Hello BOB

Tout d'abord on dit "faire caca " et non "chier"....

Ton scan montre bien une infection....
Pour + d'infos peux-tu faire ceci stp:


Télécharges RSIT (de random/random) sur le bureau ici :

http://images.malwareremoval.com/random/RSIT.exe

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenu de log.txt plus info.txt (réduit ds la barre de taches) à la fin de l’analyse .

Les rapports sont dans le dossier ici C:\rsit
a+

Logfile of random's system information tool 1.06 (written by random/random)
Run by bob at 2009-06-24 20:18:20
WIN_XP Service Pack 3
System drive C: has 418 GB (88%) free of 477 GB
Total RAM: 3070 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:40, on 24/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
C:\Program Files\TrojanHunter 5.1\THGuard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
C:\Program Files\TuneUp Utilities 2009\Shredder.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\bob\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bob.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.1\THGuard.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-1000\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-329068152-1592454029-1417001333-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-329068152-1592454029-1417001333-1000 Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User '?')
O4 - S-1-5-21-329068152-1592454029-1417001333-1000 Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User '?')
O4 - S-1-5-18 Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User '?')
O4 - S-1-5-18 Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User '?')
O4 - .DEFAULT Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe (User 'Default user')
O4 - .DEFAULT Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe (User 'Default user')
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O9 - Extra button: Réglage rapide de Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/...
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
End of file - 8212 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Maintenance en 1 clic.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
G DATA WebFilter - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll [2008-09-08 656968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-10 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0124123D-61B4-456f-AF86-78C53A0790C5} - G DATA WebFilter - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll [2008-09-08 656968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-12-23 18077696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-03-27 13684736]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-03-27 86016]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-02-11 186904]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2009-04-15 1229640]
"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe [2009-04-14 433480]
"GDFirewallTray"=C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe [2008-09-09 1037992]
"G DATA AntiVirus Trayapplication"=C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe [2008-11-24 958024]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"THGuard"=C:\Program Files\TrojanHunter 5.1\THGuard.exe [2009-05-18 1061536]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2009-05-18 1059720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-10 216520]

C:\Documents and Settings\bob\Menu Démarrer\Programmes\Démarrage
MRU-Blaster Scheduler.lnk - C:\Program Files\MRU-Blaster\scheduler.exe
MRU-Blaster Silent Clean.lnk - C:\Program Files\MRU-Blaster\mrublaster.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"NoDispAppearancePage"=0
"NoColorChoice"=0
"NoSizeChoice"=0
"NoDispScrSavPage"=0
"NoDispCPL"=0
"NoVisualStyleChoice"=0
"NoDispSettingsPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoFavoritesMenu"=0
"NoSMMyPictures"=0
"NoStartMenuMyMusic"=0
"NoRecentDocsNetHood"=1
"NoInstrumentation"=1
"NoStartMenuPinnedList"=0
"ForceStartMenuLogoff"=0
"NoSharedDocuments"=1
"NoDriveAutoRun"=67108863
"HonorAutorunSetting"=1
"NoActiveDesktop"=0
"NoThemesTab"=0
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoFavoritesMenu"=
"NoSMMyPictures"=
"NoStartMenuMyMusic"=
"NoRecentDocsNetHood"=
"NoInstrumentation"=
"NoSimpleStartMenu"=
"NoDriveAutoRun"=
"HonorAutorunSetting"=
"NoDrives"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-06-24 20:18:20 ----D---- C:\rsit
2009-06-24 20:02:03 ----D---- C:\Program Files\Trend Micro
2009-06-24 13:35:31 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-24 13:30:43 ----D---- C:\Program Files\7-Zip
2009-06-22 22:04:09 ----D---- C:\Program Files\Reality Pump
2009-06-22 19:24:45 ----D---- C:\Documents and Settings\bob\Application Data\TrojanHunter
2009-06-22 19:12:54 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2009-06-22 19:12:54 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2009-06-22 19:12:54 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2009-06-22 19:12:54 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2009-06-22 19:12:54 ----A---- C:\WINDOWS\system32\unacev2.dll
2009-06-22 19:12:51 ----D---- C:\Program Files\Trojan Remover
2009-06-22 19:12:51 ----D---- C:\Documents and Settings\bob\Application Data\Simply Super Software
2009-06-22 19:12:51 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2009-06-22 19:11:21 ----R---- C:\WINDOWS\system32\streamhlp.dll
2009-06-22 19:11:21 ----D---- C:\Program Files\TrojanHunter 5.1
2009-06-20 18:43:30 ----SHD---- C:\RECYCLER
2009-06-20 18:42:35 ----D---- C:\WINDOWS\temp
2009-06-20 18:37:57 ----A---- C:\WINDOWS\system32\tmp.txt
2009-06-20 17:36:05 ----A---- C:\WINDOWS\msnfix.txt
2009-06-20 17:30:04 ----A---- C:\WINDOWS\zip.exe
2009-06-20 17:30:04 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-06-20 17:30:04 ----A---- C:\WINDOWS\SWSC.exe
2009-06-20 17:30:04 ----A---- C:\WINDOWS\SWREG.exe
2009-06-20 17:30:04 ----A---- C:\WINDOWS\sed.exe_RenameGenProc
2009-06-20 17:30:04 ----A---- C:\WINDOWS\PEV.exe
2009-06-20 17:30:04 ----A---- C:\WINDOWS\NIRCMD.exe
2009-06-20 17:30:04 ----A---- C:\WINDOWS\grep.exe_RenameGenProc
2009-06-20 17:30:02 ----D---- C:\WINDOWS\ERDNT
2009-06-20 13:51:52 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-06-20 13:51:49 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-06-20 13:51:49 ----D---- C:\Program Files\Adobe
2009-06-14 18:26:00 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-06-14 15:36:19 ----D---- C:\WINDOWS\Minidump
2009-06-14 15:22:46 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-06-14 15:22:46 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-06-14 15:22:45 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-06-14 15:22:44 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-06-14 15:22:44 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-06-14 15:22:43 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-06-14 15:22:43 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-06-14 15:22:42 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-06-14 15:22:42 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-06-14 15:22:41 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-06-14 15:22:40 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-06-14 15:22:40 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-06-14 15:22:39 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-06-14 15:22:38 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-06-14 15:22:38 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-06-14 15:22:38 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-06-14 15:22:37 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-06-14 15:22:36 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-06-14 15:22:36 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-06-14 15:22:35 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-06-14 15:22:35 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-06-14 15:22:34 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-06-14 15:22:33 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-06-14 15:22:33 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-06-14 15:22:33 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-06-14 15:22:32 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-06-14 15:22:31 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-06-14 15:22:29 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-06-14 15:22:29 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-06-14 15:22:29 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-06-14 15:22:28 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-06-14 15:22:27 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-06-14 15:22:27 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-06-14 15:22:26 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-06-14 15:22:25 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-06-14 15:22:25 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-06-14 15:22:24 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-06-14 15:22:24 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-06-14 15:22:24 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-06-14 15:22:23 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-06-14 15:22:22 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-06-14 15:22:21 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-06-14 15:22:21 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-06-14 15:22:20 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-06-14 15:22:19 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-06-14 15:22:18 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-06-14 15:22:17 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-06-14 15:22:17 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-06-14 15:22:17 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-06-14 15:22:16 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-06-14 15:22:15 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-06-14 15:22:15 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-06-14 15:22:14 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-06-14 15:22:13 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-06-14 15:22:13 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-06-14 15:22:12 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-06-14 15:22:11 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-06-14 15:22:11 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-06-14 15:22:10 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-06-14 15:22:09 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-06-14 15:22:09 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-06-14 15:22:08 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-06-14 15:22:07 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-06-14 15:22:07 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-06-14 15:22:06 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-06-14 15:21:56 ----D---- C:\WINDOWS\Logs
2009-06-14 15:12:25 ----D---- C:\Program Files\Gothic III
2009-06-14 15:11:00 ----D---- C:\Documents and Settings\bob\Application Data\DAEMON Tools
2009-06-14 15:10:59 ----D---- C:\Documents and Settings\bob\Application Data\DAEMON Tools Pro
2009-06-14 15:10:15 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-06-14 15:10:07 ----D---- C:\Program Files\DAEMON Tools Lite
2009-06-14 15:07:55 ----D---- C:\Documents and Settings\bob\Application Data\DAEMON Tools Lite
2009-06-14 12:49:11 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-14 12:49:11 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-12 18:12:57 ----D---- C:\WINDOWS\Sun
2009-06-10 20:29:57 ----D---- C:\Documents and Settings\bob\Application Data\Macromedia
2009-06-10 20:29:57 ----D---- C:\Documents and Settings\bob\Application Data\Adobe
2009-06-10 20:00:07 ----D---- C:\WINDOWS\ie8updates
2009-06-10 19:58:50 ----D---- C:\WINDOWS\WBEM
2009-06-10 19:58:40 ----HDC---- C:\WINDOWS\ie8
2009-06-10 19:57:35 ----A---- C:\WINDOWS\system32\MRT.exe
2009-06-10 19:51:27 ----A---- C:\WINDOWS\system32\usbui.dll
2009-06-10 19:49:24 ----D---- C:\WINDOWS\system32\PreInstall
2009-06-10 19:49:24 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-06-10 19:49:23 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-10 19:49:21 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-06-10 19:43:29 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-06-10 19:41:54 ----D---- C:\Program Files\DartyBox
2009-06-10 19:41:54 ----A---- C:\WINDOWS\system32\coclassfast.dll
2009-06-10 19:40:19 ----D---- C:\Program Files\Assistant Dartybox
2009-06-10 19:20:58 ----SHD---- C:\#GDATA.Trash.Store#
2009-06-10 19:20:53 ----D---- C:\Program Files\G DATA
2009-06-10 19:20:53 ----D---- C:\Program Files\Fichiers communs\G DATA
2009-06-10 19:20:53 ----D---- C:\Documents and Settings\All Users\Application Data\G DATA
2009-06-10 19:14:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-10 19:11:25 ----D---- C:\WINDOWS\system32\Filt
2009-06-10 19:11:25 ----D---- C:\Program Files\Agnitum
2009-06-10 19:11:17 ----D---- C:\Documents and Settings\All Users\Application Data\Agnitum
2009-06-10 19:10:42 ----D---- C:\Documents and Settings\bob\Application Data\WinRAR
2009-06-10 19:10:32 ----D---- C:\Program Files\WinRAR
2009-06-10 19:10:13 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-06-10 19:10:05 ----D---- C:\Documents and Settings\bob\Application Data\Media Player Classic
2009-06-10 19:09:41 ----A---- C:\WINDOWS\system32\unrar.dll
2009-06-10 19:09:41 ----A---- C:\WINDOWS\avisplitter.ini
2009-06-10 19:09:40 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-06-10 19:09:40 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-06-10 19:09:40 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-06-10 19:09:40 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-06-10 19:09:40 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-06-10 19:09:39 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-06-10 19:09:39 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-06-10 19:09:39 ----A---- C:\WINDOWS\system32\divx.dll
2009-06-10 19:09:38 ----D---- C:\Program Files\K-Lite Codec Pack
2009-06-10 19:09:38 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-06-10 19:09:10 ----D---- C:\Program Files\MSN Messenger
2009-06-10 19:05:37 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-06-10 19:05:37 ----A---- C:\WINDOWS\system32\TUProgSt.exe
2009-06-10 19:05:36 ----D---- C:\Documents and Settings\bob\Application Data\TuneUp Software
2009-06-10 19:05:36 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2009-06-10 19:05:32 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-06-10 19:05:32 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2009-06-10 19:05:29 ----SHD---- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-10 19:05:23 ----D---- C:\Program Files\VS Revo Group
2009-06-10 19:05:08 ----D---- C:\Program Files\MRU-Blaster
2009-06-10 19:04:54 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-10 19:04:54 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-10 19:04:54 ----A---- C:\WINDOWS\system32\java.exe
2009-06-10 19:04:54 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-06-10 19:04:50 ----D---- C:\Program Files\Java
2009-06-10 19:04:48 ----D---- C:\Documents and Settings\bob\Application Data\Sun
2009-06-10 19:03:37 ----D---- C:\Documents and Settings\bob\Application Data\Mozilla
2009-06-10 19:03:34 ----D---- C:\Program Files\Mozilla Firefox
2009-06-10 19:02:31 ----D---- C:\Program Files\CCleaner
2009-06-10 19:00:08 ----A---- C:\WINDOWS\system32\ctfmon.exe.backup
2009-06-10 18:52:31 ----D---- C:\WINDOWS\system32\appmgmt
2009-06-10 18:42:36 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-10 18:42:35 ----D---- C:\Program Files\SpywareBlaster
2009-06-10 18:42:35 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2009-06-10 18:41:51 ----D---- C:\Documents and Settings\bob\Application Data\Malwarebytes
2009-06-10 18:41:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-10 18:41:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-10 18:40:21 ----D---- C:\Program Files\a-squared Free
2009-06-10 18:37:12 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-06-10 18:37:11 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-10 18:37:00 ----A---- C:\WINDOWS\system32\difxapi.dll
2009-06-10 18:36:52 ----D---- C:\Intel
2009-06-10 18:36:49 ----D---- C:\Program Files\Intel
2009-06-10 18:36:48 ----D---- C:\Documents and Settings\bob\Application Data\InstallShield
2009-06-10 18:34:05 ----D---- C:\WINDOWS\system32\Lang
2009-06-10 18:34:05 ----A---- C:\WINDOWS\ALCFDRTM.EXE
2009-06-10 18:32:55 ----D---- C:\WINDOWS\system32\AGEIA
2009-06-10 18:32:55 ----D---- C:\Program Files\AGEIA Technologies
2009-06-10 18:32:53 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-06-10 18:32:46 ----D---- C:\WINDOWS\nview
2009-06-10 18:32:46 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-06-10 18:32:39 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-06-10 18:32:33 ----D---- C:\NVIDIA
2009-06-10 18:32:10 ----D---- C:\WINDOWS\system32\RTCOM
2009-06-10 18:32:09 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-06-10 18:32:06 ----A---- C:\WINDOWS\vncutil.exe
2009-06-10 18:32:06 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2009-06-10 18:32:06 ----A---- C:\WINDOWS\SkyTel.exe
2009-06-10 18:32:06 ----A---- C:\WINDOWS\RtlUpd.exe
2009-06-10 18:32:06 ----A---- C:\WINDOWS\RTLCPL.EXE
2009-06-10 18:32:05 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-10 18:32:05 ----D---- C:\Program Files\Realtek
2009-06-10 18:32:05 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2009-06-10 18:32:05 ----A---- C:\WINDOWS\RtkAudioService.exe
2009-06-10 18:32:05 ----A---- C:\WINDOWS\RTHDCPL.EXE
2009-06-10 18:32:05 ----A---- C:\WINDOWS\MicCal.exe
2009-06-10 18:32:05 ----A---- C:\WINDOWS\ALCWZRD.EXE
2009-06-10 18:32:05 ----A---- C:\WINDOWS\ALCMTR.EXE
2009-06-10 18:32:02 ----A---- C:\WINDOWS\RtlExUpd.dll
2009-06-10 18:32:01 ----D---- C:\Program Files\Fichiers communs\InstallShield
2009-06-10 18:25:33 ----D---- C:\Documents and Settings\bob\Application Data\Identities
2009-06-10 18:25:32 ----HD---- C:\Program Files\Uninstall Information
2009-06-10 18:25:30 ----SD---- C:\Documents and Settings\bob\Application Data\Microsoft
2009-06-10 18:25:30 ----ASH---- C:\Documents and Settings\bob\Application Data\desktop.ini
2009-06-10 18:25:29 ----SHD---- C:\WINDOWS\CSC
2009-06-10 18:25:06 ----D---- C:\WINDOWS\SoftwareDistribution
2009-06-10 18:25:05 ----SD---- C:\WINDOWS\system32\Microsoft
2009-06-10 18:25:05 ----D---- C:\WINDOWS\Prefetch
2009-06-10 18:13:16 ----D---- C:\WINDOWS\system32\xircom
2009-06-10 18:13:16 ----D---- C:\WINDOWS\system32\restore
2009-06-10 18:13:16 ----D---- C:\WINDOWS\srchasst
2009-06-10 18:13:16 ----D---- C:\WINDOWS\microsoft.net
2009-06-10 18:13:16 ----D---- C:\Program Files\xerox
2009-06-10 18:13:16 ----D---- C:\Program Files\netmeeting
2009-06-10 18:13:16 ----D---- C:\Program Files\msn gaming zone
2009-06-10 18:13:16 ----D---- C:\Program Files\microsoft frontpage
2009-06-10 18:13:16 ----D---- C:\Program Files\Fichiers communs\speechengines
2009-06-10 18:13:10 ----A---- C:\WINDOWS\control.ini
2009-06-10 18:13:10 ----A---- C:\AUTOEXEC.BAT
2009-06-10 18:13:05 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-06-10 18:12:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-10 18:12:46 ----RD---- C:\WINDOWS\Offline Web Pages
2009-06-10 18:12:46 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-06-10 18:12:43 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-06-10 18:12:40 ----HD---- C:\Program Files\WindowsUpdate
2009-06-10 18:12:38 ----D---- C:\WINDOWS\Registration
2009-06-10 18:12:31 ----D---- C:\WINDOWS\system32\DirectX
2009-06-10 18:12:26 ----A---- C:\WINDOWS\system32\desktop.ini
2009-06-10 18:12:26 ----A---- C:\WINDOWS\desktop.ini
2009-06-10 18:12:21 ----A---- C:\WINDOWS\system32\acctres.dll
2009-06-10 18:12:20 ----D---- C:\Program Files\Fichiers communs\Services
2009-06-10 18:12:19 ----SD---- C:\WINDOWS\Tasks
2009-06-10 18:12:18 ----D---- C:\Program Files\Fichiers communs\MSSoap
2009-06-10 18:12:17 ----D---- C:\WINDOWS\system32\Macromed
2009-06-10 18:12:15 ----D---- C:\Program Files\Windows Media Player
2009-06-10 18:12:15 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-06-10 18:12:15 ----A---- C:\WINDOWS\system32\wups.dll
2009-06-10 18:12:15 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-06-10 18:12:15 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-06-10 18:12:15 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-06-10 18:12:15 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-06-10 18:12:15 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-06-10 18:12:14 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-06-10 18:12:14 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-06-10 18:12:14 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-06-10 18:12:14 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-06-10 18:12:14 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-06-10 18:12:14 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-06-10 18:12:14 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-06-10 18:12:11 ----D---- C:\Program Files\Movie Maker
2009-06-10 18:11:56 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-06-10 18:11:56 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-06-10 18:11:56 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-06-10 18:11:56 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-06-10 18:11:55 ----A---- C:\WINDOWS\system32\inetres.dll
2009-06-10 18:11:55 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-06-10 18:11:54 ----D---- C:\Program Files\Outlook Express
2009-06-10 18:11:54 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-06-10 18:11:53 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-06-10 18:11:53 ----A---- C:\WINDOWS\system32\mstask.dll
2009-06-10 18:11:50 ----D---- C:\Program Files\Fichiers communs\System
2009-06-10 18:11:49 ----D---- C:\Program Files\Internet Explorer
2009-06-10 18:11:49 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-06-10 18:10:49 ----D---- C:\Program Files\Messenger
2009-06-10 18:10:49 ----A---- C:\WINDOWS\system32\write.exe
2009-06-10 18:10:46 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-06-10 18:10:41 ----A---- C:\WINDOWS\system32\winmine.exe
2009-06-10 18:10:41 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-06-10 18:10:41 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-06-10 18:10:41 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-06-10 18:10:41 ----A---- C:\WINDOWS\system32\tskill.exe
2009-06-10 18:10:41 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-06-10 18:10:41 ----A---- C:\WINDOWS\system32\sol.exe
2009-06-10 18:10:41 ----A---- C:\WINDOWS\system32\reset.exe
2009-06-10 18:10:41 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-06-10 18:10:41 ----A---- C:\WINDOWS\system32\freecell.exe
2009-06-10 18:10:41 ----A---- C:\WINDOWS\system32\calc.exe
2009-06-10 18:10:40 ----A---- C:\WINDOWS\system32\tscon.exe
2009-06-10 18:10:40 ----A---- C:\WINDOWS\system32\shadow.exe
2009-06-10 18:10:40 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-06-10 18:10:40 ----A---- C:\WINDOWS\system32\regini.exe
2009-06-10 18:10:40 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-06-10 18:10:40 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-06-10 18:10:40 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-06-10 18:10:40 ----A---- C:\WINDOWS\system32\msg.exe
2009-06-10 18:10:40 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-06-10 18:10:40 ----A---- C:\WINDOWS\system32\logoff.exe
2009-06-10 18:10:40 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-06-10 18:10:35 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-06-10 18:10:26 ----D---- C:\Program Files\Windows NT
2009-06-10 18:10:26 ----D---- C:\Program Files\MSN
2009-06-10 18:10:26 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-06-10 18:10:26 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-06-10 18:10:25 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-06-10 18:10:25 ----A---- C:\WINDOWS\system32\spider.exe
2009-06-10 18:10:24 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-06-10 18:10:24 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-06-10 18:10:24 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-06-10 18:10:24 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-06-10 18:10:24 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-06-10 18:10:23 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-06-10 18:10:23 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-06-10 18:10:23 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-06-10 18:10:23 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-06-10 18:10:23 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-06-10 18:10:23 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-06-10 18:10:23 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-06-10 18:10:23 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-06-10 18:10:23 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-06-10 18:10:23 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-06-10 18:10:23 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-06-10 18:10:22 ----D---- C:\WINDOWS\system32\MsDtc
2009-06-10 18:10:22 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-06-10 18:10:22 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-06-10 18:10:22 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-06-10 18:10:22 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-06-10 18:10:22 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-06-10 18:10:22 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-06-10 18:10:22 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-06-10 18:10:22 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-06-10 18:10:21 ----D---- C:\WINDOWS\system32\Com
2009-06-10 18:10:21 ----A---- C:\WINDOWS\system32\stclient.dll
2009-06-10 18:10:21 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-06-10 18:10:21 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-06-10 18:10:21 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-06-10 18:10:21 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-06-10 18:10:21 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-06-10 18:10:21 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-06-10 18:10:21 ----A---- C:\WINDOWS\system32\colbact.dll
2009-06-10 18:10:21 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-06-10 18:10:21 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-06-10 18:10:20 ----A---- C:\WINDOWS\system32\comuid.dll
2009-06-10 18:10:20 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-06-10 18:10:20 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-06-10 18:10:20 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-06-10 18:10:20 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-06-10 18:10:20 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-06-10 18:10:14 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-06-10 18:10:14 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-06-10 18:10:14 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-06-10 18:10:14 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-06-10 17:53:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-10 17:53:21 ----SHD---- C:\WINDOWS\Installer
2009-06-10 17:53:21 ----RD---- C:\Program Files
2009-06-10 17:53:21 ----D---- C:\Program Files\Fichiers communs\ODBC
2009-06-10 17:53:21 ----D---- C:\Program Files\Fichiers communs
2009-06-10 17:53:21 ----A---- C:\WINDOWS\ODBCINST.INI
2009-06-10 17:53:15 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-06-10 17:53:15 ----A---- C:\WINDOWS\system32\irclass.dll
2009-06-10 17:53:15 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-06-10 17:53:15 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-06-10 17:53:14 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-06-10 17:53:13 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-06-10 17:53:13 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-06-10 17:53:12 ----A---- C:\WINDOWS\system32\storprop.dll
2009-06-10 17:53:12 ----A---- C:\WINDOWS\system32\batt.dll
2009-06-10 17:53:12 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-06-10 17:53:10 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-06-10 17:53:07 ----RA---- C:\WINDOWS\SET8.tmp
2009-06-10 17:53:06 ----RA---- C:\WINDOWS\SET4.tmp
2009-06-10 17:53:05 ----RA---- C:\WINDOWS\SET3.tmp
2009-06-10 17:53:01 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-10 17:53:01 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-10 17:52:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-10 17:52:37 ----SHD---- C:\System Volume Information
2009-06-10 17:52:37 ----D---- C:\Documents and Settings
2009-06-10 17:51:43 ----SH---- C:\boot.ini
2009-06-10 17:49:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-10 17:49:15 ----RSD---- C:\WINDOWS\Fonts
2009-06-10 17:49:15 ----RD---- C:\WINDOWS\Web
2009-06-10 17:49:15 ----D---- C:\WINDOWS\WinSxS
2009-06-10 17:49:15 ----D---- C:\WINDOWS\twain_32
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\wins
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\wbem
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\usmt
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\spool
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\ShellExt
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\Setup
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\ras
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\oobe
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\npp
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\mui
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\inetsrv
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\IME
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\icsxml
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\ias
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\fr-fr
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\fr
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\export
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\drivers
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\dhcp
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\config
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\3com_dmi
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\3076
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\2052
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\1054
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\1042
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\1041
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\1037
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\1036
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\1033
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\1031
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\1028
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32\1025
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system32
2009-06-10 17:49:15 ----D---- C:\WINDOWS\system
2009-06-10 17:49:15 ----D---- C:\WINDOWS\security
2009-06-10 17:49:15 ----D---- C:\WINDOWS\Resources
2009-06-10 17:49:15 ----D---- C:\WINDOWS\repair
2009-06-10 17:49:15 ----D---- C:\WINDOWS\Provisioning
2009-06-10 17:49:15 ----D---- C:\WINDOWS\PeerNet
2009-06-10 17:49:15 ----D---- C:\WINDOWS\pchealth
2009-06-10 17:49:15 ----D---- C:\WINDOWS\NLDRV
2009-06-10 17:49:15 ----D---- C:\WINDOWS\Network Diagnostic
2009-06-10 17:49:15 ----D---- C:\WINDOWS\mui
2009-06-10 17:49:15 ----D---- C:\WINDOWS\msapps
2009-06-10 17:49:15 ----D---- C:\WINDOWS\msagent
2009-06-10 17:49:15 ----D---- C:\WINDOWS\Media
2009-06-10 17:49:15 ----D---- C:\WINDOWS\L2Schemas
2009-06-10 17:49:15 ----D---- C:\WINDOWS\java
2009-06-10 17:49:15 ----D---- C:\WINDOWS\inf
2009-06-10 17:49:15 ----D---- C:\WINDOWS\ime
2009-06-10 17:49:15 ----D---- C:\WINDOWS\Help
2009-06-10 17:49:15 ----D---- C:\WINDOWS\ehome
2009-06-10 17:49:15 ----D---- C:\WINDOWS\Driver Cache
2009-06-10 17:49:15 ----D---- C:\WINDOWS\Debug
2009-06-10 17:49:15 ----D---- C:\WINDOWS\Cursors
2009-06-10 17:49:15 ----D---- C:\WINDOWS\Connection Wizard
2009-06-10 17:49:15 ----D---- C:\WINDOWS\Config
2009-06-10 17:49:15 ----D---- C:\WINDOWS\AppPatch
2009-06-10 17:49:15 ----D---- C:\WINDOWS\addins
2009-06-10 17:49:15 ----D---- C:\WINDOWS
2009-06-09 22:56:42 ----A---- C:\WINDOWS\system32\sfcfiles.dll
2009-06-09 22:52:38 ----A---- C:\WINDOWS\system32\syssetup.dll

======List of files/folders modified in the last 1 months======

2009-06-20 17:32:28 ----A---- C:\WINDOWS\system.ini
2009-06-10 19:00:08 ----A---- C:\WINDOWS\system32\ctfmon.exe
2009-06-10 18:13:10 ----A---- C:\WINDOWS\win.ini
2009-06-09 22:55:54 ----A---- C:\WINDOWS\system32\wzcsvc.dll
2009-06-09 22:55:54 ----A---- C:\WINDOWS\system32\wzcsapi.dll
2009-06-09 22:55:54 ----A---- C:\WINDOWS\system32\pid.dll
2009-06-09 22:55:54 ----A---- C:\WINDOWS\system32\msyuv.dll
2009-06-09 22:55:54 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2009-06-09 22:55:54 ----A---- C:\WINDOWS\system32\hid.dll
2009-06-09 22:55:54 ----A---- C:\WINDOWS\system32\dmutil.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\usrvpa.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\usrvoica.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\usrv80a.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\usrv42a.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\usrsvpia.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\usrshuta.exe
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\usrsdpia.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\usrrtosa.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\usrprbda.exe
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\usrmlnka.exe
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\usrlbva.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\usrfaxa.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\usrdtea.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\usrdpa.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\usrcoina.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\usrcntra.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\tsbyuv.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\streamci.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\sprio800.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\sprio600.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\spnike.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\paqsp.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\mdwmdmsp.dll
2009-06-09 22:55:04 ----A---- C:\WINDOWS\system32\dvdplay.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 GRD;G DATA Rootkit Detector Driver; \??\C:\WINDOWS\system32\drivers\GRD.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
R1 SandBox;SandBox; \??\C:\WINDOWS\system32\drivers\SandBox.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-06-14 271360]
R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-06-14 18048]
R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2009-02-18 31128]
R3 afwcore;afwcore; C:\WINDOWS\system32\drivers\afwcore.sys [2009-02-10 257432]
R3 ASWFilt;ASWFilt; \??\C:\WINDOWS\system32\Filt\ASWFilt.dll []
R3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []
R3 GearAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-12-23 4967424]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-03-27 6280416]
R3 USB_RNDIS;ADSL2+ Modem USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2009-06-09 60800]
S3 aysgjrh1;aysgjrh1; C:\WINDOWS\system32\drivers\aysgjrh1.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\bob\LOCALS~1\Temp\catchme.sys []
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; \??\C:\Documents and Settings\bob\Local Settings\Temp\{C38B3C1C-EBA4-4338-AFDD-75A1139F3D49}\fsgk.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\bob\LOCALS~1\Temp\mbr.sys []
S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2009-06-09 61824]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-06-10 718880]
R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2009-04-14 1267528]
R2 AVKProxy;G DATA AntiVirus Proxy; C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-11-24 1016904]
R2 AVKService;Planificateur G DATA; C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe [2008-09-08 386120]
R2 AVKWCtl;Gardien d'AntiVirus; C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-09-08 1185496]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-10 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-27 163908]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-06-10 603904]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R3 GDFwSvc;Pare-feu personnel G DATA; C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe [2008-10-30 1407976]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-02-11 354840]
S3 G DATA Tuner Service;G DATA Tuner Service; C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
S3 Service de sauvegarde G DATA;Service de sauvegarde G DATA; C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-10-28 880200]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-06-10 362240]

-----------------EOF-----------------

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

a+

ComboFix 09-06-23.01 - bob 24/06/2009 20:28.2 - NTFSx86
Lancé depuis: c:\documents and settings\bob\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-24 au 2009-06-24 ))))))))))))))))))))))))))))))))))))
.

2009-06-24 18:18 . 2009-06-24 18:18 -------- d-----w- C:\rsit
2009-06-24 18:02 . 2009-06-24 18:02 -------- d-----w- c:\program files\Trend Micro
2009-06-24 11:30 . 2009-06-24 11:30 -------- d-----w- c:\program files\7-Zip
2009-06-24 11:18 . 2009-05-18 12:47 3007352 ----a-w- c:\documents and settings\bob\Application Data\Simply Super Software\Trojan Remover\nhe24.exe
2009-06-22 20:36 . 2009-06-22 20:36 -------- d-----w- c:\documents and settings\bob\Local Settings\Application Data\Identities
2009-06-22 20:04 . 2009-06-22 20:04 -------- d-----w- c:\program files\Reality Pump
2009-06-22 17:24 . 2009-06-22 17:24 -------- d-----w- c:\documents and settings\bob\Application Data\TrojanHunter
2009-06-22 17:13 . 2009-05-18 12:47 3007352 ----a-w- c:\documents and settings\bob\Application Data\Simply Super Software\Trojan Remover\rde5C.exe
2009-06-22 17:12 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-06-22 17:12 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-06-22 17:12 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-06-22 17:12 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-06-22 17:12 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-06-22 17:12 . 2009-06-22 17:13 -------- d-----w- c:\program files\Trojan Remover
2009-06-22 17:12 . 2009-06-22 17:12 -------- d-----w- c:\documents and settings\bob\Application Data\Simply Super Software
2009-06-22 17:12 . 2009-06-22 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-06-22 17:11 . 2009-06-22 17:11 -------- d-----w- c:\program files\TrojanHunter 5.1
2009-06-20 11:52 . 2009-06-20 11:52 -------- d-----w- c:\documents and settings\bob\Local Settings\Application Data\Adobe
2009-06-20 11:51 . 2009-06-20 11:51 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-06-20 09:37 . 2009-06-20 09:37 26624 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-06-17 20:18 . 2009-06-17 20:18 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-16 17:58 . 2009-06-16 17:58 -------- d-----w- c:\documents and settings\bob\Local Settings\Application Data\G DATA
2009-06-15 19:25 . 2009-06-15 19:25 -------- d-----w- c:\documents and settings\LocalService\Bureau
2009-06-15 18:48 . 2009-06-15 20:34 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-14 16:26 . 2008-04-13 17:33 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-06-14 13:21 . 2009-06-14 13:21 -------- d-----w- c:\windows\Logs
2009-06-14 13:15 . 2009-06-14 13:15 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys­
2009-06-14 13:15 . 2009-06-14 13:15 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-06-14 13:12 . 2009-06-14 13:25 -------- d-----w- c:\program files\Gothic III
2009-06-14 13:11 . 2009-06-14 13:11 -------- d-----w- c:\documents and settings\bob\Application Data\DAEMON Tools
2009-06-14 13:10 . 2009-06-14 13:10 -------- d-----w- c:\documents and settings\bob\Application Data\DAEMON Tools Pro
2009-06-14 13:10 . 2009-06-14 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-06-14 13:10 . 2009-06-14 13:10 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-14 13:07 . 2009-06-14 13:11 -------- d-----w- c:\documents and settings\bob\Application Data\DAEMON Tools Lite
2009-06-14 13:07 . 2009-06-14 13:07 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-14 10:49 . 2009-06-24 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-14 10:49 . 2009-06-14 10:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-12 16:12 . 2009-06-12 16:12 -------- d-----w- c:\windows\Sun
2009-06-10 18:41 . 2009-06-20 17:16 -------- d-----w- c:\documents and settings\bob\Contacts
2009-06-10 18:23 . 2009-06-10 18:23 -------- d-sh--w- c:\documents and settings\bob\IECompatCache
2009-06-10 18:22 . 2009-06-10 18:22 -------- d-sh--w- c:\documents and settings\bob\PrivacIE
2009-06-10 18:21 . 2009-06-15 17:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-10 18:04 . 2009-06-10 18:04 68424 ----a-w- c:\windows\system32\drivers\GRD.sys
2009-06-10 18:03 . 2009-06-15 17:18 -------- d-sh--w- c:\documents and settings\bob\IETldCache
2009-06-10 18:00 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 18:00 . 2009-04-30 21:16 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-10 18:00 . 2009-04-30 21:16 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-10 18:00 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 18:00 . 2009-06-10 18:00 -------- d-----w- c:\windows\ie8updates
2009-06-10 18:00 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-10 17:58 . 2009-06-10 18:00 -------- dc-h--w- c:\windows\ie8
2009-06-10 17:53 . 2009-02-09 11:24 2191104 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-10 17:53 . 2009-02-09 11:23 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-10 17:53 . 2009-02-09 11:23 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-10 17:52 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-10 17:52 . 2001-08-17 19:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-06-10 17:51 . 2008-04-13 16:57 58752 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-06-10 17:51 . 2008-06-14 17:33 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-06-10 17:51 . 2008-06-14 17:33 272768 ------w- c:\windows\system32\drivers\bthport.sys
2009-06-10 17:51 . 2001-08-17 19:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2009-06-10 17:51 . 2008-04-13 17:33 77312 ----a-w- c:\windows\system32\usbui.dll
2009-06-10 17:49 . 2009-01-07 16:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-06-10 17:49 . 2009-06-10 18:00 -------- d--h--w- c:\windows\$hf_mig$
2009-06-10 17:47 . 2009-06-10 17:47 -------- d-sh--w- c:\documents and settings\bob\UserData
2009-06-10 17:41 . 2009-06-10 17:41 -------- d-----w- c:\program files\DartyBox
2009-06-10 17:41 . 2007-04-04 06:08 184320 ----a-w- c:\windows\system32\coclassfast.dll
2009-06-10 17:40 . 2009-06-10 17:41 -------- d-----w- c:\program files\Assistant Dartybox
2009-06-10 17:28 . 2009-06-10 17:28 9240 ----a-w- c:\documents and settings\bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 17:22 . 2009-06-10 18:00 48712 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2009-06-10 17:22 . 2009-06-10 18:00 32328 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2009-06-10 17:21 . 2009-06-10 18:03 51016 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys
2009-06-10 17:21 . 2009-06-10 17:21 22272 ----a-w- c:\windows\system32\drivers\GDNdisIc.sys
2009-06-10 17:20 . 2009-06-10 17:20 -------- d-sh--w- C:\#GDATA.Trash.Store#
2009-06-10 17:20 . 2009-06-10 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\G DATA
2009-06-10 17:20 . 2009-06-10 17:20 -------- d-----w- c:\program files\Fichiers communs\G DATA
2009-06-10 17:20 . 2009-06-10 17:20 -------- d-----w- c:\program files\G DATA
2009-06-10 17:20 . 2009-06-10 17:20 -------- d-----w- c:\documents and settings\bob\Local Settings\Application Data\Downloaded Installations
2009-06-10 17:12 . 2009-04-06 09:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-06-10 17:12 . 2009-02-10 14:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-06-10 17:11 . 2009-02-18 15:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2009-06-10 17:11 . 2009-06-21 18:13 -------- d-----w- c:\windows\system32\Filt
2009-06-10 17:11 . 2009-06-10 17:11 -------- d-----w- c:\program files\Agnitum
2009-06-10 17:11 . 2009-06-10 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2009-06-10 17:09 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-10 17:09 . 2009-06-10 17:09 -------- d-----w- c:\program files\MSN Messenger
2009-06-10 17:05 . 2009-06-10 17:05 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-10 17:05 . 2008-11-12 14:44 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-10 17:05 . 2009-06-10 17:05 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-10 17:05 . 2009-06-10 17:05 -------- d-----w- c:\documents and settings\bob\Application Data\TuneUp Software
2009-06-10 17:05 . 2009-06-10 17:05 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-10 17:05 . 2009-06-10 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-10 17:05 . 2009-06-10 17:05 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-10 17:05 . 2009-06-10 17:05 -------- d-----w- c:\program files\VS Revo Group
2009-06-10 17:05 . 2009-06-10 17:05 -------- d-----w- c:\program files\MRU-Blaster
2009-06-10 17:04 . 2009-06-10 17:04 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-10 17:04 . 2009-06-10 17:04 -------- d-----w- c:\program files\Java
2009-06-10 17:03 . 2009-06-10 17:03 -------- d-----w- c:\documents and settings\bob\Local Settings\Application Data\Mozilla
2009-06-10 17:03 . 2009-06-10 17:03 0 ----a-w- c:\windows\nsreg.dat
2009-06-10 17:02 . 2009-06-10 17:02 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 11:20 . 2009-06-10 16:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-24 11:15 . 2009-06-10 16:40 -------- d-----w- c:\program files\a-squared Free
2009-06-22 20:17 . 2009-06-10 16:32 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-06-21 18:33 . 2009-06-10 16:42 -------- d-----w- c:\program files\SpywareBlaster
2009-06-17 20:18 . 2009-06-10 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 09:27 . 2009-06-10 16:41 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-06-10 16:41 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 20:34 . 2009-06-15 18:48 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-14 13:17 . 2009-06-10 16:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-10 17:10 . 2009-06-10 17:10 -------- d-----w- c:\documents and settings\bob\Application Data\Media Player Classic
2009-06-10 17:10 . 2009-06-10 17:09 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-10 17:00 . 2008-04-13 17:34 36864 ----a-w- c:\windows\system32\ctfmon.exe
2009-06-10 16:41 . 2009-06-10 16:41 -------- d-----w- c:\documents and settings\bob\Application Data\Malwarebytes
2009-06-10 16:41 . 2009-06-10 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-10 16:37 . 2009-06-10 16:36 -------- d-----w- c:\program files\Intel
2009-06-10 16:36 . 2009-06-10 16:36 -------- d-----w- c:\documents and settings\bob\Application Data\InstallShield
2009-06-10 16:34 . 2009-06-10 16:34 73728 ----a-w- c:\windows\ALCFDRTM.EXE
2009-06-10 16:32 . 2009-06-10 16:32 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-10 16:32 . 2009-06-10 16:32 -------- d-----w- c:\program files\Realtek
2009-06-10 16:32 . 2009-06-10 16:32 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-06-10 16:13 . 2009-06-10 16:13 -------- d-----w- c:\program files\microsoft frontpage
2009-06-10 16:09 . 2004-08-10 12:00 35172 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-10 16:09 . 2004-08-10 12:00 326822 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-09 20:56 . 2009-06-09 20:56 1571840 ----a-w- c:\windows\system32\sfcfiles.dll
2009-06-09 20:52 . 2009-06-09 20:52 1013248 ----a-w- c:\windows\system32\syssetup.dll
2009-06-09 20:52 . 2009-06-09 20:52 1013248 ----a-w- c:\windows\inf\syssbck.dll
2009-05-13 05:04 . 2008-04-13 17:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:33 . 2008-04-13 17:33 348672 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:34 . 2009-04-29 04:34 81920 ------w- c:\windows\system32\ieencode.dll
2009-04-19 19:50 . 2008-04-13 16:58 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:53 . 2008-04-13 17:33 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-02 13:21 . 2009-06-10 17:09 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-03-27 06:14 . 2009-06-10 16:32 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
.

------- Sigcheck -------

[-] 2009-06-10 17:00 36864 18747FCB2508EEEC79415B32F63F3654 c:\windows\system32\ctfmon.exe
[-] 2009-06-10 17:00 36864 18747FCB2508EEEC79415B32F63F3654 c:\windows\system32\dllcache\ctfmon.exe

[-] 2009-06-09 20:56 1571840 805C0C12E2CF496B19843CDE04008DA0 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-15 1229640]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2009-04-14 433480]
"GDFirewallTray"="c:\program files\G DATA\TotalCare\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2008-11-24 958024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"THGuard"="c:\program files\TrojanHunter 5.1\THGuard.exe" [2009-05-18 1061536]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-05-18 1059720]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-23 18077696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-06-10 36864]

c:\documents and settings\bob\Menu D‚marrer\Programmes\D‚marrage\
MRU-Blaster Scheduler.lnk - c:\program files\MRU-Blaster\scheduler.exe [2003-7-19 118784]
MRU-Blaster Silent Clean.lnk - c:\program files\MRU-Blaster\mrublaster.exe [2004-3-28 1216512]

c:\documents and settings\bob\Menu D‚marrer\Programmes\D‚marrage\
MRU-Blaster Scheduler.lnk - c:\program files\MRU-Blaster\scheduler.exe [2003-7-19 118784]
MRU-Blaster Silent Clean.lnk - c:\program files\MRU-Blaster\mrublaster.exe [2004-3-28 1216512]

c:\documents and settings\bob\Menu D‚marrer\Programmes\D‚marrage\
MRU-Blaster Scheduler.lnk - c:\program files\MRU-Blaster\scheduler.exe [2003-7-19 118784]
MRU-Blaster Silent Clean.lnk - c:\program files\MRU-Blaster\mrublaster.exe [2004-3-28 1216512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"L'Assistant DartyBox"=c:\program files\Assistant Dartybox\Upgrade_Manager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009-04-14 1267528]
R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\documents and settings\bob\Local Settings\Temp\{C38B3C1C-EBA4-4338-AFDD-75A1139F3D49}\fsgk.sys [x]
R3 G DATA Tuner Service;G DATA Tuner Service;c:\program files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
R3 Service de sauvegarde G DATA;Service de sauvegarde G DATA;c:\program files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-10-28 880200]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2009-06-20 26624]
S0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2009-06-10 22272]
S1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2009-06-10 68424]
S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-04-06 704384]
S2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-11-24 1016904]
S2 AVKService;Planificateur G DATA;c:\program files\G DATA\TotalCare\AVK\AVKService.exe [2008-09-08 386120]
S2 AVKWCtl;Gardien d'AntiVirus;c:\program files\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-09-08 1185496]
S2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2009-06-10 51016]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-06-10 603904]
S3 afw;Agnitum firewall driver;c:\windows\system32\DRIVERS\afw.sys [2009-02-18 31128]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-02-10 257432]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2009-04-06 33888]
S3 GDFwSvc;Pare-feu personnel G DATA;c:\program files\G DATA\TotalCare\Firewall\GDFwSvc.exe [2008-10-30 1407976]
S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2009-06-10 48712]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2009-06-10 32328]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch REG_MULTI_SZ DcomLaunch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-06-24 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-04 09:13]
.
.
------- Examen supplémentaire -------
.
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 20:32
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-06-24 20:34
ComboFix-quarantined-files.txt 2009-06-24 18:34

Avant-CF: 438 356 844 544 octets libres
Après-CF: 438 396 903 424 octets libres

259

Tu pourrai me dire quel ligne tu as vu infectieuse dans mon log hijack

---> Télécharge OTM (OldTimer) sur ton Bureau :
http: http://oldtimer.geekstogo.com/OTM.exe


---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:processes
explorer.exe

:files
C:\WINDOWS\PEV.exe
c:\windows\system32\ups.exe
c:\windows\system32\perfc00C.dat

:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS]


:commands
[purity]
[emptytemp]
[start explorer]


---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

a+

All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
C:\WINDOWS\PEV.exe moved successfully.
File/Folder c:\windows\system32\ups.exe not found.
c:\windows\system32\perfc00C.dat moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: bob
->Temp folder emptied: 36238852 bytes
->Temporary Internet Files folder emptied: 536973 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61297506 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 557257 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2351795 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
File delete failed. C:\WINDOWS\temp\tmp0000651e\tmp00000000 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\tmp00000049\tmp00000000 scheduled to be deleted on reboot.
Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 96,31 mb


OTM by OldTimer - Version 3.0.0.2 log created on 06242009_211226

Files moved on Reboot...
File C:\WINDOWS\temp\tmp0000651e\tmp00000000 not found!
File C:\WINDOWS\temp\tmp00000049\tmp00000000 not found!

Registry entries deleted on Reboot...

Pour cette ligne

C:\WINDOWS\System32\ups.exe

j'avais regarder sur comment ca marche il indique ca

http://www.commentcamarche.net/contents/processus/ups exe.php3

Ok....

Le processus ups.exe (ups signifiant uninterruptible power supplies, en français onduleur) est un processus générique de Windows NT/2000/XP servant à gérer les onduleurs sous Windows.

Le processus ups n'est en aucun cas un Virus résident, un ver, un cheval de Troie, un spyware, ni un AdWare.

Il s'agit d'un processus système pouvant être arrêté.

a+

La desinfection est terminé ?

Non...

Fais un scan avec cet antispyware :
Telecharges malwarebytes + tutoriel :

-> http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

Tu l´installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".
Laisses le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.

*****

PUIS:

Un nouveau RSIT tout neuf stpLogtxt uniquement...


a+

Rien dans le rapport malwarebytes....