Files\vlc-1.1.5-win32.exe
[2011/01/01 14:32:48 | 000,000,127 | -HS- | C] () -- C:\WINDOWS\E88D4.exe
[2010/12/09 19:25:22 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/09 19:25:21 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/09 19:25:21 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/09 19:25:15 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/11/30 10:58:22 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2010/11/30 00:08:51 | 000,001,950 | ---- | C] () -- C:\WINDOWS\System32\drivers\REGISTER.SYS
[2010/09/16 03:08:55 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/09/10 20:56:18 | 000,000,120 | ---- | C] () -- C:\WINDOWS\disney.ini
[2010/08/15 10:32:07 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Patrice\Application Data\$_hpcst$.hpc
[2010/08/04 09:30:18 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2010/08/04 09:30:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2010/08/04 08:41:41 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/04 08:41:41 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/02 10:27:24 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/28 14:46:03 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEC64Euro.ini
[2010/07/25 04:06:15 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/25 04:06:11 | 000,184,320 | ---- | C] () -- C:\Documents and Settings\Patrice\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/24 21:19:00 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/24 21:02:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/24 20:49:56 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/07/24 08:49:05 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Patrice\Local Settings\Application Data\fusioncache.dat
[2010/07/23 23:15:34 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/23 23:12:25 | 000,137,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/23 21:40:23 | 000,018,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\AppleCharger.sys
[2010/07/23 21:39:29 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\XSrvSetup.exe
[2010/07/23 21:39:26 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/07/23 21:30:25 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2010/07/23 21:30:25 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2010/07/23 21:26:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/23 21:21:51 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/23 17:09:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/07/23 17:09:01 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/07/23 17:09:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/07/23 17:09:00 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/07/23 17:09:00 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/07/08 09:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Fichiers communs\LinkInstaller.exe
[2010/04/02 18:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/02/12 13:56:34 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\StarOpen.sys
[2008/05/26 22:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 22:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 22:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/03/02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/02 14:00:00 | 000,574,366 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2006/03/02 14:00:00 | 000,480,696 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/02 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2006/03/02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/02 14:00:00 | 000,103,354 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2006/03/02 14:00:00 | 000,079,152 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/02 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2006/03/02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/02 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/02/24 18:04:44 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2005/02/24 18:04:43 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Patrice\Application Data\PnkBstrK.sys
[2005/02/24 18:04:26 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2005/02/24 18:04:25 | 002,506,752 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2005/02/24 18:04:25 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2001/09/04 04:04:00 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT

========== LOP Check ==========

[2011/04/03 14:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\BitDefender
[2010/07/25 09:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2011/02/24 19:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bdch
[2011/02/12 13:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/10/22 11:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/01/01 14:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/07/25 12:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/10/22 14:43:15 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011/03/25 15:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dumps
[2011/03/26 13:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011/03/26 13:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/05/18 04:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GetRight
[2010/12/18 08:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/08/05 19:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SEGA Corporation
[2011/05/15 19:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2010/10/03 17:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/08/14 23:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/04/20 14:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2011/02/14 01:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\QuickScan
[2011/02/15 16:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\QuickScan
[2010/07/24 20:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\ACD Systems
[2010/12/07 00:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\Amazon
[2010/08/04 08:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\AVSMedia
[2010/08/04 15:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\Bioshock2
[2011/02/12 13:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\BitDefender
[2011/05/23 09:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\BitTorrent
[2011/01/02 16:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\CDBurnerXP_Soft
[2010/10/22 11:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\DAEMON Tools Lite
[2005/02/24 17:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\DAEMON Tools Pro
[2011/05/25 11:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\DNA
[2010/11/28 10:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\DriverCure
[2010/08/04 13:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\FreeArc
[2011/05/06 13:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\GetRight
[2011/05/08 16:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\GetRight Pro
[2010/08/15 10:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\GoPal Assistant
[2010/07/29 18:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\Leadertech
[2011/05/06 22:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\Mount&Blade With Fire and Sword
[2010/11/28 10:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\ParetoLogic
[2011/02/12 00:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\QuickScan
[2010/11/13 04:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\Reasonable Software House Ltd
[2010/12/02 17:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\SystemRequirementsLab
[2010/10/03 17:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\TomTom
[2010/09/15 10:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\Touchstone
[2010/07/23 18:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\Windows Desktop Search
[2010/08/15 11:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patrice\Application Data\Windows Search
[2011/05/25 08:44:24 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9E96C493-848B-43C7-8698-8BF9F22B501B}.job

========== Purity Check ==========



< End of report >


Post de virustotal

C:\Documents and Settings\Patrice\Bureau\s8p-angkor2000.exe :

s8p-angkor2000.exeSubmission date: 2011-05-25 15:18:00 (UTC)Current status: finishedResult: 2/ 42 (4.8%) VT Community not reviewed Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.05.25.01 2011.05.25 -
AntiVir 7.11.8.137 2011.05.25 HEUR/Malware
Antiy-AVL 2.0.3.7 2011.05.25 -
Avast 4.8.1351.0 2011.05.25 -
Avast5 5.0.677.0 2011.05.25 -
AVG 10.0.0.1190 2011.05.25 -
BitDefender 7.2 2011.05.25 -
CAT-QuickHeal 11.00 2011.05.25 -
ClamAV 0.97.0.0 2011.05.25 -
Commtouch 5.3.2.6 2011.05.25 -
Comodo 8829 2011.05.25 -
DrWeb 5.0.2.03300 2011.05.25 -
eSafe 7.0.17.0 2011.05.24 -
eTrust-Vet 36.1.8347 2011.05.25 -
F-Prot 4.6.2.117 2011.05.24 -
F-Secure 9.0.16440.0 2011.05.25 -
Fortinet 4.2.257.0 2011.05.25 -
GData 22 2011.05.25 -
Ikarus T3.1.1.104.0 2011.05.25 -
Jiangmin 13.0.900 2011.05.25 -
K7AntiVirus 9.103.4713 2011.05.24 -
Kaspersky 9.0.0.837 2011.05.25 -
McAfee 5.400.0.1158 2011.05.25 -
McAfee-GW-Edition 2010.1D 2011.05.25 -
Microsoft 1.6903 2011.05.25 -
NOD32 6151 2011.05.25 -
Norman 6.07.07 2011.05.25 W32/Obfuscated.CZ!genr
nProtect 2011-05-25.03 2011.05.25 -
Panda 10.0.3.5 2011.05.25 -
PCTools 7.0.3.5 2011.05.19 -
Prevx 3.0 2011.05.25 -
Rising 23.59.02.05 2011.05.25 -
Sophos 4.65.0 2011.05.25 -
SUPERAntiSpyware 4.40.0.1006 2011.05.25 -
Symantec 20111.1.0.186 2011.05.25 -
TheHacker 6.7.0.1.207 2011.05.25 -
TrendMicro 9.200.0.1012 2011.05.25 -
TrendMicro-HouseCall 9.200.0.1012 2011.05.25 -
VBA32 3.12.16.0 2011.05.25 -
VIPRE 9385 2011.05.25 -
ViRobot 2011.5.25.4478 2011.05.25 -
VirusBuster 13.6.370.1 2011.05.24 -
Additional information
MD5 : 22be923b09b01642afe957c0d5086f3b
SHA1 : 6b744aaebfb09c5865452357eb0c7e8cfb376c3c
SHA256: 6a1cf723a995d9a3521c15d41ead69d4f096d0c400b4a6621db1e2552e853c36


post de C:\Documents and Settings\Patrice\Bureau\shnk-angkor2000.exe

shnk-angkor2000.exeSubmission date: 2011-05-25 15:15:21 (UTC)Current status: finishedResult: 4/ 42 (9.5%) VT Community not reviewed Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.05.25.01 2011.05.25 -
AntiVir 7.11.8.137 2011.05.25 -
Antiy-AVL 2.0.3.7 2011.05.25 -
Avast 4.8.1351.0 2011.05.25 -
Avast5 5.0.677.0 2011.05.25 -
AVG 10.0.0.1190 2011.05.25 -
BitDefender 7.2 2011.05.25 -
CAT-QuickHeal 11.00 2011.05.25 -
ClamAV 0.97.0.0 2011.05.25 -
Commtouch 5.3.2.6 2011.05.25 -
Comodo 8829 2011.05.25 -
DrWeb 5.0.2.03300 2011.05.25 -
eSafe 7.0.17.0 2011.05.24 -
eTrust-Vet 36.1.8347 2011.05.25 -
F-Prot 4.6.2.117 2011.05.24 -
F-Secure 9.0.16440.0 2011.05.25 -
Fortinet 4.2.257.0 2011.05.25 -
GData 22 2011.05.25 -
Ikarus T3.1.1.104.0 2011.05.25 -
Jiangmin 13.0.900 2011.05.25 -
K7AntiVirus 9.103.4713 2011.05.24 -
Kaspersky 9.0.0.837 2011.05.25 -
McAfee 5.400.0.1158 2011.05.25 -
McAfee-GW-Edition 2010.1D 2011.05.25 Heuristic.BehavesLike.Win32.Suspicious.D
Microsoft 1.6903 2011.05.25 -
NOD32 6151 2011.05.25 a variant of Win32/GameHack.F
Norman 6.07.07 2011.05.25 W32/Obfuscated.CZ!genr
nProtect 2011-05-25.03 2011.05.25 -
Panda 10.0.3.5 2011.05.25 -
PCTools 7.0.3.5 2011.05.19 -
Prevx 3.0 2011.05.25 -
Rising 23.59.02.05 2011.05.25 -
Sophos 4.65.0 2011.05.25 Sus/UnkPack-C
SUPERAntiSpyware 4.40.0.1006 2011.05.25 -
Symantec 20111.1.0.186 2011.05.25 -
TheHacker 6.7.0.1.207 2011.05.25 -
TrendMicro 9.200.0.1012 2011.05.25 -
TrendMicro-HouseCall 9.200.0.1012 2011.05.25 -
VBA32 3.12.16.0 2011.05.25 -
VIPRE 9385 2011.05.25 -
ViRobot 2011.5.25.4478 2011.05.25 -
VirusBuster 13.6.370.1 2011.05.24 -
Additional information
MD5 : 930815fd816f61e0495a4d75eff732ed
SHA1 : 2380bfedc85bf0e40d4ac90dc9eeccff893b1cb1
SHA256: 80e5324ecea9ae918ad41305395eaf6365e19c61cae08a4b9a1595af551fb388

post de C:\Documents and Settings\Patrice\Bureau\home-angkor2000.exe :

user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: home-angkor2000.exeSubmission date: 2011-05-25 15:10:52 (UTC)Current status: finishedResult: 2/ 41 (4.9%) VT Community not reviewed Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.05.25.01 2011.05.25 -
AntiVir 7.11.8.137 2011.05.25 HEUR/Malware
Antiy-AVL 2.0.3.7 2011.05.25 -
Avast 4.8.1351.0 2011.05.25 -
Avast5 5.0.677.0 2011.05.25 -
AVG 10.0.0.1190 2011.05.25 -
CAT-QuickHeal 11.00 2011.05.25 -
ClamAV 0.97.0.0 2011.05.25 -
Commtouch 5.3.2.6 2011.05.25 -
Comodo 8829 2011.05.25 -
DrWeb 5.0.2.03300 2011.05.25 -
Emsisoft 5.1.0.5 2011.05.25 -
eSafe 7.0.17.0 2011.05.24 -
eTrust-Vet 36.1.8347 2011.05.25 -
F-Prot 4.6.2.117 2011.05.24 -
F-Secure 9.0.16440.0 2011.05.25 -
Fortinet 4.2.257.0 2011.05.25 -
Ikarus T3.1.1.104.0 2011.05.25 -
Jiangmin 13.0.900 2011.05.25 -
K7AntiVirus 9.103.4713 2011.05.24 -
Kaspersky 9.0.0.837 2011.05.25 -
McAfee 5.400.0.1158 2011.05.25 -
McAfee-GW-Edition 2010.1D 2011.05.25 -
Microsoft 1.6903 2011.05.25 -
NOD32 6151 2011.05.25 -
Norman 6.07.07 2011.05.25 W32/Obfuscated.CZ!genr
nProtect 2011-05-25.03 2011.05.25 -
Panda 10.0.3.5 2011.05.25 -
PCTools 7.0.3.5 2011.05.19 -
Prevx 3.0 2011.05.25 -
Rising 23.59.02.05 2011.05.25 -
Sophos 4.65.0 2011.05.25 -
SUPERAntiSpyware 4.40.0.1006 2011.05.25 -
Symantec 20111.1.0.186 2011.05.25 -
TheHacker 6.7.0.1.207 2011.05.25 -
TrendMicro 9.200.0.1012 2011.05.25 -
TrendMicro-HouseCall 9.200.0.1012 2011.05.25 -
VBA32 3.12.16.0 2011.05.25 -
VIPRE 9385 2011.05.25 -
ViRobot 2011.5.25.4478 2011.05.25 -
VirusBuster 13.6.370.1 2011.05.24 -
Additional information
MD5 : 497a08dfda4da814a031daaabf7d1b4c
SHA1 : 11d3f7e3877819e7fe0319d93a664ae46e5de781
SHA256: 57c2f6f1bf79107ef0ba3986859efc549de073a1ff4a574b8bbc476bc230f840

NB Ces 3 petits programmes sont en fait des "trainer". Ces programmes modifient le programme d'un jeu pour obtenir par exemple des vies infinies. Mais le site certifie que les anti-virus les associe à des virus. C'est tout ce que je sais

3 MAlware

Avait détecté un virus que Bitdefender a supprimé puisque j'avais oublié de l’arrêter.Je ne sais donc pas de quel fichier il s'agit

Voilà.
C'est grave, docteur?

En tout cas, tu fais un sacré boulot

A bientôt

Bonsoir
tu ne postes pas les bons rapports...

1-le rapport OTL de suppression est généré dans le dossier C:\ _OTL\MovedFiles avec la date et l'heure du passage de l'outil
poste-le moi stp

2

Poste le rapport MBAM, je veux le rapport, pas tes interprétations  
Aide :

Comment utiliser MBAM.

Bonsoir

voilà
1- rapport OTL

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
C:\Documents and Settings\Patrice\Menu Démarrer\Programmes\Démarrage\kill.bat moved successfully.
C:\Documents and Settings\Patrice\Menu Démarrer\Programmes\Démarrage\rld-da2k.exe moved successfully.
========== FILES ==========
C:\Documents and Settings\Patrice\Application Data\sdra64.exe moved successfully.
C:\Documents and Settings\Patrice\Application Data\twex.exe moved successfully.
C:\Documents and Settings\Patrice\Application Data\twext.exe moved successfully.
C:\Documents and Settings\Patrice\Application Data\oembios.exe moved successfully.
========== REGISTRY ==========
HKEY_CURRENT_USER\Control Panel\Desktop\\"MenuShowDelay"|"100" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\\"AlwaysUnloadDll"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun"|dword:000000ff /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\"NoDriveTypeAutoRun"|dword:000000ff /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\\"link"|hex:00,00,00,00 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"EnableBalloonTips"|dword:00000000 /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify\\IconStreams deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify\\PastIconsStream deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\\"SetCommand"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\\"SecurityLevel"|dword:00000001 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 805666 bytes
->Flash cache emptied: 456 bytes

User: Patrice
->Temp folder emptied: 849769 bytes
->Temporary Internet Files folder emptied: 980417540 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 204118115 bytes
->Flash cache emptied: 14480 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3753787 bytes
%systemroot%\System32 .tmp files removed: 274432 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66105 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 12627695 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 147,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05252011_170352

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

2 Malware
tu m'avais dit ça:
"~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le. "
...il n'avait rien trouvé (je sais pas faire les smylies )

Post:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6686

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26/05/2011 21:55:16
mbam-log-2011-05-26 (21-55-16).txt

Type d'examen: Examen complet (C:\|K:\|)
Elément(s) analysé(s): 228349
Temps écoulé: 23 minute(s), 7 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

bonne soirée

re
on va réessayer une passe avec combofix, mais on va feinter...


Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

mais attention, vu que ton infection semble faire planter les outils, il faut feinter pour que tu puisses lancer combofix donc:
renomme Combofix en Combo-Fix avant de lancer le téléchargement comme suit:
http://forum.pcastuces.com/combofix___renommer_au_telec...

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

+++++++++

bonsoir Sham

- j'ai désactivé Bitdefender et verifié qu'aucun antispy n'était actif
- j'ai téléchargé Combofix
- je l'ai renommé en Combi-fix
- je l'ai activé
- il charge ses fichiers
- fait un point de restauration
- commence une analyse
- disparait sans créer de fichier TXT
- il crée les fichiers Combi-fix, Combi-fix 18805C et Qoobox
- je redémarre manuellement : pas de changement

NB c'est la troisième fois que je l'utilise et il ne me demande plus de créer la console ni le reste

voilà

Merci
A +

Bonsoir
bizarre tout ça...

Comment se comporte ton pc?


Clique ICI pour lancer une ligne de scannner ESET.

Impératif: pour ce scan utiliser Internet Explorer
Coche Yes ,I accept the Terms of Use
Clique sur Start
Autorisez le contrôle ActiveX
Clique sur Start
Coche les options suivantes: Remove found threats et Scan archives
Clique sur Start
Attend la fin du scan
Utilise le Bloc-notes pour ouvrir le rapport situé dans C:\Program Files\ESET\ESET online Scanner\log.txt
Copie et colle ce rapport dans ta prochaine réponse.

AIDE


++++++++++++++++

Bonsoir Sham
excuses pour le retard à l'allumage : boulot !!

Mon PC se comporte beaucoup mieux. Je n'ai plus de pubs et Firefox ne redémarre plus à tout bout de champ

le rapport d'ESET :

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=c5dc2c75b65e154b8c8f05ff260a7868
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-31 05:36:55
# local_time=2011-05-31 07:36:55 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 3106196 3106196 0 0
# compatibility_mode=8192 67108863 100 0 141 141 0 0
# scanned=96553
# found=0
# cleaned=0
# scan_time=5199


Bonne soirée et encore merci

Bonsoir

pareil... (en ajoutant les gosses   )

+++++++++++



Supprime/Désinstalle tous les programmes utilisés pour la désinfection.
(mais garde Malwarebytes' Anti-Malware pour faire des scan réguliers (en n'omettant pas de le mettre à jour)

Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

Lire aussi:

Antispyware gratuit : ça sert à rien!


~Clique, sur ton premier message, sur le bouton "Editer" et marque [résolu] dans le titre.

Clique ensuite sur "Valider votre message"

Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

 

+++