Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by Killer_VirusFr (administrator) on KILLERVIRUSFR on 16-02-2014 19:36:55
Running from C:\Documents and Settings\Killer_VirusFr\Bureau
Microsoft Windows XP Professionnel Service Pack 3 (X86) OS Language: French Standard
Internet Explorer Version 6
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Oracle Corporation) C:\WINDOWS\system32\VBoxService.exe
() C:\Documents and Settings\Killer_VirusFr\Application Data\Microsoft\update.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Oracle Corporation) C:\WINDOWS\system32\VBoxTray.exe
() C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\IntelService\IntelService.exe
(Microsoft) C:\Documents and Settings\Killer_VirusFr\Application Data\VanToM Folder\VanToM.exe
(AutoIt Team) C:\Documents and Settings\Killer_VirusFr\4gr75b2k2\hhEksN.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(ay_W_C_m_R_) C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe
() C:\Program Files\Opera\19.0.1326.59\opera_autoupdate.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [VBoxTray] - C:\WINDOWS\system32\VBoxTray.exe [954712 2012-09-07] (Oracle Corporation)
HKLM\...\Run: [5cd8f17f4086744065eb0992a09e05a2] - "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Trojan.exe" .. <===== ATTENTION
HKLM\...\Run: [33a02ce3a6dc322bc7e588c3c6d40f38] - C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe [175616 2014-02-15] (ay_W_C_m_R_)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\Run: [antaw4r19] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5681\atnxwa1.exe
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\Run: [MicroUpdate] - C:\WINDOWS\system32\MSDCSC\msdcsc.exe
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\Run: [b1e1pr00] - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\Run: [GVideo] - [X]
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\Run: [SkypeMS] - [X]
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\Run: [LoftWare] - [X]
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\Run: [IntelService] - C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\IntelService\IntelService.exe [1685504 2014-02-16] ()
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\Run: [Kydixirina] - C:\Documents and Settings\Killer_VirusFr\Application Data\Hoduaw\lauz.exe [323072 2013-02-24] (APL2000 Inc.)
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\Run: [VanToM] - C:\Documents and Settings\Killer_VirusFr\Application Data\VanToM Folder\VanToM.exe [199265 2014-02-13] (Microsoft)
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\Run: [Facebook Update] - %APPDATA%\Microsoft\update.exe
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\Run: [5cd8f17f4086744065eb0992a09e05a2] - "C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Trojan.exe" .. <===== ATTENTION
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\Run: [+obOwJbRAzd34AXM] - C:\Documents and Settings\Killer_VirusFr\Application Data\Microsoft\CryptnetUrlCache\MetaData\sysedit.exe [421888 2014-02-16] ()
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\Run: [Ipaxp] - C:\Documents and Settings\Killer_VirusFr\Application Data\Ziak\ipaxp.exe [386560 2012-09-28] (Dextery)
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\Run: [loh] - C:\DOCUME~1\KILLER~1\LOCALS~1\Temp\loh.exe <===== ATTENTION
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\Run: [ewewew] - C:\Documents and Settings\Killer_VirusFr\Application Data\Stub.exe
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\Run: [33a02ce3a6dc322bc7e588c3c6d40f38] - C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe [175616 2014-02-15] (ay_W_C_m_R_)
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\RunOnce: [4gr75b2k2] - C:\Documents and Settings\Killer_VirusFr\4gr75b2k2\54402.vbs [194 2014-02-15] ()
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\Policies\Explorer\Run: [Facebook Update] - %APPDATA%\Microsoft\update.exe
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\Policies\Explorer: [NoFolderOptions] 1
HKU\S-1-5-21-1614895754-1708537768-839522115-1003\...\Winlogon: [Shell] %APPDATA%\Microsoft\update.exe,explorer.exe <==== ATTENTION
Startup: C:\Documents and Settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\1.exe (ay_W_C_m_R_)
Startup: C:\Documents and Settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\33a02ce3a6dc322bc7e588c3c6d40f38.exe ()
Startup: C:\Documents and Settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\Facebook.lnk
ShortcutTarget: Facebook.lnk -> C:\Documents and Settings\Killer_VirusFr\Application Data\Microsoft\update.exe ()
Startup: C:\Documents and Settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\start.lnk
ShortcutTarget: start.lnk -> C:\Documents and Settings\Killer_VirusFr\4gr75b2k2\54402.vbs ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
========================== Services (Whitelisted) =================
R2 VBoxService; C:\WINDOWS\System32\VBoxService.exe [1073496 2012-09-07] (Oracle Corporation)
==================== Drivers (Whitelisted) ====================
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R0 VBoxGuest; C:\WINDOWS\System32\DRIVERS\VBoxGuest.sys [108376 2012-09-07] (Oracle Corporation)
R3 VBoxMouse; C:\WINDOWS\System32\DRIVERS\VBoxMouse.sys [85848 2012-09-07] (Oracle Corporation)
R1 VBoxSF; C:\WINDOWS\System32\drivers\VBoxSF.sys [225112 2012-09-07] (Oracle Corporation)
R3 VBoxVideo; C:\WINDOWS\System32\DRIVERS\VBoxVideo.sys [104280 2012-09-07] (Oracle Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-16 19:36 - 2014-02-16 19:36 - 01141248 _____ (Farbar) C:\Documents and Settings\Killer_VirusFr\Bureau\FRST.exe
2014-02-16 19:36 - 2014-02-16 19:36 - 00008391 _____ () C:\Documents and Settings\Killer_VirusFr\Bureau\FRST.txt
2014-02-16 19:36 - 2014-02-16 19:36 - 00000000 ____D () C:\FRST
2014-02-16 18:59 - 2014-02-16 19:32 - 00210992 _____ () C:\WINDOWS\RegBootClean.exe
2014-02-16 18:53 - 2014-02-16 18:53 - 00000000 ____D () C:\WINDOWS\CSC
2014-02-16 18:53 - 2014-02-16 18:52 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021614-01.dmp
2014-02-16 18:51 - 2014-02-16 19:31 - 00176146 _____ () C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\census.cache
2014-02-16 18:51 - 2014-02-16 19:31 - 00139151 _____ () C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\ars.cache
2014-02-16 18:17 - 2011-06-21 05:09 - 00200976 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2014-02-16 17:59 - 2014-02-16 17:59 - 00000036 _____ () C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\housecall.guid.cache
2014-02-16 17:58 - 2014-02-16 17:58 - 02002424 _____ (Trend Micro Inc.) C:\Documents and Settings\Killer_VirusFr\Bureau\HousecallLauncher.exe
2014-02-15 15:17 - 2014-02-15 15:17 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021514-01.dmp
2014-02-15 15:17 - 2014-02-15 15:17 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-15 15:16 - 2014-02-16 19:00 - 00000122 _____ () C:\WINDOWS\directx.sys
2014-02-15 15:16 - 2014-02-15 15:16 - 00000032 _____ () C:\Documents and Settings\Killer_VirusFr\Application Data\Default
2014-02-15 15:14 - 2014-02-16 17:58 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\imlgs
2014-02-15 15:14 - 2014-02-15 15:16 - 00000236 _____ () C:\Documents and Settings\Killer_VirusFr\Application Data\msconfig.ini
2014-02-15 15:14 - 2014-02-15 15:15 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Menu Démarrer\Programmes\No-IP DUC
2014-02-15 15:14 - 2014-02-15 15:14 - 00175616 _____ (ay_W_C_m_R_) C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe
2014-02-15 15:14 - 2014-02-15 15:14 - 00000000 ___HD () C:\{$6975-5712-2121-7619$}
2014-02-15 15:14 - 2014-02-15 15:14 - 00000000 ____D () C:\Program Files\VbNet
2014-02-15 15:14 - 2014-02-15 15:14 - 00000000 ____D () C:\Program Files\No-IP
2014-02-15 15:14 - 2014-02-15 15:14 - 00000000 ____D () C:\Program Files\Accessories
2014-02-15 15:14 - 2014-02-15 15:14 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\VanToM Folder
2014-02-15 15:14 - 2014-02-11 10:52 - 00000026 _____ () C:\WINDOWS\refsdm.dll
2014-02-15 15:14 - 2012-10-24 14:50 - 00002080 _____ () C:\WINDOWS\zipinfo.txt
2014-02-15 15:14 - 2008-04-13 17:33 - 01384479 _____ (Microsoft Corporation) C:\WINDOWS\system32\inobject.dll
2014-02-15 15:14 - 2002-08-25 11:17 - 00109248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWINSCK.OCX
2014-02-15 15:14 - 1999-08-18 09:54 - 00180224 ____H (Intel Corporation) C:\WINDOWS\ntfsv.dll
2014-02-15 15:13 - 2014-02-16 19:32 - 01685504 _____ () C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\65604959882.exe
2014-02-15 15:13 - 2014-02-16 19:32 - 00382976 _____ (Adobe Flash Player 15) C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\UpdateFlash.exe
2014-02-15 15:13 - 2014-02-16 18:59 - 00000000 __SHD () C:\WINDOWS\system32\MSDCSC
2014-02-15 15:13 - 2014-02-15 15:16 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\Iqwox
2014-02-15 15:13 - 2014-02-15 15:14 - 00000000 _RSHD () C:\Documents and Settings\Killer_VirusFr\4gr75b2k2
2014-02-15 15:13 - 2014-02-15 15:14 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\IntelService
2014-02-15 15:13 - 2014-02-15 15:14 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\Saceza
2014-02-15 15:13 - 2014-02-15 15:14 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\Oxam
2014-02-15 15:13 - 2014-02-15 15:13 - 00012328 _____ () C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-02-15 15:13 - 2014-02-15 15:13 - 00000000 _RSHD () C:\WINDOWS\wincs
2014-02-15 15:13 - 2014-02-15 15:13 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\Vybi
2014-02-15 15:13 - 2014-02-15 15:13 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\Hoduaw
2014-02-15 15:13 - 2014-02-15 15:13 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\etranslator
2014-02-15 15:12 - 2014-02-16 19:32 - 00000000 __SHD () C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14
2014-02-15 15:12 - 2014-02-15 15:12 - 65696907 _____ () C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14.7z
2014-02-08 12:45 - 2014-02-16 19:32 - 00453632 _____ (Farbar) C:\Documents and Settings\Killer_VirusFr\Mes documents\FSS (1).exe
2014-02-08 12:42 - 2014-02-16 19:32 - 00453632 _____ (Farbar) C:\Documents and Settings\Killer_VirusFr\Mes documents\FSS.exe
2014-02-08 12:42 - 2014-02-08 12:42 - 00003645 _____ () C:\Documents and Settings\Killer_VirusFr\Mes documents\FSS.txt
2014-02-08 12:12 - 2014-02-08 12:13 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Killer_VirusFr\Mes documents\mbam-setup-1.75.0.1300.exe
2014-02-08 12:09 - 2014-02-08 12:09 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-02-08 12:09 - 2014-02-08 12:09 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-02-08 12:09 - 2014-02-08 12:09 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-02-08 12:09 - 2014-02-08 12:09 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-02-08 12:09 - 2014-02-08 12:09 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-02-08 12:07 - 2014-02-08 12:12 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-08 12:07 - 2014-02-08 12:07 - 00000000 _RSHD () C:\cmdcons
2014-02-08 12:07 - 2014-02-08 12:07 - 00000000 ___RD () C:\Documents and Settings\Killer_VirusFr\Mes documents\Mes vidéos
2014-02-08 12:07 - 2014-02-08 12:07 - 00000000 ___RD () C:\Documents and Settings\Killer_VirusFr\Menu Démarrer\Programmes\Outils d'administration
2014-02-08 12:07 - 2014-02-08 11:25 - 00000212 _____ () C:\Boot.bak
2014-02-08 12:07 - 2004-08-03 23:00 - 00263488 __RSH () C:\cmldr
2014-02-08 11:45 - 2014-02-16 19:32 - 06865617 _____ (Nicolas Coolman ) C:\Documents and Settings\Killer_VirusFr\Mes documents\ZHPDiag2.exe
2014-02-08 11:25 - 2014-02-15 15:15 - 00000035 _____ () C:\WINDOWS\system.ini
2014-02-08 11:25 - 2014-02-08 11:25 - 00000000 _____ () C:\WINDOWS\win.ini
2014-02-08 10:31 - 2014-02-08 10:31 - 00000669 _____ () C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Opera 19.lnk
2014-02-08 10:31 - 2014-02-08 10:31 - 00000669 _____ () C:\Documents and Settings\All Users\Bureau\Opera 19.lnk
2014-02-08 10:31 - 2014-02-08 10:31 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\Opera Software
2014-02-08 10:31 - 2014-02-08 10:31 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\Opera Software
2014-02-07 23:59 - 2014-02-07 23:59 - 00093480 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-07 23:28 - 2014-02-07 23:28 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\Malwarebytes
2014-02-07 23:27 - 2014-02-08 11:46 - 00000000 ____D () C:\WINDOWS\pss
2014-02-07 21:55 - 2014-02-07 21:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-02-07 21:46 - 2014-02-07 21:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
==================== One Month Modified Files and Folders =======
2014-02-16 19:36 - 2014-02-16 19:36 - 01141248 _____ (Farbar) C:\Documents and Settings\Killer_VirusFr\Bureau\FRST.exe
2014-02-16 19:36 - 2014-02-16 19:36 - 00008391 _____ () C:\Documents and Settings\Killer_VirusFr\Bureau\FRST.txt
2014-02-16 19:36 - 2014-02-16 19:36 - 00000000 ____D () C:\FRST
2014-02-16 19:36 - 2012-09-22 10:07 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Bureau
2014-02-16 19:33 - 2012-09-22 10:07 - 00000184 ___SH () C:\Documents and Settings\Killer_VirusFr\ntuser.ini
2014-02-16 19:33 - 2012-09-22 09:50 - 00064478 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-16 19:32 - 2014-02-16 18:59 - 00210992 _____ () C:\WINDOWS\RegBootClean.exe
2014-02-16 19:32 - 2014-02-15 15:13 - 01685504 _____ () C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\65604959882.exe
2014-02-16 19:32 - 2014-02-15 15:13 - 00382976 _____ (Adobe Flash Player 15) C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\UpdateFlash.exe
2014-02-16 19:32 - 2014-02-15 15:12 - 00000000 __SHD () C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14
2014-02-16 19:32 - 2014-02-08 12:45 - 00453632 _____ (Farbar) C:\Documents and Settings\Killer_VirusFr\Mes documents\FSS (1).exe
2014-02-16 19:32 - 2014-02-08 12:42 - 00453632 _____ (Farbar) C:\Documents and Settings\Killer_VirusFr\Mes documents\FSS.exe
2014-02-16 19:32 - 2014-02-08 11:45 - 06865617 _____ (Nicolas Coolman ) C:\Documents and Settings\Killer_VirusFr\Mes documents\ZHPDiag2.exe
2014-02-16 19:31 - 2014-02-16 18:51 - 00176146 _____ () C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\census.cache
2014-02-16 19:31 - 2014-02-16 18:51 - 00139151 _____ () C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\ars.cache
2014-02-16 19:00 - 2014-02-15 15:16 - 00000122 _____ () C:\WINDOWS\directx.sys
2014-02-16 18:59 - 2014-02-15 15:13 - 00000000 __SHD () C:\WINDOWS\system32\MSDCSC
2014-02-16 18:59 - 2012-09-22 10:07 - 00000000 ___RD () C:\Documents and Settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage
2014-02-16 18:59 - 2002-07-20 01:10 - 00000000 _RSHD () C:\WINDOWS\WIN 7
2014-02-16 18:53 - 2014-02-16 18:53 - 00000000 ____D () C:\WINDOWS\CSC
2014-02-16 18:53 - 2006-03-02 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-16 18:52 - 2014-02-16 18:53 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021614-01.dmp
2014-02-16 17:59 - 2014-02-16 17:59 - 00000036 _____ () C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\housecall.guid.cache
2014-02-16 17:58 - 2014-02-16 17:58 - 02002424 _____ (Trend Micro Inc.) C:\Documents and Settings\Killer_VirusFr\Bureau\HousecallLauncher.exe
2014-02-16 17:58 - 2014-02-15 15:14 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\imlgs
2014-02-15 15:17 - 2014-02-15 15:17 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021514-01.dmp
2014-02-15 15:17 - 2014-02-15 15:17 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-15 15:16 - 2014-02-15 15:16 - 00000032 _____ () C:\Documents and Settings\Killer_VirusFr\Application Data\Default
2014-02-15 15:16 - 2014-02-15 15:14 - 00000236 _____ () C:\Documents and Settings\Killer_VirusFr\Application Data\msconfig.ini
2014-02-15 15:16 - 2014-02-15 15:13 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\Iqwox
2014-02-15 15:15 - 2014-02-15 15:14 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Menu Démarrer\Programmes\No-IP DUC
2014-02-15 15:15 - 2014-02-08 11:25 - 00000035 _____ () C:\WINDOWS\system.ini
2014-02-15 15:14 - 2014-02-15 15:14 - 00175616 _____ (ay_W_C_m_R_) C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe
2014-02-15 15:14 - 2014-02-15 15:14 - 00000000 ___HD () C:\{$6975-5712-2121-7619$}
2014-02-15 15:14 - 2014-02-15 15:14 - 00000000 ____D () C:\Program Files\VbNet
2014-02-15 15:14 - 2014-02-15 15:14 - 00000000 ____D () C:\Program Files\No-IP
2014-02-15 15:14 - 2014-02-15 15:14 - 00000000 ____D () C:\Program Files\Accessories
2014-02-15 15:14 - 2014-02-15 15:14 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\VanToM Folder
2014-02-15 15:14 - 2014-02-15 15:13 - 00000000 _RSHD () C:\Documents and Settings\Killer_VirusFr\4gr75b2k2
2014-02-15 15:14 - 2014-02-15 15:13 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\IntelService
2014-02-15 15:14 - 2014-02-15 15:13 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\Saceza
2014-02-15 15:14 - 2014-02-15 15:13 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\Oxam
2014-02-15 15:14 - 2012-09-22 10:07 - 00000000 ___RD () C:\Documents and Settings\Killer_VirusFr\Menu Démarrer\Programmes
2014-02-15 15:13 - 2014-02-15 15:13 - 00012328 _____ () C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-02-15 15:13 - 2014-02-15 15:13 - 00000000 _RSHD () C:\WINDOWS\wincs
2014-02-15 15:13 - 2014-02-15 15:13 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\Vybi
2014-02-15 15:13 - 2014-02-15 15:13 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\Hoduaw
2014-02-15 15:13 - 2014-02-15 15:13 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\etranslator
2014-02-15 15:13 - 2012-09-22 10:07 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr
2014-02-15 15:12 - 2014-02-15 15:12 - 65696907 _____ () C:\Documents and Settings\Killer_VirusFr\Bureau\2014-02-14.7z
2014-02-11 10:52 - 2014-02-15 15:14 - 00000026 _____ () C:\WINDOWS\refsdm.dll
2014-02-08 12:42 - 2014-02-08 12:42 - 00003645 _____ () C:\Documents and Settings\Killer_VirusFr\Mes documents\FSS.txt
2014-02-08 12:25 - 2012-09-22 11:31 - 00000211 ___RH () C:\boot.ini
2014-02-08 12:23 - 2012-09-22 11:32 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Démarrer\Programmes
2014-02-08 12:23 - 2012-09-22 11:32 - 00000000 ____D () C:\Documents and Settings\All Users\Bureau
2014-02-08 12:23 - 2012-09-22 09:49 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-02-08 12:22 - 2012-09-22 10:15 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\Opera
2014-02-08 12:22 - 2012-09-22 10:14 - 00000000 ____D () C:\Program Files\Opera
2014-02-08 12:17 - 2012-09-22 11:26 - 00000000 ____D () C:\WINDOWS\system32\usmt
2014-02-08 12:17 - 2012-09-22 09:49 - 00000000 ____D () C:\WINDOWS\srchasst
2014-02-08 12:17 - 2012-09-22 09:49 - 00000000 ____D () C:\Program Files\Outlook Express
2014-02-08 12:17 - 2012-09-22 09:49 - 00000000 ____D () C:\Program Files\Fichiers communs\System
2014-02-08 12:17 - 2012-09-22 09:47 - 00000000 ____D () C:\Program Files\Windows NT
2014-02-08 12:13 - 2014-02-08 12:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Killer_VirusFr\Mes documents\mbam-setup-1.75.0.1300.exe
2014-02-08 12:12 - 2014-02-08 12:07 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-08 12:10 - 2012-09-22 09:58 - 00000000 ___SD () C:\Documents and Settings\NetworkService
2014-02-08 12:09 - 2014-02-08 12:09 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-02-08 12:09 - 2014-02-08 12:09 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-02-08 12:09 - 2014-02-08 12:09 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-02-08 12:09 - 2014-02-08 12:09 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-02-08 12:09 - 2014-02-08 12:09 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-02-08 12:09 - 2012-09-22 11:32 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-02-08 12:09 - 2012-09-22 11:32 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-02-08 12:09 - 2012-09-22 11:31 - 14155776 _____ () C:\WINDOWS\system32\config\software.bak
2014-02-08 12:09 - 2012-09-22 11:31 - 02883584 _____ () C:\WINDOWS\system32\config\system.bak
2014-02-08 12:09 - 2012-09-22 11:31 - 00262144 _____ () C:\WINDOWS\system32\config\default.bak
2014-02-08 12:08 - 2012-09-22 11:33 - 00000000 ____D () C:\Program Files\Fichiers communs
2014-02-08 12:07 - 2014-02-08 12:07 - 00000000 _RSHD () C:\cmdcons
2014-02-08 12:07 - 2014-02-08 12:07 - 00000000 ___RD () C:\Documents and Settings\Killer_VirusFr\Mes documents\Mes vidéos
2014-02-08 12:07 - 2014-02-08 12:07 - 00000000 ___RD () C:\Documents and Settings\Killer_VirusFr\Menu Démarrer\Programmes\Outils d'administration
2014-02-08 11:48 - 2012-09-22 10:11 - 00000000 ___SD () C:\Documents and Settings\Killer_VirusFr\UserData
2014-02-08 11:46 - 2014-02-07 23:27 - 00000000 ____D () C:\WINDOWS\pss
2014-02-08 11:25 - 2014-02-08 12:07 - 00000212 _____ () C:\Boot.bak
2014-02-08 11:25 - 2014-02-08 11:25 - 00000000 _____ () C:\WINDOWS\win.ini
2014-02-08 10:49 - 2013-12-19 19:43 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-08 10:38 - 2012-09-22 10:06 - 00000006 _____ () C:\WINDOWS\Tasks\SA.DAT
2014-02-08 10:31 - 2014-02-08 10:31 - 00000669 _____ () C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Opera 19.lnk
2014-02-08 10:31 - 2014-02-08 10:31 - 00000669 _____ () C:\Documents and Settings\All Users\Bureau\Opera 19.lnk
2014-02-08 10:31 - 2014-02-08 10:31 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\Opera Software
2014-02-08 10:31 - 2014-02-08 10:31 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\Opera Software
2014-02-07 23:59 - 2014-02-07 23:59 - 00093480 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-07 23:58 - 2012-09-22 09:53 - 00000000 ____D () C:\Program Files\xerox
2014-02-07 23:32 - 2012-09-22 11:26 - 00000000 ____D () C:\WINDOWS\pchealth
2014-02-07 23:28 - 2014-02-07 23:28 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Application Data\Malwarebytes
2014-02-07 22:40 - 2012-09-22 10:15 - 00000000 ____D () C:\Documents and Settings\Killer_VirusFr\Local Settings\Application Data\Opera
2014-02-07 21:55 - 2014-02-07 21:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-02-07 21:47 - 2014-02-07 21:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
Files to move or delete:
====================
C:\Documents and Settings\Killer_VirusFr\Application Data\msconfig.ini
Some content of TEMP:
====================
C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\10007NEW NJRAT.exe
C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\WINDOWSFORMSAPPLICATION1.EXE
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe
[2008-04-13 17:34] - [2008-04-13 17:34] - 0512000 ____A (Microsoft Corporation) dd73d6b9f6b4cb630cf35b438b540174
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe
[2008-04-13 17:34] - [2008-04-13 17:34] - 0109056 ____A (Microsoft Corporation) 54cb50058851d95e56ec70d09f70857f
C:\WINDOWS\system32\User32.dll
[2008-04-13 17:33] - [2008-04-13 17:33] - 0579584 ____A (Microsoft Corporation) e853f84d3ce2faa2a802e33cf89ac023
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2008-04-13 17:33] - [2008-04-13 17:33] - 0399360 ____A (Microsoft Corporation) 3d65eb82e1fa6db15a33e024c9e03cab
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================