Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

PC infecté

chessbrain

Par chessbrain
dans Analyses et éradication malwares

 Partager

Messages recommandés

chessbrain Member

chessbrain

Posté(e)
Posté(e)

Bonjour,

 

Depuis une semaine mon Pc tourne au ralenti, certaines applications ne s'ouvrent plus ou affichent "ne répond pas", plus de connexion internet et 3 icônes apparaisent au démarrage sur le bureau (nudetube.com, porntube.com, youporn.com) malgré leur suppression.

 

J'ai installé Malwarebytes sur le bureau et depuis, les 3 icônes n'apparaissent plus. Voici les rapports de HijackThis et UsbFix (option 1 et option 2).

 

J'ai essayé d'utiliser Dr.Web mais pendant le scan rapide, le Pc redémarre.

 

QQ1 peut-il m'aider ?

 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 11:09:38, on 10/01/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\imPlayok.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\CyberLink\PowerCinema\PCMService.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\WINDOWS\system32\carpserv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\imPlayok.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Documents and Settings\chess brain\imPlayok.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Wtablet\TabUserW.exe

C:\Program Files\Hercules\Audio\Gamesurround Muse Pocket\MuseCPL.exe

C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Aide mémoire\Aide mémoire.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\TEMP\VRTD.tmp

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\TEMP\VRT10.tmp

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [uSBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"

O4 - HKLM\..\Run: [uSB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [CheckMedi8or] C:\Program Files\Mediator 7 Pro\CheckNewUser.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [b2i] c:\apache\manapache

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [qquaqe] RUNDLL32.EXE C:\WINDOWS\system32\msjgjzcu.dll,w

O4 - HKLM\..\Run: [imPlayok] C:\WINDOWS\system32\imPlayok.exe

O4 - HKLM\..\Run: [pgrbbb] RUNDLL32.EXE C:\WINDOWS\system32\msbkbnlu.dll,w

O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKLM\..\RunOnce: [ÁN@] ÁN@

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [Power2GoExpress] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [imPlayok] C:\Documents and Settings\chess brain\imPlayok.exe

O4 - HKUS\S-1-5-18\..\Run: [imPlayok] C:\WINDOWS\system32\config\systemprofile\imPlayok.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [imPlayok] C:\WINDOWS\system32\config\systemprofile\imPlayok.exe (User 'Default user')

O4 - S-1-5-18 Startup: Aide mémoire.lnk = ? (User 'SYSTEM')

O4 - .DEFAULT Startup: Aide mémoire.lnk = ? (User 'Default user')

O4 - Startup: Aide mémoire.lnk = ?

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: FunTV Remote Control.lnk = ?

O4 - Global Startup: Gamesurround Muse Pocket.lnk = C:\Program Files\Hercules\Audio\Gamesurround Muse Pocket\MuseCPL.exe

O4 - Global Startup: Wireless Configuration Utility .lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.3.8.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

 

--

End of file - 12887 bytes

 

(option 1)

 

############################## | UsbFix V6.073 |

 

User : chess brain (Administrateurs) # LAURENCE

Update on 09/01/2010 by El Desaparecido , C_XX & Chimay8

Start at: 10:10:50 | 13/01/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

AMD Athlon 64 Processor 3400+

Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 7.0.5730.11

Windows Firewall Status : Disabled

FW : COMODO Firewall Pro[ Enabled ]3.0

 

C:\ -> Disque fixe local # 149,01 Go (30,27 Go free) [XP] # FAT32

D:\ -> Disque CD-ROM

E:\ -> Disque CD-ROM

H:\ -> Disque amovible

I:\ -> Disque amovible

J:\ -> Disque amovible

K:\ -> Disque amovible

L:\ -> Disque CD-ROM

 

############################## | Processus actifs |

 

C:\WINDOWS\System32\smss.exe 784

C:\WINDOWS\system32\csrss.exe 1268

C:\WINDOWS\system32\winlogon.exe 1292

C:\WINDOWS\system32\services.exe 1344

C:\WINDOWS\system32\lsass.exe 1368

C:\WINDOWS\system32\svchost.exe 1576

C:\WINDOWS\system32\svchost.exe 1668

C:\WINDOWS\System32\svchost.exe 1768

C:\Program Files\Ahead\InCD\InCDsrv.exe 1796

C:\WINDOWS\system32\svchost.exe 2020

C:\WINDOWS\system32\svchost.exe 236

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe 632

C:\WINDOWS\Explorer.EXE 1948

C:\WINDOWS\System32\svchost.exe 368

C:\WINDOWS\System32\svchost.exe 376

C:\WINDOWS\System32\svchost.exe 388

C:\WINDOWS\System32\svchost.exe 396

C:\WINDOWS\System32\svchost.exe 424

C:\WINDOWS\System32\svchost.exe 624

C:\WINDOWS\system32\spoolsv.exe 3816

C:\WINDOWS\System32\reader_s.exe 4012

C:\WINDOWS\system32\imPlayok.exe 200

C:\WINDOWS\system32\RUNDLL32.EXE 3664

C:\WINDOWS\system32\RUNDLL32.EXE 3684

C:\WINDOWS\system32\RUNDLL32.EXE 3700

C:\WINDOWS\system32\ctfmon.exe 3980

C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe 308

C:\WINDOWS\System32\svchost.exe 360

C:\WINDOWS\system32\svchost.exe 4176

C:\Program Files\Windows Media Player\WMPNSCFG.exe 4256

C:\Documents and Settings\chess brain\imPlayok.exe 4416

C:\WINDOWS\System32\svchost.exe 4552

C:\Program Files\COMODO\Firewall\cmdagent.exe 4572

C:\WINDOWS\system32\Wtablet\TabUserW.exe 4844

C:\WINDOWS\System32\svchost.exe 4848

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe 4924

C:\Program Files\Hercules\Audio\Gamesurround Muse Pocket\MuseCPL.exe 4956

C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe 4996

C:\WINDOWS\system32\nvsvc32.exe 5072

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 5224

C:\WINDOWS\system32\svchost.exe 5372

C:\WINDOWS\system32\Tablet.exe 5420

C:\Program Files\Windows Media Player\WMPNetwk.exe 5680

C:\Program Files\Aide mémoire\Aide mémoire.exe 6028

C:\Program Files\Aide mémoire\Aide mémoire.exe 6080

C:\Program Files\Aide mémoire\Aide mémoire.exe 3716

C:\WINDOWS\System32\alg.exe 5048

C:\WINDOWS\System32\svchost.exe 5296

C:\WINDOWS\System32\svchost.exe 7272

C:\WINDOWS\System32\svchost.exe 6900

C:\WINDOWS\System32\Rundll32.exe 7724

C:\WINDOWS\system32\svchost.exe 7288

C:\WINDOWS\System32\Rundll32.exe 4484

C:\WINDOWS\System32\3049,433.exe 6540

C:\WINDOWS\system32\svchost.exe 7220

C:\WINDOWS\system32\FastNetSrv.exe 7444

C:\WINDOWS\system32\NOTEPAD.EXE 276

C:\WINDOWS\system32\lsm32.sys 14884

C:\WINDOWS\system32\wbem\wmiprvse.exe 16312

 

################## | Elements infectieux |

 

C:\DOCUME~1\CHESSB~1\LOCALS~1\Temp\7ko5df7g.exe

 

################## | Registre |

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Regedit32"

 

################## | Mountpoints2 |

 

 

################## | Cracks > Keygens > Serials |

 

"C:\Program Files\Pinnacle\Hollywood FX for Studio\6.0\HfxSerial.exe"

08/10/2008 21:23 |Size 79120 |Crc32 c70d1819 |Md5 046924fd7c09e6efdca2d297e3dde004

 

 

################## | ! Fin du rapport # UsbFix V6.073 ! |

 

(option 2)

 

############################## | UsbFix V6.073 |

 

User : chess brain (Administrateurs) # LAURENCE

Update on 09/01/2010 by El Desaparecido , C_XX & Chimay8

Start at: 10:25:17 | 13/01/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

AMD Athlon 64 Processor 3400+

Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 7.0.5730.11

Windows Firewall Status : Enabled

FW : COMODO Firewall Pro[ Enabled ]3.0

 

C:\ -> Disque fixe local # 149,01 Go (30,3 Go free) [XP] # FAT32

D:\ -> Disque CD-ROM

E:\ -> Disque CD-ROM

F:\ -> Disque fixe local # 465,76 Go (161,66 Go free) [DATA] # NTFS

G:\ -> Disque amovible # 3,82 Go (403,62 Mo free) [uDISK 2.0] # FAT32

H:\ -> Disque amovible

I:\ -> Disque amovible

J:\ -> Disque amovible

K:\ -> Disque amovible

L:\ -> Disque CD-ROM

 

############################## | Processus actifs |

 

C:\WINDOWS\System32\smss.exe 784

C:\WINDOWS\system32\csrss.exe 876

C:\WINDOWS\system32\winlogon.exe 900

C:\WINDOWS\system32\services.exe 960

C:\WINDOWS\system32\lsass.exe 972

C:\WINDOWS\system32\svchost.exe 1136

C:\WINDOWS\system32\svchost.exe 1204

C:\WINDOWS\System32\svchost.exe 1300

C:\Program Files\Ahead\InCD\InCDsrv.exe 1320

C:\WINDOWS\system32\svchost.exe 1648

C:\WINDOWS\system32\svchost.exe 1716

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe 1852

C:\WINDOWS\Explorer.EXE 536

C:\WINDOWS\system32\spoolsv.exe 1292

C:\WINDOWS\system32\svchost.exe 1016

C:\WINDOWS\system32\svchost.exe 232

C:\Program Files\COMODO\Firewall\cmdagent.exe 244

C:\WINDOWS\system32\FastNetSrv.exe 608

C:\WINDOWS\System32\svchost.exe 740

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe 776

C:\WINDOWS\system32\nvsvc32.exe 1160

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 1520

C:\WINDOWS\system32\svchost.exe 1588

C:\WINDOWS\system32\Tablet.exe 1664

C:\Program Files\Windows Media Player\WMPNetwk.exe 2004

C:\WINDOWS\System32\alg.exe 3100

C:\WINDOWS\system32\wbem\wmiprvse.exe 3140

 

################## | Elements infectieux |

 

Supprimé ! C:\DOCUME~1\CHESSB~1\LOCALS~1\Temp\7ko5df7g.exe

Supprimé ! F:\$Recycle.Bin\S-1-5-21-2613703542-16786224-2159651953-1002

Supprimé ! F:\Recycler\S-1-5-21-1582577928-4173110577-210898849-3004

Supprimé ! F:\Recycler\S-1-5-21-3993975773-2949197677-2490937237-1005

Supprimé ! F:\Recycler\S-1-5-21-515967899-1580436667-1957994488-1003

Supprimé ! G:\r.bat

 

################## | Registre |

 

Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Regedit32"

 

################## | Mountpoints2 |

 

 

################## | Listing des fichiers présent |

 

[23/04/2002 10:26|--a------|1039] C:\Driver.lnk

[?|?|?] C:\hiberfil.sys

[13/01/2010 09:10|--a------|57252] C:\sbpecgsn.exe

[?|?|?] C:\pagefile.sys

[21/10/2004 11:33|--ah-----|111] C:\BOOTLOG.PRV

[02/10/2001 11:42|---hs----|512] C:\bootsect.dos

[13/01/2010 10:32|--a------|2962] C:\UsbFix.txt

[21/10/2004 11:42|--ah-----|111] C:\BOOTLOG.TXT

[18/02/2009 15:19|--a------|37469] C:\EyeCandyLog.txt

[05/08/2004 14:00|-rahs----|4952] C:\Bootfont.bin

[08/10/2008 09:29|--a------|252240] C:\NTLDR

[05/08/2004 14:00|-rahs----|47564] C:\NTDETECT.COM

[25/08/2008 22:30|-rahs----|216] C:\BOOT.INI

[06/01/2007 09:34|--a------|95] C:\AUTOEXEC.BAT

[06/01/2007 10:25|--a------|403642] C:\adorage-protocol.txt

[13/11/2006 21:43|--a------|2023] C:\debug.log

[24/02/2007 21:17|--a------|580] C:\finfos.txt

[02/05/2007 18:02|--a------|3532] C:\drmHeader.bin

[13/01/2010 10:22|--a------|20] C:\GINA.TEXT

[13/01/2010 10:22|--a------|41] C:\WLANCUGINA.TEXT

[16/05/2009 21:35|--a------|18954] C:\hfxFilesStudio.txt

[16/05/2009 21:35|--a------|0] C:\hfxFilesV1.txt

[16/05/2009 21:35|--a------|1759] C:\hfxFilesV2.txt

[16/05/2009 21:35|--a------|0] C:\hfxFilesV3.txt

[12/01/2010 07:06|--a------|98] C:\ikjsdh76asyl108.bat

[28/12/2004 10:00|-rahs----|0] C:\MSDOS.SYS

[28/12/2004 10:00|-rahs----|0] C:\IO.SYS

[01/01/2005 17:43|--a------|7680] C:\AudioOut.grf

[08/01/2005 17:06|--a------|299] C:\clony.txt

[27/08/2008 14:48|--a------|1902566] F:\P1050023.JPG

[20/12/2008 13:36|--ahs----|4608] F:\Thumbs.db

[04/12/2009 07:37|--a------|289584] F:\utorrent.exe

[30/04/2009 07:56|--a------|415232] G:\annivRem09.pub

[03/05/2009 18:24|--a------|296] G:\WMPInfo.xml

[08/09/2006 21:39|--a------|274428] G:\Aide_memoire.exe

[25/10/2009 09:04|--a------|11620] G:\Ref commande.docx

[04/11/2009 20:47|--a------|9140] G:\pouvoir individuel.pdf

[30/11/2009 16:11|--a------|5150351] G:\cdr.zip

[30/12/2009 22:36|--a------|2925376] G:\ba2010.psd

[28/12/2009 16:58|--a------|667359] G:\tutoFondEcran.docx

[04/07/2009 21:14|--a------|2595153] G:\pepereVelo.jpg

[04/07/2009 21:44|--a------|247759172] G:\pepereVelo 001.tif

[04/07/2009 22:07|--a------|230907894] G:\pepereVelo2.tif

[28/12/2009 23:53|--a------|319316] G:\Document.pdf

 

################## | Vaccination |

 

# C:\autorun.inf -> Dossier créé par UsbFix.

# F:\autorun.inf -> Dossier créé par UsbFix.

# G:\autorun.inf -> Dossier créé par UsbFix.

 

################## | Crack > Keygen > Serial |

 

"C:\Program Files\Pinnacle\Hollywood FX for Studio\6.0\HfxSerial.exe"

08/10/2008 21:23 |Size 79120 |Crc32 c70d1819 |Md5 046924fd7c09e6efdca2d297e3dde004

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\DAP\crack\Lancez-moi.exe"

27/08/2001 15:57 |Size 53248 |Crc32 e558ee03 |Md5 1ac1cff6434f015cb420031cc71aca23

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\DAP\crack2\dap50-crack.exe"

11/11/2002 20:51 |Size 28672 |Crc32 8c0a2212 |Md5 6d85b598752c8cdc35f2ff472797425d

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\DAP2\download-accelerator-plus-v50+keygen+bonus-switch.exe"

09/02/2002 16:10 |Size 1065099 |Crc32 13257bd6 |Md5 6212e363fcdb9ee5c65d3e64c825cf90

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\DAP5.3fr\crack1\dap53.exe"

11/11/2002 21:14 |Size 1750351 |Crc32 8cc011cd |Md5 5a29d4b53558d86aede440f7b3630c51

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\Gifanim‚s\cool3D3.5\crack3.5\Lancez-moi.exe"

27/08/2001 15:57 |Size 53248 |Crc32 dd8f9bd9 |Md5 a4c6c9a56e311f900b2d0aae126dcffc

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\images\photoshop7.01\cracks serial\crack7.0 photoshop\keygen.exe"

29/04/2002 14:17 |Size 58880 |Crc32 302de52f |Md5 948e021efec503c4db5e4e1277e7e4df

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\images\photoshop7.01\cracks serial\crack7.01\photoshop7.0serial.exe"

10/01/2003 13:13 |Size 124416 |Crc32 b200ffc7 |Md5 35557961112148cda88c8c3cab73db0e

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\images\photoshop7.01\cracks serial\crack7keygen\photoshop7.0 keygen\keygen.exe"

29/04/2002 14:17 |Size 58880 |Crc32 e4a78af6 |Md5 5ec73407821b40a97495cf8a6c57b1df

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\outils\winzip\WZ81FR+crack.exe"

07/01/2003 13:29 |Size 2027624 |Crc32 4fff6300 |Md5 74f121501910b369ed9ad0b7833a0772

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\Pr‚ao\director8.5\crackVers8.5\Crack.exe"

17/06/2001 08:50 |Size 36352 |Crc32 7c034857 |Md5 5ecc8c37afbea89cc6d30f366ac8aa05

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\Pr‚ao\director8.5\crackVers8.5\Lancez-moi.exe"

27/08/2001 15:57 |Size 53248 |Crc32 d64325bd |Md5 07d87c6f6c995994aa7b99aefae79b0d

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\Thumbs501-build2060\crack 5.01-build2060\Thumb15403\Thumbz.exe"

02/04/2002 12:36 |Size 27136 |Crc32 a371988b |Md5 96396674aadfa934a57905780205247e

 

"F:\PBDATASECURE\gertrude\Partition C\Documents and Settings\gertrude\Ecole Laurence\internet\winzip8\crack8.0fr\CRK-WZ80(1).exe"

06/07/2001 22:11 |Size 62080 |Crc32 350822a5 |Md5 ca4d21ec9f950b445ead862d2e67015c

 

"F:\PBDATASECURE\gertrude\Partition C\Documents and Settings\gertrude\Ecole Laurence\internet\winzip8\crack8.0fr\CRK-WZ80(2).exe"

06/07/2001 22:16 |Size 62078 |Crc32 57aba3c5 |Md5 cc83381ec769aadd1aa39d6dc7f523ca

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\copieCD\pack CloneCD\Clonecd2831\crackVers3\CloneCD30.zip"

-> Contain : keygen.exe 13621 DFLT-N 15% 11620 19-04-2001 00:24:14 743c9e46

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\copieCD\pack CloneCD\Clonecd2831\crackVers3\CloneCD30.zip"

-> Contain : Lancez-moi.exe

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\copieCD\pack CloneCD\Clonecd2831\crackVers4\CloneCD 4-0-x.zip"

-> Contain : CloneCD_4-0-x.Exe

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\copieCD\pack CloneCD\Clonecd2831\crackVers4\CloneCD 4-0-x.zip"

-> Contain : Lancez-moi.exe

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\DAP\crack\Dap5keygen.zip"

-> Contain : Dap5 keygen.exe

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\DAP\crack\Dap5keygen.zip"

-> Contain : Lancez-moi.exe

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\DAP2\download-accelerator-plus+keygen.gnomus.zip"

-> Contain : download-accelerator-plus-v50+keygen+bonus-switch.exe

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\Gifanim‚s\cool3D3.5\crack3.5\Ulead Cool 3D 3.5.zip"

-> Contain : Ulead Cool 3D 3.5.exe

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\Gifanim‚s\cool3D3.5\crack3.5\Ulead Cool 3D 3.5.zip"

-> Contain : Lancez-moi.exe

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\images\photoshop7.01\cracks serial\crack7.0 photoshop\photoshop 7.0 crack.zip"

-> Contain : keygen.exe 35840 DFLT-N 5% 34100 29-04-2002 14:17:00 6d32a58c

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\images\photoshop7.01\cracks serial\crack7keygen\photoshop7.0 keygen.zip"

-> Contain : photoshop7.0 keygen\keygen.exe

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\outils\DAP5\crack g‚n‚rique\download accelerator plus generique.zip"

-> Contain : DAP-Crk.exe 18351 DFLT-X 16% 15399 22-10-2001 16:25:10 78e86033

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\outils\DAP5\crack g‚n‚rique\download accelerator plus generique.zip"

-> Contain : Ads Remover.exe

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\outils\DAP5\crack5.0\download accelerator plus 5.0 crack.zip"

-> Contain : Cr-dap50.exe 7168 DFLT-X 40% 4274 19-06-2001 11:35:34 5aaf790c

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\Pr‚ao\director8.5\crackVers8\MacromediaDirector8.zip"

-> Contain : Crack.exe 14868 DFLT-X 16% 12462 09-10-2000 08:00:00 fca20064

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\Pr‚ao\director8.5\crackVers8\MacromediaDirector8.zip"

-> Contain : Lancez-moi.exe

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\Pr‚ao\director8.5\crackVers8.5\Director Macromedia 8.5 FR.zip"

-> Contain : Crack.exe 15060 DFLT-X 16% 12684 17-06-2001 08:50:00 3fa3a366

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multim‚dia\Pr‚ao\director8.5\crackVers8.5\Director Macromedia 8.5 FR.zip"

-> Contain : Lancez-moi.exe

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\Thumbs501-build2060\crack 5.01-build2060\Thumb15403.zip"

-> Contain : Thumbz.exe 6656 DFLT-X 62% 2528 02-04-2002 12:36:58 ef73af45

 

"F:\PBDATASECURE\gertrude\Partition C\Documents and Settings\gertrude\Ecole Laurence\internet\winzip8\crack8.0fr\winzip80fr.zip"

-> Contain : CRK-WZ80(2).exe

 

"F:\PBDATASECURE\gertrude\Partition C\Documents and Settings\gertrude\Ecole Laurence\internet\winzip8\crack8.0fr\winzip80fr.zip"

-> Contain : CRK-WZ80(1).exe

 

"F:\PBDATASECURE\gertrude\Partition C\Documents and Settings\gertrude\Ecole Laurence\internet\winzip8\crack8.1fr\WinZip_8-1_fr.zip"

-> Contain : CRK-Wzsepe32.exe

 

"F:\PBDATASECURE\gertrude\Partition C\Documents and Settings\gertrude\Ecole Laurence\internet\winzip8\crack8.1fr\WinZip_8-1_fr.zip"

-> Contain : CRK-WinZip32.exe

 

"F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\copieCD\pack CloneCD\CloneCD4319\crack4319\CCD_crk.rar"

-> contain : *cr-c4319.exe

 

 

################## | Upload |

 

Veuillez envoyer le fichier : C:\DOCUME~1\CHESSB~1\Bureau\UsbFix_Upload_Me_LAURENCE.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Merci pour votre contribution .

 

################## | ! Fin du rapport # UsbFix V6.073 ! |

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

Désactiver antivirus et anti-spyware par un clic droit sur l'icône de la Zone de notification. Sinon, elles risquent d'interférer avec cet outil.

rkill.comTélécharger Rkill de Grinler sur le bureau,

double clic pour le lancer.

Sous Vista, faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur"

Une fenêtre (très rapide) indiquera que tout s'est bien déroulé.

Pour Vista, faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

 

 

Désinstallez Mbam, s'il est installé

Téléchargez MBAM

 

[branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update et Launch soient cochées

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.

* Une fois la mise à jour terminée, allez dans l'onglet Recherche.

* Sélectionnez "Exécuter un examen rapide"

* Cliquez sur "Rechercher"

* .L' analyse prendra un certain temps, soyez patient !

* A la fin , un message affichera :

L'examen s'est terminé normalement.

 

*Si MBAM n'a rien trouvé, il le dira aussi.

Cliquez sur "Ok" pour poursuivre.

*Fermez les navigateurs.

Cliquez sur Afficher les résultats .

 

*Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

* Copiez-collez ce rapport dans la prochaine réponse.

 

Télécharger Zip_Scan (par Eric_71) et le sauvegarder sur le Bureau :

* Lancer l'outil ZSc.exe par double-clic

zsxx.jpg

Recherche

* Cliquer sur le bouton "Scan"

* Scan_Zip va maintenant rechercher les fichiers .zip infectés, spécifiques à cette infection ;

* Lorsque l'analyse sera complétée, un rapport apparaîtra à l'écran , il est également sauvegardé sur le Bureau (scan.txt)

* Copier/coller le contenu intégral de ce rapport ici, dans la réponse.

chessbrain Member

chessbrain

Posté(e)
  • Auteur
Posté(e)

Bonjour Pear et merci de prendre du temps pour répondre.

 

Avant d'envoyer ce message j'avais :

1) installé malwarebytes, lancé une analyse et supprimé/mis en quarantaine les fichiers repérés (cf. rapport)

2) installé HijackThis, lancé un scan (cf. rapport)

3) installé UsbFix, lancé un scan en choisissant l'option 1 - sans les périphériques externes (clé, HDD...)- (cf. rapport)

4) lancé un scan en choisissant l'option 2 - avec périphériques - (cf. rapport)

5) envoyé un rapport (UsbFix_Upload.zip) via iexplorer sur le site du logiciel. C'est l'unique fois où internet a fonctionné.

6) installé Dr.web (launch.exe), lancé une désinfection rapide. Impossible de faire une MAJ avant de lancer le scan et le PC redémarre systématiquement pendant celui-ci.

 

Après ton message, j'ai :

1) placé kill.com sur le bureau et double-cliqué dessus. Le fichier pev.exe apparait sur le bureau.

2) double-cliqué sur pev.exe. Une fenêtre Dos apparaît brièvement.

3) placé 18994-MB.exe sur le bureau.

4) désinstallé ma version de malwarebytes

5) double-cliqué sur 18994-MB.exe. Installation dans le répertoire par défaut. Après installation, échec de la MAJ "error cod 732 (12007,0)

 

Dois-je quand même lancer le scan ?

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)

Il va de soi que j'avais totalement lu votre message initial .

 

Je vous propose de recommencer ma procédure après avoir lancé ceci:

Télécharger load_tdsskiller de Loup Blanc sur le Bureau

Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.

  • Lancer load_tdsskiller en double-cliquant dessus :
    l'outil va se connecter au Net pour télécharger une copie à jour de TDSSKiller et lancer le scan
  • Un message dans la fenêtre noire d'invite de commande vous demandera d'appuyer sur une touche pour continuer
  • Le rapport s'affichera automatiquement : copier-coller son contenu dans la prochaine réponse
    (le fichier est également présent ici : C:\tdsskiller\report.txt)
  • Redémarrer le PC

 

lancer Rkill et Mbam successivement.

 

puis zipscan.

 

En cas de nouvel échec,

Téléchargez Random's system information tool (RSIT) par random/random et sauvegardez-le sur le Bureau.

 

Double-cliquez sur RSIT.exe afin de lancer RSIT.

* Cliquez Continue à l'écran Disclaimer.

* Si l'outil HIjackThis (version à jour) n'est pas présent ou détecté sur l'ordinateur, RSIT le télécharge et vous acceptez la licence.

* L'analyse terminée, deux fichiers texte s'ouvriront.:

Poster le contenu de log.txt (qui sera affiché)

ainsi que de info.txt (qui sera réduit dans la Barre des Tâches).

* Si ces deux rapports n'apparaissent pas, vous les trouverez dans le dossier C:\rsit

Si les rapports sont trop lourds, postez les en plusieurs fois

Modifié par pear
chessbrain Member

chessbrain

Posté(e)
  • Auteur
Posté(e)

:P J'avais poursuivi la 1ère procédure avant ce nouveau message :

1) Scan rapide et suppression avec Malwarebytes. Un message est alors apparu "Impossible de supprimer certains éléments. [...] c:\WINDOWS\system32\BtwSrv.dll Votre ordinateur doit redémarrer[...]"

2) Redémarrage et lancement de Zip-scan.

 

Voici les rapports :

 

Malwarebytes' Anti-Malware 1.44

Version de la base de données: 3510

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

 

16/01/2010 16:01:00

mbam-log-2010-01-16 (16-01-00).txt

 

Type de recherche: Examen rapide

Eléments examinés: 115633

Temps écoulé: 5 minute(s), 28 second(s)

 

Processus mémoire infecté(s): 4

Module(s) mémoire infecté(s): 1

Clé(s) du Registre infectée(s): 7

Valeur(s) du Registre infectée(s): 25

Elément(s) de données du Registre infecté(s): 5

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 102

 

Processus mémoire infecté(s):

C:\Documents and Settings\chess brain\imPlayok.exe (Trojan.Agent) -> Unloaded process successfully.

C:\WINDOWS\system32\imPlayok.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Documents and Settings\chess brain\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.

C:\WINDOWS\system32\FastNetSrv.exe (Backdoor.Bot) -> Unloaded process successfully.

 

Module(s) mémoire infecté(s):

c:\WINDOWS\system32\BtwSrv.dll (Backdoor.Bot) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsrv (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fastnetsrv (Backdoor.Refpron) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_BTWSRV (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FASTNETSRV (Backdoor.Bot) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\appiayt_dlls (Spyware.Agent.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\implayok (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\implayok (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\implayok (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\exec (Worm.Archive) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\firstinstallflag (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udfa (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mfa (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Worm.Archive) -> Data: c:\windows\fonts\services.exe -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Run (Worm.Archive) -> Data: c:\windows\fonts\services.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Rootkit.Agent) -> Data: c:\windows\system32\kbdsock.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Rootkit.Agent) -> Data: system32\kbdsock.dll -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

c:\WINDOWS\system32\BtwSrv.dll (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\system32\C.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lsm32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\7.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\3049,433.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m0_636825577687.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m1_736203868828.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m0_41278290120.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m0_2701763389.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m0_539461452171.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m1_312504736134.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\VRT8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\VRTF.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\VRT2.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\VRTB.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\VRTD.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\VRT10.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\VRT7.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\VRT9.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\VRTC.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m0_56491846521.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m0_498119567746.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m1_877732611621.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m0_544131188427.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m1_794662854871.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m0_17631382690.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m1_333951695951.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m0_818533347478.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m1_116011404573.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m0_834782574644.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m0_148541887378.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m1_686813794709.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m0_85487182791.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m1_77439703267.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m0_695951470841.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m0_347478758650.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\t4m1_404573107802.bk (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[6].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[7].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[8].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[9].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[10].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\w[11].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\wCAYX86N1.bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WQZYYR5H\wCA44SDJ1.bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[6].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[7].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[8].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[9].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[10].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\w[11].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\wCA3O66BC.bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\wCASO1ONP.bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZERV2AZZ\wCAN84WDB.bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[6].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[7].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[8].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[9].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[10].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\w[11].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\wCA7M3Y9P.bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\V0IZR1Q5\wCAC7ZEF7.bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[5].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[6].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[7].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[8].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[9].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[10].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\w[11].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\wCAFGGX3Q.bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B0Q3M0G0\wCADZJ4QA.bin (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\chess brain\imPlayok.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\imPlayok.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\chess brain\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\services.exe (Worm.Archive) -> Quarantined and deleted successfully.

C:\WINDOWS\sc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\opeia.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\FastNetSrv.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\flags.ini (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mshlps.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kbdsock.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------

 

-- Report --

.

F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\copieCD\pack CloneCD\Clonecd2831\crackVers3\CloneCD30.zip | keygen.exe <-- FOUND

F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\DAP\crack\Dap5keygen.zip | Dap5 keygen.exe <-- FOUND

F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multimédia\images\photoshop7.01\cracks serial\crack7.0 photoshop\photoshop 7.0 crack.zip | keygen.exe <-- FOUND

F:\PBDATASECURE\chess brain\Partition C\Documents and Settings\chess brain\Mes documents\internet\pedagogie\multimédia\images\photoshop7.01\cracks serial\crack7keygen\photoshop7.0 keygen.zip | photoshop7.0 keygen/keygen.exe <-- FOUND

.

-- EOF --

chessbrain Member

chessbrain

Posté(e)
  • Auteur
Posté(e)

Je viens de lancer load_tdsskiller. Dans la fenêtre Dos, plusieurs messages apparaiseent dont :

"Resolving support.kaspersky.com...failed:Unknown host."

"Error : Can not open file as archive"

Un message Windows indique "Windows ne trouve pas 'C:\tdsskiller.exe"

chessbrain Member

chessbrain

Posté(e)
  • Auteur
Posté(e)

J'ai relancé Malwarebytes pour faire une analyse complète.

 

Malwarebytes' Anti-Malware 1.44

Version de la base de données: 3510

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

 

17/01/2010 15:43:14

mbam-log-2010-01-17 (15-43-14).txt

 

Type de recherche: Examen complet (C:\|F:\|G:\|M:\|)

Eléments examinés: 472550

Temps écoulé: 2 hour(s), 22 minute(s), 50 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 4

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\System Volume Information\_restore{5F62C1ED-9841-430E-BE24-FE0A7DB2A223}\RP2\A0006001.sys (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5F62C1ED-9841-430E-BE24-FE0A7DB2A223}\RP5\A0012058.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{5F62C1ED-9841-430E-BE24-FE0A7DB2A223}\RP5\A0012059.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\chess brain\DoctorWeb\Quarantine\zlosxxwecpnh0.sys (Rootkit.Dropper) -> Quarantined and deleted successfully.

chessbrain Member

chessbrain

Posté(e)
  • Auteur
Posté(e)

Je viens de lancer RSIT. Voici le fichier log.txt :

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by chess brain at 2010-01-17 16:01:46

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 31 GB (20%) free of 153 GB

Total RAM: 511 MB (57% free)

 

HijackThis download failed

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Packard Bell Data Secure for chess brain.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-08-21 94736]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Beta - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-09-02 953360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar Beta - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-09-02 953360]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"24555"=C:\WINDOWS\system32\B.tmp.exe []

"qquaqe"=C:\WINDOWS\system32\msjgjzcu.dll [2010-01-09 36864]

"pgrbbb"=C:\WINDOWS\system32\msbkbnlu.dll [2010-01-10 36865]

"vkqzej"=C:\WINDOWS\system32\msjuehus.dll [2010-01-12 36865]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-11-11 7311360]

"blofii"=C:\WINDOWS\system32\mspqbqaj.dll [2010-01-13 36865]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"PowerBar"= []

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2010-01-13 35840]

"WebCamRT.exe"= []

"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

"Power2GoExpress"=C:\WINDOWS\system32\dumprep 0 -k []

"Packard Bell Data Secure"=C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe [2006-06-20 2382336]

"NBJ"=C:\Program Files\Ahead\Nero BackItUp\nbj.exe [2005-10-11 1982464]

"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-12-07 25088]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 224768]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

TabUserW.exe.lnk - C:\WINDOWS\system32\Wtablet\TabUserW.exe

Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

FunTV Remote Control.lnk - C:\Program Files\FunTV Installation \T7Ir9x.exe

Gamesurround Muse Pocket.lnk - C:\Program Files\Hercules\Audio\Gamesurround Muse Pocket\MuseCPL.exe

Wireless Configuration Utility .lnk - C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe

 

C:\Documents and Settings\chess brain\Menu Démarrer\Programmes\Démarrage

Aide mémoire.lnk - C:\Program Files\Aide mémoire\TrayIcon.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=128

"NoDriveAutoRun"=128

"HonorAutoRunSetting"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger"

"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"

"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"

"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"

"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"

"C:\Program Files\Alwil Software\Avast4\ashAvast.exe"="C:\Program Files\Alwil Software\Avast4\ashAvast.exe:*:Enabled:avast! Antivirus"

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"="C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal"

"C:\Program Files\Macromedia\Flash MX 2004\Flash.exe"="C:\Program Files\Macromedia\Flash MX 2004\Flash.exe:*:Enabled:Macromedia Flash MX 2004"

"C:\Program Files\Zone Labs\ZoneAlarm\ZLCLIENT.EXE"="C:\Program Files\Zone Labs\ZoneAlarm\ZLCLIENT.EXE:*:Enabled:Zone Labs Security"

"C:\Program Files\DAP\dapupd.exe"="C:\Program Files\DAP\dapupd.exe:*:Disabled:DAP Update"

"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Disabled:Download Accelerator Plus"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\COMODO\Firewall\CFP.EXE"="C:\Program Files\COMODO\Firewall\CFP.EXE:*:Enabled:COMODO Firewall Pro"

"C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe"="C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:*:Enabled:Apache HTTP Server"

"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"

"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"

"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"

"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

"C:\Program Files\Mediator 7 Pro\medi8or.exe"="C:\Program Files\Mediator 7 Pro\medi8or.exe:*:Enabled:Mediator"

"C:\WINDOWS\fonts\services.exe"="C:\WINDOWS\fonts\services.exe:*:Enabled:services.exe"

"C:\WINDOWS\Temp\VRT2.tmp"="C:\WINDOWS\Temp\VRT2.tmp:*:Enabled:installer"

"C:\WINDOWS\Temp\VRT4.tmp"="C:\WINDOWS\Temp\VRT4.tmp:*:Enabled:installer"

"C:\WINDOWS\Temp\VRT9.tmp"="C:\WINDOWS\Temp\VRT9.tmp:*:Enabled:installer"

"C:\WINDOWS\TEMP\VRT7.tmp"="C:\WINDOWS\TEMP\VRT7.tmp:*:Enabled:installer"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 3 months======

 

2010-01-17 16:01:47 ----D---- C:\Program Files\trend micro

2010-01-17 16:01:46 ----D---- C:\rsit

2010-01-17 11:33:48 ----D---- C:\tdsskiller

2010-01-16 14:51:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-01-13 14:01:46 ----SHD---- C:\FOUND.001

2010-01-13 10:32:45 ----RASHD---- C:\autorun.inf

2010-01-13 10:25:31 ----A---- C:\WINDOWS\system32\6.tmp

2010-01-13 10:23:08 ----A---- C:\UsbFix.txt

2010-01-13 10:04:26 ----D---- C:\Documents and Settings\chess brain\Application Data\WinRAR

2010-01-13 09:33:32 ----D---- C:\UsbFix

2010-01-13 09:17:01 ----A---- C:\WINDOWS\system32\14.tmp

2010-01-13 09:15:30 ----A---- C:\WINDOWS\system32\784,8757.exe

2010-01-13 09:14:35 ----A---- C:\WINDOWS\system32\mspqbqaj.dll

2010-01-13 09:10:31 ----A---- C:\sbpecgsn.exe

2010-01-12 07:06:42 ----A---- C:\ikjsdh76asyl108.bat

2010-01-12 07:00:47 ----A---- C:\WINDOWS\system32\msjuehus.dll

2010-01-12 07:00:04 ----A---- C:\WINDOWS\system32\F.tmp

2010-01-12 06:59:46 ----A---- C:\WINDOWS\system32\5.tmp

2010-01-10 11:06:18 ----D---- C:\Program Files\TrendMicro

2010-01-10 10:19:14 ----A---- C:\WINDOWS\system32\msbkbnlu.dll

2010-01-10 10:14:46 ----SHD---- C:\FOUND.000

2010-01-09 15:05:08 ----D---- C:\Documents and Settings\chess brain\Application Data\Malwarebytes

2010-01-09 15:05:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-01-09 15:00:56 ----A---- C:\WINDOWS\system32\msjgjzcu.dll

2009-11-28 10:06:20 ----SHD---- C:\FOUND.023

2009-11-03 00:01:05 ----D---- C:\Program Files\NOS

2009-11-03 00:01:05 ----D---- C:\Documents and Settings\All Users\Application Data\NOS

 

======List of files/folders modified in the last 3 months======

 

2010-01-17 15:58:56 ----A---- C:\WINDOWS\RTacDbg.txt

2010-01-17 11:46:34 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-01-13 11:32:56 ----A---- C:\WINDOWS\system32\cscript.exe

2010-01-13 11:32:54 ----A---- C:\WINDOWS\system32\wscript.exe

2010-01-13 11:32:50 ----A---- C:\WINDOWS\system32\proxycfg.exe

2010-01-13 11:32:50 ----A---- C:\WINDOWS\system32\logman.exe

2010-01-13 11:32:50 ----A---- C:\WINDOWS\system32\auditusr.exe

2010-01-13 11:32:48 ----A---- C:\WINDOWS\system32\blastcln.exe

2010-01-13 11:32:44 ----A---- C:\WINDOWS\system32\fsquirt.exe

2010-01-13 11:32:44 ----A---- C:\WINDOWS\system32\fltMc.exe

2010-01-13 11:32:44 ----A---- C:\WINDOWS\system32\faxpatch.exe

2010-01-13 11:32:40 ----A---- C:\WINDOWS\system32\mstsc.exe

2010-01-13 11:32:40 ----A---- C:\WINDOWS\system32\mmcperf.exe

2010-01-13 11:32:38 ----A---- C:\WINDOWS\system32\napstat.exe

2010-01-13 11:32:36 ----A---- C:\WINDOWS\system32\slrundll.exe

2010-01-13 11:32:36 ----A---- C:\WINDOWS\system32\setupn.exe

2010-01-13 11:32:36 ----A---- C:\WINDOWS\system32\powercfg.exe

2010-01-13 11:32:34 ----A---- C:\WINDOWS\system32\spnpinst.exe

2010-01-13 11:32:34 ----A---- C:\WINDOWS\system32\smbinst.exe

2010-01-13 11:32:34 ----A---- C:\WINDOWS\system32\slserv.exe

2010-01-13 11:32:32 ----A---- C:\WINDOWS\system32\verclsid.exe

2010-01-13 11:32:32 ----A---- C:\WINDOWS\system32\spupdwxp.exe

2010-01-13 11:32:30 ----A---- C:\WINDOWS\system32\wscntfy.exe

2010-01-13 11:32:30 ----A---- C:\WINDOWS\system32\accwiz.exe

2010-01-13 11:32:28 ----A---- C:\WINDOWS\system32\atmadm.exe

2010-01-13 11:32:28 ----A---- C:\WINDOWS\system32\at.exe

2010-01-13 11:32:28 ----A---- C:\WINDOWS\system32\alg.exe

2010-01-13 11:32:28 ----A---- C:\WINDOWS\system32\ahui.exe

2010-01-13 11:32:28 ----A---- C:\WINDOWS\system32\actmovie.exe

2010-01-13 11:32:26 ----A---- C:\WINDOWS\system32\attrib.exe

2010-01-13 11:32:22 ----A---- C:\WINDOWS\system32\clipsrv.exe

2010-01-13 11:32:20 ----A---- C:\WINDOWS\system32\eudcedit.exe

2010-01-13 11:32:20 ----A---- C:\WINDOWS\system32\defrag.exe

2010-01-13 11:32:18 ----A---- C:\WINDOWS\system32\ipconfig.exe

2010-01-13 11:32:18 ----A---- C:\WINDOWS\system32\grpconv.exe

2010-01-13 11:32:16 ----A---- C:\WINDOWS\system32\logonui.exe

2010-01-13 11:32:16 ----A---- C:\WINDOWS\system32\ipxroute.exe

2010-01-13 11:32:14 ----A---- C:\WINDOWS\system32\mplay32.exe

2010-01-13 11:32:14 ----A---- C:\WINDOWS\system32\mobsync.exe

2010-01-13 11:32:12 ----A---- C:\WINDOWS\system32\msiexec.exe

2010-01-13 11:32:10 ----A---- C:\WINDOWS\system32\mstinit.exe

2010-01-13 11:32:10 ----A---- C:\WINDOWS\system32\mspaint.exe

2010-01-13 11:32:08 ----A---- C:\WINDOWS\system32\netstat.exe

2010-01-13 11:32:08 ----A---- C:\WINDOWS\system32\netsh.exe

2010-01-13 11:32:08 ----A---- C:\WINDOWS\system32\net1.exe

2010-01-13 11:32:08 ----A---- C:\WINDOWS\system32\narrator.exe

2010-01-13 11:32:06 ----A---- C:\WINDOWS\system32\odbcad32.exe

2010-01-13 11:32:04 ----A---- C:\WINDOWS\system32\proquota.exe

2010-01-13 11:32:02 ----A---- C:\WINDOWS\system32\sdbinst.exe

2010-01-13 11:32:02 ----A---- C:\WINDOWS\system32\rexec.exe

2010-01-13 11:32:02 ----A---- C:\WINDOWS\system32\reg.exe

2010-01-13 11:32:02 ----A---- C:\WINDOWS\system32\rasphone.exe

2010-01-13 11:32:00 ----A---- C:\WINDOWS\system32\setup.exe

2010-01-13 11:31:58 ----A---- C:\WINDOWS\system32\spoolsv.exe

2010-01-13 11:31:58 ----A---- C:\WINDOWS\system32\spider.exe

2010-01-13 11:31:56 ----A---- C:\WINDOWS\system32\stimon.exe

2010-01-13 11:31:54 ----A---- C:\WINDOWS\system32\vssvc.exe

2010-01-13 11:31:54 ----A---- C:\WINDOWS\system32\utilman.exe

2010-01-13 11:31:54 ----A---- C:\WINDOWS\system32\ups.exe

2010-01-13 11:31:54 ----A---- C:\WINDOWS\system32\upnpcont.exe

2010-01-13 11:31:38 ----A---- C:\WINDOWS\system32\imapi.exe

2010-01-13 11:31:30 ----A---- C:\WINDOWS\system32\ping.exe

2010-01-13 11:31:28 ----A---- C:\WINDOWS\system32\MAPISRVR.EXE

2010-01-13 11:31:28 ----A---- C:\WINDOWS\system32\conime.exe

2010-01-13 11:31:26 ----A---- C:\WINDOWS\system32\winver.exe

2010-01-13 11:31:26 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe

2010-01-13 11:31:26 ----A---- C:\WINDOWS\system32\help.exe

2010-01-13 11:31:24 ----A---- C:\WINDOWS\system32\mshta.exe

2010-01-13 11:31:24 ----A---- C:\WINDOWS\system32\msfeedssync.exe

2010-01-13 11:31:20 ----A---- C:\WINDOWS\system32\3DRUT.EXE

2010-01-13 11:31:18 ----A---- C:\WINDOWS\system32\wpnpinst.exe

2010-01-13 11:31:16 ----A---- C:\WINDOWS\system32\wpdshextautoplay.exe

2010-01-13 11:31:16 ----A---- C:\WINDOWS\system32\uWDF.exe

2010-01-13 11:31:14 ----A---- C:\WINDOWS\system32\WdfMgr.exe

2010-01-13 11:31:12 ----A---- C:\WINDOWS\system32\DivXsm.exe

2010-01-13 11:31:08 ----A---- C:\WINDOWS\system32\ntvdm.exe

2010-01-13 11:31:04 ----A---- C:\WINDOWS\system32\WISPTIS.EXE

2010-01-13 11:31:02 ----A---- C:\WINDOWS\system32\nvsvc32.exe

2010-01-13 11:31:00 ----A---- C:\WINDOWS\system32\pintool.exe

2010-01-13 11:30:58 ----A---- C:\WINDOWS\system32\userinit.exe

2010-01-13 11:30:58 ----A---- C:\WINDOWS\system32\qprocess.exe

2010-01-13 11:30:50 ----A---- C:\WINDOWS\system32\Tablet.exe

2010-01-13 11:30:48 ----A---- C:\WINDOWS\system32\scardsvr.exe

2010-01-13 11:30:40 ----A---- C:\WINDOWS\system32\NVUNINST.EXE

2010-01-13 11:30:36 ----A---- C:\WINDOWS\system32\runonce.exe

2010-01-13 11:30:34 ----A---- C:\WINDOWS\system32\write.exe

2010-01-13 11:30:34 ----A---- C:\WINDOWS\system32\sndvol32.exe

2010-01-13 11:30:34 ----A---- C:\WINDOWS\system32\NeroCheck.exe

2010-01-13 11:30:34 ----A---- C:\WINDOWS\system32\cmd.exe

2010-01-13 11:30:32 ----A---- C:\WINDOWS\system32\winmine.exe

2010-01-13 11:30:32 ----A---- C:\WINDOWS\system32\sol.exe

2010-01-13 11:30:32 ----A---- C:\WINDOWS\system32\mshearts.exe

2010-01-13 11:30:32 ----A---- C:\WINDOWS\system32\freecell.exe

2010-01-13 11:30:32 ----A---- C:\WINDOWS\system32\charmap.exe

2010-01-13 11:30:32 ----A---- C:\WINDOWS\system32\calc.exe

2010-01-13 11:30:30 ----A---- C:\WINDOWS\system32\tsshutdn.exe

2010-01-13 11:30:30 ----A---- C:\WINDOWS\system32\tskill.exe

2010-01-13 11:30:30 ----A---- C:\WINDOWS\system32\tsdiscon.exe

2010-01-13 11:30:30 ----A---- C:\WINDOWS\system32\tscon.exe

2010-01-13 11:30:30 ----A---- C:\WINDOWS\system32\shadow.exe

2010-01-13 11:30:30 ----A---- C:\WINDOWS\system32\rwinsta.exe

2010-01-13 11:30:30 ----A---- C:\WINDOWS\system32\reset.exe

2010-01-13 11:30:30 ----A---- C:\WINDOWS\system32\regini.exe

2010-01-13 11:30:30 ----A---- C:\WINDOWS\system32\qwinsta.exe

2010-01-13 11:30:30 ----A---- C:\WINDOWS\system32\qappsrv.exe

2010-01-13 11:30:30 ----A---- C:\WINDOWS\system32\msg.exe

2010-01-13 11:30:30 ----A---- C:\WINDOWS\system32\logoff.exe

2010-01-13 11:30:28 ----A---- C:\WINDOWS\system32\sort.exe

2010-01-13 11:30:28 ----A---- C:\WINDOWS\system32\smlogsvc.exe

2010-01-13 11:30:28 ----A---- C:\WINDOWS\system32\cliconfg.exe

2010-01-13 11:30:26 ----A---- C:\WINDOWS\system32\tscupgrd.exe

2010-01-13 11:30:26 ----A---- C:\WINDOWS\system32\spdwnwxp.exe

2010-01-13 11:30:26 ----A---- C:\WINDOWS\system32\rdsaddin.exe

2010-01-13 11:30:26 ----A---- C:\WINDOWS\system32\rcp.exe

2010-01-13 11:30:26 ----A---- C:\WINDOWS\system32\msdtc.exe

2010-01-13 11:30:24 ----A---- C:\WINDOWS\system32\PDFSpooler.exe

2010-01-13 11:30:24 ----A---- C:\WINDOWS\system32\cmmon32.exe

2010-01-13 11:30:22 ----A---- C:\WINDOWS\system32\nvudisp.exe

2010-01-13 11:30:20 ----A---- C:\WINDOWS\system32\cisvc.exe

2010-01-13 11:30:18 ----A---- C:\WINDOWS\system32\RTLCPL.EXE

2010-01-13 11:30:16 ----A---- C:\WINDOWS\system32\javaws.exe

2010-01-13 11:30:16 ----A---- C:\WINDOWS\system32\carpserv.exe

2010-01-13 11:30:08 ----A---- C:\WINDOWS\system32\nvcolor.exe

2010-01-13 11:30:06 ----A---- C:\WINDOWS\system32\nwiz.exe

2010-01-13 11:30:02 ----A---- C:\WINDOWS\system32\tourstart.exe

2010-01-13 11:30:02 ----A---- C:\WINDOWS\system32\nvdspsch.exe

2010-01-13 11:30:00 ----A---- C:\WINDOWS\system32\javaw.exe

2010-01-13 11:29:58 ----A---- C:\WINDOWS\system32\skeys.exe

2010-01-13 11:29:52 ----A---- C:\WINDOWS\system32\nvappbar.exe

2010-01-13 11:29:48 ----A---- C:\WINDOWS\system32\wpabaln.exe

2010-01-13 11:29:46 ----A---- C:\WINDOWS\system32\wiaacmgr.exe

2010-01-13 11:29:46 ----A---- C:\WINDOWS\system32\wextract.exe

2010-01-13 11:29:44 ----A---- C:\WINDOWS\system32\telnet.exe

2010-01-13 11:29:44 ----A---- C:\WINDOWS\system32\taskmgr.exe

2010-01-13 11:29:44 ----A---- C:\WINDOWS\system32\osk.exe

2010-01-13 11:29:38 ----A---- C:\WINDOWS\system32\sndrec32.exe

2010-01-13 11:29:38 ----A---- C:\WINDOWS\system32\sigverif.exe

2010-01-13 11:29:36 ----A---- C:\WINDOWS\system32\shutdown.exe

2010-01-13 11:29:36 ----A---- C:\WINDOWS\system32\shrpubw.exe

2010-01-13 11:29:36 ----A---- C:\WINDOWS\system32\shmgrate.exe

2010-01-13 11:29:36 ----A---- C:\WINDOWS\system32\sethc.exe

2010-01-13 11:29:34 ----A---- C:\WINDOWS\system32\savedump.exe

2010-01-13 11:29:34 ----A---- C:\WINDOWS\system32\rundll32.exe

2010-01-13 11:29:34 ----A---- C:\WINDOWS\system32\rtcshare.exe

2010-01-13 11:29:34 ----A---- C:\WINDOWS\system32\rsh.exe

2010-01-13 11:29:34 ----A---- C:\WINDOWS\system32\regsvr32.exe

2010-01-13 11:29:34 ----A---- C:\WINDOWS\system32\rdshost.exe

2010-01-13 11:29:34 ----A---- C:\WINDOWS\system32\rcimlby.exe

2010-01-13 11:29:32 ----A---- C:\WINDOWS\system32\progman.exe

2010-01-13 11:29:28 ----A---- C:\WINDOWS\system32\odbcconf.exe

2010-01-13 11:29:28 ----A---- C:\WINDOWS\system32\notepad.exe

2010-01-13 11:29:26 ----A---- C:\WINDOWS\system32\netsetup.exe

2010-01-13 11:29:26 ----A---- C:\WINDOWS\system32\netdde.exe

2010-01-13 11:29:26 ----A---- C:\WINDOWS\system32\nddeapir.exe

2010-01-13 11:29:20 ----A---- C:\WINDOWS\system32\TubeFinder.exe

2010-01-13 11:29:16 ----A---- C:\WINDOWS\system32\mmc.exe

2010-01-13 11:29:14 ----A---- C:\WINDOWS\system32\makecab.exe

2010-01-13 11:29:14 ----A---- C:\WINDOWS\system32\magnify.exe

2010-01-13 11:29:06 ----A---- C:\WINDOWS\system32\ipv6.exe

2010-01-13 11:29:06 ----A---- C:\WINDOWS\system32\iexpress.exe

2010-01-13 11:29:00 ----A---- C:\WINDOWS\system32\WudfHost.exe

2010-01-13 11:29:00 ----A---- C:\WINDOWS\system32\forcedos.exe

2010-01-13 11:29:00 ----A---- C:\WINDOWS\system32\findstr.exe

2010-01-13 11:28:56 ----A---- C:\WINDOWS\system32\dvdupgrd.exe

2010-01-13 11:28:56 ----A---- C:\WINDOWS\system32\dpvsetup.exe

2010-01-13 11:28:56 ----A---- C:\WINDOWS\system32\dpnsvr.exe

2010-01-13 11:28:56 ----A---- C:\WINDOWS\system32\dplaysvr.exe

2010-01-13 11:28:54 ----A---- C:\WINDOWS\system32\dmremote.exe

2010-01-13 11:28:54 ----A---- C:\WINDOWS\system32\dmadmin.exe

2010-01-13 11:28:54 ----A---- C:\WINDOWS\system32\dllhost.exe

2010-01-13 11:28:54 ----A---- C:\WINDOWS\system32\diantz.exe

2010-01-13 11:28:52 ----A---- C:\WINDOWS\system32\dfrgntfs.exe

2010-01-13 11:28:52 ----A---- C:\WINDOWS\system32\ddeshare.exe

2010-01-13 11:28:52 ----A---- C:\WINDOWS\system32\dcomcnfg.exe

2010-01-13 11:28:50 ----A---- C:\WINDOWS\system32\cmstp.exe

2010-01-13 11:28:48 ----A---- C:\WINDOWS\system32\cmdl32.exe

2010-01-13 11:28:48 ----A---- C:\WINDOWS\system32\clipbrd.exe

2010-01-13 11:28:48 ----A---- C:\WINDOWS\system32\cleanmgr.exe

2010-01-13 11:28:32 ----A---- C:\WINDOWS\system32\dfrgfat.exe

2010-01-13 11:28:32 ----A---- C:\WINDOWS\system32\ctfmon.exe

2010-01-13 11:28:28 ----A---- C:\WINDOWS\system32\packager.exe

2010-01-13 11:28:26 ----A---- C:\WINDOWS\system32\net.exe

2010-01-13 11:28:26 ----A---- C:\WINDOWS\system32\mnmsrvc.exe

2010-01-13 11:28:16 ----A---- C:\WINDOWS\system32\ieudinit.exe

2010-01-13 11:28:16 ----A---- C:\WINDOWS\system32\ie4uinit.exe

2010-01-13 11:28:14 ----A---- C:\WINDOWS\system32\sysocmgr.exe

2010-01-13 11:28:14 ----A---- C:\WINDOWS\system32\rdpclip.exe

2010-01-13 11:28:14 ----A---- C:\WINDOWS\system32\cacls.exe

2010-01-13 11:28:12 ----A---- C:\WINDOWS\system32\tzchange.exe

2010-01-13 11:28:04 ----A---- C:\WINDOWS\system32\logagent.exe

2010-01-13 11:28:00 ----A---- C:\WINDOWS\system32\sessmgr.exe

2010-01-13 11:27:56 ----A---- C:\WINDOWS\system32\xcopy.exe

2010-01-13 11:27:56 ----A---- C:\WINDOWS\system32\dxdiag.exe

2010-01-13 11:27:54 ----A---- C:\WINDOWS\system32\sc.exe

2010-01-13 11:27:54 ----A---- C:\WINDOWS\system32\nslookup.exe

2010-01-13 11:27:54 ----A---- C:\WINDOWS\system32\locator.exe

2010-01-13 11:27:54 ----A---- C:\WINDOWS\system32\ftp.exe

2010-01-13 11:27:52 ----A---- C:\WINDOWS\system32\usrshuta.exe

2010-01-13 11:27:52 ----A---- C:\WINDOWS\system32\usrprbda.exe

2010-01-13 11:27:52 ----A---- C:\WINDOWS\system32\usrmlnka.exe

2010-01-13 11:27:52 ----A---- C:\WINDOWS\system32\osuninst.exe

2010-01-13 11:27:50 ----A---- C:\WINDOWS\system32\pentnt.exe

2010-01-13 11:27:50 ----A---- C:\WINDOWS\system32\migpwd.exe

2010-01-13 11:27:50 ----A---- C:\WINDOWS\system32\lnkstub.exe

2010-01-13 11:27:50 ----A---- C:\WINDOWS\system32\keystone.exe

2010-01-13 11:27:48 ----A---- C:\WINDOWS\system32\wupdmgr.exe

2010-01-13 11:27:48 ----A---- C:\WINDOWS\system32\dwwin.exe

2010-01-13 11:27:46 ----A---- C:\WINDOWS\system32\winmsd.exe

2010-01-13 11:27:46 ----A---- C:\WINDOWS\system32\winhlp32.exe

2010-01-13 11:27:44 ----A---- C:\WINDOWS\system32\w32tm.exe

2010-01-13 11:27:44 ----A---- C:\WINDOWS\system32\vssadmin.exe

2010-01-13 11:27:44 ----A---- C:\WINDOWS\system32\verifier.exe

2010-01-13 11:27:44 ----A---- C:\WINDOWS\system32\unlodctr.exe

2010-01-13 11:27:42 ----A---- C:\WINDOWS\system32\tracert6.exe

2010-01-13 11:27:42 ----A---- C:\WINDOWS\system32\tracert.exe

2010-01-13 11:27:42 ----A---- C:\WINDOWS\system32\tftp.exe

2010-01-13 11:27:42 ----A---- C:\WINDOWS\system32\tcpsvcs.exe

2010-01-13 11:27:42 ----A---- C:\WINDOWS\system32\tcmsetup.exe

2010-01-13 11:27:42 ----A---- C:\WINDOWS\system32\taskman.exe

2010-01-13 11:27:42 ----A---- C:\WINDOWS\system32\systray.exe

2010-01-13 11:27:42 ----A---- C:\WINDOWS\system32\syskey.exe

2010-01-13 11:27:42 ----A---- C:\WINDOWS\system32\syncapp.exe

2010-01-13 11:27:40 ----A---- C:\WINDOWS\system32\subst.exe

2010-01-13 11:27:38 ----A---- C:\WINDOWS\system32\sfc.exe

2010-01-13 11:27:38 ----A---- C:\WINDOWS\system32\runas.exe

2010-01-13 11:27:38 ----A---- C:\WINDOWS\system32\rsvp.exe

2010-01-13 11:27:36 ----A---- C:\WINDOWS\system32\rsmui.exe

2010-01-13 11:27:36 ----A---- C:\WINDOWS\system32\rsmsink.exe

2010-01-13 11:27:36 ----A---- C:\WINDOWS\system32\rsm.exe

2010-01-13 11:27:36 ----A---- C:\WINDOWS\system32\routemon.exe

2010-01-13 11:27:36 ----A---- C:\WINDOWS\system32\route.exe

2010-01-13 11:27:36 ----A---- C:\WINDOWS\system32\replace.exe

2010-01-13 11:27:36 ----A---- C:\WINDOWS\system32\regwiz.exe

2010-01-13 11:27:36 ----A---- C:\WINDOWS\system32\regedt32.exe

2010-01-13 11:27:36 ----A---- C:\WINDOWS\system32\recover.exe

2010-01-13 11:27:36 ----A---- C:\WINDOWS\system32\rasdial.exe

2010-01-13 11:27:36 ----A---- C:\WINDOWS\system32\rasautou.exe

2010-01-13 11:27:34 ----A---- C:\WINDOWS\system32\print.exe

2010-01-13 11:27:34 ----A---- C:\WINDOWS\system32\ping6.exe

2010-01-13 11:27:34 ----A---- C:\WINDOWS\system32\perfmon.exe

2010-01-13 11:27:34 ----A---- C:\WINDOWS\system32\pathping.exe

2010-01-13 11:27:32 ----A---- C:\WINDOWS\system32\ntsd.exe

2010-01-13 11:27:32 ----A---- C:\WINDOWS\system32\nbtstat.exe

2010-01-13 11:27:30 ----A---- C:\WINDOWS\system32\msswchx.exe

2010-01-13 11:27:30 ----A---- C:\WINDOWS\system32\mrinfo.exe

2010-01-13 11:27:28 ----A---- C:\WINDOWS\system32\mpnotify.exe

2010-01-13 11:27:28 ----A---- C:\WINDOWS\system32\mountvol.exe

2010-01-13 11:27:26 ----A---- C:\WINDOWS\system32\lpr.exe

2010-01-13 11:27:26 ----A---- C:\WINDOWS\system32\lpq.exe

2010-01-13 11:27:26 ----A---- C:\WINDOWS\system32\lodctr.exe

2010-01-13 11:27:26 ----A---- C:\WINDOWS\system32\lights.exe

2010-01-13 11:27:26 ----A---- C:\WINDOWS\system32\label.exe

2010-01-13 11:27:22 ----A---- C:\WINDOWS\system32\ipsec6.exe

2010-01-13 11:27:20 ----A---- C:\WINDOWS\system32\hostname.exe

2010-01-13 11:27:20 ----A---- C:\WINDOWS\system32\fsutil.exe

2010-01-13 11:27:18 ----A---- C:\WINDOWS\system32\java.exe

2010-01-13 11:27:18 ----A---- C:\WINDOWS\system32\fontview.exe

2010-01-13 11:27:18 ----A---- C:\WINDOWS\system32\fixmapi.exe

2010-01-13 11:27:18 ----A---- C:\WINDOWS\system32\finger.exe

2010-01-13 11:27:18 ----A---- C:\WINDOWS\system32\find.exe

2010-01-13 11:27:18 ----A---- C:\WINDOWS\system32\fc.exe

2010-01-13 11:27:18 ----A---- C:\WINDOWS\system32\extrac32.exe

2010-01-13 11:27:18 ----A---- C:\WINDOWS\system32\expand.exe

2010-01-13 11:27:18 ----A---- C:\WINDOWS\system32\eventvwr.exe

2010-01-13 11:27:18 ----A---- C:\WINDOWS\system32\esentutl.exe

2010-01-13 11:27:16 ----A---- C:\WINDOWS\system32\dvdplay.exe

2010-01-13 11:27:16 ----A---- C:\WINDOWS\system32\drwtsn32.exe

2010-01-13 11:27:16 ----A---- C:\WINDOWS\system32\doskey.exe

2010-01-13 11:27:14 ----A---- C:\WINDOWS\system32\dllhst3g.exe

2010-01-13 11:27:14 ----A---- C:\WINDOWS\system32\diskperf.exe

2010-01-13 11:27:14 ----A---- C:\WINDOWS\system32\diskpart.exe

2010-01-13 11:27:12 ----A---- C:\WINDOWS\system32\convert.exe

2010-01-13 11:27:12 ----A---- C:\WINDOWS\system32\control.exe

2010-01-13 11:27:12 ----A---- C:\WINDOWS\system32\compact.exe

2010-01-13 11:27:12 ----A---- C:\WINDOWS\system32\comp.exe

2010-01-13 11:27:08 ----A---- C:\WINDOWS\system32\ckcnv.exe

2010-01-13 11:27:08 ----A---- C:\WINDOWS\system32\cidaemon.exe

2010-01-13 11:27:08 ----A---- C:\WINDOWS\system32\chkntfs.exe

2010-01-13 11:27:08 ----A---- C:\WINDOWS\system32\chkdsk.exe

2010-01-13 11:27:06 ----A---- C:\WINDOWS\system32\bootvrfy.exe

2010-01-13 11:27:06 ----A---- C:\WINDOWS\system32\bootok.exe

2010-01-13 11:27:04 ----A---- C:\WINDOWS\system32\arp.exe

2010-01-13 11:26:52 ----A---- C:\WINDOWS\system32\drmupgds.exe

2010-01-12 07:00:14 ----A---- C:\WINDOWS\system32\user32.DLL

2010-01-12 06:54:26 ----A---- C:\WINDOWS\DUMPdee9.tmp

2010-01-09 19:45:04 ----A---- C:\WINDOWS\ntbtlog.txt

2009-12-14 17:55:20 ----A---- C:\WINDOWS\setuplog.txt

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-01-03 28928]

R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]

R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\system32\DRIVERS\strmdisp.sys [2001-12-23 33548]

R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-07-20 400384]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-07-20 626204]

R3 Dot4;Pilote MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]

R3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]

R3 Dot4Scan;Pilote de classe Scanneur pour IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]

R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]

R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]

R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 MPUSens;MPUSens; C:\WINDOWS\system32\drivers\MPUSens.sys [2004-04-26 381056]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-11-11 3532928]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]

R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-01-03 99456]

S1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-07-16 13056]

S1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-09-06 87056]

S1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-09-06 24208]

S1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-01-03 27776]

S1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]

S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-13 21035]

S2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2008-09-04 56344]

S2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]

S2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-05 63232]

S2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-05 55936]

S3 an9uw9fx;an9uw9fx; C:\WINDOWS\system32\drivers\an9uw9fx.sys []

S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

S3 Camdrv30;Philips ToUcam XS; C:\WINDOWS\System32\Drivers\camdrv30.sys [2001-08-17 171264]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 dot4usb;Filtre Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-23 24064]

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\HardwareDetection\driverhardwarev2.sys []

S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-11-16 42496]

S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-09-04 41984]

S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-22 1035008]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]

S3 PinnacleMarvinUsb;Pinnacle Systems Service for MovieBox Deluxe, 500-USB and 700-USB; C:\WINDOWS\system32\DRIVERS\MarvinUsb.sys [2005-06-29 425984]

S3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys [2007-11-21 308096]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 Stmatm;ATM/ADSL miniport; C:\WINDOWS\system32\DRIVERS\stmatm.sys [2005-07-07 60255]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 TaurusUsb;ADSL Modem USB Service; C:\WINDOWS\system32\DRIVERS\torususb.sys [2005-07-07 541990]

S3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]

S3 Tunx00;FunTV Video Capture; C:\WINDOWS\system32\DRIVERS\Tunx00.sys [2004-01-16 302720]

S3 TxTuner;FunTV TV Tuner; C:\WINDOWS\system32\DRIVERS\TxTuner.sys [2004-01-16 26880]

S3 UsbSagCom;Mobile Device Full USB Driver; C:\WINDOWS\system32\DRIVERS\UsbSagCom.sys [2007-06-29 51712]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-11-02 76672]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-11-02 82560]

S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-06 611664]

R2 cmdAgent;COMODO Firewall Pro Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2008-09-06 536576]

R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-01-03 854528]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2006-10-26 356352]

R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2010-01-13 638976]

S2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-01-13 151552]

S2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 296448]

S2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 938496]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-08-25 89600]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-09-04 512536]

S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe [2005-01-17 90112]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 45056]

S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe [2008-04-17 5771264]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

 

-----------------EOF-----------------

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...