INFECTION VIRULENTE

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

INFECTION VIRULENTE

Messagede cruzayus » 04 Fév 2011, 15:42

bonjour a tous
j'ai mon ordinateur sous windows7 qui plante irrégulierement cela peut etre au bout de 5mn ou 1h : blocage puis ecran bleu pendant 2-3 secondes puis extinction .
J'ai recemment telechargé et essayé pas mal de jeux en ligne et je pense que j'ai chopé un trojan la dedans
J'ai fais en premier une analyse avec ad-aware qui a decelé 2 fichiers infectés(trojan) que j'ai essayé de supprimer .Je n'ai plus ce rapport car le ad-aware lui aussi a planté...la fete :(Je viens d'effectuer la procedure a suivre pour ce probleme(tres bien expliqué merci :Mouaaarrrrffffffff: ) et vous envoie donc ces fameux logs
PS:je me débrouille en jardinage mais l'informatique :shock: :shock: :shock:
merci merci merci pour votre aide
Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Version de la base de données: 5674

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04/02/2011 14:38:15
mbam-log-2011-02-04 (14-38-15).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 150447
Temps écoulé: 2 minute(s), 49 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
cruzayus
 
Messages: 12
Inscription: 04 Fév 2011, 09:30

Re: ca rame ca plante ca m'énerve...vive le trojan!!

Messagede cruzayus » 04 Fév 2011, 15:46

OTL logfile created on: 04/02/2011 15:08:41 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\ajsm\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 205,24 Gb Free Space | 68,85% Space Free | Partition Type: NTFS

Computer Name: AJSM-PC | User Name: ajsm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/04 14:00:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\ajsm\Desktop\OTL.exe
PRC - [2011/01/13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/20 23:44:18 | 001,462,544 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/23 04:47:16 | 000,349,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2010/04/14 20:45:22 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeacoms.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/19 10:31:42 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:31:40 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (SafeList) ==========

MOD - [2011/02/04 14:00:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\ajsm\Desktop\OTL.exe
MOD - [2011/01/13 09:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/05/05 07:46:55 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
MOD - [2009/07/14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009/07/14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009/07/14 02:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll
MOD - [2009/07/14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll
MOD - [2009/07/14 02:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 02:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/02 20:57:23 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/12/20 23:44:18 | 001,462,544 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2010/12/10 06:36:00 | 003,648,584 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/11/02 05:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/14 20:45:22 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeacoms.exe -- (lxea_device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Programme d’installation ActiveX (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - [2011/01/31 19:25:56 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/01/31 19:25:55 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/01/13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 09:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/20 23:43:48 | 000,080,272 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\bckd.sys -- (bckd)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:02:53 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2009/07/13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/10 22:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3813092859-2634836061-2422019993-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-3813092859-2634836061-2422019993-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3813092859-2634836061-2422019993-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.fr"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/22 07:41:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/29 14:13:47 | 000,000,000 | ---D | M]

[2011/01/01 20:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ajsm\AppData\Roaming\mozilla\Extensions
[2011/02/04 09:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ajsm\AppData\Roaming\mozilla\Firefox\Profiles\iszb0wbw.default\extensions
[2011/01/24 18:15:04 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\ajsm\AppData\Roaming\mozilla\Firefox\Profiles\iszb0wbw.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/01/09 11:37:33 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\ajsm\AppData\Roaming\mozilla\Firefox\Profiles\iszb0wbw.default\extensions\battlefieldheroespatcher@ea.com
[2011/01/24 18:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/01/01 18:39:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/01 18:39:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/01 18:39:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/30 10:08:02 | 000,000,000 | ---D | M] (Yummy Games Player) -- C:\Program Files\mozilla firefox\extensions\YPlayer@yummy.net
[2010/09/15 01:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/10 02:30:56 | 000,189,592 | ---- | M] (MGame) -- C:\Program Files\mozilla firefox\plugins\NPMFireLauncher.dll
[2010/12/03 19:04:57 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/12/03 19:04:57 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/12/03 19:04:57 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/12/03 19:04:57 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/12/03 19:04:57 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\ajsm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\ajsm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.com/mplugin/mglaunch_USAv1005.cab (MGLaunch_v1004 Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/02/04 14:39:01 | 000,000,000 | ---D | C] -- C:\Users\ajsm\Desktop\logs
[2011/02/04 14:25:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/04 14:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/02/04 14:11:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/04 14:09:54 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\ajsm\Desktop\erunt-setup.exe
[2011/02/04 14:00:10 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\ajsm\Desktop\OTL.exe
[2011/02/04 13:40:18 | 000,000,000 | ---D | C] -- C:\Users\ajsm\Desktop\procedure anti infection
[2011/02/03 18:00:34 | 000,000,000 | ---D | C] -- C:\Users\ajsm\AbiSuite
[2011/02/03 18:00:22 | 000,000,000 | ---D | C] -- C:\Users\ajsm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
[2011/02/03 18:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
[2011/02/02 17:57:55 | 000,000,000 | ---D | C] -- C:\Users\ajsm\AppData\Roaming\Malwarebytes
[2011/02/02 17:57:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/02 17:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/02 17:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/02 17:57:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/02 17:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/31 19:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages
[2011/01/31 19:23:16 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011/01/31 19:23:16 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2011/01/31 19:23:16 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2011/01/31 19:23:16 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2011/01/31 19:23:16 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011/01/31 19:23:15 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011/01/31 19:23:15 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011/01/31 19:23:15 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2011/01/31 19:23:15 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2011/01/31 19:23:15 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2011/01/31 19:23:14 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011/01/31 19:23:14 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2011/01/31 19:23:14 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011/01/31 19:23:14 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011/01/31 19:23:14 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2011/01/31 19:23:14 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2011/01/31 19:23:14 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2011/01/31 19:23:14 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011/01/31 19:23:14 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2011/01/31 19:23:13 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011/01/31 19:23:13 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011/01/31 19:23:13 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011/01/31 19:23:12 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011/01/31 19:23:12 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011/01/31 19:23:12 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011/01/31 19:23:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011/01/31 19:23:12 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011/01/31 19:23:12 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011/01/31 19:23:11 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011/01/31 19:23:11 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2011/01/31 19:23:11 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2011/01/31 19:23:11 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011/01/31 19:23:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011/01/31 19:23:11 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011/01/31 19:23:10 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011/01/31 19:23:10 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011/01/31 19:23:10 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011/01/31 19:23:08 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011/01/31 19:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
[2011/01/31 19:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\City Interactive
[2011/01/30 13:58:29 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/01/30 13:49:55 | 000,000,000 | ---D | C] -- C:\Users\ajsm\AppData\Local\Sunbelt Software
[2011/01/30 13:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/01/30 13:35:35 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/01/30 10:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Player Metaboli
[2011/01/30 10:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Player Metaboli
[2011/01/29 16:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2011/01/29 16:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2011/01/29 16:20:47 | 000,000,000 | ---D | C] -- C:\Nexon
[2011/01/29 16:20:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2011/01/29 14:43:21 | 000,000,000 | ---D | C] -- C:\Users\ajsm\AppData\Local\PMB Files
[2011/01/29 14:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/01/24 17:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netgame
[2011/01/24 17:56:44 | 000,000,000 | ---D | C] -- C:\Users\ajsm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Netgame
[2011/01/24 17:55:54 | 000,000,000 | ---D | C] -- C:\Netgame
[2011/01/24 15:18:39 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011/01/24 15:18:38 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011/01/24 15:18:38 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011/01/24 15:18:38 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011/01/24 15:18:38 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011/01/24 15:18:37 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011/01/24 15:18:37 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011/01/24 15:18:37 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011/01/24 15:18:37 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011/01/24 15:18:36 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011/01/24 15:18:36 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011/01/24 15:18:36 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011/01/24 15:18:36 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011/01/24 15:18:35 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011/01/24 15:18:35 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011/01/24 15:18:35 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011/01/24 15:18:35 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011/01/24 15:18:35 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011/01/24 15:18:34 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011/01/24 15:18:34 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011/01/24 15:18:34 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011/01/24 15:18:25 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011/01/24 15:18:24 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011/01/24 15:18:24 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011/01/24 15:18:23 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011/01/24 15:18:23 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011/01/24 15:18:22 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011/01/24 15:18:21 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011/01/24 15:18:21 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011/01/24 15:18:19 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011/01/24 15:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\USArmy
[2011/01/22 12:42:30 | 000,000,000 | ---D | C] -- C:\Users\ajsm\AppData\Local\AA3DeployClient
[2011/01/22 12:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AA3DeployClient
[2011/01/22 12:33:44 | 000,000,000 | ---D | C] -- C:\Users\ajsm\AppData\Local\Deployment
[2011/01/22 12:33:44 | 000,000,000 | ---D | C] -- C:\Users\ajsm\AppData\Local\Apps
[2011/01/22 07:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/22 07:47:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/01/22 07:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/01/18 17:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\ReviverSoft
[2011/01/18 17:18:13 | 000,000,000 | ---D | C] -- C:\Users\ajsm\AppData\Local\OpenCandy
[2011/01/18 17:18:07 | 000,000,000 | ---D | C] -- C:\Users\ajsm\AppData\Roaming\OpenCandy
[2011/01/18 17:18:03 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011/01/18 17:18:02 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011/01/18 17:18:02 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011/01/18 17:18:02 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011/01/18 15:24:57 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/01/18 15:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst
[2011/01/18 15:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\GamersFirst
[2011/01/16 18:32:25 | 000,000,000 | ---D | C] -- C:\Users\ajsm\AppData\Roaming\SharePod
[2011/01/16 12:52:48 | 000,000,000 | ---D | C] -- C:\Users\ajsm\AppData\Local\Adobe
[2011/01/16 12:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/01/14 15:57:53 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/01/14 15:57:50 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/01/14 15:57:50 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/01/14 15:57:50 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011/01/14 15:57:50 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/01/14 15:57:50 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/01/14 15:57:49 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/01/14 15:57:49 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/01/14 15:57:49 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/01/14 15:57:49 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/01/14 15:57:49 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/01/14 15:57:48 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/01/14 15:57:48 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/01/09 17:05:00 | 000,000,000 | ---D | C] -- C:\Users\ajsm\AppData\Local\PunkBuster
[2011/01/09 11:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2011/01/09 11:23:49 | 000,000,000 | ---D | C] -- C:\Users\ajsm\Documents\secretariat aff 2010
[2011/01/09 07:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Coat K9 Web Protection
[2011/01/09 07:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\Blue Coat K9 Web Protection
[2011/01/09 07:14:43 | 000,000,000 | R--D | C] -- C:\Users\ajsm\Desktop\logiciels iphone
[2011/01/09 07:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movies2iPhone
[2011/01/09 07:09:05 | 000,000,000 | ---D | C] -- C:\Users\ajsm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movies2iPhone
[2011/01/09 07:01:03 | 000,000,000 | ---D | C] -- C:\Users\ajsm\AppData\Roaming\Apple Computer
[2011/01/09 07:00:50 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/01/09 07:00:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/01/09 07:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/09 06:59:07 | 000,000,000 | ---D | C] -- C:\Users\ajsm\AppData\Local\Apple Computer
[2011/01/09 05:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/01/09 05:42:40 | 000,000,000 | ---D | C] -- C:\Users\ajsm\AppData\Local\Apple
[2011/01/09 05:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/01/08 07:48:44 | 000,000,000 | ---D | C] -- C:\Users\ajsm\AppData\Roaming\OpenOffice.org
[2011/01/05 17:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark
[2011/01/01 18:36:38 | 001,704,744 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2010/04/13 19:41:34 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeacoin.dll
[2009/12/09 19:47:50 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxeapmui.dll
[2009/12/09 19:43:14 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxeaserv.dll
[2009/12/09 19:41:22 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeahbn3.dll
[2009/12/09 19:40:12 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxeausb1.dll
[2009/12/09 19:37:34 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxeahcp.dll
[2009/12/09 19:36:32 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxealmpm.dll
[2009/12/09 19:35:50 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeaiesc.dll
[2009/12/09 19:35:44 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeacomc.dll
[2009/12/09 19:35:32 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeainpa.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/04 14:36:36 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/04 14:36:36 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/04 14:36:13 | 000,704,242 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/02/04 14:36:13 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/04 14:36:13 | 000,130,548 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/02/04 14:36:13 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/04 14:29:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/04 14:29:06 | 224,641,109 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/04 14:29:06 | 1609,371,648 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/04 14:11:17 | 000,001,084 | ---- | M] () -- C:\Users\ajsm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/04 14:11:11 | 000,000,904 | ---- | M] () -- C:\Users\ajsm\Desktop\NTREGOPT.lnk
[2011/02/04 14:11:11 | 000,000,885 | ---- | M] () -- C:\Users\ajsm\Desktop\ERUNT.lnk
[2011/02/04 14:09:58 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\ajsm\Desktop\erunt-setup.exe
[2011/02/04 14:06:52 | 000,005,024 | ---- | M] () -- C:\Users\ajsm\Desktop\erunt-loc_fr.zip
[2011/02/04 14:05:21 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/04 14:00:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\ajsm\Desktop\OTL.exe
[2011/02/04 13:40:09 | 000,000,022 | ---- | M] () -- C:\Users\ajsm\Desktop\Nouveau dossier compressé.zip
[2011/01/31 19:25:56 | 000,281,760 | ---- | M] () -- C:\Windows\System32\drivers\atksgt.sys
[2011/01/31 19:25:55 | 000,025,888 | ---- | M] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011/01/31 19:21:56 | 000,002,202 | ---- | M] () -- C:\Users\ajsm\Desktop\Sniper - Ghost Warrior.lnk
[2011/01/31 07:12:24 | 000,015,373 | ---- | M] () -- C:\Users\ajsm\Documents\bilan financier 2010 AJSM.odt
[2011/01/30 13:58:29 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/01/30 13:23:39 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/01/30 13:23:39 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/01/29 14:13:47 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/01/24 15:52:35 | 000,189,480 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011/01/24 15:19:31 | 000,138,056 | ---- | M] () -- C:\Users\ajsm\AppData\Roaming\PnkBstrK.sys
[2011/01/23 15:14:06 | 000,016,301 | ---- | M] () -- C:\Users\ajsm\Desktop\44304_1405029611020_1390792716_30971846_5396306_n.jpg
[2011/01/22 07:48:55 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/21 15:51:51 | 000,001,374 | ---- | M] () -- C:\Users\ajsm\Desktop\CCleaner - Raccourci.lnk
[2011/01/20 15:59:26 | 000,583,117 | ---- | M] () -- C:\Users\ajsm\Documents\convention collective ouvrier du paysage.pdf
[2011/01/13 09:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/01/13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/01/13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/01/13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/01/13 09:37:19 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/01/13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/01/09 17:05:19 | 000,270,240 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011/01/08 07:49:52 | 000,001,203 | ---- | M] () -- C:\Users\ajsm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2011/01/05 17:48:39 | 000,011,148 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2011/01/05 17:48:38 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\Lancer Accueil de l'imprimante Lexmark.LNK
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
cruzayus
 
Messages: 12
Inscription: 04 Fév 2011, 09:30

Re: ca rame ca plante ca m'énerve...vive le trojan!!

Messagede cruzayus » 04 Fév 2011, 15:47

========== Files Created - No Company Name ==========

[2011/02/04 14:11:17 | 000,001,084 | ---- | C] () -- C:\Users\ajsm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/04 14:11:11 | 000,000,904 | ---- | C] () -- C:\Users\ajsm\Desktop\NTREGOPT.lnk
[2011/02/04 14:11:11 | 000,000,885 | ---- | C] () -- C:\Users\ajsm\Desktop\ERUNT.lnk
[2011/02/04 14:06:52 | 000,005,024 | ---- | C] () -- C:\Users\ajsm\Desktop\erunt-loc_fr.zip
[2011/02/04 13:40:09 | 000,000,022 | ---- | C] () -- C:\Users\ajsm\Desktop\Nouveau dossier compressé.zip
[2011/02/02 17:57:49 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/01 15:40:47 | 224,641,109 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/31 19:25:56 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011/01/31 19:25:55 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011/01/31 19:21:56 | 000,002,202 | ---- | C] () -- C:\Users\ajsm\Desktop\Sniper - Ghost Warrior.lnk
[2011/01/31 06:05:51 | 000,015,373 | ---- | C] () -- C:\Users\ajsm\Documents\bilan financier 2010 AJSM.odt
[2011/01/30 09:52:09 | 003,929,908 | ---- | C] () -- C:\Users\ajsm\Desktop\AJSMélangée équipe première.jpg
[2011/01/29 14:13:20 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/01/29 14:13:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/01/23 15:14:04 | 000,016,301 | ---- | C] () -- C:\Users\ajsm\Desktop\44304_1405029611020_1390792716_30971846_5396306_n.jpg
[2011/01/22 07:48:55 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/21 15:51:51 | 000,001,374 | ---- | C] () -- C:\Users\ajsm\Desktop\CCleaner - Raccourci.lnk
[2011/01/20 15:59:26 | 000,583,117 | ---- | C] () -- C:\Users\ajsm\Documents\convention collective ouvrier du paysage.pdf
[2011/01/10 05:49:21 | 000,023,310 | ---- | C] () -- C:\ProgramData\lxeaJSW.log
[2011/01/09 17:05:19 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2011/01/09 12:37:05 | 000,138,056 | ---- | C] () -- C:\Users\ajsm\AppData\Roaming\PnkBstrK.sys
[2011/01/09 12:36:33 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0
[2011/01/09 05:42:38 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/01/08 07:49:52 | 000,001,203 | ---- | C] () -- C:\Users\ajsm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2011/01/05 17:48:38 | 000,002,011 | ---- | C] () -- C:\Users\Public\Desktop\Lancer Accueil de l'imprimante Lexmark.LNK
[2011/01/05 17:47:50 | 000,011,148 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2011/01/05 06:32:41 | 000,006,026 | ---- | C] () -- C:\ProgramData\lxeascan.log
[2011/01/02 13:12:35 | 000,000,099 | ---- | C] () -- C:\Users\ajsm\AppData\Roaming\Movies2iPhone.ini
[2009/11/09 08:06:26 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeainsb.dll
[2009/11/09 08:06:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeacub.dll
[2009/11/09 08:06:06 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeacu.dll
[2009/11/09 08:05:54 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeains.dll
[2009/11/09 07:59:58 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxeagcfg.dll
[2009/10/21 10:06:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeacui.dll
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/08 00:40:26 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxeainsr.dll
[2009/06/08 00:40:22 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeacur.dll
[2009/06/08 00:40:10 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeajswr.dll
[2009/06/08 00:36:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeagrd.dll
[2009/06/08 00:20:06 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeacuir.dll
[2009/04/28 07:56:30 | 000,024,064 | ---- | C] () -- C:\Windows\System32\lxeasmr.dll
[2009/02/20 08:48:04 | 000,299,008 | ---- | C] () -- C:\Windows\System32\lxeasm.dll
[2008/03/05 02:55:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeavs.dll

========== LOP Check ==========

[2011/01/18 17:18:07 | 000,000,000 | ---D | M] -- C:\Users\ajsm\AppData\Roaming\OpenCandy
[2011/01/08 07:48:44 | 000,000,000 | ---D | M] -- C:\Users\ajsm\AppData\Roaming\OpenOffice.org
[2011/02/04 13:57:41 | 000,000,000 | ---D | M] -- C:\Users\ajsm\AppData\Roaming\Orbit
[2011/01/16 18:32:25 | 000,000,000 | ---D | M] -- C:\Users\ajsm\AppData\Roaming\SharePod
[2011/01/30 09:03:18 | 000,000,000 | ---D | M] -- C:\Users\public.ajsm-PC\AppData\Roaming\OpenOffice.org
[2009/07/14 05:53:46 | 000,021,842 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\Windows.old\Windows\I386\sp3.cab:AGP440.sys
[2008/04/13 11:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\Windows.old\Windows\system32\dllcache\agp440.sys
[2008/04/13 11:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\Windows.old\Windows\system32\drivers\AGP440.SYS
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 13:00:00 | 020,102,028 | ---- | M] () .cab file -- C:\Windows.old\Windows\I386\sp3.cab:atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\dllcache\atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\drivers\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2009/07/14 02:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\System32\ctfmon.exe
[2009/07/14 02:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
[2008/04/14 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\Windows.old\Windows\system32\ctfmon.exe
[2008/04/14 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\Windows.old\Windows\system32\dllcache\ctfmon.exe

< MD5 for: EVENTLOG.DLL >
[2008/04/14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\Windows.old\Windows\system32\dllcache\eventlog.dll
[2008/04/14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\Windows.old\Windows\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2008/04/14 13:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\Windows.old\Windows\explorer.exe
[2008/04/14 13:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\Windows.old\Windows\system32\dllcache\explorer.exe

< MD5 for: IASTOR.SYS >
[2008/07/20 16:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\OEMDRV\26\IaStor.sys
[2008/07/20 16:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows.old\Windows\system32\drivers\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\Windows.old\Windows\system32\dllcache\netlogon.dll
[2008/04/14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\Windows.old\Windows\system32\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVGTS.SYS >
[2008/08/18 17:54:24 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=EA98BFE4931BD13D747D647C1859796E -- C:\OEMDRV\28\nvgts.sys
[2008/08/18 17:54:24 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=EA98BFE4931BD13D747D647C1859796E -- C:\Windows.old\Windows\system32\drivers\nvgts.sys

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2008/04/14 13:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\Windows.old\Windows\system32\dllcache\scecli.dll
[2008/04/14 13:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\Windows.old\Windows\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2008/04/14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\Windows.old\Windows\system32\dllcache\userinit.exe
[2008/04/14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\Windows.old\Windows\system32\userinit.exe

< MD5 for: WININIT.EXE >
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
suite rapport de OTL




[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2008/04/14 13:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\Windows.old\Windows\system32\dllcache\winlogon.exe
[2008/04/14 13:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\Windows.old\Windows\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >
cruzayus
 
Messages: 12
Inscription: 04 Fév 2011, 09:30

Re: ca rame ca plante ca m'énerve...vive le trojan!!

Messagede cruzayus » 04 Fév 2011, 15:50

OTL Extras logfile created on: 04/02/2011 15:08:41 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\ajsm\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 205,24 Gb Free Space | 68,85% Space Free | Partition Type: NTFS

Computer Name: AJSM-PC | User Name: ajsm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3813092859-2634836061-2422019993-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = OpenOffice.org 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{68F6FF5F-518E-4A9C-9A40-076E204741C7}_is1" = Sniper - Ghost Warrior
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E634ED4-D39E-4702-9EF1-72FE11DDFB32}_is1" = DivX Manager 3.5.1
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AbiWord2" = AbiWord 2.8.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"Blue Coat K9 Web Protection" = Blue Coat K9 Web Protection 4.2.48
"ERUNT_is1" = ERUNT 1.1j
"GOM Player" = GOM Player
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Movies2iPhone" = Movies2iPhone 1.24 for Windows
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/02/2011 12:47:38 | Computer Name = ajsm-PC | Source = VSS | ID = 12297
Description =

Error - 02/02/2011 12:47:49 | Computer Name = ajsm-PC | Source = VSS | ID = 12289
Description =

Error - 02/02/2011 12:47:49 | Computer Name = ajsm-PC | Source = VSS | ID = 12297
Description =

Error - 02/02/2011 12:48:00 | Computer Name = ajsm-PC | Source = VSS | ID = 12289
Description =

Error - 02/02/2011 12:48:00 | Computer Name = ajsm-PC | Source = VSS | ID = 12297
Description =

Error - 02/02/2011 12:48:10 | Computer Name = ajsm-PC | Source = VSS | ID = 12289
Description =

Error - 02/02/2011 12:48:10 | Computer Name = ajsm-PC | Source = VSS | ID = 12297
Description =

Error - 02/02/2011 12:48:16 | Computer Name = ajsm-PC | Source = System Restore | ID = 8193
Description =

Error - 03/02/2011 12:32:33 | Computer Name = ajsm-PC | Source = SideBySide | ID = 16842811
Description = La création du contexte d’activation a échoué pour « c:\program files\lexmark
s300-s400 series\Drivers\I386\lxeasm.dll ». Erreur dans le fichier de manifeste
ou de stratégie « c:\program files\lexmark s300-s400 series\Drivers\I386\lxeasm.dll »
à la ligne 9. Syntaxe XML non valide.

Error - 04/02/2011 02:05:04 | Computer Name = ajsm-PC | Source = SideBySide | ID = 16842811
Description = La création du contexte d’activation a échoué pour « c:\program files\lexmark
s300-s400 series\Drivers\I386\lxeasm.dll ». Erreur dans le fichier de manifeste
ou de stratégie « c:\program files\lexmark s300-s400 series\Drivers\I386\lxeasm.dll »
à la ligne 9. Syntaxe XML non valide.

[ System Events ]
Error - 03/02/2011 11:49:29 | Computer Name = ajsm-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = L’initialisation du client CBS a échoué. Dernière erreur : 0x8007045b

Error - 03/02/2011 11:50:46 | Computer Name = ajsm-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = L’initialisation du client CBS a échoué. Dernière erreur : 0x8007045b

Error - 03/02/2011 12:01:16 | Computer Name = ajsm-PC | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 16:59:26 le ?03/?02/?2011 n’était pas
prévu.

Error - 03/02/2011 12:01:20 | Computer Name = AJSM-PC | Source = BugCheck | ID = 1001
Description =

Error - 04/02/2011 01:17:03 | Computer Name = ajsm-PC | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 06:15:23 le ?04/?02/?2011 n’était pas
prévu.

Error - 04/02/2011 01:17:08 | Computer Name = ajsm-PC | Source = BugCheck | ID = 1001
Description =

Error - 04/02/2011 07:49:43 | Computer Name = ajsm-PC | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 12:47:50 le ?04/?02/?2011 n’était pas
prévu.

Error - 04/02/2011 07:49:47 | Computer Name = AJSM-PC | Source = BugCheck | ID = 1001
Description =

Error - 04/02/2011 09:29:08 | Computer Name = ajsm-PC | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 14:26:54 le ?04/?02/?2011 n’était pas
prévu.

Error - 04/02/2011 09:29:12 | Computer Name = ajsm-PC | Source = BugCheck | ID = 1001
Description =


< End of report >

voili voilou j'ai du envoyer le rapport otl en 2 fois car il eetait trop long ..En esperant que vous trouver une solution a mon probleme
merci
cruzayus
 
Messages: 12
Inscription: 04 Fév 2011, 09:30

Re: INFECTION VIRULENTE

Messagede cruzayus » 06 Fév 2011, 08:41

Y a personne qui pourrait me donner un ti coup de main??? :frown:
Si c'est une procédure que j'ai mal suivi ou un log a refaire faut me le dire, ou peut etre vous faut il un délai pour analyser...
En tout cas Si quelqu'un a une idée pour guerir mon pc n'hésitez pas!! :Mouaaarrrrffffffff:
merci
cruzayus
 
Messages: 12
Inscription: 04 Fév 2011, 09:30

Re: INFECTION VIRULENTE

Messagede nickW » 08 Fév 2011, 00:41

Bonsoir,

Le dossier %systemroot%\minidump contient-il des fichiers récents (dont la date et l'heure correspondent à celles des BSODs (alias écrans bleus))?


Quel est le message exact accompagnant le BSOD (alias "écran bleu")?


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: INFECTION VIRULENTE

Messagede cruzayus » 10 Fév 2011, 19:16

bonsoir
et merci de porter attention a mon probleme
le dossier a des fichiers recents dont le dossier premier remonte au 01/02/2011 le dernier le 10/02/2011

sur l'ecran bleu j'arrive a voir un truc comme "crash x 000000005" a peu pres car l'ecran n'apparait qu'une fraction de seconde...désolé pour la précision

a bientot
cruzayus
 
Messages: 12
Inscription: 04 Fév 2011, 09:30

Re: INFECTION VIRULENTE

Messagede nickW » 11 Fév 2011, 01:56

Bonsoir,

1/ Il faudrait déposer les fichiers du dossier %systemroot%\minidump sur un serveur externe pour que je puisse les récupérer:

*- Mettre dans un fichier archive nommé cruzayus.zip les cinq fichiers les plus récents
*- Aller sur: https://www.yousendit.com/
(Javascript doit être activé)
*- Dans les zones To et From, saisir n'importe quoi avec un @ dedans (Exemples: abc@def.com et abcdef@def.com)
*- Cliquer sur le bouton Select a file, puis dans la fenêtre "Choix des fichiers à transférer..." aller jusqu'au fichier cruzayus.zip - faire un double clic sur ce fichier
*- Cliquer sur le bouton vert "Send It"
*- Attendre la fin du transfert du fichier
*- Si une petite fenêre "Make your file available for download longer" apparaît, cliquer sur No thanks
*- Envoyer en réponse sur le forum le lien qui est affiché en dessous de "Here's the link to your file:".

Note:
Si YouSendIt ne fonctionne pas, deux autres sites d'hébergement:
http://cjoint.com/
http://www.sendspace.com/
(une remarque: ne pas donner d'adresse email réelle!)



2/ Peux-tu désactiver le redémarrage automatique afin d'avoir le temps de noter la totalité du message qui s'affiche sur l'écran bleu et de pouvoir ainsi l'envoyer sur le forum:

  1. Cliquer sur Démarrer, faire un clic droit sur Ordinateur puis cliquer sur Propriétés.
  2. Cliquer sur Paramètres système avancés
  3. Sous Démarrage et récupération, cliquer sur le bouton Paramètres.
  4. Sous Défaillance du système, dé-cocher la case située devant Redémarrer Automatiquement.
  5. Cliquer sur Ok deux fois.

Normalement, au prochain BSOD (écran bleu), le PC ne redémarrera pas immédiatement et tu pourras noter toutes les informations (sous Technical Information, STOP .....).

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: INFECTION VIRULENTE

Messagede cruzayus » 11 Fév 2011, 11:26

bonjour nickW,
J'ai desactivé le redemarrage mais n'ai pas pu t'envoyer les fichiers du dossier %systemroot%\minidump car lors de la selection de ces fichiers un message me dit:
"vous n'avez pas l'autorisation pour ouvrir ce fichier
Consultez le proprietaire du fichier ou un administrateur pour obtenir cette autorisation"
J'attends en tout cas qu'il replante pour noter le BSOD
te tiens au courant merci
cruzayus
 
Messages: 12
Inscription: 04 Fév 2011, 09:30

Re: INFECTION VIRULENTE

Messagede nickW » 12 Fév 2011, 01:59

Bonsoir,

1/ Il ne faut pas essayer d'ouvrir les fichiers du dossier %systemroot%\minidump, mais sélectionner les 5 fichiers les plus récents pour les mettre dans une archive .zip

2/ Utilisation d'un utilitaire:

Étape 1: BlueScreenView (de NirSoft), téléchargement
Page officielle: http://www.nirsoft.net/utils/blue_screen_view.html
Télécharger les deux fichiers ci-dessous:
http://www.nirsoft.net/utils/bluescreenview.zip
http://www.nirsoft.net/utils/trans/blue ... rench1.zip

Créer un nouveau dossier nommé Nirsoft
Décompresser les deux archives téléchargées ci-dessus (via clic droit, suivi de Extraire tout) dans le dossier Nirsoft


Étape 2: BlueScreenView (de NirSoft), exécution
Dans l'Explorateur Windows, ouvrir le dossier Nirsoft

Faire un double clic sur BlueScreenView.exe pour lancer l'exécution du programme.

Si le panneau supérieur contient une ou plusieurs lignes:
Dans le menu Édition, cliquer sur Sélectionner tout (ou s'il y a plus de 10 lignes, sélectionner les 10 lignes les plus récentes)
Dans le menu Fichier, cliquer sur Enregistrer les éléments sélectionnés
Enregistrer le fichier dans le dossier Nirsoft sous le nom BlueSV-110211.txt

Fermer BlueScreenView.


Étape 3: Résultats
Envoyer en réponse:
*- le rapport de BlueScreenView (contenu du fichier BlueSV-110211.txt)

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 19 invités