Problème Clé usb comme neuveRésolu/Fermé

Question

Bonjour, J'aimerai un petit coup de main de certain qui pourrait m'aider, car ce week-end j'ai reçu une clé USB commandée sur un site de vente. J'ai reçu cette clé, donc l'annonce la disait comme neuve. Je la branche et la Bitdefender me bloque un start.exe venant d'un CD oui oui d'un CD alors que j'ai branché une clé USB et il m'a au passage bloqué et supprimer 3 trojans qui été sur la clé.
Vive les vendeur qui polluent ... Bref pour en revenir a la clé, je vais voir dans poste de travail et quand je branche ma clé je vois apparaitre le lecteur I (Normal) mais aussi un lecteur CD contenant 2.67 Mo, il contient 3 fichiers que je n'arrive pas a supprimer et que d'après les analyse d'usbfix et compagnie est un virus. 
Et la je dois avouer que je suis un peu perdu. je sais me débrouillé en cherchant les infos des autres internautes a droite a gauche mais je craque ... !
Donc je ne sais pas comme désinfecter correctement cette foutue Clé, Desinfector USB ne fait aucun effet, ce lecteur de disque contenant ces merdes reste et demeure présent !
Si quelqu'un peut m'aider un peu ?
Merci bien !

InfernO.vir · Answer

Bonsoir,

Interressant, fait ceci stp :

• Télécharge ici :

• http://images.malwareremoval.com/random/RSIT.exe

• random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.

• Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

• Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt(<<qui sera réduit dans la Barre des Tâches).

• NB : Les rapports sont sauvegardés dans le dossier C:\rsit

Aurahire · Answer

Voici le fichier Log :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Matthieu at 2009-06-28 21:40:16
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 92 GB (46%) free of 200 GB
Total RAM: 3070 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:32 PM, on 6/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\System32undll32.exe
C:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Windows\system32
otepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32
otepad.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Matthieu\Downloads\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\Matthieu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: MarvellTrayStartup.lnk = C:\Program Files\Marvell\61xx	ray\RaidTray.bat
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

Aurahire · Answer

Ptit UP pour toi inferno.vir ,
J'ai bien fait ce que tu ma dis, Si jamais quelqu'un d'autre s'interesse a mon sujet ! Ya aucun soucis je prends les avis et conseil de tout le monde au point ou j'en suis ! 
Merci d'avance !
Aurahire

InfernO.vir · Answer

Bien infecté ,

Important /!\ : Execute combofix en tant qu'administrateur (clic droit sur combofix > executer en tant ...)

Desacttive l'UAC de vista : http://www.nasedowebsite.info/tutoriaux/desactiver-uac-windows-vista-68


/!\ ATTENTION LOGICIEL TRES PUISSANT POUVANT ETRE DANGEREUX SI IL EST UTILISE ALEATOIREMENT /!\
----------------------------------------------------------------------------------------------------------------
Desactive toutes protections residentes (Antivirus, Antispyware, tea-timer de Spybot s&d...)

* Télécharge Combofix de sUBs

* Renomme-le en avril.exe

* Enregistre-le impérativement sur ton bureau

* Déconnecte-toi du net et désactive ton antivirus (juste le temps de la procédure).

* Ferme toutes les fenêtres.

* Double-clique sur avril.exe (ne clique pas sur la fenêtre qui s'ouvre).

* Appuie sur Y pour lancer le scan.

* A la fin du scan (cela peut prendre du temps), un rapport sera créé. (C:\Combofix.txt)

* Poste ce rapport dans ton / tes prochain(s) message(s).

Aurahire · Answer

Voila le resultat de combofix :
Merci bien !
ComboFix 09-06-26.02 - Matthieu 06/28/2009 22:31.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6001.1.1252.1.1036.18.3070.2182 [GMT 2:00]
Running from: c:\users\Matthieu\Desktop\avril.exe
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender AntiSpam *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Resident AV is active

.
The following files were disabled during the run:
c:\windows\TEMP\logishrd\LVPrcInj01.dll


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
(((((((((((((((((((((((((   Files Created from 2009-05-28 to 2009-06-28  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 20:40 . 2009-04-12 11:14	81984	----a-w-	c:\windows\system32\bdod.bin
2009-06-28 20:40 . 2009-04-12 12:51	--------	d-----w-	c:\users\Matthieu\AppData\Roaming\DNA
2009-06-28 20:40 . 2009-04-12 12:51	--------	d-----w-	c:\program files\DNA
2009-06-28 20:40 . 2009-04-11 23:38	6553600	--sha-w-	c:\users\Matthieu
tuser.dat
2009-06-28 20:39 . 2006-11-02 12:47	262144	--sha-w-	c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
2009-06-28 20:39 . 2006-11-02 12:47	262144	--sha-w-	c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
2009-06-28 20:37 . 2009-04-12 09:34	9	----a-w-	c:\windows\mvraidver.dat
2009-06-28 20:36 . 2006-11-02 12:57	67584	--s-a-w-	c:\windows\bootstat.dat
2009-06-28 20:36 . 2009-04-11 23:32	3220299776	--sha-w-	C:\hiberfil.sys
2009-06-28 20:36 . 2008-08-28 15:54	3534094336	--sha-w-	C:\pagefile.sys
2009-06-28 20:27 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Internet Explorer
2009-06-28 20:25 . 2009-06-28 20:26	318976	----a-w-	c:\windows\system32\CF10812.exe
2009-06-28 19:13 . 2009-06-28 19:13	--------	d-----w-	c:\program files\ESET
2009-06-28 19:10 . 2009-04-12 10:01	--------	d-----w-	c:\program files\Mozilla Firefox
2009-06-28 19:01 . 2008-01-21 08:40	681878	----a-w-	c:\windows\system32\perfh00C.dat
2009-06-28 19:01 . 2008-01-21 08:40	129058	----a-w-	c:\windows\system32\perfc00C.dat
2009-06-28 19:01 . 2006-11-02 10:33	608928	----a-w-	c:\windows\system32\perfh009.dat
2009-06-28 19:01 . 2006-11-02 10:33	106462	----a-w-	c:\windows\system32\perfc009.dat
2009-06-28 18:51 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Common Files
2009-06-28 18:48 . 2006-11-02 12:43	262144	----a-w-	c:\windows\system32\config\systemprofile
tuser.dat
2009-06-28 18:48 . 2006-11-02 10:22	262144	--sha-w-	c:\users\Default\NTUSER.DAT
2009-06-28 18:46 . 2009-05-15 18:20	--------	d-----w-	c:\users\Matthieu\AppData\Roaming	or
2009-06-28 18:46 . 2009-05-13 19:55	--------	d-----w-	c:\users\Matthieu\AppData\Roaming\Vidalia
2009-06-28 18:26 . 2009-06-28 18:26	172	----a-w-	C:\curr_ver.tmp
2009-06-23 19:20 . 2009-04-12 12:52	--------	d-----w-	c:\users\Matthieu\AppData\Roaming\MyPhoneExplorer
2009-06-23 15:31 . 2009-04-11 23:38	--------	d-s---w-	c:\users\Matthieu\AppData\Roaming\Microsoft
2009-06-22 14:55 . 2009-04-12 12:51	--------	d-----w-	c:\users\Matthieu\AppData\Roaming\BitTorrent
2009-06-19 16:29 . 2006-11-02 12:47	1718496	----a-w-	c:\windows\system32\FNTCACHE.DAT
2009-06-18 21:42 . 2009-06-18 21:42	--------	d-----w-	c:\program files\X'nStop 2.5
2009-06-17 18:47 . 2009-04-11 23:39	101744	----a-w-	c:\users\Matthieu\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-17 18:25 . 2009-06-17 18:25	--------	d-----w-	c:\users\Matthieu\AppData\Roaming\Regressi
2009-06-17 18:25 . 2009-06-17 18:25	40960	----a-r-	c:\users\Matthieu\AppData\Roaming\Microsoft\Installer\{E2E164AB-1367-488F-8F1F-BA312DB2FF18}\NewShortcut1_E2E164AB1367488F8F1FBA312DB2FF18_1.exe
2009-06-17 18:25 . 2009-06-17 18:25	40960	----a-r-	c:\users\Matthieu\AppData\Roaming\Microsoft\Installer\{E2E164AB-1367-488F-8F1F-BA312DB2FF18}\New_Shortcut_S3177_E2E164AB1367488F8F1FBA312DB2FF18.exe
2009-06-17 18:25 . 2009-06-17 18:25	40960	----a-r-	c:\users\Matthieu\AppData\Roaming\Microsoft\Installer\{E2E164AB-1367-488F-8F1F-BA312DB2FF18}\ARPPRODUCTICON.exe
2009-06-17 18:25 . 2009-06-17 18:25	--------	d-----w-	c:\program files\Evariste
2009-06-16 23:15 . 2009-04-13 16:42	--------	d-----w-	c:\programdata\Microsoft Help
2009-06-16 23:14 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Common Files\microsoft shared
2009-06-16 23:14 . 2009-04-13 16:46	--------	d-----w-	c:\program files\Microsoft Works
2009-06-12 15:58 . 2009-04-12 13:32	--------	d-----w-	c:\program files\Common Files\Steam
2009-06-11 18:53 . 2009-06-11 18:53	148888	----a-w-	c:\windows\system32\javaws.exe
2009-06-11 18:53 . 2009-06-11 18:53	144792	----a-w-	c:\windows\system32\javaw.exe
2009-06-11 18:53 . 2009-06-11 18:53	144792	----a-w-	c:\windows\system32\java.exe
2009-06-11 18:53 . 2009-06-11 18:53	410984	----a-w-	c:\windows\system32\deploytk.dll
2009-06-11 18:53 . 2009-06-11 18:53	--------	d-----w-	c:\program files\Java
2009-06-10 21:34 . 2009-06-10 21:34	--------	d-----w-	c:\program files\Common Files\INCA Shared
2009-06-10 21:06 . 2009-06-10 21:06	--------	d-----w-	c:\program files\Ê¢´óÍøÂç
2009-06-08 06:10 . 2009-06-28 18:48	155136	----a-w-	c:\windows\PEV.exe
2009-06-04 21:21 . 2009-04-12 10:07	--------	d-----w-	c:\program files\E-Color
2009-06-02 18:50 . 2009-04-12 09:32	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-06-02 18:31 . 2009-06-02 18:31	--------	d--h--r-	c:\users\Matthieu\AppData\Roaming\SecuROM
2009-06-02 18:31 . 2009-06-02 18:31	107888	----a-w-	c:\windows\system32\CmdLineExt.dll
2009-06-02 17:30 . 2009-06-02 17:30	--------	d-----w-	c:\program files\GameSpy
2009-06-02 17:10 . 2009-04-13 12:00	--------	d-----w-	c:\program files\Adobe
2009-06-01 16:51 . 2006-11-02 10:24	23635392	----a-w-	c:\windows\system32\mrt.exe
2009-05-31 22:03 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Common Files\System
2009-05-26 20:46 . 2009-04-12 12:16	--------	d---a-w-	c:\programdata\TEMP
2009-05-25 05:19 . 2006-11-02 11:18	--------	d-s---w-	c:\programdata\Microsoft
2009-05-18 15:43 . 2009-04-12 10:21	--------	d-----w-	c:\users\Matthieu\AppData\Roaming\Adobe
2009-05-18 15:35 . 2009-04-13 12:00	--------	d-----w-	c:\programdata\Adobe
2009-05-18 15:35 . 2009-05-18 15:35	--------	d-----w-	c:\program files\Bonjour
2009-05-18 15:35 . 2009-04-13 12:00	--------	d-----w-	c:\program files\Common Files\Adobe
2009-05-18 15:27 . 2009-05-18 15:27	--------	d-----w-	c:\program files\Common Files\Macrovision Shared
2009-05-17 17:33 . 2009-04-14 21:01	--------	d-----w-	c:\programdata\eMule
2009-05-17 17:33 . 2009-05-17 17:33	--------	d-----w-	c:\program files\eMule
2009-05-17 08:34 . 2009-04-12 12:39	--------	d-----w-	c:\program files\WinRAR
2009-05-13 21:39 . 2009-05-13 21:39	--------	d-----w-	c:\programdata\2DBoy
2009-05-13 19:55 . 2009-05-13 19:55	--------	d-----w-	c:\program files\Vidalia Bundle
2009-05-09 15:26 . 2009-05-09 15:26	--------	d-----w-	c:\program files\Day of Defeat Source
2009-05-09 08:10 . 2009-05-09 08:05	--------	d-----w-	c:\users\Matthieu\AppData\Roaming\Ventrilo
2009-05-09 08:04 . 2009-05-09 08:03	--------	d-----w-	c:\program files\VentSrv
2009-05-09 08:03 . 2009-05-09 08:03	2855	----a-w-	c:\programdata\Microsoft\Windows\Start Menu\Programs\VentSrv\Command Prompt - Win9x.pif
2009-05-09 08:02 . 2009-04-12 10:30	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2009-05-09 05:50 . 2009-06-28 20:01	915456	----a-w-	c:\windows\system32\wininet.dll
2009-05-09 05:49 . 2009-06-28 20:01	1207808	----a-w-	c:\windows\system32\urlmon.dll
2009-05-09 05:38 . 2009-06-28 20:01	5936128	----a-w-	c:\windows\system32\mshtml.dll
2009-05-09 05:35 . 2009-06-28 20:01	25600	----a-w-	c:\windows\system32\jsproxy.dll
2009-05-09 05:34 . 2009-06-28 20:01	164352	----a-w-	c:\windows\system32\ieui.dll
2009-05-09 05:34 . 2009-06-28 20:01	71680	----a-w-	c:\windows\system32\iesetup.dll
2009-05-09 05:34 . 2009-06-28 20:01	1985024	----a-w-	c:\windows\system32\iertutil.dll
2009-05-09 05:34 . 2009-06-28 20:01	55808	----a-w-	c:\windows\system32\iernonce.dll
2009-05-09 05:34 . 2009-06-28 20:01	11064832	----a-w-	c:\windows\system32\ieframe.dll
2009-05-09 05:34 . 2009-06-28 20:01	385536	----a-w-	c:\windows\system32\iedkcs32.dll
2009-05-09 03:36 . 2009-06-28 20:01	173056	----a-w-	c:\windows\system32\ie4uinit.exe
2009-04-25 08:12 . 2009-04-25 08:12	1870	----a-w-	c:\windows\system32\ealregsnapshot1.reg
2009-04-23 12:43 . 2009-06-10 16:25	784896	----a-w-	c:\windows\system32pcrt4.dll
2009-04-23 12:42 . 2009-06-10 16:49	636928	----a-w-	c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 16:15	2033152	----a-w-	c:\windows\system32\win32k.sys
2009-04-20 10:56 . 2009-06-28 18:48	31232	----a-w-	c:\windows\NIRCMD.exe
2009-04-13 11:24 . 2009-04-11 23:37	48600	----a-w-	c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-13 11:13 . 2009-04-13 11:13	66872	----a-w-	c:\windows\system32\PnkBstrA.exe
2009-04-13 11:13 . 2009-04-13 11:13	2246144	----a-w-	c:\windows\system32\pbsvc.exe
2009-04-12 19:36 . 2009-04-12 12:50	717296	----a-w-	c:\windows\system32\drivers\sptd.sys
2009-04-12 12:43 . 2009-04-12 12:43	86016	----a-w-	c:\windows\system32\OpenAL32.dll
2009-04-12 12:43 . 2009-04-12 12:43	262144	----a-w-	c:\windows\system32\wrap_oal.dll
2009-04-12 12:39 . 2009-04-12 12:39	185920	----a-w-	c:\windows\system32moc3260.dll
2009-04-12 12:39 . 2009-04-12 12:39	6656	----a-w-	c:\windows\system32\pndx5016.dll
2009-04-12 12:39 . 2009-04-12 12:39	5632	----a-w-	c:\windows\system32\pndx5032.dll
2009-04-12 12:39 . 2009-04-12 12:39	278528	----a-w-	c:\windows\system32\pncrt.dll
2009-04-12 12:33 . 2009-04-12 12:33	25280	----a-w-	c:\windows\system32\drivers\hamachi.sys
2009-04-12 11:13 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2006-05-29 14:40 . 2009-04-12 12:58	7296000	----a-w-	c:\program files\mozilla firefox\plugins\libvlc.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-06-28_18.56.15   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-28 19:57 . 2009-03-08 11:32	94720              c:\windows\winsxs\x86_microsoft-windows-ie-setup_31bf3856ad364e35_8.0.6001.18702_none_7c2a7e005d93bd9b\inseng.dll
+ 2009-06-28 20:01 . 2009-05-12 22:35	71680              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22874_none_a8fbc5698d994fda\iesetup.dll
+ 2009-06-28 20:01 . 2009-05-12 22:35	55808              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22874_none_a8fbc5698d994fda\iernonce.dll
+ 2009-06-28 20:01 . 2009-05-09 05:34	71680              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18783_none_a86658687484b2aa\iesetup.dll
+ 2009-06-28 20:01 . 2009-05-09 05:34	55808              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18783_none_a86658687484b2aa\iernonce.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32	71680              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\iesetup.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32	55808              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\iernonce.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31	59904              c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_8.0.6001.18702_none_3d86a1c07a097782\icardie.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31	34816              c:\windows\winsxs\x86_microsoft-windows-ie-imagesupport_31bf3856ad364e35_8.0.6001.18702_none_20dfeb2e08d9ec0a\imgutil.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32	66560              c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18702_none_4766ff3b547d623d\wextract.exe
+ 2009-06-28 19:57 . 2009-03-08 11:31	48128              c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_8.0.6001.18702_none_d658a8dacff20c9e\mshtmler.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31	66560              c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.6001.18702_none_2b140bc159303551\mshtmled.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31	45568              c:\windows\winsxs\x86_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.6001.18702_none_3c45119b1f28ff3d\mshta.exe
+ 2009-06-28 19:57 . 2009-03-08 11:31	13312              c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\msfeedssync.exe
+ 2009-06-28 19:57 . 2009-03-08 11:31	55296              c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\msfeedsbs.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34	43008              c:\windows\winsxs\x86_microsoft-windows-ie-controls_31bf3856ad364e35_8.0.6001.18702_none_accc7a4465be292a\licmgr10.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32	72704              c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\admparse.dll
+ 2009-06-28 20:01 . 2009-05-12 22:49	64512              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\WininetPlugin.dll
+ 2009-06-28 20:01 . 2009-05-12 22:36	25600              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\jsproxy.dll
+ 2009-06-28 20:01 . 2009-05-09 05:50	64512              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\WininetPlugin.dll
+ 2009-06-28 20:01 . 2009-05-09 05:35	25600              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\jsproxy.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33	64512              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\WininetPlugin.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33	25600              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\jsproxy.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33	18944              c:\windows\winsxs\x86_microsoft-windows-i..tivexpolicyprovider_31bf3856ad364e35_8.0.6001.18702_none_6f561c09617d9439\corpol.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31	46592              c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_8.0.6001.18702_none_d0b191832934e44c\pngfilt.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32	66560              c:\windows\System32\wextract.exe
+ 2008-01-21 01:58 . 2009-06-28 20:32	39006              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-06-28 20:32	79136              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-06-28 19:57 . 2009-03-08 11:31	46592              c:\windows\System32\pngfilt.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31	48128              c:\windows\System32\mshtmler.dll
- 2006-11-02 07:33 . 2006-11-02 07:33	48128              c:\windows\System32\mshtmler.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31	66560              c:\windows\System32\mshtmled.dll
- 2008-01-21 02:23 . 2008-01-21 02:23	45568              c:\windows\System32\mshta.exe
+ 2009-06-28 19:57 . 2009-03-08 11:31	45568              c:\windows\System32\mshta.exe
+ 2009-06-28 19:57 . 2009-03-08 11:31	13312              c:\windows\System32\msfeedssync.exe
+ 2009-06-28 19:57 . 2009-03-08 11:31	55296              c:\windows\System32\msfeedsbs.dll
+ 2009-06-28 20:01 . 2009-05-09 05:50	64512              c:\windows\System32\migration\WininetPlugin.dll
- 2009-04-12 09:54 . 2008-02-22 05:01	64512              c:\windows\System32\migration\WininetPlugin.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34	43008              c:\windows\System32\licmgr10.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32	94720              c:\windows\System32\inseng.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31	34816              c:\windows\System32\imgutil.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31	59904              c:\windows\System32\icardie.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33	18944              c:\windows\System32\corpol.dll
+ 2009-04-11 23:38 . 2009-06-28 20:37	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-11 23:38 . 2009-06-26 14:38	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-11 23:38 . 2009-06-26 14:38	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-28 19:13 . 2009-06-28 20:37	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-11 23:38 . 2009-06-26 14:38	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-11 23:38 . 2009-06-28 20:37	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-28 19:57 . 2009-03-08 11:32	72704              c:\windows\System32\admparse.dll
- 2008-01-21 02:23 . 2008-01-21 02:23	72704              c:\windows\System32\admparse.dll
+ 2009-06-28 19:57 . 2009-03-08 11:35	2048              c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18702_none_83daaad046b59436\iecompat.dll
+ 2009-04-11 23:40 . 2009-06-28 20:32	4150              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-688644113-2982533412-3210815772-1000_UserData.bin
- 2009-06-28 18:54 . 2009-06-28 18:54	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-28 20:29 . 2009-06-28 20:36	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-28 20:29 . 2009-06-28 20:36	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-28 18:54 . 2009-06-28 18:54	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-06-28 19:57 . 2009-03-08 11:33	420352              c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_8.0.6001.18702_none_2b4525a943b273a6\vbscript.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33	726528              c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18702_none_65cb0af10cefc76a\jscript.dll
+ 2009-06-28 19:57 . 2009-03-08 11:22	156160              c:\windows\winsxs\x86_microsoft-windows-msls31_31bf3856ad364e35_8.0.6001.18702_none_aeeaf610b83f2e48\msls31.dll
+ 2009-06-28 19:57 . 2009-03-08 11:35	121344              c:\windows\winsxs\x86_microsoft-windows-js-debuggeride_31bf3856ad364e35_8.0.6001.18702_none_1de359b6148047cc\jsdebuggeride.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33	256000              c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.6001.18702_none_cb86fb78a76dcdde\ieinstal.exe
+ 2009-06-28 20:01 . 2009-05-12 22:35	164352              c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22874_none_47cd7ce4dd3f0fb5\ieui.dll
+ 2009-06-28 20:01 . 2009-05-09 05:34	164352              c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18783_none_47380fe3c42a7285\ieui.dll
+ 2009-06-28 19:57 . 2009-03-08 11:22	164352              c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18702_none_478d8ef9c3ea79a6\ieui.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34	105984              c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_8.0.6001.18702_none_d315f3a07395d0ed\url.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34	208384              c:\windows\winsxs\x86_microsoft-windows-ie-winfxdocobj_31bf3856ad364e35_8.0.6001.18702_none_d4a239fe30224f93\WinFXDocObj.exe
+ 2009-06-28 19:57 . 2009-03-08 11:33	759296              c:\windows\winsxs\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_8.0.6001.18702_none_d02233c4fe8667df\VGX.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33	109056              c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18702_none_fe7d3c2acfc7f690\iesysprep.dll
+ 2009-06-28 20:01 . 2009-05-12 20:35	173056              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22874_none_a8fbc5698d994fda\ie4uinit.exe
+ 2009-06-28 20:01 . 2009-05-09 03:36	173056              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18783_none_a86658687484b2aa\ie4uinit.exe
+ 2009-06-28 19:57 . 2009-03-08 11:32	173056              c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\ie4uinit.exe
+ 2009-06-28 20:01 . 2009-05-12 22:48	129536              c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22874_none_2aceba9ebba436af\sqmapi.dll
+ 2009-06-28 20:01 . 2009-05-09 05:48	129536              c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18783_none_2a394d9da28f997f\sqmapi.dll
+ 2009-06-28 19:57 . 2009-03-08 21:09	140128              c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18702_none_2a8eccb3a24fa0a0\sqmapi.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34	193536              c:\windows\winsxs\x86_microsoft-windows-ie-ratings_31bf3856ad364e35_8.0.6001.18702_none_aa7d60ae7286ab24\msrating.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33	109568              c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\PDMSetup.exe
+ 2009-06-28 19:57 . 2009-01-08 01:20	355832              c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\pdm.dll
+ 2009-06-28 19:57 . 2009-01-08 01:20	265720              c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\msdbg2.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34	236544              c:\windows\winsxs\x86_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_8.0.6001.18702_none_44170552678500f2\webcheck.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34	109568              c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18702_none_1a118a8629ee860e\occache.dll
+ 2009-06-28 19:57 . 2009-03-08 11:35	233984              c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_8.0.6001.18702_none_d5ea1c01e3fe67ea\jsprofilerui.dll
+ 2009-06-28 19:57 . 2009-03-08 11:35	118272              c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilercore_31bf3856ad364e35_8.0.6001.18702_none_ed92bec9472aab53\JSProfilerCore.dll
+ 2009-06-28 19:57 . 2009-03-08 11:35	521216              c:\windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_8.0.6001.18702_none_9d577137e370ad2c\jsdbgui.dll
+ 2009-06-28 19:57 . 2009-03-08 21:09	638816              c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
+ 2009-06-28 19:57 . 2009-03-08 11:33	132608              c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\ieUnatt.exe
+ 2009-06-28 19:57 . 2009-03-08 11:35	144384              c:\windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_8.0.6001.18702_none_10e8e2fad95106ab\ExtExport.exe
+ 2009-06-28 19:57 . 2009-03-08 11:32	169472              c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18702_none_4766ff3b547d623d\iexpress.exe
+ 2009-06-28 20:01 . 2009-05-12 22:35	197632              c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.22874_none_2ab8403ac959093f\IEShims.dll
+ 2009-06-28 20:01 . 2009-05-09 05:34	197632              c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18783_none_2a22d339b0446c0f\IEShims.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33	196096              c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18702_none_2a78524fb0047330\IEShims.dll
+ 2009-06-28 20:01 . 2009-05-12 22:35	246272              c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.22874_none_7359f4a479b0a2d1\ieproxy.dll
+ 2009-06-28 20:01 . 2009-05-09 05:34	246272              c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18783_none_72c487a3609c05a1\ieproxy.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33	246784              c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18702_none_731a06b9605c0cc2\ieproxy.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34	115712              c:\windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.6001.18702_none_e9612e8087062a88\ielowutil.exe
+ 2009-06-28 20:03 . 2009-05-30 13:15	102912              c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22883_none_840ec88560132cdf\iecompat.dll
+ 2009-06-28 20:03 . 2009-06-02 03:27	102912              c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18793_none_837a5bce46fda906\iecompat.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33	125952              c:\windows\winsxs\x86_microsoft-windows-ie-iecleanup_31bf3856ad364e35_8.0.6001.18702_none_a0d17792aa595b3e\iecleanup.exe
+ 2009-06-28 19:57 . 2009-03-08 11:33	103936              c:\windows\winsxs\x86_microsoft-windows-ie-gc-setdepnx_31bf3856ad364e35_8.0.6001.18702_none_9396116207a33bbc\SetDepNx.exe
+ 2009-06-28 19:57 . 2009-03-08 11:33	107520              c:\windows\winsxs\x86_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_8.0.6001.18702_none_0ad3f877399acafc\RegisterIEPKEYs.exe
+ 2009-06-28 19:57 . 2009-03-08 11:32	594432              c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18702_none_42d1aca65041d4fb\msfeeds.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31	216064              c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18702_none_7ab17169976f82c4\dxtrans.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31	348160              c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18702_none_7ab17169976f82c4\dxtmsft.dll
+ 2009-06-28 19:57 . 2009-03-08 11:35	742912              c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.6001.18702_none_1e902f2a55a1ce84\iedvtool.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31	183808              c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18702_none_1faea70907d94aa5\iepeers.dll
+ 2009-06-28 19:57 . 2009-03-08 11:11	445952              c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18702_none_de7d38b18189fc96\ieapfltr.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32	163840              c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\ieakui.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33	229376              c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\ieaksie.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33	125952              c:\windows\winsxs\x86_microsoft-windows-ie-adminkitengine_31bf3856ad364e35_8.0.6001.18702_none_87015889ddff063f\ieakeng.dll
+ 2009-06-28 20:01 . 2009-05-12 22:34	385536              c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.22874_none_577b7cbe869d3919\iedkcs32.dll
+ 2009-06-28 20:01 . 2009-05-09 05:34	385536              c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18783_none_56e60fbd6d889be9\iedkcs32.dll
+ 2009-06-28 19:57 . 2009-03-08 21:09	391536              c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18702_none_573b8ed36d48a30a\iedkcs32.dll
+ 2009-06-28 20:01 . 2009-05-12 22:49	915456              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\wininet.dll
+ 2009-06-28 20:01 . 2009-05-09 05:50	915456              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\wininet.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34	914944              c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\wininet.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32	611840              c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.18702_none_c3b0c8fe923e1b1f\mstime.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33	107008              c:\windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.6001.18702_none_eb622404d6d4cb81\SetIEInstalledDate.exe
+ 2009-06-28 19:57 . 2009-03-08 11:32	128512              c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_8.0.6001.18702_none_8eb687d4089bfe4d\advpack.dll
- 2008-01-21 02:23 . 2008-01-21 02:23	208384              c:\windows\System32\WinFXDocObj.exe
+ 2009-06-28 19:57 . 2009-03-08 11:34	208384              c:\windows\System32\WinFXDocObj.exe
+ 2009-06-28 19:57 . 2009-03-08 11:34	236544              c:\windows\System32\webcheck.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33	420352              c:\windows\System32\vbscript.dll
- 2008-01-21 02:24 . 2008-01-21 02:24	105984              c:\windows\System32\url.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34	105984              c:\windows\System32\url.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33	107008              c:\windows\System32\SetIEInstalledDate.exe
+ 2009-06-28 19:57 . 2009-03-08 11:33	103936              c:\windows\System32\SetDepNx.exe
+ 2009-06-28 19:57 . 2009-03-08 11:33	107520              c:\windows\System32\RegisterIEPKEYs.exe
+ 2009-06-28 19:57 . 2009-03-08 11:33	109568              c:\windows\System32\PDMSetup.exe
+ 2009-06-28 19:57 . 2009-03-08 11:34	109568              c:\windows\System32\occache.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32	611840              c:\windows\System32\mstime.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34	193536              c:\windows\System32\msrating.dll
+ 2009-06-28 19:57 . 2009-03-08 11:22	156160              c:\windows\System32\msls31.dll
- 2008-01-21 02:24 . 2008-01-21 02:24	156160              c:\windows\System32\msls31.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32	594432              c:\windows\System32\msfeeds.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33	726528              c:\windows\System32\jscript.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32	169472              c:\windows\System32\iexpress.exe
+ 2009-06-28 19:57 . 2009-03-08 11:33	132608              c:\windows\System32\ieUnatt.exe
+ 2009-06-28 19:57 . 2009-03-08 11:33	109056              c:\windows\System32\iesysprep.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31	183808              c:\windows\System32\iepeers.dll
+ 2009-06-28 19:57 . 2009-03-08 11:11	445952              c:\windows\System32\ieapfltr.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32	163840              c:\windows\System32\ieakui.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33	229376              c:\windows\System32\ieaksie.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33	125952              c:\windows\System32\ieakeng.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31	216064              c:\windows\System32\dxtrans.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31	348160              c:\windows\System32\dxtmsft.dll
+ 2009-06-28 20:29 . 2009-06-28 20:37	245760              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-28 19:57 . 2009-03-08 11:32	128512              c:\windows\System32\advpack.dll
+ 2009-06-28 20:01 . 2009-05-12 22:35	1985024              c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22874_none_2aceba9ebba436af\iertutil.dll
+ 2009-06-28 20:01 . 2009-05-09 05:34	1985024              c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18783_none_2a394d9da28f997f\iertutil.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32	1985024              c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18702_none_2a8eccb3a24fa0a0\iertutil.dll
+ 2009-06-28 20:01 . 2009-05-12 22:39	5936128              c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22874_none_f66e22e151498188\mshtml.dll
+ 2009-06-28 20:01 . 2009-05-09 05:38	5936128              c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18783_none_f5d8b5e03834e458\mshtml.dll
+ 2009-06-28 19:56 . 2009-03-08 11:41	5937152              c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18702_none_f62e34f637f4eb79\mshtml.dll
+ 2009-06-28 19:57 . 2009-02-07 04:07	3698584              c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18702_none_de7d38b18189fc96\ieapfltr.dat
+ 2009-06-28 20:01 . 2009-05-12 22:48	1207808              c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.22874_none_980e282105e9f1bf\urlmon.dll
+ 2009-06-28 20:01 . 2009-05-09 05:49	1207808              c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18783_none_9778bb1fecd5548f\urlmon.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34	1206784              c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18702_none_97ce3a35ec955bb0\urlmon.dll
+ 2006-11-02 10:22 . 2009-06-28 20:35	6291456              c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-06-14 23:10	6291456              c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-06-28 19:57 . 2009-02-07 04:07	3698584              c:\windows\System32\ieapfltr.dat
+ 2009-06-28 20:31 . 2009-06-28 20:31	6221824              c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2009-06-28 20:01 . 2009-05-12 22:35	11064832              c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22874_none_47cd7ce4dd3f0fb5\ieframe.dll
+ 2009-06-28 20:01 . 2009-05-09 05:34	11064832              c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18783_none_47380fe3c42a7285\ieframe.dll
+ 2009-06-28 19:56 . 2009-03-08 11:39	11063808              c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18702_none_478d8ef9c3ea79a6\ieframe.dll
+ 2009-05-31 23:27 . 2009-06-28 20:03	36173384              c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

c:\users\Matthieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MarvellTrayStartup.lnk - c:\program files\Marvell\61xx	ray\RaidTray.bat [2009-4-12 143]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2009-4-12 192512]
Privoxy.lnk - c:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^E-Color.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\E-Color.lnk
backup=c:\windows\pss\E-Color.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-688644113-2982533412-3210815772-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\Program Files\BitTorrent\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.sys [6/15/2007 9:52 AM 143256]
R2 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\61xx\svc\mvraidsvc.exe [6/12/2007 8:54 PM 61440]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [4/12/2009 12:31 PM 1153368]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [4/12/2009 11:32 AM 46592]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [6/2/2008 3:16 PM 86792]
R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [4/12/2009 12:15 PM 28160]
S2 MRUWebService;MRU Web Service;c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [5/23/2007 2:17 AM 20539]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx	REG_MULTI_SZ   	scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32undll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-12 c:\windows\Tasks\PDVDServ.EXE_1153390954.job
- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [2009-04-12 19:01]
.
.
------- Supplementary Scan -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Matthieu\AppData\Roaming\Mozilla\Firefox\Profiles\vc2mjnov.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - plugin: c:\program files\Mozilla Firefox\plugins
p-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
pbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-28 22:39
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="3E87B90AF6A45CD5A5742D3845EA5CB74DAE0EE4D09274EB41916C87B64724E44FB2EFE9EE2F52F40011590F0838581B178A1D7776B825B0A4A3062969E1E9582824708B358154C445788C99D20E654982F0B8D4650A48479FC8E19BD7344556757A81BE06873ED3E7EC9F71770EBEB06C6B6983A9FC199798EA5A726A2895E4C4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98085D575E7D6A3B9808BA7FD869164D67948513FD2369840B54742BDE952D6AB83F1201EED1D8DC4CE678089C2D8827F604AA423D1C91436A155F6617896A0A52859A173FC6F57090DF952547018A54DB0EF46E37CB55DE9BAFD4BA5E400FF122789FB96BA37521AE2535845722224BC07C66382B1A262CBEE33A1902777D16E97F89CA6A1E4FA823E76418145FFCA37DE650C3C98E03C327D145F73E122DB1186595B32A918E011BBB09D735B05BBA9E4CDABA39D905835E028650C797A84453D9D6DC087F5468F899D640692D94B0E28D044A154CD40DA1DDDC20C432108DF471B235DB8BD4E3D3DDD950CE1310683DEE99A069DBAFC35FB27CE8D1B196168AA063AFE97DD8B8F6C9F08BFD41CB8AD69BC0F439236AD13EB4EEB07B0983A6D5C4F5C3F0C03B735F004E79FC3D58840A206F7EF9DE6A2495F99180C64DB2CC4C1DCB6A1FE5ED624089F9274AB0DC04E56DF27A1771A8EC72FB9466AA3B91DB97CD1D231A20F31901D34D23566910802ED9E9A9EC6134209599FCF491B1266A14DB707177C7666FBAADF78086D5422FDB1EC950CED73077F19522BF5A3285D0D4B5A5D9C558717FBC4DFCD7B40D520D195858368224526FB116B362D7655BAE1F28ECE9847354A70AC831C32CC535DA4609B2A9C0B5E3C9312530F8D0146665EA684E2E275A650DD71F4265AE5F761DF51648FAB824C48C80B16BA602AFFB1CE78D21B816768A16912FAC607258319AEFC85D7E0DA9E6FEE48D91901AC9813BF59215222C54C1ECD5BC44DA9ED71960304F088C52A2CFAED4F09DDE3A1874F22C552B053BA11B82F6F1AF025126713EE5B9B6031392996D7F735F41FA77E0B4531C397E06B43A89FA5AE9049A2F9348F4FD27414E9DF3D044957CE867666BB5E70D6932C48457F79C66C1950184ECD6F3766D2BF3109F3138B86E0B7E87CC711CB338C5A3AB3F09CAEAD8EE7CDA808630DFF1ABEC56742C212481E0B2A14EA4D6FE7865436C53BC281F274AFA0BE036A7D9EF2E10025B2300805529EA9F5153AFC350BE382985D68BA1F6E6DC92398C8DECF7232EC9523A02DEE0A4029047417637B805086ADE5D7EEF678A7691466E4B806C8087076D5A0DAF6B1AC8A738FA2A7580EEB05B7C9BBFEF6AFB914DD90AFAE186BCD33852B1B8C99152803B3ECC81"
"OOCC06.00.00.01WSSV"="53AAFB234323F6364EB696E24B4067716377DCE39A6F2C19BF4C7AA795D6EEE1B4F1A173639A6E916EEA3B304A54192CF0006E6358177C2CE8CF7528598B7D504CEABCCCA18FE871CC83E06A26F1D0F093AD6A1F6536B13159ABE3CD9CEBF7A2BCCA45F0D51647D8FE599C7A3C2098BB77999F4D4563A5BD70DA75B5A841A526BC9260862E495CEFB00BB2B2BE68F12DDD249005CDBAA48A249F06E199D9BFCE16016C182B456D0122FA9BC4325B508919EFF3442C5C6F72FEFC2BB7DE83F3AF269BF814A12D3779A44FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98085D575E7D6A3B9808BA7FD869164D6794E002725549A48026D6B11975004A8920A0C06378E8D635B6D4E4C34C8562DB88294276404596AD769CF7542B090A26D36744E3A388AB4B24403BC4477938BB6BF204698C0DCC968842AA1DAFBDF922269F8ADBA4E97554BA2A36001DC2CB9E940A82B32487B390F99093BF3F9060C7D5AC821EA5ACF4B1F7338E6A8BD0F697E26DE090F20F5D06AB82DA5C146828F765AB00D156640E57A0B261CF5182B551FC51A28F69F1FEF5C3CA10E9F2A0DEA399E6B9ED6819484D3AB3ADCEB1AD2A09471DB3947C70F3F1AA4CA52F9F88B853FDE14D4212C7CFAF1174D859F49A178F706CDF582442B99F0D20F04963E28BA1DFD0B66F0F5F74303367ABB7E50867CAE88DD8E55E1171B95C13ADA98DE6543F529D5B6D1E45A91175B1510355A5A6B2E205341D2BFAE28F4FA5F814EEBFAF6D2B6683030150872C6DAF5AAB959887D5588BEAB08E12F582DB0B5623DC0C6185047C58CFFECC4AECF770BC737FFA5C55058ADA2B115BB889C22D2B41B15E51713CE46B44E1F9D25332B35070EE58A0E56823C4654052DD2E82A842314A3F0831F3D9AEA8F90E237580724F8FC1B2705146284E902DE4BB8EE04DCA8609A837D613C8791419AE63F80AD5DC8DDCFE8A74292181B0EAF2CA5DE79FD5AAD209300CC352087515F8611C393E7C7EA8A557415AC84C1C14552AE064D8DBD912456A89F24CF98EC87D0AAE3E3C16C80F045D3C6B90FD0044559A736665B4A4B433FE20D241D1F594BF74158C17762781EA4AFEB09ACD5C9B2F8382C4E59FF12B1DAFB2DAED7714D8B6D6C659C94E2772206F36C23ED304BE17ED9297ADC0776CC2DDB7C4C4B5A6FDD00CD0A00131AED8DB4025FB088E1E57B207373C469C447058903C0EE9BC40EDEB16D322A21871324C579E7D375EA8129A229C53EB9DB8B60372DD79379FC696DC978361415F7BFD91700DAB3E0A719E5EB40043101308BF5FD3D08CBA55F3EBEA59A624AA47AB3E40ECED2FC63A1EB2FE58B4B4D5AFBC917BA55C12B53B55E4D3C61DF6DBF3B3FA6151D272A9FBA485F3CA"
"OODEFRAG10.00.00.01WORKSTATION"="E01E4348F90DD922A7FC908E4D6C3F3F6D52385E5D637E3CDC1B3CC0C56D45AC5C3A3FF456F347A5281A96B53BDC98260427E8D2B45F1BDEF50E64175CBDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98085D575E7D6A3B9808BA7FD869164D67941C82BA237E294BAFBD5A1A9F60068777A94101328BBD99548D66554B404B6D781971EAA6B64764AFF43D3E0A58CEA615B2EE4BD9FDBA70895F51E37E452DFD039806A39BEFE380A93A8A6B0F5A63A5BF9782F0CAF7712AE4C65D5D756F59879E7843FBDF3188223366D7F7CB34F417DBCAC72B7E33540D39EDAE7C2300281FA8BBC0CE056514D05B74D17F0E9D0593C06121761ECCACE14C237A3DB19EC65FF40BAAB9CFDCB7951F053A62D6ABE937BD1303910B4694F3D6D88C61FB54B6E4CA30BF1EBACAF701745C64C15E5DD020133EF601D6067D1508A2416E9311CA526498D1A3F2C4B1A4C260B9068F12B572F4E21B0ECB532998823C8CACBB26AD4D71D94BB359C88F17E59FB459860DEC568D261F4462DCB1585B047329EECADBFD1529247C053515F32F47E6AB97781D77F8CF49734C3581309CFA91B55898A49265E0EDEEBD4D9658E02E73B049E0C085494EF2306BCE580245C594E7580F2EBD6E024BC20238BFE6B3C8145E563526B2033289D15805CAB14631BD97050FF0B4AD2E727282020DC854B6146F2CCA71399E300DF55F1640A785296463A560B9B0982CB0BA2699D1A6E0B5D3E4EDD998D2892193FB7E2274CF5DBE72AB36AB296F9467631F8552B1AE70A94801F17FE53F2502488769AD761D9C2AE695E802B4B27D6F7E646FE3A715081B794AC33AF8C346F3650208242C0284C4538921D324C0A1F40A9562EA8010A5B5030DA0EFC325363CBC167652CAF84C8BDDB5F6F794E2445020811764DF59B8499557FA688EB1B042B53584E85EFC1CA0428BB729F6669BFB71B876B43AAFA549F47DFA51F13869934712337DC80F134A4C3F64058F1CD418BF921C24D8D742CEFA1679395E0D02620126BC0ABC3542F260CAB08EF85B0DE5E2285B5CDA155D9492FB859696069681022D8BEA41F63127F26A062C1D7D57CDC6D73AEEB1B537FB3CCE6240B00032EB7F27BFE2B260D819902000283F5F3CD86AC5EF4E228581870C7085F1175AD5BCC4D82B164183A72055B1EE31F2E33538E0D5EB50C65865DEAA09994E897977362DC9570F70F30034F426D7D8A1EF323DD032CFB28E84FECF5485FD589AC300BC2CC6003B174B37F435CBF317866C165FF54A6F1439E55EC7D912C47831264D59C45E126AE2A4172270B3AEC4B447B63820CFD5775CD807DC1F23B37B870F2E3891E633D252A2DE241534A8A08F73E10932B840C4E34271461BEF46912D73692B3E"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(9428)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32
vvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32undll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\System32\oodag.exe
c:\program files\OO Software\CleverCache\ooccag.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\program files\BitDefender\BitDefender 2008\vsserv.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\System32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
c:\program files\BitDefender\BitDefender 2008\bdagent.exe
c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
c:\windows\System32undll32.exe
c:\program files\OO Software\CleverCache\ooccctrl.exe
c:\windows\System32\oodtray.exe
c:\program files\Common Files\Real\Update_OBealsched.exe
c:\program files\Adobe\Reader 9.0\Readereader_sl.exe
c:\program files\Java\jre6\bin\jusched.exe
c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
c:\program files\DNA\btdna.exe
c:\program files\MSI\DualCoreCenter\DualCoreCenter.exe
c:\program files\Marvell\61xx	ray\zRaidTray.exe
c:\windows\System32\wbem\WmiApSrv.exe
.
**************************************************************************
.
Completion time: 2009-06-28 22:42 - machine was rebooted
ComboFix-quarantined-files.txt  2009-06-28 20:41
ComboFix2.txt  2009-06-28 18:59

Pre-Run: 101,220,593,664 octets libres
Post-Run: 101,447,655,424 octets libres

422	--- E O F ---	2009-06-18 01:01

InfernO.vir · Answer

Avais-tu desactiver l'UAC ? si non, recommence !

-------------------
€nsuite :

1/ Telechargement :

# Télécharge Malwarebytes' Anti-Malware

NOTE : S'il te manque COMCTL32.OCX alors télécharge le --> comctl32.ocx 


2/ Installation et mise a jour :

# Installe MBAM en double-cliquant sur Mbam-setup.exe ,il se mettra a jour automatiquement.  

# Une fois a jour, le programme va se lancer. Clique sur l'onglet Paramètre, et coche la case : "Arrêter internet explorer pendant la suppression". 


3/ Recherche :

# Clique a présent sur l'onglet Recherche et coche la case : "exécuter un examen complet". 

# Clique ensuite sur "rechercher". 

Laisse-le scanner ton PC ... 


4/ Suppression :

# Si des éléments on été trouvés ~> Clique sur "Supprimer la selection".

# Si le programme te demande de redemarrer ~> Clique sur "yes". 

# A la fin, un rapport va s'ouvrir dans le Bloc-notes ~> Sauvegarde le de manière a le retrouver pour le poster sur le forum. 

# Copie (Ctrl + C) et colle (Ctrl + V) le rapport dans ton prochain message stp. 


PS : Les rapports sont aussi classés par date et heure du scan dans l'onglet Rapport/Log 


Données : Un tutoriel de chez Malekal est disponible ~> 

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Aurahire · Answer

Je pense bien que tu n'as pas que cela a faire, mais comme tu t'occupe bien de mon cas, je voulais savoir ce que tu pensais du log ;)! Tu a deja rencontré un cas comme le mien ? Parce que comme j'ai vu que dans un de tes post tu a mis "interressant" :p Moi je qualifierai plutot de soulant :p! 
Amicalement!

InfernO.vir · Answer

Interressant pour moi, car tu es infecté :) et ca me donne du boulot :p

J'attends le rapport MBAM (pas tarder a allez me coucher..)

Et puis repond a ma question concernant l'UAC stp. ?

Aurahire · Answer

Ya pas de soucis ;) désolé je n'avais pas vu ta reponse ! L'anti malware est en route je poste des que c'est fini ;)
Merci de m'aider !

InfernO.vir · Answer

ok et pour l'UAC, lors de l'analyse combofix, l'avait-tu desactiver comme preconnisé ?? c'est important !!

Aurahire · Answer

A et pour l'UAC oui désactivé depuis le debut !
;)

InfernO.vir · Answer

Bien :)

Je vais me coucher, bonne nuit =)


PS : poste ton rapport MBAM, je donnerais suite a ton probleme demain (matin probablement) :)

Aurahire · Answer

Voila le resultat de l'antimalware;) il ma trouvé deux tite chose mais pas par rapport a ma clé USB :p

Merki bien ;)
Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2347
Windows 6.0.6001 Service Pack 1

6/28/2009 11:23:19 PM
mbam-log-2009-06-28 (23-23-11).txt

Type de recherche: Examen rapide
Eléments examinés: 80718
Temps écoulé: 6 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinSys2 (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\startup.exe (Trojan.Agent) -> No action taken.

Aurahire · Answer

Jvoudrais pas t'empécher d'aller te coucher, je tarderai pas trop non plus mais te tracasse pas sinon !
Merci bien !

InfernO.vir · Answer

Salut,

Recommence un scan MBAM mais en examen complet cette fois-ci ! et SUPPRIME CE QU'IL TE TROUVE !

Aurahire · Answer

Re bonjour, Je te remercie de t'être attaqué a mon cas, mais MAMB n'a pas arrangé le probleme apres avoir supprimé ce qui n'allais pas en revanche j'ai reussi a faire en sorte que le lecteur de CD n'apparaisse plus => option du lecteur =< desactiver ou un truc du genre enfin , Je pense que les fichier sont tjrs dessus mais je n'ai plus l'autorun donc je vais considerer mon topic comme résolu ;)
Je te remercie encore !

Problème Clé usb comme neuve

16 réponses

Discussions similaires

Newsletters