Aller au contenu

chessbrain

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    32

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par chessbrain

  1. chessbrain
    J'ai relancé Malwarebytes pour faire une analyse complète. Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3510 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 17/01/2010 15:43:14 mbam-log-2010-01-17 (15-43-14).txt Type de recherche: Examen complet (C:\|F:\|G:\|M:\|) Eléments examinés: 472550 Temps écoulé: 2 hour(s), 22 minute(s), 50 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\System Volume Information\_restore{5F62C1ED-9841-430E-BE24-FE0A7DB2A223}\RP2\A0006001.sys (Rootkit.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{5F62C1ED-9841-430E-BE24-FE0A7DB2A223}\RP5\A0012058.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{5F62C1ED-9841-430E-BE24-FE0A7DB2A223}\RP5\A0012059.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\chess brain\DoctorWeb\Quarantine\zlosxxwecpnh0.sys (Rootkit.Dropper) -> Quarantined and deleted successfully.
  2. chessbrain
    Je viens de lancer load_tdsskiller. Dans la fenêtre Dos, plusieurs messages apparaiseent dont : "Resolving support.kaspersky.com...failed:Unknown host." "Error : Can not open file as archive" Un message Windows indique "Windows ne trouve pas 'C:\tdsskiller.exe"
  3. chessbrain
    Pear, est-ce que je peux lancer TDSSKiller, sachant que je n'ai pas accès à internet ?
  4. chessbrain
    Est-ce que je peux utiliser TDSSKiller Pear ?
  5. chessbrain
    J'avais poursuivi la 1ère procédure avant ce nouveau message : 1) Scan rapide et suppression avec Malwarebytes. Un message est alors apparu "Impossible de supprimer certains éléments. [...] c:\WINDOWS\system32\BtwSrv.dll Votre ordinateur doit redémarrer[...]" 2) Redémarrage et lancement de Zip-scan. Voici les rapports : Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3510 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 16/01/2010 16:01:00 mbam-log-2010-01-16 (16-01-00).txt Type de recherche: Examen rapide Eléments examinés: 115633 Temps écoulé: 5 minute(s), 28 second(s) Processus mémoire infecté(s): 4 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 7 Valeur(s) du Registre infectée(s): 25 Elément(s) de données du Registre infecté(s): 5 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 102 Processus mémoire infecté(s): C:\Documents and Settings\chess brain\imPlayok.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\imPlayok.exe (Trojan.Agent) -> Unloaded process successfully. C:\Documents and Settings\chess brain\reader_s.exe (Trojan.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\FastNetSrv.exe (Backdoor.Bot) -> Unloaded process successfully. Module(s) mémoire infecté(s): c:\WINDOWS\system32\BtwSrv.dll (Backdoor.Bot) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsrv (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fastnetsrv (Backdoor.Refpron) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_BTWSRV (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FASTNETSRV (Backdoor.Bot) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\appiayt_dlls (Spyware.Agent.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\implayok (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\implayok (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\implayok (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\exec (Worm.Archive) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\firstinstallflag (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udfa (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mfa (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Worm.Archive) -> Data: c:\windows\fonts\services.exe -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Run (Worm.Archive) -> Data: c:\windows\fonts\services.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Rootkit.Agent) -> Data: c:\windows\system32\kbdsock.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Rootkit.Agent) -> Data: system32\kbdsock.dll -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully. Fichier(s) infecté(s): c:\WINDOWS\system32\BtwSrv.dll (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\system32\C.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lsm32.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\7.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\3049,433.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m0_636825577687.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m1_736203868828.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m0_41278290120.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m0_2701763389.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m0_539461452171.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m1_312504736134.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\VRT8.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\VRTF.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\VRT2.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\VRTB.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\VRTD.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\VRT10.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\VRT7.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\VRT9.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\VRTC.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m0_56491846521.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m0_498119567746.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m1_877732611621.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m0_544131188427.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m1_794662854871.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m0_17631382690.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m1_333951695951.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m0_818533347478.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m1_116011404573.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m0_834782574644.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m0_148541887378.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m1_686813794709.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m0_85487182791.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m1_77439703267.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m0_695951470841.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m0_347478758650.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m1_404573107802.bk (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[6].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[7].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[8].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[9].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[10].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[11].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\wCAYX86N1.bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\wCA44SDJ1.bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[6].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[7].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[8].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[9].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[10].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[11].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\wCA3O66BC.bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\wCASO1ONP.bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\wCAN84WDB.bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[6].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[7].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[8].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[9].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[10].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[11].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\wCA7M3Y9P.bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\wCAC7ZEF7.bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[6].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[7].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[8].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[9].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[10].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[11].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\wCAFGGX3Q.bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\wCADZJ4QA.bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\chess brain\imPlayok.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\imPlayok.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\chess brain\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\services.exe (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\sc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\opeia.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\FastNetSrv.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\flags.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mshlps.dll (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kbdsock.dll (Rootkit.Agent) -> Quarantined and deleted successfully. ----------------------------------------------------------------------------------------------------------------------------------------------------------------- -- Report -- . F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\copieCD\pack CloneCD\Clonecd2831\crackVers3\CloneCD30.zip | keygen.exe <-- FOUND F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\DAP\crack\Dap5keygen.zip | Dap5 keygen.exe <-- FOUND F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multimédia\images\photoshop7.01\cracks serial\crack7.0 photoshop\photoshop 7.0 crack.zip | keygen.exe <-- FOUND F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multimédia\images\photoshop7.01\cracks serial\crack7keygen\photoshop7.0 keygen.zip | photoshop7.0 keygen/keygen.exe <-- FOUND . -- EOF --
  6. chessbrain
    Bonjour Pear et merci de prendre du temps pour répondre. Avant d'envoyer ce message j'avais : 1) installé malwarebytes, lancé une analyse et supprimé/mis en quarantaine les fichiers repérés (cf. rapport) 2) installé HijackThis, lancé un scan (cf. rapport) 3) installé UsbFix, lancé un scan en choisissant l'option 1 - sans les périphériques externes (clé, HDD...)- (cf. rapport) 4) lancé un scan en choisissant l'option 2 - avec périphériques - (cf. rapport) 5) envoyé un rapport (UsbFix_Upload.zip) via iexplorer sur le site du logiciel. C'est l'unique fois où internet a fonctionné. 6) installé Dr.web (launch.exe), lancé une désinfection rapide. Impossible de faire une MAJ avant de lancer le scan et le PC redémarre systématiquement pendant celui-ci. Après ton message, j'ai : 1) placé kill.com sur le bureau et double-cliqué dessus. Le fichier pev.exe apparait sur le bureau. 2) double-cliqué sur pev.exe. Une fenêtre Dos apparaît brièvement. 3) placé 18994-MB.exe sur le bureau. 4) désinstallé ma version de malwarebytes 5) double-cliqué sur 18994-MB.exe. Installation dans le répertoire par défaut. Après installation, échec de la MAJ "error cod 732 (12007,0) Dois-je quand même lancer le scan ?
  7. chessbrain
    Bonjour, Depuis une semaine mon Pc tourne au ralenti, certaines applications ne s'ouvrent plus ou affichent "ne répond pas", plus de connexion internet et 3 icônes apparaisent au démarrage sur le bureau (nudetube.com, porntube.com, youporn.com) malgré leur suppression. J'ai installé Malwarebytes sur le bureau et depuis, les 3 icônes n'apparaissent plus. Voici les rapports de HijackThis et UsbFix (option 1 et option 2). J'ai essayé d'utiliser Dr.Web mais pendant le scan rapide, le Pc redémarre. QQ1 peut-il m'aider ? Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 11:09:38, on 10/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\imPlayok.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\CyberLink\PowerCinema\PCMService.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\carpserv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\imPlayok.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Documents and Settings\chess brain\imPlayok.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Wtablet\TabUserW.exe C:\Program Files\Hercules\Audio\Gamesurround Muse Pocket\MuseCPL.exe C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Aide mémoire\Aide mémoire.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\TEMP\VRTD.tmp C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\TEMP\VRT10.tmp C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [uSBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" O4 - HKLM\..\Run: [uSB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [CheckMedi8or] C:\Program Files\Mediator 7 Pro\CheckNewUser.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [b2i] c:\apache\manapache O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [qquaqe] RUNDLL32.EXE C:\WINDOWS\system32\msjgjzcu.dll,w O4 - HKLM\..\Run: [imPlayok] C:\WINDOWS\system32\imPlayok.exe O4 - HKLM\..\Run: [pgrbbb] RUNDLL32.EXE C:\WINDOWS\system32\msbkbnlu.dll,w O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\RunOnce: [ÁN@] ÁN@ O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Power2GoExpress] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [imPlayok] C:\Documents and Settings\chess brain\imPlayok.exe O4 - HKUS\S-1-5-18\..\Run: [imPlayok] C:\WINDOWS\system32\config\systemprofile\imPlayok.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [imPlayok] C:\WINDOWS\system32\config\systemprofile\imPlayok.exe (User 'Default user') O4 - S-1-5-18 Startup: Aide mémoire.lnk = ? (User 'SYSTEM') O4 - .DEFAULT Startup: Aide mémoire.lnk = ? (User 'Default user') O4 - Startup: Aide mémoire.lnk = ? O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: FunTV Remote Control.lnk = ? O4 - Global Startup: Gamesurround Muse Pocket.lnk = C:\Program Files\Hercules\Audio\Gamesurround Muse Pocket\MuseCPL.exe O4 - Global Startup: Wireless Configuration Utility .lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.3.8.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 12887 bytes (option 1) ############################## | UsbFix V6.073 | User : chess brain (Administrateurs) # LAURENCE Update on 09/01/2010 by El Desaparecido , C_XX & Chimay8 Start at: 10:10:50 | 13/01/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com AMD Athlon 64 Processor 3400+ Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 7.0.5730.11 Windows Firewall Status : Disabled FW : COMODO Firewall Pro[ Enabled ]3.0 C:\ -> Disque fixe local # 149,01 Go (30,27 Go free) [XP] # FAT32 D:\ -> Disque CD-ROM E:\ -> Disque CD-ROM H:\ -> Disque amovible I:\ -> Disque amovible J:\ -> Disque amovible K:\ -> Disque amovible L:\ -> Disque CD-ROM ############################## | Processus actifs | C:\WINDOWS\System32\smss.exe 784 C:\WINDOWS\system32\csrss.exe 1268 C:\WINDOWS\system32\winlogon.exe 1292 C:\WINDOWS\system32\services.exe 1344 C:\WINDOWS\system32\lsass.exe 1368 C:\WINDOWS\system32\svchost.exe 1576 C:\WINDOWS\system32\svchost.exe 1668 C:\WINDOWS\System32\svchost.exe 1768 C:\Program Files\Ahead\InCD\InCDsrv.exe 1796 C:\WINDOWS\system32\svchost.exe 2020 C:\WINDOWS\system32\svchost.exe 236 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe 632 C:\WINDOWS\Explorer.EXE 1948 C:\WINDOWS\System32\svchost.exe 368 C:\WINDOWS\System32\svchost.exe 376 C:\WINDOWS\System32\svchost.exe 388 C:\WINDOWS\System32\svchost.exe 396 C:\WINDOWS\System32\svchost.exe 424 C:\WINDOWS\System32\svchost.exe 624 C:\WINDOWS\system32\spoolsv.exe 3816 C:\WINDOWS\System32\reader_s.exe 4012 C:\WINDOWS\system32\imPlayok.exe 200 C:\WINDOWS\system32\RUNDLL32.EXE 3664 C:\WINDOWS\system32\RUNDLL32.EXE 3684 C:\WINDOWS\system32\RUNDLL32.EXE 3700 C:\WINDOWS\system32\ctfmon.exe 3980 C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe 308 C:\WINDOWS\System32\svchost.exe 360 C:\WINDOWS\system32\svchost.exe 4176 C:\Program Files\Windows Media Player\WMPNSCFG.exe 4256 C:\Documents and Settings\chess brain\imPlayok.exe 4416 C:\WINDOWS\System32\svchost.exe 4552 C:\Program Files\COMODO\Firewall\cmdagent.exe 4572 C:\WINDOWS\system32\Wtablet\TabUserW.exe 4844 C:\WINDOWS\System32\svchost.exe 4848 C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe 4924 C:\Program Files\Hercules\Audio\Gamesurround Muse Pocket\MuseCPL.exe 4956 C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe 4996 C:\WINDOWS\system32\nvsvc32.exe 5072 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 5224 C:\WINDOWS\system32\svchost.exe 5372 C:\WINDOWS\system32\Tablet.exe 5420 C:\Program Files\Windows Media Player\WMPNetwk.exe 5680 C:\Program Files\Aide mémoire\Aide mémoire.exe 6028 C:\Program Files\Aide mémoire\Aide mémoire.exe 6080 C:\Program Files\Aide mémoire\Aide mémoire.exe 3716 C:\WINDOWS\System32\alg.exe 5048 C:\WINDOWS\System32\svchost.exe 5296 C:\WINDOWS\System32\svchost.exe 7272 C:\WINDOWS\System32\svchost.exe 6900 C:\WINDOWS\System32\Rundll32.exe 7724 C:\WINDOWS\system32\svchost.exe 7288 C:\WINDOWS\System32\Rundll32.exe 4484 C:\WINDOWS\System32\3049,433.exe 6540 C:\WINDOWS\system32\svchost.exe 7220 C:\WINDOWS\system32\FastNetSrv.exe 7444 C:\WINDOWS\system32\NOTEPAD.EXE 276 C:\WINDOWS\system32\lsm32.sys 14884 C:\WINDOWS\system32\wbem\wmiprvse.exe 16312 ################## | Elements infectieux | C:\DOCUME~1\CHESSB~1\LOCALS~1\Temp\7ko5df7g.exe ################## | Registre | [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Regedit32" ################## | Mountpoints2 | ################## | Cracks > Keygens > Serials | "C:\Program Files\Pinnacle\Hollywood FX for Studio\6.0\HfxSerial.exe" 08/10/2008 21:23 |Size 79120 |Crc32 c70d1819 |Md5 046924fd7c09e6efdca2d297e3dde004 ################## | ! Fin du rapport # UsbFix V6.073 ! | (option 2) ############################## | UsbFix V6.073 | User : chess brain (Administrateurs) # LAURENCE Update on 09/01/2010 by El Desaparecido , C_XX & Chimay8 Start at: 10:25:17 | 13/01/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com AMD Athlon 64 Processor 3400+ Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 7.0.5730.11 Windows Firewall Status : Enabled FW : COMODO Firewall Pro[ Enabled ]3.0 C:\ -> Disque fixe local # 149,01 Go (30,3 Go free) [XP] # FAT32 D:\ -> Disque CD-ROM E:\ -> Disque CD-ROM F:\ -> Disque fixe local # 465,76 Go (161,66 Go free) [DATA] # NTFS G:\ -> Disque amovible # 3,82 Go (403,62 Mo free) [uDISK 2.0] # FAT32 H:\ -> Disque amovible I:\ -> Disque amovible J:\ -> Disque amovible K:\ -> Disque amovible L:\ -> Disque CD-ROM ############################## | Processus actifs | C:\WINDOWS\System32\smss.exe 784 C:\WINDOWS\system32\csrss.exe 876 C:\WINDOWS\system32\winlogon.exe 900 C:\WINDOWS\system32\services.exe 960 C:\WINDOWS\system32\lsass.exe 972 C:\WINDOWS\system32\svchost.exe 1136 C:\WINDOWS\system32\svchost.exe 1204 C:\WINDOWS\System32\svchost.exe 1300 C:\Program Files\Ahead\InCD\InCDsrv.exe 1320 C:\WINDOWS\system32\svchost.exe 1648 C:\WINDOWS\system32\svchost.exe 1716 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe 1852 C:\WINDOWS\Explorer.EXE 536 C:\WINDOWS\system32\spoolsv.exe 1292 C:\WINDOWS\system32\svchost.exe 1016 C:\WINDOWS\system32\svchost.exe 232 C:\Program Files\COMODO\Firewall\cmdagent.exe 244 C:\WINDOWS\system32\FastNetSrv.exe 608 C:\WINDOWS\System32\svchost.exe 740 C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe 776 C:\WINDOWS\system32\nvsvc32.exe 1160 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 1520 C:\WINDOWS\system32\svchost.exe 1588 C:\WINDOWS\system32\Tablet.exe 1664 C:\Program Files\Windows Media Player\WMPNetwk.exe 2004 C:\WINDOWS\System32\alg.exe 3100 C:\WINDOWS\system32\wbem\wmiprvse.exe 3140 ################## | Elements infectieux | Supprimé ! C:\DOCUME~1\CHESSB~1\LOCALS~1\Temp\7ko5df7g.exe Supprimé ! F:\$Recycle.Bin\S-1-5-21-2613703542-16786224-2159651953-1002 Supprimé ! F:\Recycler\S-1-5-21-1582577928-4173110577-210898849-3004 Supprimé ! F:\Recycler\S-1-5-21-3993975773-2949197677-2490937237-1005 Supprimé ! F:\Recycler\S-1-5-21-515967899-1580436667-1957994488-1003 Supprimé ! G:\r.bat ################## | Registre | Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Regedit32" ################## | Mountpoints2 | ################## | Listing des fichiers présent | [23/04/2002 10:26|--a------|1039] C:\Driver.lnk [?|?|?] C:\hiberfil.sys [13/01/2010 09:10|--a------|57252] C:\sbpecgsn.exe [?|?|?] C:\pagefile.sys [21/10/2004 11:33|--ah-----|111] C:\BOOTLOG.PRV [02/10/2001 11:42|---hs----|512] C:\bootsect.dos [13/01/2010 10:32|--a------|2962] C:\UsbFix.txt [21/10/2004 11:42|--ah-----|111] C:\BOOTLOG.TXT [18/02/2009 15:19|--a------|37469] C:\EyeCandyLog.txt [05/08/2004 14:00|-rahs----|4952] C:\Bootfont.bin [08/10/2008 09:29|--a------|252240] C:\NTLDR [05/08/2004 14:00|-rahs----|47564] C:\NTDETECT.COM [25/08/2008 22:30|-rahs----|216] C:\BOOT.INI [06/01/2007 09:34|--a------|95] C:\AUTOEXEC.BAT [06/01/2007 10:25|--a------|403642] C:\adorage-protocol.txt [13/11/2006 21:43|--a------|2023] C:\debug.log [24/02/2007 21:17|--a------|580] C:\finfos.txt [02/05/2007 18:02|--a------|3532] C:\drmHeader.bin [13/01/2010 10:22|--a------|20] C:\GINA.TEXT [13/01/2010 10:22|--a------|41] C:\WLANCUGINA.TEXT [16/05/2009 21:35|--a------|18954] C:\hfxFilesStudio.txt [16/05/2009 21:35|--a------|0] C:\hfxFilesV1.txt [16/05/2009 21:35|--a------|1759] C:\hfxFilesV2.txt [16/05/2009 21:35|--a------|0] C:\hfxFilesV3.txt [12/01/2010 07:06|--a------|98] C:\ikjsdh76asyl108.bat [28/12/2004 10:00|-rahs----|0] C:\MSDOS.SYS [28/12/2004 10:00|-rahs----|0] C:\IO.SYS [01/01/2005 17:43|--a------|7680] C:\AudioOut.grf [08/01/2005 17:06|--a------|299] C:\clony.txt [27/08/2008 14:48|--a------|1902566] F:\P1050023.JPG [20/12/2008 13:36|--ahs----|4608] F:\Thumbs.db [04/12/2009 07:37|--a------|289584] F:\utorrent.exe [30/04/2009 07:56|--a------|415232] G:\annivRem09.pub [03/05/2009 18:24|--a------|296] G:\WMPInfo.xml [08/09/2006 21:39|--a------|274428] G:\Aide_memoire.exe [25/10/2009 09:04|--a------|11620] G:\Ref commande.docx [04/11/2009 20:47|--a------|9140] G:\pouvoir individuel.pdf [30/11/2009 16:11|--a------|5150351] G:\cdr.zip [30/12/2009 22:36|--a------|2925376] G:\ba2010.psd [28/12/2009 16:58|--a------|667359] G:\tutoFondEcran.docx [04/07/2009 21:14|--a------|2595153] G:\pepereVelo.jpg [04/07/2009 21:44|--a------|247759172] G:\pepereVelo 001.tif [04/07/2009 22:07|--a------|230907894] G:\pepereVelo2.tif [28/12/2009 23:53|--a------|319316] G:\Document.pdf ################## | Vaccination | # C:\autorun.inf -> Dossier créé par UsbFix. # F:\autorun.inf -> Dossier créé par UsbFix. # G:\autorun.inf -> Dossier créé par UsbFix. ################## | Crack > Keygen > Serial | "C:\Program Files\Pinnacle\Hollywood FX for Studio\6.0\HfxSerial.exe" 08/10/2008 21:23 |Size 79120 |Crc32 c70d1819 |Md5 046924fd7c09e6efdca2d297e3dde004 "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\DAP\crack\Lancez-moi.exe" 27/08/2001 15:57 |Size 53248 |Crc32 e558ee03 |Md5 1ac1cff6434f015cb420031cc71aca23 "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\DAP\crack2\dap50-crack.exe" 11/11/2002 20:51 |Size 28672 |Crc32 8c0a2212 |Md5 6d85b598752c8cdc35f2ff472797425d "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\DAP2\download-accelerator-plus-v50+keygen+bonus-switch.exe" 09/02/2002 16:10 |Size 1065099 |Crc32 13257bd6 |Md5 6212e363fcdb9ee5c65d3e64c825cf90 "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\DAP5.3fr\crack1\dap53.exe" 11/11/2002 21:14 |Size 1750351 |Crc32 8cc011cd |Md5 5a29d4b53558d86aede440f7b3630c51 "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\Gifanim‚s\cool3D3.5\crack3.5\Lancez-moi.exe" 27/08/2001 15:57 |Size 53248 |Crc32 dd8f9bd9 |Md5 a4c6c9a56e311f900b2d0aae126dcffc "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\images\photoshop7.01\cracks serial\crack7.0 photoshop\keygen.exe" 29/04/2002 14:17 |Size 58880 |Crc32 302de52f |Md5 948e021efec503c4db5e4e1277e7e4df "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\images\photoshop7.01\cracks serial\crack7.01\photoshop7.0serial.exe" 10/01/2003 13:13 |Size 124416 |Crc32 b200ffc7 |Md5 35557961112148cda88c8c3cab73db0e "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\images\photoshop7.01\cracks serial\crack7keygen\photoshop7.0 keygen\keygen.exe" 29/04/2002 14:17 |Size 58880 |Crc32 e4a78af6 |Md5 5ec73407821b40a97495cf8a6c57b1df "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\outils\winzip\WZ81FR+crack.exe" 07/01/2003 13:29 |Size 2027624 |Crc32 4fff6300 |Md5 74f121501910b369ed9ad0b7833a0772 "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\Pr‚ao\director8.5\crackVers8.5\Crack.exe" 17/06/2001 08:50 |Size 36352 |Crc32 7c034857 |Md5 5ecc8c37afbea89cc6d30f366ac8aa05 "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\Pr‚ao\director8.5\crackVers8.5\Lancez-moi.exe" 27/08/2001 15:57 |Size 53248 |Crc32 d64325bd |Md5 07d87c6f6c995994aa7b99aefae79b0d "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\Thumbs501-build2060\crack 5.01-build2060\Thumb15403\Thumbz.exe" 02/04/2002 12:36 |Size 27136 |Crc32 a371988b |Md5 96396674aadfa934a57905780205247e "F:\PBDATASECURE\gertrude\Partition C\Documents and Settings\gertrude\Ecole Laurence\internet\winzip8\crack8.0fr\CRK-WZ80(1).exe" 06/07/2001 22:11 |Size 62080 |Crc32 350822a5 |Md5 ca4d21ec9f950b445ead862d2e67015c "F:\PBDATASECURE\gertrude\Partition C\Documents and Settings\gertrude\Ecole Laurence\internet\winzip8\crack8.0fr\CRK-WZ80(2).exe" 06/07/2001 22:16 |Size 62078 |Crc32 57aba3c5 |Md5 cc83381ec769aadd1aa39d6dc7f523ca "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\copieCD\pack CloneCD\Clonecd2831\crackVers3\CloneCD30.zip" -> Contain : keygen.exe 13621 DFLT-N 15% 11620 19-04-2001 00:24:14 743c9e46 "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\copieCD\pack CloneCD\Clonecd2831\crackVers3\CloneCD30.zip" -> Contain : Lancez-moi.exe "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\copieCD\pack CloneCD\Clonecd2831\crackVers4\CloneCD 4-0-x.zip" -> Contain : CloneCD_4-0-x.Exe "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\copieCD\pack CloneCD\Clonecd2831\crackVers4\CloneCD 4-0-x.zip" -> Contain : Lancez-moi.exe "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\DAP\crack\Dap5keygen.zip" -> Contain : Dap5 keygen.exe "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\DAP\crack\Dap5keygen.zip" -> Contain : Lancez-moi.exe "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\DAP2\download-accelerator-plus+keygen.gnomus.zip" -> Contain : download-accelerator-plus-v50+keygen+bonus-switch.exe "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\Gifanim‚s\cool3D3.5\crack3.5\Ulead Cool 3D 3.5.zip" -> Contain : Ulead Cool 3D 3.5.exe "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\Gifanim‚s\cool3D3.5\crack3.5\Ulead Cool 3D 3.5.zip" -> Contain : Lancez-moi.exe "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\images\photoshop7.01\cracks serial\crack7.0 photoshop\photoshop 7.0 crack.zip" -> Contain : keygen.exe 35840 DFLT-N 5% 34100 29-04-2002 14:17:00 6d32a58c "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\images\photoshop7.01\cracks serial\crack7keygen\photoshop7.0 keygen.zip" -> Contain : photoshop7.0 keygen\keygen.exe "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\outils\DAP5\crack g‚n‚rique\download accelerator plus generique.zip" -> Contain : DAP-Crk.exe 18351 DFLT-X 16% 15399 22-10-2001 16:25:10 78e86033 "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\outils\DAP5\crack g‚n‚rique\download accelerator plus generique.zip" -> Contain : Ads Remover.exe "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\outils\DAP5\crack5.0\download accelerator plus 5.0 crack.zip" -> Contain : Cr-dap50.exe 7168 DFLT-X 40% 4274 19-06-2001 11:35:34 5aaf790c "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\Pr‚ao\director8.5\crackVers8\MacromediaDirector8.zip" -> Contain : Crack.exe 14868 DFLT-X 16% 12462 09-10-2000 08:00:00 fca20064 "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\Pr‚ao\director8.5\crackVers8\MacromediaDirector8.zip" -> Contain : Lancez-moi.exe "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\Pr‚ao\director8.5\crackVers8.5\Director Macromedia 8.5 FR.zip" -> Contain : Crack.exe 15060 DFLT-X 16% 12684 17-06-2001 08:50:00 3fa3a366 "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\Pr‚ao\director8.5\crackVers8.5\Director Macromedia 8.5 FR.zip" -> Contain : Lancez-moi.exe "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\Thumbs501-build2060\crack 5.01-build2060\Thumb15403.zip" -> Contain : Thumbz.exe 6656 DFLT-X 62% 2528 02-04-2002 12:36:58 ef73af45 "F:\PBDATASECURE\gertrude\Partition C\Documents and Settings\gertrude\Ecole Laurence\internet\winzip8\crack8.0fr\winzip80fr.zip" -> Contain : CRK-WZ80(2).exe "F:\PBDATASECURE\gertrude\Partition C\Documents and Settings\gertrude\Ecole Laurence\internet\winzip8\crack8.0fr\winzip80fr.zip" -> Contain : CRK-WZ80(1).exe "F:\PBDATASECURE\gertrude\Partition C\Documents and Settings\gertrude\Ecole Laurence\internet\winzip8\crack8.1fr\WinZip_8-1_fr.zip" -> Contain : CRK-Wzsepe32.exe "F:\PBDATASECURE\gertrude\Partition C\Documents and Settings\gertrude\Ecole Laurence\internet\winzip8\crack8.1fr\WinZip_8-1_fr.zip" -> Contain : CRK-WinZip32.exe "F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\copieCD\pack CloneCD\CloneCD4319\crack4319\CCD_crk.rar" -> contain : *cr-c4319.exe ################## | Upload | Veuillez envoyer le fichier : C:\DOCUME~1\CHESSB~1\Bureau\UsbFix_Upload_Me_LAURENCE.zip : http://chiquitine.changelog.fr/Sample/Upload.php Merci pour votre contribution . ################## | ! Fin du rapport # UsbFix V6.073 ! |
×
×
  • Créer...