Ordinateur piraté ( il me semble )

Bisoonoors · Octobre 2, 2009, 7:47

Voici le resultat du scan par Malwarebytes’ Anti-Malware :

Malwarebytes’ Anti-Malware 1.41
Version de la base de données: 2775
Windows 5.1.2600 Service Pack 3 (Safe Mode)

02/10/2009 07:27:12
mbam-log-2009-10-02 (07-27-12).txt

Type de recherche: Examen complet (C:|H:|)
Eléments examinés: 139149
Temps écoulé: 57 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Typelib{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WiniFighter (Rogue.WiniFighter) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ESQULserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WiniFighter (Rogue.WiniFighter) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\ESQULzcounter (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Tasks{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

stephanelechat · Octobre 6, 2009, 8:59

Salut Bisoonoors

Bien, il y avait bien quelques infections.

ESQULzcounter / ESQULserv.sys ! Il est collant celui là. Même si Malwarebytes indique que le trojan a été supprimé, refait une analyse en mode sans échec pour t’en assurer.

Un moyen plus rapide serait de renommer toto.exe ou titi.exe en mbam.exe (nom d’origine) et de vérifier que le programme démarre de nouveau normalement. Car c’est ESQL qui bloque le démarrage de malwarebytes lorsqu’il reconnait le lancement de mbam.exe.

Je vais tacher de revenir plus souvent pour te répondre plus rapidement.
Edité le 06/10/2009 à 09:08

Bisoonoors · Octobre 6, 2009, 6:12

j’ai renomé l’exe en mbam et le logicel se lance sans probleme. Donc j’ai pas fait d’analyse, est ce mal ?
Edité le 06/10/2009 à 18:12

cricri58 · Octobre 6, 2009, 6:17

salut

Télécharge Random’s System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.

==>Random’s System Information Tool (RSIT)

==> Double-clique sur RSIT.exe afin de lancer RSIT.
==> Clique sur Continue à l’écran Disclaimer.
==> Si l’outil HijackThis (version à jour) n’est pas présent ou non détecté sur l’ordinateur, RSIT le téléchargera et tu devras accepter la licence.
==>Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront.

==> Poste le contenu de log.txt (<==qui sera affiché) ainsi que de info.txt (<==qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés %systemroot%\rsit

ensuite
télécharge GenProc sur ton bureau

==>[GenProc[/url]]www.alt-shift-return.org…]( [url=http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip)

dézippe le dossier, double-clique sur GenProc.bat

réponds " oui" à la fenêtre qui apparait

poste le contenu du rapport qui s’ouvre

cricri58

Poste tous les rapports

stephanelechat · Octobre 6, 2009, 8:13

Salut Bisoonoors

A priori tu es tiré d’affaire.

Les tests de cricri58 ne me semblent pas indispensables, mais je peux me tromper… Moi, je considère Malwarebytes comme le meilleur complément d’un antivirus résident.

A cricri58 d’argumenter et/ou à toi de voir si tu veux aller plus loin dans le contrôle de ton PC.

Bisoonoors · Octobre 6, 2009, 8:31

Rofl, mon Windows ne freeze plus du tout, j’ai plus aucun spam sur internet, ni aucune alerte venant de nul part. Sachant que je ne fais rien de confidenciel sur mon PC, je pense que je vais m’arreter la pour l’instant, je suis fatigué de tout les reboots, et analyses qui durent une heure ^^.
MERCI A TOUT LE MONDE.

cricri58 · Octobre 6, 2009, 8:41

certes je préconis e toujours "malwarebytes " mais en désinfection on passe toujours pas une rapport Hijackthis ,ou RSIT sinon
pas possible de dire

cricri58

[quote="stephanelechat"] Salut Bisoonoors

Les tests de cricri58 ne me semblent pas indispensables, mais je peux me tromper…

[/quote]
as-tu déja vu une désinfection sans Hijackthis au moins toi !!!

:neutre: Bisoonoors aprés tout c est ton PC

Bisoonoors · Octobre 6, 2009, 10:04

rofl, voila le log.txt

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Andrea at 2009-10-06 21:53:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (11%) free of 20 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:59, on 06/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Andrea\Desktop\JediKnight2Minimizer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GameTracker\GSInGameService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Andrea\Desktop\RSIT.exe
C:\Program Files\trend micro\Andrea.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = go.microsoft.com…
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM…\Run: [StartCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”
O4 - HKLM…\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [BDAgent] “C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe”
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\banane.exe” /runcleanupscript
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun
O4 - HKCU…\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe”
O4 - HKCU…\Run: [ccleaner] “C:\Program Files\CCleaner\ccleaner.exe” /AUTO
O4 - HKCU…\Run: [GameTracker] C:\Program Files\GameTracker\GTLite.exe
O4 - HKUS\S-1-5-18…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘Default user’)
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip…{7DDEB5A1-B39D-485F-B28E-6EB1B876687A}: NameServer = 212.27.40.240,212.27.40.241
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

–
End of file - 5850 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2009-08-28 1303912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-31 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2009-08-28 1303912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“StartCCC”=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
“AVG8_TRAY”=C:\PROGRA~1\AVG\AVG8\avgtray.exe []
“Adobe Reader Speed Launcher”=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
“RTHDCPL”=C:\WINDOWS\RTHDCPL.EXE [2009-05-21 17881600]
“BDAgent”=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-03-19 778240]
“SunJavaUpdateSched”=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-31 149280]
“Malwarebytes Anti-Malware (reboot)”=C:\Program Files\Malwarebytes’ Anti-Malware\banane.exe /runcleanupscript []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
“DAEMON Tools Lite”=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
“RocketDock”=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
“ccleaner”=C:\Program Files\CCleaner\ccleaner.exe [2009-06-25 1578736]
“GameTracker”=C:\Program Files\GameTracker\GTLite.exe [2009-09-17 2994016]

C:\Documents and Settings\Andrea\Start Menu\Programs\Startup
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-10-17 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-03 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-08-30 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“DisableTaskMgr”=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=323
“NoDriveAutoRun”=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“HonorAutoRunSetting”=
“NoDriveAutoRun”=
“NoDriveTypeAutoRun”=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“C:\Program Files\ma-config.com\maconfservice.exe”=“C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Disabled:maconfservice”
“C:\WINDOWS\Network Diagnostic\xpnetdiag.exe”=“C:\WINDOWS\Network Diagnostic\xpnetdiag.exe::Disabled:@xpsp3res.dll,-20000"
“C:\WINDOWS\system32\sessmgr.exe”="C:\WINDOWS\system32\sessmgr.exe::Disabled:@xpsp2res.dll,-22019”
“H:\Jeux\Xfire\Xfire.exe”=“H:\Jeux\Xfire\Xfire.exe::Disabled:Xfire"
“H:\Jeux\Microsoft Games\Age of Empires II\EMPIRES2.ICD”="H:\Jeux\Microsoft Games\Age of Empires II\EMPIRES2.ICD::Disabled:Age of Empires II”
“H:\Jeux\Microsoft Games\Age of Empires II\EMPIRES2.EXE”=“H:\Jeux\Microsoft Games\Age of Empires II\EMPIRES2.EXE::Disabled:Age of Empires II"
“H:\Jeux\Steam\steamapps\baptiste215\half-life\hl.exe”="H:\Jeux\Steam\steamapps\baptiste215\half-life\hl.exe::Disabled:Half-Life Launcher”
“H:\Jeux\Steam\steamapps\baptiste215\day of defeat\hl.exe”=“H:\Jeux\Steam\steamapps\baptiste215\day of defeat\hl.exe::Disabled:Half-Life Launcher"
“H:\Jeux\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe”="H:\Jeux\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe::Disabled:Jedi Academy MultiPlayer”
“C:\WINDOWS\system32\dplaysvr.exe”=“C:\WINDOWS\system32\dplaysvr.exe::Disabled:Microsoft DirectPlay Helper"
“C:\WINDOWS\system32\dpvsetup.exe”="C:\WINDOWS\system32\dpvsetup.exe::Disabled:Microsoft DirectPlay Voice Test”
“C:\Program Files\Opera\opera.exe”=“C:\Program Files\Opera\opera.exe::Disabled:Opera"
“H:\Jeux\Starcraft\StarCraft.exe”="H:\Jeux\Starcraft\StarCraft.exe::Disabled:Starcraft”
“C:\Program Files\Xfire\Xfire.exe”=“C:\Program Files\Xfire\Xfire.exe::Disabled:Xfire"
“C:\Program Files\AVG\AVG8\avgemc.exe”="C:\Program Files\AVG\AVG8\avgemc.exe::Disabled:avgemc.exe”
“C:\Program Files\AVG\AVG8\avgnsx.exe”=“C:\Program Files\AVG\AVG8\avgnsx.exe::Disabled:avgnsx.exe"
“C:\Program Files\AVG\AVG8\avgupd.exe”="C:\Program Files\AVG\AVG8\avgupd.exe::Disabled:avgupd.exe”
“H:\Jeux\LucasArts\Star Wars Empire at War\GameData\fpupdate.exe”=“H:\Jeux\LucasArts\Star Wars Empire at War\GameData\fpupdate.exe::Disabled:fpupdate"
“H:\Jeux\GameSpy Arcade\Aphex.exe”="H:\Jeux\GameSpy Arcade\Aphex.exe::Disabled:GameSpy Arcade”
“C:\WINDOWS\system32\rundll32.exe”=“C:\WINDOWS\system32\rundll32.exe::Disabled:Run a DLL as an App"
“H:\Jeux\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe”="H:\Jeux\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe::Enabled:jk2mp”
“C:\Program Files\Java\jre6\bin\java.exe”=“C:\Program Files\Java\jre6\bin\java.exe::Disabled:Java™ Platform SE binary"
“C:\Program Files\Common Files\AOL\Loader\aolload.exe”="C:\Program Files\Common Files\AOL\Loader\aolload.exe::Disabled:AOL Loader”
“C:\Program Files\Windows Live\Messenger\wlcsdk.exe”=“C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Disabled:Windows Live Call"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Disabled:Windows Live Messenger”
“C:\Program Files\Hamachi\hamachi.exe”=“C:\Program Files\Hamachi\hamachi.exe::Enabled:Hamachi"
“C:\Program Files\Mozilla Firefox\firefox.exe”="C:\Program Files\Mozilla Firefox\firefox.exe::Enabled:Firefox”
“H:\Jeux\Steam\steamapps\pacifikateur\counter-strike source\hl2.exe”=“H:\Jeux\Steam\steamapps\pacifikateur\counter-strike source\hl2.exe::Disabled:hl2"
“C:\Program Files\AIM\aim.exe”="C:\Program Files\AIM\aim.exe::Enabled:AIM”
“C:\Program Files\eMule\emule.exe”=“C:\Program Files\eMule\emule.exe::Enabled:eMule"
“H:\Jeux\LucasArts\Star Wars JK III Jedi Academy\GameData\jamp.exe”="H:\Jeux\LucasArts\Star Wars JK III Jedi Academy\GameData\jamp.exe::Enabled:Jedi Academy MultiPlayer”
“C:\Program Files\GtkRadiant 1.5.0\GtkRadiant.exe”=“C:\Program Files\GtkRadiant 1.5.0\GtkRadiant.exe:*:Enabled:GtkRadiant”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Windows Live\Messenger\wlcsdk.exe”=“C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger”

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4c351eee-54dc-11de-8454-00226ba94163}]
shell\AutoRun\command - n0euybx.exe
shell\open\command - n0euybx.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4f080966-5beb-11de-8464-00226ba94163}]
shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8646f2dc-5092-11de-844f-00226ba94163}]
shell\AutoRun\command - n0euybx.exe
shell\open\command - n0euybx.exe

======List of files/folders created in the last 3 months======

2009-12-27 12:43:28 ----A---- C:\WINDOWS\593bd9znloader2555.dll
2009-12-24 03:35:18 ----A---- C:\WINDOWS\system32\95a1steaz2845.exe
2009-12-23 15:58:15 ----A---- C:\WINDOWS\29c9bac5door2582z.exe
2009-12-19 06:57:48 ----A---- C:\WINDOWS\5019ormzb.dll
2009-12-14 20:21:35 ----A---- C:\WINDOWS\system32\15689wo9m209z.exe
2009-12-13 14:37:32 ----A---- C:\WINDOWS\z5c5vir2915.exe
2009-12-10 18:15:43 ----A---- C:\WINDOWS\201z5r9674.exe
2009-12-09 17:30:11 ----A---- C:\WINDOWS\13440hzck9ool7d85.dll
2009-12-07 19:24:09 ----A---- C:\WINDOWS\32059roz758.dll
2009-12-01 02:52:20 ----A---- C:\WINDOWS\59a2szarse30705.dll
2009-11-24 05:52:06 ----A---- C:\WINDOWS\99706virusz56.dll
2009-11-14 22:38:47 ----A---- C:\WINDOWS\4150szeal9023.exe
2009-11-14 20:48:37 ----A---- C:\WINDOWS\system32\147039zrus7c75.exe
2009-11-12 06:06:29 ----A---- C:\WINDOWS\system32\31852troz759.exe
2009-11-09 18:26:03 ----A---- C:\WINDOWS\system32\1za095ief718.exe
2009-11-07 21:27:55 ----A---- C:\WINDOWS\system32\29593szy603.dll
2009-11-04 18:49:45 ----A---- C:\WINDOWS\system32\3948v9rzs152.exe
2009-11-04 10:48:42 ----A---- C:\WINDOWS\system32\15539hazkt5ol5af.exe
2009-11-02 18:08:08 ----A---- C:\WINDOWS\system32\30650s5zmbot609.dll
2009-10-25 08:45:48 ----A---- C:\WINDOWS\system32\20791wormz5a.exe
2009-10-25 01:53:02 ----A---- C:\WINDOWS\54f79zr1639.exe
2009-10-20 14:56:01 ----A---- C:\WINDOWS\system32\4dz9do9nload5r1390.dll
2009-10-14 23:55:18 ----A---- C:\WINDOWS\15941not-a-vizus94a.exe
2009-10-06 21:23:57 ----A---- C:\WINDOWS\system32\19eds5yware1286z.exe
2009-10-06 21:00:22 ----A---- C:\WINDOWS\system32\MSVCRTD.DLL
2009-10-06 21:00:22 ----A---- C:\WINDOWS\system32\MSVCP60D.DLL
2009-10-06 21:00:21 ----A---- C:\WINDOWS\system32\AudPlayer.dll
2009-10-06 21:00:21 ----A---- C:\WINDOWS\system32\AudioVisu.dll
2009-10-06 21:00:21 ----A---- C:\WINDOWS\system32\AudioRecord.dll
2009-10-06 21:00:21 ----A---- C:\WINDOWS\system32\AudDisplay.dll
2009-10-06 21:00:21 ----A---- C:\WINDOWS\system32\AudDesign.dll
2009-10-06 21:00:20 ----D---- C:\Program Files\Free Audio Pack
2009-10-06 21:00:20 ----A---- C:\WINDOWS\system32\TABCTFR.DLL
2009-10-06 21:00:20 ----A---- C:\WINDOWS\system32\Mscc2fr.dll
2009-10-06 21:00:20 ----A---- C:\WINDOWS\system32\lame_enc.dll
2009-10-06 18:27:42 ----D---- C:\Program Files\GameTracker
2009-10-06 18:27:07 ----D---- C:\Documents and Settings\Andrea\Application Data\GameTracker
2009-10-02 01:20:23 ----D---- C:\Documents and Settings\Andrea\Application Data\Malwarebytes
2009-10-02 00:57:22 ----D---- C:\Program Files\LucasArts
2009-09-28 19:54:49 ----A---- C:\WINDOWS\12448n5t-a-vi9us4ze.dll
2009-09-27 23:53:54 ----A---- C:\WINDOWS\system32\576d9hzeat5354.dll
2009-09-27 16:18:07 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-27 16:18:07 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-27 16:18:07 ----A---- C:\WINDOWS\system32\java.exe
2009-09-27 02:15:38 ----D---- C:\Program Files\GtkRadiant 1.5.0
2009-09-27 02:12:41 ----D---- C:\Program Files\QuArK 6.6.0 Beta 2
2009-09-26 22:33:56 ----D---- C:\Documents and Settings\Andrea\Application Data\Xfire
2009-09-26 22:33:54 ----D---- C:\Program Files\Xfire
2009-09-26 00:20:28 ----A---- C:\WINDOWS\system32\xfcodec.dll
2009-09-25 20:50:34 ----D---- C:\Program Files\eMule
2009-09-25 01:47:50 ----A---- C:\WINDOWS\4d965hi9f2186z.dll
2009-09-24 21:56:12 ----A---- C:\paklog.txt
2009-09-24 21:04:48 ----A---- C:\JK2Radiant_missing.txt
2009-09-24 21:04:21 ----A---- C:\JK2Radiant_GL_report.txt
2009-09-24 21:04:20 ----A---- C:\JK2Radiant_paklog.txt
2009-09-23 16:10:57 ----A---- C:\WINDOWS\30z145p95c2.exe
2009-09-23 00:45:05 ----D---- C:\Program Files\Common Files\Software Update Utility
2009-09-23 00:45:02 ----D---- C:\Program Files\AIM Toolbar
2009-09-23 00:45:02 ----D---- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
2009-09-23 00:44:51 ----D---- C:\Documents and Settings\Andrea\Application Data\acccore
2009-09-23 00:44:46 ----D---- C:\Documents and Settings\All Users\Application Data\AIM
2009-09-23 00:44:44 ----D---- C:\Program Files\AIM
2009-09-23 00:44:41 ----D---- C:\Program Files\Common Files\AOL
2009-09-20 23:02:41 ----A---- C:\WINDOWS\5979h5cktool9fz.exe
2009-09-19 03:30:15 ----A---- C:\WINDOWS\5430not-azv59us3d7.exe
2009-09-17 07:11:41 ----A---- C:\WINDOWS\46zfsparse1592.exe
2009-09-14 07:36:39 ----A---- C:\WINDOWS\77a5t9reat114z3.dll
2009-09-13 23:00:21 ----A---- C:\WINDOWS\eazspywar51595.dll
2009-09-13 13:25:49 ----D---- C:\Program Files\Microsoft
2009-09-13 13:25:39 ----D---- C:\Program Files\Windows Live SkyDrive
2009-09-13 10:43:52 ----D---- C:\Documents and Settings\Andrea\Application Data\BitDefender
2009-09-13 10:43:39 ----D---- C:\Program Files\BitDefender
2009-09-13 10:43:39 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2009-09-13 10:43:12 ----D---- C:\Program Files\Common Files\BitDefender
2009-09-07 22:35:40 ----A---- C:\WINDOWS\IsUn040c.exe
2009-09-07 22:35:40 ----A---- C:\WINDOWS_delis32.ini
2009-09-05 09:16:43 ----A---- C:\WINDOWS\12c1ztea59181.dll
2009-09-04 03:55:33 ----A---- C:\WINDOWS\99zcsteal29735.dll
2009-09-02 00:50:37 ----A---- C:\WINDOWS\BlendSettings.ini
2009-08-28 06:21:45 ----A---- C:\WINDOWS\system32\1z07sp9ware9865.dll
2009-08-26 02:06:07 ----A---- C:\WINDOWS\system32\4825vzrus4859.dll
2009-08-25 00:48:44 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2009-08-25 00:48:43 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-08-25 00:48:20 ----D---- C:\Program Files\Viewpoint
2009-08-25 00:48:20 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-08-25 00:46:23 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2009-08-23 20:51:54 ----A---- C:\WINDOWS\system32\43209owzloader2555.exe
2009-08-18 09:52:10 ----A---- C:\WINDOWS\9086nzt-a-v9r5s73f.dll
2009-08-18 03:27:43 ----A---- C:\WINDOWS\1c1dsp9rsz2675.exe
2009-08-13 18:55:53 ----A---- C:\WINDOWS\6519spa5se3218z.exe
2009-08-05 11:42:35 ----D---- C:\WINDOWS\ERDNT
2009-08-05 11:42:33 ----D---- C:\Qoobox
2009-08-04 20:45:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-04 20:43:40 ----D---- C:\Program Files\Lavasoft
2009-08-04 20:43:40 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-08-04 20:38:31 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2009-08-04 20:38:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-04 02:42:13 ----A---- C:\WINDOWS\26869z95ktool32a.dll
2009-08-04 02:24:36 ----D---- C:\Program Files\Linksys
2009-08-04 02:24:33 ----D---- C:\Documents and Settings\Andrea\Application Data\InstallShield
2009-08-04 02:24:13 ----A---- C:\WINDOWS\system32\WLAN.INI
2009-08-01 22:53:13 ----A---- C:\WINDOWS\2z554tro97c5.exe
2009-07-31 20:34:37 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-07-30 23:26:49 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-07-30 23:22:47 ----D---- C:\Program Files\Common Files\Logitech
2009-07-30 23:22:16 ----A---- C:\WINDOWS\system32\MFC71KOR.DLL
2009-07-30 23:22:16 ----A---- C:\WINDOWS\system32\MFC71JPN.DLL
2009-07-30 23:22:16 ----A---- C:\WINDOWS\system32\MFC71ITA.DLL
2009-07-30 23:22:16 ----A---- C:\WINDOWS\system32\MFC71ESP.DLL
2009-07-30 23:22:16 ----A---- C:\WINDOWS\system32\MFC71ENU.DLL
2009-07-30 23:22:16 ----A---- C:\WINDOWS\system32\MFC71DEU.DLL
2009-07-30 23:22:16 ----A---- C:\WINDOWS\system32\MFC71CHT.DLL
2009-07-30 23:22:16 ----A---- C:\WINDOWS\system32\MFC71CHS.DLL
2009-07-30 23:22:16 ----A---- C:\WINDOWS\system32\atl71.dll
2009-07-30 23:22:13 ----D---- C:\Program Files\Logitech
2009-07-30 18:28:35 ----D---- C:\Program Files\Hamachi
2009-07-26 16:44:56 ----A---- C:\WINDOWS\system32\sirenacm.dll
2009-07-23 16:47:45 ----D---- C:\Program Files\GIMP-2.0
2009-07-23 16:38:48 ----D---- C:\Program Files\Corel
2009-07-21 23:54:22 ----D---- C:\Documents and Settings\Andrea\Application Data\Hamachi
2009-07-21 09:11:11 ----D---- C:\Documents and Settings\Andrea\Application Data\RadiantSettings
2009-07-20 00:21:48 ----D---- C:\rsit
2009-07-19 03:00:14 ----D---- C:\Program Files\MSXML 4.0
2009-07-18 14:22:52 ----A---- C:\WINDOWS\system32\WMAFile.dll
2009-07-18 14:22:52 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2009-07-18 14:22:52 ----A---- C:\WINDOWS\system32\VB6FR.DLL
2009-07-18 14:22:52 ----A---- C:\WINDOWS\system32\SSubTmr6.dll
2009-07-18 14:22:52 ----A---- C:\WINDOWS\system32\msxml4r.dll
2009-07-18 14:22:52 ----A---- C:\WINDOWS\system32\msxml4a.dll
2009-07-18 14:22:52 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
2009-07-18 14:22:52 ----A---- C:\WINDOWS\system32\inetfr.DLL
2009-07-18 14:22:52 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL
2009-07-18 14:22:52 ----A---- C:\WINDOWS\system32\AudioInfos.dll
2009-07-18 14:22:52 ----A---- C:\WINDOWS\system32\AudFile.dll
2009-07-18 01:14:59 ----D---- C:\Program Files\Trend Micro
2009-07-18 01:06:49 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-07-18 01:01:51 ----D---- C:\WORT
2009-07-18 00:58:12 ----D---- C:\ToolBar SD
2009-07-18 00:48:09 ----A---- C:\WINDOWS\system32\tmp.txt
2009-07-18 00:47:55 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-07-18 00:47:55 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-07-18 00:47:55 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-07-18 00:47:55 ----A---- C:\WINDOWS\system32\Process.exe
2009-07-18 00:47:55 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-07-18 00:47:55 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-07-18 00:47:55 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-07-18 00:47:55 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-07-18 00:47:55 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-07-18 00:47:55 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-07-18 00:45:21 ----D---- C:\Program Files\CCleaner
2009-07-17 19:30:01 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-07-17 19:11:43 ----D---- C:\Program Files\Alex Feinman
2009-07-17 14:57:54 ----SHD---- C:\WINDOWS\CSC
2009-07-17 12:21:47 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-17 11:34:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-17 11:07:08 ----A---- C:\WINDOWS\z5868spy790.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\z29695eal903.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\9bczthr5at24634.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\9370nzt-a-virus5cb.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\9315viru5914z.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\9198vzr9s2375.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\9130steal567z.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\7z775ack9oor1515.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\7009viruz656.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\67zf95wnloader2754.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\67d9szy5are2838.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\65895rzj79f.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\635ddownloader2592z.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\5z43v9rus15b.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\5cf8thze9t22689.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\59aesp5r9z1075.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\58139zpy14d9.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\5169spamzo9543.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\50369hreat1465z.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\42d45parse98z0.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\3417spaz9ot4505.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\26255worm904z.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\254cs9ealz4245.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\2516zackdo9r1558.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\243355pzmbot459.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\23878viru5z9e.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\1b9f9pzrse2565.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\system32\19z07spy257.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\c28add5arz793.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\7491s599z.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\72f1z9r29915.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\6cd1s9zware2251.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\6a57a9dwar52850z.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\6759not-a-5izu97e9.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\5e93vir8z8.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\5c89s5ealz023.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\5b59thiefz756.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\56troz139.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\55ceste9l293z.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\5455troj491z.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\5131s9ambot557z.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\509spy6z9.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\2e77s5eal9881z.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\299zthief1577.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\29049h5zktool79b.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\28d6sp9rze16545.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\28912szy5475.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\27929hac5tozl2fb.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\2688zspamb5t17c9.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\2630not-a-z59us525.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\25ffazdw95e3135.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\2267zhack9ool1be5.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\22436viru9z05.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\22397sp5mbot6z1.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\21e5stezl1898.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\21392not9a5virus2z0.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\1zdbdownloade95342.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\19589tr9j75dz.exe
2009-07-17 11:07:08 ----A---- C:\WINDOWS\161abzckd9o5438.dll
2009-07-17 11:07:08 ----A---- C:\WINDOWS\1506stzal9722.exe
2009-07-17 10:22:13 ----D---- C:\Documents and Settings\Andrea\Application Data\Mozilla
2009-07-17 10:22:09 ----D---- C:\Program Files\Mozilla Firefox
2009-07-15 23:09:51 ----HDC---- C:\WINDOWS$NtUninstallKB973346$
2009-07-15 23:09:47 ----HDC---- C:\WINDOWS$NtUninstallKB971633$
2009-07-15 23:08:23 ----HDC---- C:\WINDOWS$NtUninstallKB961371$
2009-07-14 11:45:35 ----A---- C:\WINDOWS\uninst.exe
2009-07-14 11:43:12 ----A---- C:\WINDOWS\RAUNINST.EXE
2009-07-13 12:28:55 ----A---- C:\WINDOWS\BricoPackUninst.cmd
2009-07-13 12:27:49 ----A---- C:\WINDOWS\BricoPackUninst.txt
2009-07-13 12:27:49 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd
2009-07-12 12:50:12 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2009-07-12 12:50:08 ----HDC---- C:\WINDOWS$NtUninstallWdf01007$
2009-07-12 06:44:28 ----A---- C:\WINDOWS\system32\5918stzal2239.dll
2009-07-10 14:35:18 ----D---- C:\Documents and Settings\Andrea\Application Data.starphone
2009-07-09 07:25:33 ----A---- C:\WINDOWS\5808hac9toolzc5.dll
2009-07-09 07:10:49 ----A---- C:\WINDOWS\491fvir501z.dll
2009-07-07 07:42:26 ----A---- C:\WINDOWS\system32\z8d5thi9f5621.dll

======List of files/folders modified in the last 3 months======

2009-10-06 21:33:09 ----D---- C:\Documents and Settings\Andrea\Application Data\gtk-2.0
2009-10-06 21:21:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-06 21:00:22 ----D---- C:\WINDOWS\system32
2009-10-06 21:00:20 ----RD---- C:\Program Files
2009-10-06 21:00:19 ----D---- C:\WINDOWS
2009-10-06 20:37:52 ----D---- C:\WINDOWS\Temp
2009-10-06 16:31:52 ----D---- C:\WINDOWS\Prefetch
2009-10-04 01:28:11 ----D---- C:\Documents and Settings\Andrea\Application Data\dvdcss
2009-10-03 17:46:00 ----D---- C:\WINDOWS\system32\drivers
2009-10-02 01:14:32 ----SHD---- C:\WINDOWS\Installer
2009-10-02 01:14:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-02 01:13:54 ----RD---- C:\WINDOWS\Web
2009-10-02 00:57:22 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-27 16:18:06 ----D---- C:\Program Files\Java
2009-09-24 18:25:50 ----D---- C:\WINDOWS\system32\config
2009-09-23 00:45:05 ----D---- C:\Program Files\Common Files
2009-09-13 13:26:09 ----D---- C:\Program Files\Windows Live
2009-09-08 13:25:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-07 22:36:20 ----HD---- C:\WINDOWS\inf
2009-09-07 22:35:48 ----D---- C:\WINDOWS\twain_32
2009-09-02 00:36:15 ----D---- C:\WINDOWS\system32\DirectX
2009-08-31 23:45:57 ----D---- C:\WINDOWS\WinSxS
2009-08-31 15:10:57 ----RSD---- C:\WINDOWS\assembly
2009-08-05 11:35:10 ----SD---- C:\Documents and Settings\Andrea\Application Data\Microsoft
2009-08-05 11:35:08 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-08-04 20:45:34 ----SD---- C:\WINDOWS\Tasks
2009-08-04 12:02:59 ----HD---- C:$AVG8.VAULT$
2009-07-31 15:23:10 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-29 21:38:47 ----D---- C:\WINDOWS\system32\en-US
2009-07-29 21:38:47 ----D---- C:\Program Files\Internet Explorer
2009-07-29 12:06:15 ----HD---- C:\WINDOWS$hf_mig$
2009-07-26 06:38:36 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2009-07-25 22:10:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-19 15:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 15:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-18 01:04:04 ----D---- C:\WINDOWS\Debug
2009-07-17 19:30:01 ----D---- C:\Program Files\Google
2009-07-17 18:39:10 ----D---- C:\Program Files\ma-config.com
2009-07-17 18:39:10 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2009-07-17 18:37:11 ----A---- C:\WINDOWS\SIERRA.INI
2009-07-15 19:22:10 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-07-13 12:51:20 ----D---- C:\Program Files\Outlook Express
2009-07-13 12:51:20 ----D---- C:\Program Files\Movie Maker
2009-07-13 12:51:19 ----D---- C:\WINDOWS\system32\usmt
2009-07-13 12:28:54 ----A---- C:\WINDOWS\system32\uxtheme.dll
2009-07-13 12:28:32 ----D---- C:\WINDOWS\Cursors
2009-07-13 12:28:26 ----RSD---- C:\WINDOWS\Fonts
2009-07-10 02:10:35 ----D---- C:\Program Files\Messenger Plus! Live
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-02 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-03 108552]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-08-04 20747]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-06-04 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-06-04 18048]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-10-17 2642944]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2009-09-24 146312]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2009-04-06 266376]
R3 BDSelfPr;BDSelfPr; ??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; ??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-07-30 25280]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-05-22 5082624]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-13 252928]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-03 335752]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 a3f3hi7q;a3f3hi7q; C:\WINDOWS\system32\drivers\a3f3hi7q.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 cpuz130;cpuz130; ??\C:\DOCUME~1\Andrea\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ddxgb;ddxgb; ??\C:\DOCUME~1\Andrea\LOCALS~1\Temp\ddxgb.sys []
S3 ENTECH;ENTECH; ??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys []
S3 mbr;mbr; ??\C:\DOCUME~1\Andrea\LOCALS~1\Temp\mbr.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 PID_0928;Labtec WebCam(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []
S3 Profos;Profos; ??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 SaiH0461;SaiH0461; C:\WINDOWS\system32\DRIVERS\SaiH0461.sys [2006-08-08 182528]
S3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2006-08-14 13824]
S3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [2006-08-14 35328]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 Trufos;Trufos; ??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-08-30 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-08-30 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2009-04-08 56448]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-10-17 495616]
R2 GS In-Game Service;GS In-Game Service; C:\Program Files\GameTracker\GSInGameService.exe [2009-09-17 1636192]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-04-29 419096]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-04-21 1631512]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-10-16 593920]
S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe []
S2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-31 153376]
S2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
S2 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [2005-07-04 53307]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

et voici info.txt