Mon pc est infecté par un virus Win32: TratBHO [Tri]

[mamkangourou]

Bonjour, merci Pear et Zonk

 

J'ai fait le scan avec Vundofix et celui ci a rien trouvé. Aucun fichier à supprimer. J'ai pas eu de rapport :P Je viens de refaire un scan avec HjackThis et voici le résultat:

 

Logfile of HijackThis v1.99.1

Scan saved at 09:50:03, on 30/01/2008

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\ASUS\ATK Media\DMedia.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\MSN Messenger\livecall.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Users\MAMKAN~1\AppData\Local\Temp\Rar$EX00.981\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\MAMKAN~1\AppData\Local\Temp\wvutq.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\MAMKAN~1\AppData\Local\Temp\oppml.dll,c

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: MultiFrame.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

 

[pear]

Bonjour,

 

On continue, si vous le voulez bien, car c'est nécessaire:

 

Désactiver le Teatimer de spybot, windows defender et le guard d'antivir, , si vous les avez,:

Fermer tous les programmes

Télécharger combofix.exe de sUBs

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

 

*Double cliquer sur combofix.exe.

* Note: Ne pas fermer la fenêtre qui vient de s'ouvrir , le bureau serait vide !

* Taper sur la touche 1 pour démarrer le scan.

* Lorsque le scan est terminé, un rapport sera généré : postez en le contenu dans un prochain message.

* Si le rapport est trop long, postez le en deux fois.

[mamkangourou]

Pear, j'ai suivi la marche à suivre et voici le rapport de Combofix:

 

ComboFix 08-01-30.6 - Mamkangourou 2008-01-30 14:00:46.1 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1384 [GMT 1:00]

Endroit: C:\Users\Mamkangourou\Desktop\ComboFix.exe

* Création d'un nouveau point de restauration

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Users\Mamkangourou\Desktop\Erwan\Babidi\Photos\Fonds d'ecran\Desktop_.ini

 

.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))))))))

.

 

Pas de nouveau fichier créé dans cet espace de temps

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-30 12:56 45,056 ----a-w C:\Windows\System32\acovcnt.exe

2008-01-30 12:50 --------- d-----w C:\Users\Mamkangourou\AppData\Roaming\uTorrent

2008-01-29 11:18 --------- d-----w C:\Program Files\Avira

2008-01-28 17:10 --------- d-----w C:\ProgramData\Avira

2008-01-27 18:00 874,496 ----a-w C:\Users\Mamkangourou\AppData\Roaming\kernel33.dll

2008-01-26 20:00 --------- d-----w C:\Program Files\WinZix

2008-01-25 18:10 --------- d-----w C:\Users\Mamkangourou\AppData\Roaming\OpenOffice.org2

2008-01-25 17:51 --------- d-----w C:\Program Files\OpenOffice.org 2.3

2008-01-25 17:50 --------- d-----w C:\Program Files\Java

2008-01-25 17:48 --------- d-----w C:\Program Files\Common Files\Java

2008-01-18 02:02 --------- d-----w C:\Program Files\MSXML 4.0

2008-01-17 12:05 --------- d-----w C:\Users\Mamkangourou\AppData\Roaming\gtk-2.0

2008-01-17 11:55 --------- d-----w C:\Users\Mamkangourou\AppData\Roaming\Canon

2008-01-17 11:54 --------- d-----w C:\Program Files\Canon

2008-01-17 11:38 --------- d-----w C:\Users\Mamkangourou\AppData\Roaming\ScanSoft

2008-01-17 11:38 --------- d-----w C:\ProgramData\ScanSoft

2008-01-17 11:38 --------- d-----w C:\ProgramData\InstallShield

2008-01-17 11:38 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared

2008-01-17 11:38 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-01-17 11:37 --------- d-----w C:\Program Files\ScanSoft

2008-01-17 11:33 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-17 11:33 --------- d-----w C:\Program Files\ArcSoft

2008-01-17 11:28 --------- d--h--w C:\Program Files\CanonBJ

2008-01-14 19:39 --------- d-----w C:\Program Files\DAEMON Tools

2008-01-12 19:23 --------- d-----w C:\ProgramData\Skyline

2008-01-12 19:00 --------- d-----w C:\Program Files\OFFICE One 7.0

2008-01-12 18:50 --------- d-----w C:\Program Files\ASUS

2008-01-12 06:26 --------- d-----w C:\Users\Mamkangourou\AppData\Roaming\OFFICEOne7

2008-01-10 02:03 802,816 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-01-10 02:03 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-01-10 02:03 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-01-10 02:03 216,760 ----a-w C:\Windows\system32\drivers\netio.sys

2008-01-10 02:03 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-01-10 02:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2008-01-10 02:01 --------- d-----w C:\Program Files\Windows Sidebar

2008-01-09 15:25 --------- d-----w C:\Program Files\Gabest

2008-01-09 14:37 --------- d-----w C:\Program Files\adslTV

2008-01-05 20:06 --------- d-----w C:\Program Files\GIMP-2.0

2008-01-02 06:47 --------- d-----w C:\Program Files\MSN Messenger

2008-01-02 06:47 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-01-01 16:07 --------- d-----w C:\Program Files\Atari

2007-12-25 08:16 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2007-12-25 08:15 --------- d-----w C:\Program Files\Common Files\Motorola Shared

2007-12-23 19:28 --------- d-----w C:\Program Files\uTorrent

2007-12-20 14:04 63,488 ----a-w C:\Users\Mamkangourou\xobglu16.dll

2007-12-20 14:04 23,552 ----a-w C:\Users\Mamkangourou\xobglu32.dll

2007-12-14 02:06 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2007-12-14 02:05 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2007-12-14 02:05 223,232 ----a-w C:\Windows\System32\WMASF.DLL

2007-12-14 02:04 824,832 ----a-w C:\Windows\System32\wininet.dll

2007-12-14 02:04 56,320 ----a-w C:\Windows\System32\iesetup.dll

2007-12-14 02:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-12-14 02:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2007-12-14 02:03 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys

2007-12-14 02:03 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys

2007-12-14 02:03 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys

2007-12-14 02:03 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys

2007-12-14 02:02 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe

2007-12-14 02:02 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe

2007-12-09 08:24 --------- d-----w C:\Program Files\TLC-Edusoft

2007-12-08 14:48 --------- d-----w C:\Program Files\Mindscape

2007-10-31 06:45 98 ----a-w C:\Users\Mamkangourou\AppData\Roaming\wklnhst.dat

2007-10-11 01:10 84,480 ----a-w C:\Windows\System32\INETRES.dll

2007-10-11 01:10 788,992 ----a-w C:\Windows\System32\rpcrt4.dll

2007-10-11 01:10 737,792 ----a-w C:\Windows\System32\inetcomm.dll

2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini

2005-09-29 08:51 976,020 ----a-w C:\Program Files\BDAXP.cab

2005-09-29 08:51 916,815 ----a-w C:\Program Files\Oct2005_MDX_x86.cab

2005-09-29 08:51 86,784 ----a-w C:\Program Files\Oct2005_xinput_x64.cab

2005-09-29 08:51 74,448 ----a-w C:\Program Files\DSETUP.dll

2005-09-29 08:51 74,430 ----a-w C:\Program Files\dxupdate.cab

2005-09-29 08:51 703,080 ----a-w C:\Program Files\BDA.cab

2005-09-29 08:51 488,656 ----a-w C:\Program Files\DXSETUP.exe

2005-09-29 08:51 46,085 ----a-w C:\Program Files\Oct2005_xinput_x86.cab

2005-09-29 08:51 41,888 ----a-w C:\Program Files\dxdllreg_x86.cab

2005-09-29 08:51 2,245,840 ----a-w C:\Program Files\dsetup32.dll

2005-09-29 08:51 15,493,481 ----a-w C:\Program Files\DirectX.cab

2005-09-29 08:51 13,265,040 ----a-w C:\Program Files\dxnt.cab

2005-09-29 08:51 1,351,430 ----a-w C:\Program Files\Aug2005_d3dx9_27_x64.cab

2005-09-29 08:51 1,156,363 ----a-w C:\Program Files\BDANT.cab

2005-09-29 08:51 1,078,532 ----a-w C:\Program Files\Aug2005_d3dx9_27_x86.cab

2007-09-07 19:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007090720070908\index.dat

2007-09-08 08:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007090820070909\index.dat

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-08-29 07:41 171448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-02 13:34 1004136]

"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 06:36 4186112 C:\Windows\RtHDVCpl.exe]

"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 16:27 61440]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 06:27 815104]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 101136 C:\Windows\KHALMNPR.Exe]

"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]

"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45 75304]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-29 12:20 249896]

"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 12:44:06 29696]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-12 20:30:58 67128]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-12 20:26:53 688128]

MultiFrame.lnk - C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe [2007-04-11 07:47:40 991600]

 

R2 ASLDRService;ASLDR Service;C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2006-12-20 22:59]

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2006-12-10 17:31]

R3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-12-19 02:12]

R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-12-21 03:49]

R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-04 02:35]

R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2006-12-21 19:36]

R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-02 23:37]

S3 leafnets;Leaf Networks Adapter;C:\Windows\system32\DRIVERS\leafnets.sys [2007-05-03 00:48]

S3 motmodem;Motorola USB CDC ACM Driver;C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-20 14:57]

S3 UMPass;Pilote Microsoft UMPass;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 09:55]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a971873d-46a1-11dc-b62c-001bfc28d434}]

\shell\AutoRun\command - F:\Autorun.exe

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {1588FCDE-E779-AA74-BF76-64C8037C5C9F} /qb

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-30 14:02:53

Windows 6.0.6000 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-01-30 14:04:19

ComboFix-quarantined-files.txt 2008-01-30 13:04:15

.

2008-01-30 01:54:01 --- E O F ---

[pear]

On avance.

 

2) Télécharger le fichier CFScript > http://www.sendspace.com/file/qxrxfw

pour cela, cliquer sur le lien en bas de page > Download Link: CFScript

 

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

*

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

3) Cliquer sur le lien suivant > ESET Online Scanner Link

http://www.eset.com/onlinescan/

 

* Cocher la case YES, I accept the Terms Of Use

* Cliquer sur le bouton Start

* Cliquer ensuite sur le bouton Install

* Clique sur Start

* Le scanner va se mettre à jour.

* Ne pas cocher la case Remove found threats

* Clique sur le bouton Scan

* Le scan va se lancer:

* Lorsque le scan s'achève, cliquer sur le menu Details

* Copier/coller le contenu du rapport généré:

il se trouve ici > C:\Program Files\EsetOnlineScanner et se nomme log.txt

[mamkangourou]

aie! le lien http://www.sendspace.com/file/qxrxfw ne fonctionne pas. Y a t-il un autre endroit où je peux télécharger le fichier CFScript?

[pear]

On verraplus tard.

 

Faites le scan Eset.

[mamkangourou]

Voici le scan ESET. Il n'a rien de trouvé.

 

# version=4

# OnlineScanner.ocx=1.0.0.56

# OnlineScannerDLLA.dll=1, 0, 0, 51

# OnlineScannerDLLW.dll=1, 0, 0, 51

# OnlineScannerUninstaller.exe=1, 0, 0, 49

# vers_standard_module=2836 (20080130)

# vers_arch_module=1.063 (20080117)

# vers_adv_heur_module=1.060 (20070601)

# EOSSerial=86fb7bc32fe7444ab5a40146da0bde46

# end=finished

# remove_checked=false

# unwanted_checked=false

# utc_time=2008-01-30 05:48:27

# local_time=2008-01-30 06:48:27 (+0100, Paris, Madrid)

# country="France"

# osver=6.0.6000 NT

# scanned=293702

# found=0

# scan_time=4934

[mike hotel]

mamkangourou

bonsoir et bon courage;

 

suis a la lettre les conseils de "l'exellente équipe de sécurité"

entre autre ;notre cousin du Canada...J zonc et notre venerable pear

regardes mon dossier

je n'ai plus d'ennuis ce soir

j'espere que tu va trouver la sortie

mike hotel

[pear]

Bonsoir,

 

Copier/coller ceci , dans le bloc notes.

Sans ligne blanche au début

Enregistrez sous kan.reg et fusionnez(clic droit sur le fichier)

Acceptez la modification du régistre.

 

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"cmds"=-

et refaites un scan kaparsky:

 

Vider la corbeille.

 

* Faire un scan en ligne Kaspersky

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

* Cliquer sur Accept

* Une barre jaune va demander d'accepter l'installation de Kavwebscan_Unicode.cab, installer l'Active X.

* cliquer une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patienter un moment

* Cliquer sur Next.

* Cliquer sur My Computer, le scan se met en route;

attendre la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

 

 

A la fin du scan, si des objets infectés sont découverts, cliquer sur Save report as... Choisirr bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisir "fichiers texte" enregistrer le rapport.

Copier/coller l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

Coller ce rapport dans la réponse sur le forum.

Aide en cas de problème :Cybersécurité

http://cybersecurite.xooit.com/t100-Scan-e...spersky.htm#768

NOTE: Le scan est à faire avec Internet Explorer.

 

Je crois que ce sera tout.

 

mais pensez à vous installer des protections convenables car Windows defender, c'est un peu court.

Modifié le 30 janvier 2008 par pear

[mamkangourou]

Voici le rapport Kapersky

 

KASPERSKY ONLINE SCANNER REPORT

Thursday, January 31, 2008 7:46:10 AM

Operating System: Microsoft Windows Vista Home Edition, (Build 6000)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 30/01/2008

Kaspersky Anti-Virus database records: 538739

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

Scan Target My Computer

C:\

D:\

E:\

F:\

G:\

H:\

Scan Statistics

Total number of scanned objects 77528

Number of viruses found 1

Number of infected objects 3

Number of suspicious objects 0

Duration of the scan process 01:13:10

 

Infected Object Name Virus Name Last Action

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20080130-135654.log Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mamkangourou\Data\chandir.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mamkangourou\Data\chandir.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mamkangourou\Data\chn.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mamkangourou\Data\chn.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mamkangourou\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mamkangourou\Data\inuse.txt Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mamkangourou\Data\L0000007.FCS Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mamkangourou\Data\main.log Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mamkangourou\Data\prs.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mamkangourou\Data\prs.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mamkangourou\Data\prs_die.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mamkangourou\Data\prs_die.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mamkangourou\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mamkangourou\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mamkangourou\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mamkangourou\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mamkangourou\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mamkangourou\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mamkangourou\Data\storydb.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mamkangourou\Data\storydb.idx Object is locked skipped

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\14bfebd6eba5e6d5f6d5fc216298248a_4d158e14-277d-4e55-bb5a-009bc0716b32 Object is locked skipped

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.209.Crwl Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.209.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010001.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010002.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010008.ci Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010008.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010008.wsb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01000A.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010010.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010013.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010014.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010015.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010016.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010017.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010018.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010019.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01001A.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01001B.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01001C.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01001D.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles01001F.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010020.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010021.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010023.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010024.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles010025.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy222.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfEE92.tmp Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfEE93.tmp Object is locked skipped

C:\ProgramData\OrbNetworks\Logs\CabDirectory.log Object is locked skipped

C:\ProgramData\OrbNetworks\Logs\MiWebServer.log Object is locked skipped

C:\ProgramData\OrbNetworks\Logs\Orb.log Object is locked skipped

C:\ProgramData\OrbNetworks\Logs\OrbClient.log Object is locked skipped

C:\ProgramData\OrbNetworks\Logs\OrbContacts.log Object is locked skipped

C:\ProgramData\OrbNetworks\Logs\OrbDMS.log Object is locked skipped

C:\ProgramData\OrbNetworks\Logs\OrbErrors.log Object is locked skipped

C:\ProgramData\OrbNetworks\Logs\OrbImageProcessing.log Object is locked skipped

C:\ProgramData\OrbNetworks\Logs\OrbMediaV2.log Object is locked skipped

C:\ProgramData\OrbNetworks\Logs\OrbPVR.log Object is locked skipped

C:\ProgramData\OrbNetworks\Logs\OrbRequestProxy.log Object is locked skipped

C:\ProgramData\OrbNetworks\Logs\OrbStreamer.log Object is locked skipped

C:\ProgramData\OrbNetworks\Logs\OrbTrayIcon.log Object is locked skipped

C:\ProgramData\OrbNetworks\Logs\OrbTVXml.log Object is locked skipped

C:\ProgramData\OrbNetworks\Logs\rtspServer.log Object is locked skipped

C:\ProgramData\OrbNetworks\OrbContacts\OrbContacts.db Object is locked skipped

C:\ProgramData\OrbNetworks\OrbMediaV2\OrbMedia.db Object is locked skipped

C:\ProgramData\OrbNetworks\OrbPVR\OrbPVR.db Object is locked skipped

C:\ProgramData\OrbNetworks\OrbThumbs\OrbThumbsV2.db Object is locked skipped

C:\ProgramData\OrbNetworks\OrbThumbs\OrbThumbsV2.db-journal Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Messenger\mamkangourou@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Messenger\mamkangourou@hotmail.fr\SharingMetadata\pending.dat Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Messenger\mamkangourou@hotmail.fr\SharingMetadata\Working\database_921C_1A84_1C1A_638F\dfsr.db Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Messenger\mamkangourou@hotmail.fr\SharingMetadata\Working\database_921C_1A84_1C1A_638F\fsr.log Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Messenger\mamkangourou@hotmail.fr\SharingMetadata\Working\database_921C_1A84_1C1A_638F\fsrtmp.log Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Messenger\mamkangourou@hotmail.fr\SharingMetadata\Working\database_921C_1A84_1C1A_638F\tmp.edb Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008013120080201\index.dat Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Windows\UsrClass.dat{5dc32457-1e76-11dc-bff5-001b77104b61}.TM.blf Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Windows\UsrClass.dat{5dc32457-1e76-11dc-bff5-001b77104b61}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Windows\UsrClass.dat{5dc32457-1e76-11dc-bff5-001b77104b61}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Windows Live Contacts\mamkangourou@hotmail.fr\real\members.stg Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Microsoft\Windows Live Contacts\mamkangourou@hotmail.fr\shadow\members.stg Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Temp\~DF708F.tmp Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Temp\~DF7096.tmp Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Temp\~DFB989.tmp Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Temp\~DFB999.tmp Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Temp\~DFC809.tmp Object is locked skipped

C:\Users\Mamkangourou\AppData\Local\Temp\~DFDFD9.tmp Object is locked skipped

C:\Users\Mamkangourou\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped

C:\Users\Mamkangourou\Desktop\Erwan\Logiciel\Nouveau dossier\movavi-videosuite_movavi_videosuite_4.0_anglais_32710.exe/stream/data0013 Infected: not-a-virus:Monitor.Win32.KaGB.a skipped

C:\Users\Mamkangourou\Desktop\Erwan\Logiciel\Nouveau dossier\movavi-videosuite_movavi_videosuite_4.0_anglais_32710.exe/stream Infected: not-a-virus:Monitor.Win32.KaGB.a skipped

C:\Users\Mamkangourou\Desktop\Erwan\Logiciel\Nouveau dossier\movavi-videosuite_movavi_videosuite_4.0_anglais_32710.exe NSIS: infected - 2 skipped

C:\Users\Mamkangourou\NTUSER.DAT Object is locked skipped

C:\Users\Mamkangourou\ntuser.dat.LOG1 Object is locked skipped

C:\Users\Mamkangourou\ntuser.dat.LOG2 Object is locked skipped

C:\Users\Mamkangourou\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Users\Mamkangourou\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Users\Mamkangourou\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Users\XBOX\AppData\Local\Temp\~DF6353.tmp Object is locked skipped

C:\Windows\bthservsdp.dat Object is locked skipped

C:\Windows\Debug\PASSWD.LOG Object is locked skipped

C:\Windows\Debug\sam.log Object is locked skipped

C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\catroot2\edb.log Object is locked skipped

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\config\COMPONENTS Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped

C:\Windows\System32\config\DEFAULT Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped

C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped

C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped

C:\Windows\System32\config\RegBack\SAM Object is locked skipped

C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped

C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped

C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped

C:\Windows\System32\config\SAM Object is locked skipped

C:\Windows\System32\config\SAM.LOG1 Object is locked skipped

C:\Windows\System32\config\SAM.LOG2 Object is locked skipped

C:\Windows\System32\config\SECURITY Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped

C:\Windows\System32\config\SOFTWARE Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped

C:\Windows\System32\config\SYSTEM Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101A}.TxR.3.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

C:\Windows\System32\drivers\sptd.sys Object is locked skipped

C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped

C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped

C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped

C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped

C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped

C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped

C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped

C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped

C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001 Object is locked skipped

C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped

C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped

C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.