Virus trojan win32
Résolu
novice06100
Messages postés
45
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
j'ai un trojan w32 sur mon pc ca fait deux jours que je suis dessus et je n'arrive pas a le virer. j'ai consulte un peu tous les conseils et ne n'arrive pas a resoudre mon probleme>
voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:46, on 12.05.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\XP-84BF99B7.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\Isass.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Yandex\Yupdate\yupdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\winemyx.exe
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\winkniye.exe
C:\WINDOWS\Explorer.exe
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\550.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\NoAdware\NoAdware5.exe
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\w808473.exe
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\4PEFG12J\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd">
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <script LANGUAGE="JavaScript">
O1 - Hosts: <!--
O1 - Hosts: if (window != top)
O1 - Hosts: top.location.href = location.href;
O1 - Hosts: // -->
O1 - Hosts: </script>
O1 - Hosts: <title>Site Unavailable</title>
O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
O1 - Hosts: <style type="text/css">
O1 - Hosts: body{text-align:center;}
O1 - Hosts: .geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;}
O1 - Hosts: .geohead #geologo {width:270px;display:block; float:left; }
O1 - Hosts: .geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;}
O1 - Hosts: .geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}
O1 - Hosts: .geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}
O1 - Hosts: .ftr { margin:0px; color:#404040; font:x-small Arial,sans-serif; text-align:center; width:750px;}
O1 - Hosts: .bodywrap{display:block;height:470px;}
O1 - Hosts: .bodycnt{width:510px; display:block; float:left; background-color:#EEE9F5; height:auto; text-align:left; font-family:Arial, Helvetica, sans-serif;font-size:13px; color:#000000; padding:20px 20px 35px 20px;}
O1 - Hosts: .title { font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:24px; color:#7C56A9}
O1 - Hosts: .adcnt{width:172px; display:block; float:right; text-align:left;cursor:pointer;cursor:hand;}
j'ai telecharge un spyware qui me bloque les tentatives t'intrusions mais je n'arrive pas a virer le virus qui me met des erreurs au demarrage>
le nom du spyware est ashampoo si ca peu vous aider>
et egalement a preciser c'est l'ordinateur de ma copine russe si defois il y a des infos qui vous semblerai avec des caracteres bizard...
merci d'avance.
j'ai un trojan w32 sur mon pc ca fait deux jours que je suis dessus et je n'arrive pas a le virer. j'ai consulte un peu tous les conseils et ne n'arrive pas a resoudre mon probleme>
voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:46, on 12.05.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\XP-84BF99B7.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\Isass.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Yandex\Yupdate\yupdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\winemyx.exe
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\winkniye.exe
C:\WINDOWS\Explorer.exe
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\550.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\NoAdware\NoAdware5.exe
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\w808473.exe
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\4PEFG12J\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd">
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <script LANGUAGE="JavaScript">
O1 - Hosts: <!--
O1 - Hosts: if (window != top)
O1 - Hosts: top.location.href = location.href;
O1 - Hosts: // -->
O1 - Hosts: </script>
O1 - Hosts: <title>Site Unavailable</title>
O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
O1 - Hosts: <style type="text/css">
O1 - Hosts: body{text-align:center;}
O1 - Hosts: .geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;}
O1 - Hosts: .geohead #geologo {width:270px;display:block; float:left; }
O1 - Hosts: .geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;}
O1 - Hosts: .geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}
O1 - Hosts: .geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}
O1 - Hosts: .ftr { margin:0px; color:#404040; font:x-small Arial,sans-serif; text-align:center; width:750px;}
O1 - Hosts: .bodywrap{display:block;height:470px;}
O1 - Hosts: .bodycnt{width:510px; display:block; float:left; background-color:#EEE9F5; height:auto; text-align:left; font-family:Arial, Helvetica, sans-serif;font-size:13px; color:#000000; padding:20px 20px 35px 20px;}
O1 - Hosts: .title { font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:24px; color:#7C56A9}
O1 - Hosts: .adcnt{width:172px; display:block; float:right; text-align:left;cursor:pointer;cursor:hand;}
j'ai telecharge un spyware qui me bloque les tentatives t'intrusions mais je n'arrive pas a virer le virus qui me met des erreurs au demarrage>
le nom du spyware est ashampoo si ca peu vous aider>
et egalement a preciser c'est l'ordinateur de ma copine russe si defois il y a des infos qui vous semblerai avec des caracteres bizard...
merci d'avance.
Configuration: Windows XP Internet Explorer 6.0
25 réponses
- 1
- 2
Suivant
Résumé de la discussion
Infection par un cheval de Troie W32 est signalée sur un PC équipé de Windows XP, avec des erreurs au démarrage et une multitude de processus et d’entrées de démarrage suspectes repérées dans HijackThis. Des solutions proposées incluent l’utilisation d’outils spécialisés de désinfection tels que ComboFix, OTMoveIt3 et RSIT, avec des étapes précises: déconnexion Internet, rapports à copier et redémarrages éventuels. D'autres recommandations portent sur UsbFix et des procédures additionnelles, et soulignent que certains composants peuvent être perçus comme des outils risqués par les antivirus, sans nécessairement être des menaces. Enfin, les échanges mentionnent que l’infection peut se propager via des supports externes et nécessiter des rapports de diagnostic, ainsi que des précautions lors d’un redémarrage.
-
Salut ,
y a du taff ...
Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt
-
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Avant de telecharger clic sur enregistrer renome le en killbagle et enregistre le sur le bureau
-> Double clique sur killbagle.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
Une fois fait, sur ton bureau double-clic sur killbagle.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-
---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
:files
c:\program files\UsbFix
c:\recycler\S-1-5-21-1864815105-8573744983-022396499-7978\wingn.exe
c:\windows\system32\XP-84BF99B7.EXE
c:\documents and settings\пользователь\sxd2.exe
c:\documents and settings\пользователь\sxd2.exe
c:\documents and settings\пользователь\sxs32.exe
c:\documents and settings\пользователь\sxs32.exe
c:\documents and settings\пользователь\12396396002940.exe
c:\documents and settings\пользователь\12396396002940.exe
c:\documents and settings\пользователь\usier32.exe
c:\documents and settings\пользователь\usier32.exe
c:\documents and settings\пользователь\12376225022956.exe
c:\documents and settings\пользователь\12376225022956.exe
c:\documents and settings\пользователь\ievben32.exe
c:\documents and settings\пользователь\ievben32.exe
c:\documents and settings\пользователь\hub32ie.exe
c:\documents and settings\пользователь\hub32ie.exe
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XP-84BF99B7"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=-
:commands
[emptytemp]
[reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log-
voila le rapport
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\program files\UsbFix\Tools moved successfully.
c:\program files\UsbFix moved successfully.
c:\recycler\S-1-5-21-1864815105-8573744983-022396499-7978\wingn.exe moved successfully.
c:\windows\system32\XP-84BF99B7.EXE moved successfully.
c:\documents and settings\пользователь\sxd2.exe moved successfully.
File/Folder c:\documents and settings\пользователь\sxd2.exe not found.
c:\documents and settings\пользователь\sxs32.exe moved successfully.
File/Folder c:\documents and settings\пользователь\sxs32.exe not found.
c:\documents and settings\пользователь\12396396002940.exe moved successfully.
File/Folder c:\documents and settings\пользователь\12396396002940.exe not found.
c:\documents and settings\пользователь\usier32.exe moved successfully.
File/Folder c:\documents and settings\пользователь\usier32.exe not found.
c:\documents and settings\пользователь\12376225022956.exe moved successfully.
File/Folder c:\documents and settings\пользователь\12376225022956.exe not found.
c:\documents and settings\пользователь\ievben32.exe moved successfully.
File/Folder c:\documents and settings\пользователь\ievben32.exe not found.
c:\documents and settings\пользователь\hub32ie.exe moved successfully.
File/Folder c:\documents and settings\пользователь\hub32ie.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\XP-84BF99B7 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\\Taskman deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\3515AG0R\affich-12414651-virus-trojan-win32[1] scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CF1LH1D7\signin[1].htm scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CF1LH1D7\OTMoveIt3[1].exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\00011373_Rar\XP-84BF99B7.EXE scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\History\History.IE5\MSHist012009051220090513\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\IswTmp\Logs\TrustcheckerIEPlugin.swl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4\krnln.fnr scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4\shell.fne scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4\eAPI.fne scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4\internet.fne scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4\dp1.fne scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4\com.run scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\winkktd.exe scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\пользователь\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\IswTmp\Logs\ISWSVC.swl scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\IswTmp\Logs\ISWUL.swl scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\IswTmp\Logs\ISWUILIB.swl scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\IswTmp\Logs\ISWDMP.swl scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\IswTmp\Logs\ISWAK.swl scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\IswTmp\Logs\ISWMENUS.swl scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\IswTmp\Logs\ISWSTATS.swl scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\IswTmp\Logs\ISWSPYSCAN.swl scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\IswTmp\Logs\ISWFWMON.swl scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\IswTmp\Logs\ISWUPD.swl scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\IswTmp\Logs\ISWFRAME.swl scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\IswTmp\Logs\ISWVEXT.swl scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05122009_154029
Files moved on Reboot...
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\3515AG0R\affich-12414651-virus-trojan-win32[1] moved successfully.
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CF1LH1D7\signin[1].htm moved successfully.
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\CF1LH1D7\OTMoveIt3[1].exe moved successfully.
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\00011373_Rar\XP-84BF99B7.EXE moved successfully.
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\IswTmp\Logs\TrustcheckerIEPlugin.swl moved successfully.
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4\krnln.fnr moved successfully.
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4\shell.fne moved successfully.
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4\eAPI.fne moved successfully.
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4\internet.fne moved successfully.
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4\dp1.fne moved successfully.
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4\com.run moved successfully.
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\winkktd.exe moved successfully.
File move failed. C:\WINDOWS\temp\IswTmp\Logs\ISWSVC.swl scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\IswTmp\Logs\ISWUL.swl scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\IswTmp\Logs\ISWUILIB.swl scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\IswTmp\Logs\ISWDMP.swl scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\IswTmp\Logs\ISWAK.swl scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\IswTmp\Logs\ISWMENUS.swl scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\IswTmp\Logs\ISWSTATS.swl scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\IswTmp\Logs\ISWSPYSCAN.swl scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\IswTmp\Logs\ISWFWMON.swl scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\IswTmp\Logs\ISWUPD.swl scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\IswTmp\Logs\ISWFRAME.swl scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\IswTmp\Logs\ISWVEXT.swl scheduled to be moved on reboot.
mais une partie c'est deja enleve>
-
-
-
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
je n'arrive pas a acceder a ton lien mais j'ai le rapport des dossier infecte de ashampoo si ca peu nous faire avancer.
encore merci mais c'est la premier fois que je suis confronte a ce type de probleme>
Date & Heure Infection/Menace Identifiée Position Infection
12.05.2009 12:36:59 Backdoor.Win32.Agent.ima!A2 C: \ RECYCLER \ S-1-5-21-1482476501-1644491937-682003330-1013 \ ise32.exe
12.05.2009 12:29:32 Trojan.Win32.Agent.bvsn!A2 C: \ Documents and Settings \ пользователь \ ievben32.exe
12.05.2009 12:29:32 Trojan.Win32.Pakes.njl!A2 C: \ Documents and Settings \ пользователь \ sxs32.exe
12.05.2009 12:28:49 Trojan-Dropper.Win32.VB.lhn!A2 C: \ Documents and Settings \ пользователь \ Рабочий стол \ Fotoshop \ CorelDraw11_and_APPS-portableRUS.exe
12.05.2009 12:24:58 Trojan.Win32.Pakes.njl!A2 C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ 550.exe
12.05.2009 12:24:27 Trojan.Win32.KillAV.yp!A2 C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ 5.tmp \ b2e.exe
12.05.2009 12:24:26 Trojan.Win32.KillAV.yp!A2 C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ 13.tmp \ b2e.exe
12.05.2009 12:24:25 Trojan.Win32.KillAV.yp!A2 C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ 9.tmp \ b2e.exe
12.05.2009 12:24:23 Trojan.Win32.KillAV.yp!A2 C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ D.tmp \ b2e.exe
12.05.2009 12:21:37 Trojan.Win32.Pakes.njl!A2 C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ Temporary Internet Files \ Content.IE5 \ 8PQNCTUF \ sxs[1].exe
12.05.2009 12:21:03 Trojan.Win32.KillAV.yp!A2 C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ B.tmp \ b2e.exe
12.05.2009 12:20:51 Trojan.Win32.KillAV.yp!A2 C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ 4E.tmp \ b2e.exe
12.05.2009 12:20:50 Trojan.Win32.KillAV.yp!A2 C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ 7.tmp \ b2e.exe
12.05.2009 12:20:28 Trojan.Win32.KillAV.yp!A2 C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ 4C.tmp \ b2e.exe
12.05.2009 12:20:28 Trojan.Win32.KillAV.yp!A2 C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ 6.tmp \ b2e.exe
12.05.2009 12:20:27 Trojan.Win32.KillAV.yp!A2 C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ 8.tmp \ b2e.exe
12.05.2009 11:31:41 Trace.Registry.CWS.Searchmeup!A2 Key: HKEY_USERS \ S-1-5-21-3503949566-2727387292-3534500413-1005 \ software \ toolband
12.05.2009 11:31:24 Trace.Registry.StartPage!A2 Value: HKEY_USERS \ S-1-5-21-3503949566-2727387292-3534500413-1005 \ software \ microsoft \ windows \ currentversion \ run --> svchost
12.05.2009 10:19:53 Backdoor.Win32.Agent.ima C: \ RECYCLER \ S-1-5-21-1482476501-1644491937-682003330-1013 \ ise32.exe
12.05.2009 10:19:46 Riskware.RiskTool.Win32.Processor.20 C: \ Program Files \ UsbFix \ Tools \ Proc.exe
12.05.2009 10:07:46 Trojan.Win32.KillAV.yp C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ 5.tmp \ b2e.exe
12.05.2009 10:07:44 Trojan.Win32.KillAV.yp C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ 9.tmp \ b2e.exe
12.05.2009 10:07:42 Trojan.Win32.KillAV.yp C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ D.tmp \ b2e.exe
12.05.2009 10:05:02 Trojan.Win32.KillAV.yp C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ B.tmp \ b2e.exe
12.05.2009 10:04:52 Trojan.Win32.KillAV.yp C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ 4E.tmp \ b2e.exe
12.05.2009 10:04:51 Trojan.Win32.KillAV.yp C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ 7.tmp \ b2e.exe
12.05.2009 10:04:35 Trojan.Win32.KillAV.yp C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ 4C.tmp \ b2e.exe
12.05.2009 10:04:35 Trojan.Win32.KillAV.yp C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ 6.tmp \ b2e.exe
12.05.2009 10:04:34 Trojan.Win32.KillAV.yp C: \ Documents and Settings \ пользователь \ Local Settings \ Temp \ 8.tmp \ b2e.exe
12.05.2009 09:42:42 Trace.Registry.CWS.Searchmeup Key: HKEY_USERS \ S-1-5-21-3503949566-2727387292-3534500413-1005 \ software \ toolband
12.05.2009 09:42:23 Trace.Registry.StartPage Value: HKEY_USERS \ S-1-5-21-3503949566-2727387292-3534500413-1005 \ software \ microsoft \ windows \ currentversion \ run --> svchost -
voila je l'ai excute par contre je suis alle un peu vite je n'ai pas ferme internet ni ferme les fenetres ouverte
ca pose un gros probleme?
sinon voila le compte rendu.
qu'en pense tu?
en tou cas encore merci>
ComboFix 09-05-11.08 - пользователь 12.05.2009 14:16.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.7.1049.18.502.167 [GMT 4:00]
Running from: c:\documents and settings\пользователь\Мои документы\Уголовное право З.С. 2 семестр\killbagle.exe
AV: Антивирусная защита Касперского для Я.Онлайн *On-access scanning disabled* (Updated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 32A
Системе не удается найти указанный путь.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ПОЛЬЗО~1\LOCALS~1\Temp\[u]0[/u]0030DAD_Rar\XP-84BF99B7.EXE
c:\docume~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4
c:\docume~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4\com.run
c:\docume~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4\dp1.fne
c:\docume~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4\eAPI.fne
c:\docume~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4\internet.fne
c:\docume~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4\krnln.fnr
c:\docume~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4\RegEx.fnr
c:\docume~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4\shell.fne
c:\docume~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4\spec.fne
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
c:\windows\IE4 Error Log.txt
c:\windows\msnsrv.exe
c:\windows\system32\com.run
c:\windows\system32\csrcs.exe
c:\windows\system32\dp1.fne
c:\windows\system32\eAPI.fne
c:\windows\system32\internet.fne
c:\windows\system32\isass.exe
c:\windows\system32\krnln.fnr
c:\windows\system32\og.dll
c:\windows\system32\og.edt
c:\windows\system32\RegEx.fnr
c:\windows\system32\shell.fne
c:\windows\system32\spec.fne
c:\windows\system32\sysmgr.exe
c:\windows\system32\ul.dll
----- BITS: Possible infected sites -----
hxxp://soft.export.yandex.ru
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3360PR
-------\Service_asc3360pr
((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))
.
2009-05-12 08:53 . 2009-05-12 08:53 -------- d-----w c:\program files\NoAdware
2009-05-12 05:37 . 2009-05-12 05:37 -------- d-----w c:\documents and settings\пользователь\Local Settings\Application Data\Ashampoo
2009-05-12 05:34 . 2009-05-12 05:34 -------- d-----w c:\program files\Ashampoo
2009-05-11 21:50 . 2009-05-11 21:50 -------- d-----w c:\program files\UsbFix
2009-05-11 21:17 . 2009-05-12 10:39 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-11 19:06 . 2009-05-11 19:06 128 ----a-w c:\windows\system32\pdfl.dat
2009-05-11 19:06 . 2009-05-11 19:06 80 ----a-w c:\windows\system32\ibfl.dat
2009-05-11 19:06 . 2009-05-11 19:06 144 ----a-w c:\windows\system32\lkfl.dat
2009-05-11 19:06 . 2009-05-11 19:06 -------- d-----w c:\program files\CheckPoint
2009-05-11 19:06 . 2009-05-11 19:06 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-05-11 19:06 . 2009-03-31 15:20 72584 ----a-w c:\windows\zllsputility.exe
2009-05-11 19:05 . 2009-03-31 15:20 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-05-11 19:05 . 2009-05-11 19:05 -------- d-----w c:\windows\system32\ZoneLabs
2009-05-11 19:05 . 2009-05-11 19:05 -------- d-----w c:\program files\Zone Labs
2009-05-11 19:03 . 2009-05-11 19:04 -------- d-----w c:\windows\Internet Logs
2009-05-03 12:03 . 2009-05-03 12:03 1579223 --sh--r c:\windows\system32\XP-84BF99B7.EXE
2009-04-30 12:01 . 2009-05-03 11:52 173568 ----a-w c:\documents and settings\пользователь\sxd2.exe
2009-04-30 12:01 . 2009-05-03 11:52 173568 ----a-w c:\documents and settings\пользователь\sxd2.exe
2009-04-29 16:25 . 2009-04-29 16:25 -------- d-sh--w C:\FOUND.007
2009-04-28 12:54 . 2009-04-28 12:54 -------- d-sh--w C:\FOUND.006
2009-04-21 04:36 . 2009-04-21 04:36 23552 ----a-w c:\documents and settings\пользователь\sxs32.exe
2009-04-21 04:36 . 2009-04-21 04:36 23552 ----a-w c:\documents and settings\пользователь\sxs32.exe
2009-04-16 15:54 . 2009-04-16 15:54 -------- d-sh--w C:\FOUND.005
2009-04-14 12:28 . 2009-04-14 12:28 -------- d-sh--w C:\FOUND.004
2009-04-13 16:20 . 2009-04-13 16:20 176128 ----a-w c:\documents and settings\пользователь\12396396002940.exe
2009-04-13 16:20 . 2009-04-13 16:20 176128 ----a-w c:\documents and settings\пользователь\12396396002940.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-12 10:39 . 2009-05-11 21:17 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-12 09:11 . 2009-05-12 09:11 21273 ----a-w c:\program files\hijackthis.log
2009-05-11 19:08 . 2009-05-11 19:08 8192 ------w c:\windows\Internet Logs\xDB27.tmp
2009-05-11 19:08 . 2009-05-11 19:08 1039360 ------w c:\windows\Internet Logs\xDB28.tmp
2009-05-11 19:08 . 2009-05-11 19:08 8192 ------w c:\windows\Internet Logs\xDB25.tmp
2009-05-11 19:08 . 2009-05-11 19:08 760320 ------w c:\windows\Internet Logs\xDB26.tmp
2009-04-12 15:13 . 2009-04-11 17:08 181760 ----a-w c:\documents and settings\пользователь\usier32.exe
2009-04-12 15:13 . 2009-04-11 17:08 181760 ----a-w c:\documents and settings\пользователь\usier32.exe
2009-04-11 17:21 . 2009-04-11 17:20 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-04-11 17:17 . 2009-04-11 17:17 -------- d-----w c:\program files\Common Files\Skype
2009-04-11 17:17 . 2009-04-11 17:17 -------- d-----r c:\program files\Skype
2009-03-21 07:01 . 2009-03-21 07:01 176128 ----a-w c:\documents and settings\пользователь\12376225022956.exe
2009-03-21 07:01 . 2009-03-21 07:01 176128 ----a-w c:\documents and settings\пользователь\12376225022956.exe
2009-03-21 02:44 . 2009-03-21 02:44 23552 ----a-w c:\documents and settings\пользователь\ievben32.exe
2009-03-21 02:44 . 2009-03-21 02:44 23552 ----a-w c:\documents and settings\пользователь\ievben32.exe
2009-03-21 02:43 . 2009-03-21 02:43 36864 ----a-w c:\documents and settings\пользователь\hub32ie.exe
2009-03-21 02:43 . 2009-03-21 02:43 36864 ----a-w c:\documents and settings\пользователь\hub32ie.exe
2009-03-19 14:30 . 2009-03-19 14:30 -------- d-----w c:\program files\Google
2009-02-18 05:31 . 1979-12-31 20:00 72462 ----a-w c:\windows\system32\perfc019.dat
2009-02-18 05:31 . 1979-12-31 20:00 437844 ----a-w c:\windows\system32\perfh019.dat
2009-02-17 17:54 . 2009-02-17 17:54 90624 ----a-w c:\documents and settings\пользователь\winpad23.exe
2009-02-17 17:54 . 2009-02-17 17:54 90624 ----a-w c:\documents and settings\пользователь\winpad23.exe
2007-04-16 14:54 . 1979-12-31 20:00 164000 --sh--r c:\windows\system32\qqiqvg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]
"Yupdate!"="c:\program files\Common Files\Yandex\Yupdate\yupdate.exe" [2008-05-04 537352]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3963232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-19 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-12-10 278618]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-10 786522]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2008-12-10 270336]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2008-12-10 2893824]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-12-10 110592]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 208896]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2008-12-10 167936]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2008-12-10 143360]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2008-12-10 311296]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-07-25 155648]
"eRecoveryService"="c:\program files\Acer\eRecovery\Monitor.exe" [2008-12-10 434176]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2005-10-20 33792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-10 151552]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2008-12-10 349184]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-07 954392]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 566808]
"XP-84BF99B7"="c:\windows\system32\XP-84BF99B7.EXE" [2009-05-03 1579223]
"'Ashampoo AntiSpyWare 2 Guard'"="c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2009-01-14 2347352]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-10 196608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 335872]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"preload"="c:\windows\RUNXMLPL.exe" [2008-12-10 110592]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 151552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1515520]
c:\documents and settings\Ї®«м§®ў ⥫м\ѓ« ў®Ґ ¬Ґо\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \
цццццц.lnk - c:\windows\system32\XP-84BF99B7.EXE [2009-5-3 1579223]
c:\documents and settings\Ї®«м§®ў ⥫м\ѓ« ў®Ґ ¬Ґо\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \
цццццц.lnk - c:\windows\system32\XP-84BF99B7.EXE [2009-5-3 1579223]
c:\documents and settings\Ї®«м§®ў ⥫м\ѓ« ў®Ґ ¬Ґо\Џа®Ја ¬¬л\Ђўв®§ Јаг§Є \
цццццц.lnk - c:\windows\system32\XP-84BF99B7.EXE [2009-5-3 1579223]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= file:///c:\docume~1\ПОЛЬЗО~1\LOCALS~1\Temp\msohtml1\[u]0[/u]1\clip_image001.gif
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="c:\recycler\S-1-5-21-1864815105-8573744983-022396499-7978\wingn.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\QuickCam10\\LU\\LogitechUpdate.exe"=
"c:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe"=
"c:\\WINDOWS\\system32\\WISPTIS.EXE"=
"c:\\Program Files\\Common Files\\Logishrd\\LQCVFX\\COCIManager.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\PC Connectivity Solution\\NclInstaller.exe"=
"c:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe"=
"c:\\Program Files\\Acer\\eRecovery\\mbrwrwin.exe"=
"c:\\Program Files\\Winamp\\Winamp.exe"= c:\\Program Files\\Winamp\\winamp.exe
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"=
"c:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\LVComSX.exe"=
"c:\\Program Files\\ACD Systems\\ACDSee\\7.0\\ACDSee7.exe"=
"c:\\Program Files\\Launch Manager\\OSDCtrl.exe"=
"c:\\Program Files\\Launch Manager\\Wbutton.exe"=
"c:\\Program Files\\Common Files\\Logishrd\\LQCVFX\\ModelFileHandler.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe"=
"c:\\Program Files\\Common Files\\Yandex\\Yupdate\\yupdate.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Documents and Settings\\пользователь\\upad33.exe"=
"c:\\Program Files\\Common Files\\LogiShrd\\SrvLnch\\SrvLnch.exe"=
"c:\\Windows\\RUNXMLPL.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\Launch Manager\\HotkeyApp.exe"=
"c:\\Program Files\\Launch Manager\\LaunchAp.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe"=
"c:\\acer\\epm\\epm-dm.exe"=
"c:\\Program Files\\Launch Manager\\PowerKey.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Acer\\eRecovery\\Monitor.exe"=
"c:\\PROGRA~1\\COMMON~1\\Logishrd\\LQCVFX\\COCIMA~1.EXE"=
"c:\\program files\\common files\\logishrd\\kaudp\\FltrInst.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\пользователь\\winpad23.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Documents and Settings\\пользователь\\ievben32.exe"=
"c:\\Program Files\\Microsoft\\Office Live\\OfficeLiveSignIn.exe"=
"c:\\Program Files\\Windows Live\\Toolbar\\wltuser.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\пользователь\\sxs32.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Windows Live\\Photo Gallery\\WLXQuickTimeControlHost.exe"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7233:TCP"= 7233:TCP:mgeocglg
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [12.05.2009 9:34 749400]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [17.02.2009 22:30 55152]
R2 ISWKL;ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [12.02.2009 14:12 21136]
R2 IswSvc;ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [12.02.2009 14:12 390536]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14.01.2009 17:53 226656]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [24.03.2006 23:43 2343]
S1 mailKmd;mailKmd; [x]
S2 fwuaqq;Manager Task;c:\windows\system32\svchost.exe -k netsvcs [01.01.1980 14336]
S2 gupdate1c9bac96ecf22d2;Служба Google Update (gupdate1c9bac96ecf22d2);c:\program files\Google\Update\GoogleUpdate.exe [11.04.2009 21:17 133104]
S3 fsssvc;Семейная безопасность Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 18:08 607088]
S3 uxhiaxci;uxhiaxci;\??\c:\windows\system32\[u]0[/u]1.tmp --> c:\windows\system32\[u]0[/u]1.tmp [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fwuaqq
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - NADFOLDER\autorun.exe
\Shell\open\command - NADFOLDER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - NADFOLDER\autorun.exe
\Shell\open\command - NADFOLDER\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
2009-05-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-11 17:17]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Download Master - c:\program files\Download Master\dmaster.exe
HKCU-Run-YandexOnline - c:\program files\Yandex\Online\online.exe
HKLM-Run-ZoneAlarm Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
HKLM-Run-Microsoft(R) System Manager - c:\windows\system32\sysmgr.exe
HKLM-Explorer_Run-csrcs - c:\windows\system32\csrcs.exe
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
TCP: {90C39383-E3FA-41AF-ADF5-39F3F3C983A9} = 91.189.240.2
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-12 14:41
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(688)
c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\Guard.dll
- - - - - - - > 'lsass.exe'(744)
c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\Guard.dll
- - - - - - - > 'explorer.exe'(7344)
c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\Guard.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
- - - - - - - > 'csrss.exe'(664)
c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\Guard.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMMON FILES\LOGISHRD\LVMVFM\LVPRCSRV.EXE
c:\acer\EMANAGER\ANBMSERV.EXE
c:\program files\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\program files\CANON\CAL\CALMAIN.EXE
c:\windows\SYSTEM32\WSCNTFY.EXE
c:\program files\PC CONNECTIVITY SOLUTION\SERVICELAYER.EXE
c:\windows\system32\msiexec.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-05-12 14:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-12 10:46
Pre-Run: 5 587 812 352 байт свободно
Post-Run: 6 797 787 136 байт свободно
298 --- E O F --- 2009-04-16 17:10 -
Telecharge malwarebytes
https://www.malwarebytes.com/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
-
essai ici : http://sd-1.archive-host.com/membres/up/116615172019703188/novice.exe
c est malewabyte's renomé .
-
ca en a encore supprime...
voici le rapport
Malwarebytes' Anti-Malware 1.36
Version de la base de donnйes: 1945
Windows 5.1.2600 Service Pack 2
12.05.2009 16:14:07
mbam-log-2009-05-12 (16-14-07).txt
Type de recherche: Examen rapide
Elйments examinйs: 72169
Temps йcoulй: 4 minute(s), 43 second(s)
Processus mйmoire infectй(s): 0
Module(s) mйmoire infectй(s): 0
Clй(s) du Registre infectйe(s): 0
Valeur(s) du Registre infectйe(s): 1
Elйment(s) de donnйes du Registre infectй(s): 0
Dossier(s) infectй(s): 0
Fichier(s) infectй(s): 4
Processus mйmoire infectй(s):
(Aucun йlйment nuisible dйtectй)
Module(s) mйmoire infectй(s):
(Aucun йlйment nuisible dйtectй)
Clй(s) du Registre infectйe(s):
(Aucun йlйment nuisible dйtectй)
Valeur(s) du Registre infectйe(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced DHTML Enable (Trojan.Agent) -> Quarantined and deleted successfully.
Elйment(s) de donnйes du Registre infectй(s):
(Aucun йlйment nuisible dйtectй)
Dossier(s) infectй(s):
(Aucun йlйment nuisible dйtectй)
Fichier(s) infectй(s):
C:\WINDOWS\system32\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\пользователь\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\пользователь\Local Settings\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.- escuse pour les caractere speciaux mais je travail sur un compte russe ils n'ont pas les memes caracteres.
et juste une petite question parceque tous ca m'interresse la procedure que tu ma fait appliquer depend du type de virus ou reste la meme pur tous les virus... je veu dire les logiciel que tu m'a fait utiliser.. parcque vraiment grand respect je pense que j'aurai pu chercher quelque nuit encore... et surtout grand merci.
-
-
ok , y a une autre infection , non detecté par les outils alors j ai besoin d une info :
Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau
Double clique sur le OAD pour le lancer
- nom de fichier à rechercher tape ou fais un copier coller de :
fwuaqq
- Type de recherche : sélectionne l'option 7 puis valide
OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.
- Fais un copier / coller de ce rapport dans ton prochain post.
Note importante : Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient
-
OUI , il reste une infection regarde et fais ceci : http://www.commentcamarche.net/forum/affich 12414651 virus trojan win32?#13
-
telecharge OAD ici : http://sd-1.archive-host.com/membres/up/116615172019703188/Novice_Oad.exe
-
voila le rapport
12.05.2009 ---- 16:39:36,15
----------------------------------
§§§§§§ [fwuaqq] §§§§§§
----------------------------------
[X] Registre
********************
[Registre]
********************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWUAQQ]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWUAQQ\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWUAQQ\0000]
"Service"="fwuaqq"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWUAQQ\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWUAQQ\0000\Control]
"ActiveService"="fwuaqq"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWUAQQ]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWUAQQ\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWUAQQ\0000]
"Service"="fwuaqq"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWUAQQ]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWUAQQ\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWUAQQ\0000]
"Service"="fwuaqq"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWUAQQ\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWUAQQ\0000\Control]
"ActiveService"="fwuaqq"
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
-
-
on va réutiliser combofix :
Copie le texte ci-dessous :
Rootkit::
fwuaqq
uxhiaxci
File::
c:\windows\system32\qqiqvg.dll
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt
S'il n'y a pas de rédémarrage, poste quand même le rapport.
-
voici le rapport par contre j'ai eu une demande d'execution au demarrageque j'ai bloque
nom fichier:cmd.exeComboFix 09-05-11.08 - пользователь 12.05.2009 16:59.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.7.1049.18.502.275 [GMT 4:00]
Running from: c:\documents and settings\пользователь\Мои документы\Уголовное право З.С. 2 семестр\ComboFix.exe
Command switches used :: c:\documents and settings\пользователь\Рабочий стол\CFScript.txt
AV: Антивирусная защита Касперского для Я.Онлайн *On-access scanning disabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:\windows\system32\qqiqvg.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ПОЛЬЗО~1\LOCALS~1\Temp\E_4
c:\windows\system32\com.run
c:\windows\system32\dp1.fne
c:\windows\system32\eAPI.fne
c:\windows\system32\internet.fne
c:\windows\system32\og.dll
c:\windows\system32\og.edt
c:\windows\system32\RegEx.fnr
c:\windows\system32\shell.fne
c:\windows\system32\spec.fne
c:\windows\system32\ul.dll
c:\windows\system32\qqiqvg.dll . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3360PR
-------\Service_asc3360pr
((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))
.
2009-05-12 12:57 . 2009-05-12 12:57 -------- d-----w C:\killbagle
2009-05-12 12:07 . 2009-05-12 12:07 -------- d-----w c:\documents and settings\пользователь\Application Data\Malwarebytes
2009-05-12 12:07 . 2009-04-06 11:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-12 12:07 . 2009-04-06 11:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 12:07 . 2009-05-12 12:07 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-12 12:07 . 2009-05-12 12:07 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-12 11:40 . 2009-05-12 11:40 -------- d-----w C:\_OTMoveIt
2009-05-12 08:53 . 2009-05-12 08:53 -------- d-----w c:\program files\NoAdware
2009-05-12 05:37 . 2009-05-12 05:37 -------- d-----w c:\documents and settings\пользователь\Local Settings\Application Data\Ashampoo
2009-05-12 05:34 . 2009-05-12 05:34 -------- d-----w c:\program files\Ashampoo
2009-05-11 21:17 . 2009-05-12 13:05 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-11 19:06 . 2009-05-11 19:06 128 ----a-w c:\windows\system32\pdfl.dat
2009-05-11 19:06 . 2009-05-11 19:06 80 ----a-w c:\windows\system32\ibfl.dat
2009-05-11 19:06 . 2009-05-11 19:06 144 ----a-w c:\windows\system32\lkfl.dat
2009-05-11 19:06 . 2009-05-11 19:06 -------- d-----w c:\program files\CheckPoint
2009-05-11 19:06 . 2009-05-11 19:06 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-05-11 19:06 . 2009-03-31 15:20 72584 ----a-w c:\windows\zllsputility.exe
2009-05-11 19:05 . 2009-03-31 15:20 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-05-11 19:05 . 2009-05-11 19:05 -------- d-----w c:\windows\system32\ZoneLabs
2009-05-11 19:05 . 2009-05-11 19:05 -------- d-----w c:\program files\Zone Labs
2009-05-11 19:03 . 2009-05-11 19:04 -------- d-----w c:\windows\Internet Logs
2009-04-29 16:25 . 2009-04-29 16:25 -------- d-sh--w C:\FOUND.007
2009-04-28 12:54 . 2009-04-28 12:54 -------- d-sh--w C:\FOUND.006
2009-04-16 15:54 . 2009-04-16 15:54 -------- d-sh--w C:\FOUND.005
2009-04-14 12:28 . 2009-04-14 12:28 -------- d-sh--w C:\FOUND.004
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-12 13:05 . 2009-05-11 21:17 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-12 09:11 . 2009-05-12 09:11 21273 ----a-w c:\program files\hijackthis.log
2009-05-11 19:08 . 2009-05-11 19:08 8192 ------w c:\windows\Internet Logs\xDB27.tmp
2009-05-11 19:08 . 2009-05-11 19:08 1039360 ------w c:\windows\Internet Logs\xDB28.tmp
2009-05-11 19:08 . 2009-05-11 19:08 8192 ------w c:\windows\Internet Logs\xDB25.tmp
2009-05-11 19:08 . 2009-05-11 19:08 760320 ------w c:\windows\Internet Logs\xDB26.tmp
2009-04-11 17:21 . 2009-04-11 17:20 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-04-11 17:17 . 2009-04-11 17:17 -------- d-----w c:\program files\Common Files\Skype
2009-04-11 17:17 . 2009-04-11 17:17 -------- d-----r c:\program files\Skype
2009-03-19 14:30 . 2009-03-19 14:30 -------- d-----w c:\program files\Google
2009-02-18 05:31 . 1979-12-31 20:00 72462 ----a-w c:\windows\system32\perfc019.dat
2009-02-18 05:31 . 1979-12-31 20:00 437844 ----a-w c:\windows\system32\perfh019.dat
2009-02-17 17:54 . 2009-02-17 17:54 90624 ----a-w c:\documents and settings\пользователь\winpad23.exe
2009-02-17 17:54 . 2009-02-17 17:54 90624 ----a-w c:\documents and settings\пользователь\winpad23.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-05-12_10.41.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-22 08:54 . 2009-05-12 10:45 15086 c:\windows\Installer\{7D2370AC-D8E6-4996-986A-19824F8A167C}\ProgramGroupShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe
- 2009-01-22 08:54 . 2009-05-11 21:21 15086 c:\windows\Installer\{7D2370AC-D8E6-4996-986A-19824F8A167C}\ProgramGroupShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe
- 2009-01-22 08:54 . 2009-05-11 21:21 15086 c:\windows\Installer\{7D2370AC-D8E6-4996-986A-19824F8A167C}\DesktopShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe
+ 2009-01-22 08:54 . 2009-05-12 10:45 15086 c:\windows\Installer\{7D2370AC-D8E6-4996-986A-19824F8A167C}\DesktopShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe
+ 2009-01-22 08:54 . 2009-05-12 10:45 15086 c:\windows\Installer\{7D2370AC-D8E6-4996-986A-19824F8A167C}\ARPPRODUCTICON.exe
- 2009-01-22 08:54 . 2009-05-11 21:21 15086 c:\windows\Installer\{7D2370AC-D8E6-4996-986A-19824F8A167C}\ARPPRODUCTICON.exe
+ 2004-09-20 05:35 . 2009-05-12 12:19 340240 c:\windows\system32\FNTCACHE.DAT
- 2004-09-20 05:35 . 2009-03-29 07:33 340240 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]
"Yupdate!"="c:\program files\Common Files\Yandex\Yupdate\yupdate.exe" [2008-05-04 537352]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3963232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-19 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-12-10 278618]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-10 786522]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2008-12-10 270336]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2008-12-10 2893824]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-12-10 110592]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 208896]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2008-12-10 167936]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2008-12-10 143360]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2008-12-10 311296]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-07-25 155648]
"eRecoveryService"="c:\program files\Acer\eRecovery\Monitor.exe" [2008-12-10 434176]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2005-10-20 33792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-10 151552]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2008-12-10 349184]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-07 954392]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 566808]
"'Ashampoo AntiSpyWare 2 Guard'"="c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2009-01-14 2347352]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-10 196608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 335872]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"preload"="c:\windows\RUNXMLPL.exe" [2008-12-10 110592]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 151552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1515520]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= file:///c:\docume~1\ПОЛЬЗО~1\LOCALS~1\Temp\msohtml1\[u]0[/u]1\clip_image001.gif
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\QuickCam10\\LU\\LogitechUpdate.exe"=
"c:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe"=
"c:\\WINDOWS\\system32\\WISPTIS.EXE"=
"c:\\Program Files\\Common Files\\Logishrd\\LQCVFX\\COCIManager.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\PC Connectivity Solution\\NclInstaller.exe"=
"c:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe"=
"c:\\Program Files\\Acer\\eRecovery\\mbrwrwin.exe"=
"c:\\Program Files\\Winamp\\Winamp.exe"= c:\\Program Files\\Winamp\\winamp.exe
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"=
"c:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\LVComSX.exe"=
"c:\\Program Files\\ACD Systems\\ACDSee\\7.0\\ACDSee7.exe"=
"c:\\Program Files\\Launch Manager\\OSDCtrl.exe"=
"c:\\Program Files\\Launch Manager\\Wbutton.exe"=
"c:\\Program Files\\Common Files\\Logishrd\\LQCVFX\\ModelFileHandler.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe"=
"c:\\Program Files\\Common Files\\Yandex\\Yupdate\\yupdate.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Documents and Settings\\пользователь\\upad33.exe"=
"c:\\Program Files\\Common Files\\LogiShrd\\SrvLnch\\SrvLnch.exe"=
"c:\\Windows\\RUNXMLPL.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\Launch Manager\\HotkeyApp.exe"=
"c:\\Program Files\\Launch Manager\\LaunchAp.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe"=
"c:\\acer\\epm\\epm-dm.exe"=
"c:\\Program Files\\Launch Manager\\PowerKey.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Acer\\eRecovery\\Monitor.exe"=
"c:\\PROGRA~1\\COMMON~1\\Logishrd\\LQCVFX\\COCIMA~1.EXE"=
"c:\\program files\\common files\\logishrd\\kaudp\\FltrInst.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\пользователь\\winpad23.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Microsoft\\Office Live\\OfficeLiveSignIn.exe"=
"c:\\Program Files\\Windows Live\\Toolbar\\wltuser.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Windows Live\\Photo Gallery\\WLXQuickTimeControlHost.exe"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7233:TCP"= 7233:TCP:mgeocglg
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [12.05.2009 9:34 749400]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [17.02.2009 22:30 55152]
R2 ISWKL;ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [12.02.2009 14:12 21136]
R2 IswSvc;ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [12.02.2009 14:12 390536]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14.01.2009 17:53 226656]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [24.03.2006 23:43 2343]
S1 mailKmd;mailKmd; [x]
S2 fwuaqq;Manager Task;c:\windows\system32\svchost.exe -k netsvcs [01.01.1980 14336]
S2 gupdate1c9bac96ecf22d2;Служба Google Update (gupdate1c9bac96ecf22d2);c:\program files\Google\Update\GoogleUpdate.exe [11.04.2009 21:17 133104]
S3 fsssvc;Семейная безопасность Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 18:08 607088]
S3 uxhiaxci;uxhiaxci;\??\c:\windows\system32\[u]0[/u]1.tmp --> c:\windows\system32\[u]0[/u]1.tmp [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ASC3360PR
*NewlyCreated* - UBHELPER
*Deregistered* - mchInjDrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fwuaqq
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - NADFOLDER\autorun.exe
\Shell\open\command - NADFOLDER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - NADFOLDER\autorun.exe
\Shell\open\command - NADFOLDER\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
2009-05-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-11 17:17]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Экспорт в Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: {{8DAE90AD-4583-4977-9DD4-4360F7A45C74}
TCP: {90C39383-E3FA-41AF-ADF5-39F3F3C983A9} = 91.189.240.2
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-12 17:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(688)
c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\Guard.dll
- - - - - - - > 'lsass.exe'(744)
c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\Guard.dll
- - - - - - - > 'explorer.exe'(7296)
c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\Guard.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
- - - - - - - > 'csrss.exe'(664)
c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\Guard.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMMON FILES\LOGISHRD\LVMVFM\LVPRCSRV.EXE
c:\acer\EMANAGER\ANBMSERV.EXE
c:\program files\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\program files\CANON\CAL\CALMAIN.EXE
c:\program files\PC CONNECTIVITY SOLUTION\SERVICELAYER.EXE
c:\program files\COMMON FILES\LOGISHRD\LCOMMGR\LVCOMSX.EXE
c:\program files\COMMON FILES\LOGISHRD\LQCVFX\COCIMANAGER.EXE
.
**************************************************************************
.
Completion time: 2009-05-12 17:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-12 13:11
ComboFix2.txt 2009-05-12 10:47
Pre-Run: 7 717 224 448 байт свободно
Post-Run: 7 729 823 744 байт свободно
262 --- E O F --- 2009-04-16 17:10
:%systemroot%\system32
si ca te dit quelque chose
rapport:
-
-
-
re , j étais sortie. l infection s accroche ;)
• Télécharge et install UsbFix
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Choisis l'option 1 ( Recherche )
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
-
re salut
voila le rapport de usbfix
############################## [ UsbFix V3.018 # Scan ]
# User : пользователь (Администраторы) # ACER-027F9640B7
# Update on 11/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:18:20 | 12.05.2009
# Intel(R) Celeron(R) M processor 1.60GHz
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : Антивирусная защита Касперского для Я.Онлайн 7.0.1.321 [ (!) Disabled | Updated ]
# C:\ # Локальный жесткий диск # 26,27 Go (7,12 Go free) [ЯНА] # FAT32
# D:\ # Локальный жесткий диск # 26,66 Go (11,6 Go free) [ЯНА] # FAT32
# E:\ # Компакт-диск # 340,1 Mo (0 Mo free) [QC_10_51_Retail] # CDFS
# F:\ # Съемный диск # 7,47 Go (5,97 Go free) [ARNO 8GO] # FAT32
# G:\ # Съемный диск # 3,76 Go (1,59 Go free) [U3] # FAT32
# H:\ # Съемный диск # 495,23 Mo (85,3 Mo free) [PHILIPS UFD] # FAT
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Yandex\Yupdate\yupdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\winspuo.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\wingjfwhf.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\DOCUME~1\ПОЛЬЗО~1\LOCALS~1\Temp\wd4d99f.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="\\blank.htm"
HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "AltDefaultUserName"="пользователь"
HKLM_logon: "DefaultUserName"="пользователь"
HKLM_Run: SoundMan=SOUNDMAN.EXE
HKLM_Run: SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
HKLM_Run: SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM_Run: EPM-DM=c:\acer\epm\epm-dm.exe
HKLM_Run: ePowerManagement=C:\Acer\ePM\ePM.exe boot
HKLM_Run: PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
HKLM_Run: PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
HKLM_Run: RemoteControl="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
HKLM_Run: LaunchAp="C:\Program Files\Launch Manager\LaunchAp.exe"
HKLM_Run: PowerKey="C:\Program Files\Launch Manager\PowerKey.exe"
HKLM_Run: LManager="C:\Program Files\Launch Manager\HotkeyApp.exe"
HKLM_Run: CtrlVol="C:\Program Files\Launch Manager\CtrlVol.exe"
HKLM_Run: LMgrOSD="C:\Program Files\Launch Manager\OSDCtrl.exe"
HKLM_Run: Wbutton="C:\Program Files\Launch Manager\Wbutton.exe"
HKLM_Run: eRecoveryService=C:\Program Files\Acer\eRecovery\Monitor.exe
HKLM_Run: WinampAgent=C:\Program Files\Winamp\winampa.exe
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: PCSuiteTrayApplication=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
HKLM_Run: LogitechQuickCamRibbon="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
HKLM_Run: LogitechCommunicationsManager="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
HKLM_Run: 'Ashampoo AntiSpyWare 2 Guard'=C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
HKLM_Run: HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
HKLM_Run: IgfxTray=C:\WINDOWS\system32\igfxtray.exe
HKLM_Run: IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
HKLM_Run: preload=C:\Windows\RUNXMLPL.exe
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active=
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: Yupdate!="C:\Program Files\Common Files\Yandex\Yupdate\yupdate.exe"
HKCU_Run: msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
################## [ Informations ]
################## [ Fichiers # Dossiers infectieux ]
Found ! E:\Setup.exe
Found ! E:\autorun.inf
F:\autorun.inf # -> fichier appelй : "F:\ihqoyx.exe" ( prйsent ! )
Found ! F:\Recycled.exe
Found ! F:\RECYCLER.exe
Found ! F:\autorun.inf
Found ! F:\fwoy.pif
Found ! F:\unwved.pif
Found ! F:\ujxlg.pif
Found ! F:\xcxy.pif
Found ! F:\tndo.pif
Found ! F:\ikfo.pif
Found ! F:\corlai.pif
Found ! F:\tesrq.pif
Found ! F:\recycler\sxmpdlhn.exe
Found ! F:\recycler\qxoggohn.exe
Found ! F:\recycler\hlbrtrhn.exe
Found ! F:\recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
G:\autorun.inf # -> fichier appelй : "G:\tjvbds.pif" ( prйsent ! )
Found ! G:\Recycled.exe
Found ! G:\RECYCLER.exe
Found ! G:\system.exe
Found ! G:\autorun.inf
Found ! G:\sqvafn.pif
Found ! G:\vidrc.pif
Found ! G:\yjdeae.pif
Found ! G:\qiik.pif
Found ! G:\heiv.pif
Found ! G:\tjvbds.pif
Found ! G:\kqywhb.pif
Found ! G:\recycler\rmvrwnhn.exe
Found ! G:\recycler\bmjieghn.exe
Found ! G:\recycler\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
Found ! G:\recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
H:\autorun.inf # -> fichier appelй : "H:\dwtffl.cmd" ( prйsent ! )
Found ! H:\.\RECYCLER\autorun.exe
Found ! H:\autorun.ini
Found ! H:\autorun.pif
Found ! H:\jdhc2x2.com
Found ! H:\Recycled.exe
Found ! H:\RECYCLER.exe
Found ! H:\autorun.inf
Found ! H:\etjt.pif
Found ! H:\riqta.pif
Found ! H:\urbo.pif
Found ! H:\orurxb.pif
Found ! H:\pwuwef.pif
Found ! H:\tufdxj.pif
Found ! H:\autorun.pif
Found ! H:\recycler\xamxorhn.exe
Found ! H:\recycler\autorun.exe
Found ! H:\recycler\xqbijzhn.exe
Found ! H:\recycler\vxubyphn.exe
Found ! H:\recycler\kkdafghn.exe
Found ! H:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
Found ! H:\recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Found ! H:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
Found ! H:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
################## [ Registre # Clйs Run infectieuses ]
Found ! HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
################## [ Registre # Mountpoints2 ]
HKCU\Software\Microsoft\....\MountPoints2\F\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\F\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\G\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\G\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{2535d995-cfb7-11db-bdb0-0014a45c6c60}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{29144f14-3e00-11de-8045-0014a45c6c60}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{8b027fcc-3927-11dd-bf05-0014a45c6c60}\Shell\AutoRun\command
################## [ ! Fin du rapport # UsbFix V3.018 ! ]
-
-
Re coucou ;)
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau
• choisis l'option 2 ( Suppression )
• Ton bureau disparaitra et le pc redémarrera .
• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
-
voila le rapport
############################## [ UsbFix V3.018 # Cleaning ]
# User : пользователь (Администраторы) # ACER-027F9640B7
# Update on 11/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:37:17 | 12.05.2009
# Intel(R) Celeron(R) M processor 1.60GHz
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : Антивирусная защита Касперского для Я.Онлайн 7.0.1.321 [ (!) Disabled | Updated ]
# C:\ # Локальный жесткий диск # 26,27 Go (7,12 Go free) [ЯНА] # FAT32
# D:\ # Локальный жесткий диск # 26,66 Go (11,6 Go free) [ЯНА] # FAT32
# E:\ # Компакт-диск # 340,1 Mo (0 Mo free) [QC_10_51_Retail] # CDFS
# F:\ # Съемный диск # 7,47 Go (5,97 Go free) [ARNO 8GO] # FAT32
# G:\ # Съемный диск # 3,76 Go (1,59 Go free) [U3] # FAT32
# H:\ # Съемный диск # 495,23 Mo (81,59 Mo free) [PHILIPS UFD] # FAT
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Fichiers # Dossiers infectieux ]
-
-
-
-
voici si tu veu je relance usbfix selection 2
############################## [ UsbFix V3.018 # Listing ]
# User : пользователь (Администраторы) # ACER-027F9640B7
# Update on 11/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:57:27 | 12.05.2009
# Intel(R) Celeron(R) M processor 1.60GHz
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : Антивирусная защита Касперского для Я.Онлайн 7.0.1.321 [ (!) Disabled | Updated ]
# C:\ # Локальный жесткий диск # 26,27 Go (7,12 Go free) [ЯНА] # FAT32
# D:\ # Локальный жесткий диск # 26,66 Go (11,6 Go free) [ЯНА] # FAT32
# E:\ # Компакт-диск # 340,1 Mo (0 Mo free) [QC_10_51_Retail] # CDFS
# F:\ # Съемный диск # 7,47 Go (5,97 Go free) [ARNO 8GO] # FAT32
# G:\ # Съемный диск # 3,76 Go (1,57 Go free) [U3] # FAT32
# H:\ # Съемный диск # 495,23 Mo (81,22 Mo free) [PHILIPS UFD] # FAT
###################### [ Listing des fichiers prйsents C:\ ]
[20.09.2004 09:25|---hs----|512] - C:\BOOTSECT.DOS
[18.08.2004 20:00|-rahs----|4952] - C:\Bootfont.bin
[18.08.2004 20:00|-rahs----|250624] - C:\ntldr
[18.08.2004 20:00|-rahs----|47564] - C:\NTDETECT.COM
[24.03.2006 23:41|-rahs----|214] - C:\boot.ini
[15.07.2005 11:32|-rahs----|66] - C:\PRELOAD.AAA
[12.05.2009 16:39|--a------|1477] - C:\resultat.txt
[15.07.2005 11:32|-rahs----|66] - C:\PRELOAD.REV
[13.08.2005 13:07|--ahs----|1202] - C:\PATCH.REV
[16.04.2006 17:46|-rahs----|0] - C:\MSDOS.SYS
[16.04.2006 17:46|-rahs----|0] - C:\IO.SYS
[16.04.2006 17:46|--a------|6] - C:\ISACER.ID
[?|?|?] - C:\pagefile.sys
[?|?|?] - C:\hiberfil.sys
[20.12.2008 17:47|-rahs----|0] - C:\khs
[12.05.2009 10:44|--a------|646] - C:\Vaccin.txt
[12.05.2009 21:57|--a------|1773] - C:\UsbFix.txt
[12.05.2009 17:11|--a------|16695] - C:\ComboFix.txt
###################### [ Listing des dossiers prйsents C:\ ]
[20.09.2004 09:16|d--------|0] - C:\DOCS
[20.09.2004 09:16|d--------|0] - C:\DOTNETFX
[20.09.2004 09:16|d--------|0] - C:\I386
[20.09.2004 09:19|d--------|0] - C:\SUPPORT
[12.05.2009 10:43|d--h-----|0] - C:\autorun.inf
[20.09.2004 09:20|d--------|0] - C:\ELEMENTS
[20.09.2004 09:31|d--------|0] - C:\WINDOWS
[20.09.2004 09:35|d--------|0] - C:\Documents and Settings
[20.09.2004 09:43|dr-------|0] - C:\Program Files
[20.09.2004 09:48|d--hs----|0] - C:\System Volume Information
[13.07.2005 17:04|d--------|0] - C:\BOOK
[13.07.2005 17:05|d--------|0] - C:\Sysinfo
[13.07.2005 17:21|d--------|0] - C:\Acer
[13.07.2005 17:41|d--hs----|0] - C:\Recycled
[18.02.2007 23:54|d--hs----|0] - C:\FOUND.000
[22.08.2007 20:01|d--hs----|0] - C:\FOUND.001
[07.02.2009 13:16|d--hs----|0] - C:\FOUND.002
[09.04.2009 08:02|d--hs----|0] - C:\FOUND.003
[02.06.2008 21:02|d--------|0] - C:\Downloads
[14.04.2009 16:28|d--hs----|0] - C:\FOUND.004
[16.04.2009 19:54|d--hs----|0] - C:\FOUND.005
[29.04.2009 20:25|d--hs----|0] - C:\FOUND.007
[28.04.2009 16:54|d--hs----|0] - C:\FOUND.006
[19.04.2006 22:24|d--------|0] - C:\GENIUS
[12.05.2009 15:40|d--------|0] - C:\_OTMoveIt
[12.05.2009 14:10|d--------|0] - C:\Qoobox
[12.05.2009 21:16|d--------|0] - C:\UsbFix
[12.05.2009 16:57|d--------|0] - C:\killbagle
[20.06.2006 01:00|d--------|0] - C:\ConsLocalUserData
[13.09.2006 21:49|d--------|0] - C:\addons
[11.11.2006 12:26|d--------|0] - C:\ConsHS
[13.12.2006 17:16|d--------|0] - C:\Temp
[05.04.2007 21:24|d--------|0] - C:\KAV
###################### [ Listing des fichiers prйsents D:\ ]
[20.12.2008 17:47|-rahs----|0] - D:\khs
[24.01.2009 12:33|--a------|0] - D:\cda0
[09.02.2009 21:02|--a------|0] - D:\a95f
[16.03.2009 00:13|--a------|0] - D:\9f42d0
[09.04.2009 11:36|--a------|0] - D:\ef51
[21.04.2009 08:35|--a------|0] - D:\acca
###################### [ Listing des dossiers prйsents D:\ ]
[15.04.2006 23:31|d--hs----|0] - D:\System Volume Information
[12.05.2009 10:43|d--h-----|0] - D:\autorun.inf
[15.04.2006 23:43|d-a------|0] - D:\xOxBxR_tmpFolder
[17.04.2006 21:38|d--hs----|0] - D:\Recycled
[22.04.2006 21:43|d--------|0] - D:\Distr
[22.04.2006 22:29|d--------|0] - D:\Music
[23.04.2006 00:43|d--------|0] - D:\Foto
###################### [ Listing des fichiers prйsents E:\ ]
[27.01.2007 03:39|-r-------|269] - E:\autorun.inf
[09.07.2004 14:03|-r-------|62976] - E:\dsetup.dll
[08.02.2007 13:15|-r-------|321048] - E:\Setup.exe
[06.02.2007 03:45|-r-------|42779] - E:\Setup.ini
###################### [ Listing des dossiers prйsents E:\ ]
[10.02.2007 00:21|dr-------|0] - E:\Drivers
[10.02.2007 00:20|dr-------|0] - E:\Manuals
[10.02.2007 00:20|dr-------|0] - E:\QuickCam
[10.02.2007 00:20|dr-------|0] - E:\Readme
[10.02.2007 00:20|dr-------|0] - E:\Redist
[10.02.2007 00:19|dr-------|0] - E:\Setup
[10.02.2007 00:19|dr-------|0] - E:\techsupt
[10.02.2007 00:19|dr-------|0] - E:\Warranty
[10.02.2007 00:19|dr-------|0] - E:\WUApp
###################### [ Listing des fichiers prйsents F:\ ]
[10.11.2008 20:04|--ah-----|296] - F:\WMPInfo.xml
[11.05.2009 23:52|-r-hs----|171519] - F:\fwoy.pif
[12.05.2009 01:07|-r-hs----|171519] - F:\unwved.pif
[12.05.2009 01:15|-r-hs----|171519] - F:\ujxlg.pif
[12.05.2009 01:19|-r-hs----|171519] - F:\dhohw.exe
[12.05.2009 01:52|--a------|1579223] - F:\RECYCLER.exe
[12.05.2009 01:52|--a------|1587415] - F:\film.exe
[12.05.2009 01:52|--a------|1579223] - F:\cours.exe
[12.05.2009 01:52|--a------|1583319] - F:\ELIS.exe
[12.05.2009 02:27|-r-hs----|171519] - F:\nxkn.exe
[12.05.2009 02:39|-r-hs----|171519] - F:\jensx.exe
[12.05.2009 02:51|-r-hs----|171519] - F:\xcxy.pif
[12.05.2009 02:54|-r-hs----|171519] - F:\tndo.pif
[12.05.2009 01:02|-r-hs----|253439] - F:\gpfia.exe
[12.05.2009 07:04|--a------|1562] - F:\BOOTEX.LOG
[12.05.2009 11:50|-r-hs----|1579223] - F:\Recycled.exe
[12.05.2009 11:41|--a------|1579223] - F:\FOUND.000.exe
[12.05.2009 11:41|-r-hs----|222207] - F:\ggdwq.exe
[12.05.2009 11:42|--a------|1135104] - F:\rapport rolling store2[1].doc
[12.05.2009 14:41|-r-hs----|171519] - F:\ikfo.pif
[12.05.2009 15:43|-r-hs----|222207] - F:\kjjfpw.cmd
[12.05.2009 16:20|-r-hs----|171519] - F:\corlai.pif
[12.05.2009 17:07|-r-hs----|222207] - F:\enkwa.cmd
[12.05.2009 21:00|-r-hs----|222207] - F:\neovhm.exe
[12.05.2009 21:02|-r-hs----|222207] - F:\tesrq.pif
[12.05.2009 20:58|--a------|396288] - F:\Федеральный Свод законов пополнился новыми главами.doc
[11.05.2009 11:04|--a------|139776] - F:\Заняв Белый дом.doc
[11.05.2009 11:04|--a------|72192] - F:\Закон USA PATRIOT.doc
[12.05.2009 00:07|--a------|28672] - F:\Совет Безопасности занимается проблемой терроризма с начала 90.doc
[12.05.2009 21:07|-r-hs----|222207] - F:\ihqoyx.exe
[16.04.2007 18:54|-r-hs----|251] - F:\autorun.inf
[12.05.2009 21:43|-r-hs----|171519] - F:\mucgid.exe
###################### [ Listing des dossiers prйsents F:\ ]
[11.05.2009 16:38|d--h-----|0] - F:\FOUND.000
[04.01.2009 13:04|d--hs----|0] - F:\RECYCLER
[29.04.2009 11:44|d--h-----|0] - F:\film
[29.04.2009 11:44|d--h-----|0] - F:\cours
[30.04.2009 18:17|d--h-----|0] - F:\ELIS
[11.05.2009 11:48|dr-hs----|0] - F:\NADFOLDER
[12.05.2009 01:51|d--------|0] - F:\К барьеру
###################### [ Listing des fichiers prйsents G:\ ]
[16.04.2007 18:54|-r-hs----|293] - G:\autorun.inf
[07.09.2008 23:48|-r-hs----|119808] - G:\sqvafn.pif
[09.05.2009 17:15|-r-hs----|1579223] - G:\Recycled.exe
[17.04.2009 20:07|-rahs----|222207] - G:\vidrc.pif
[17.04.2009 20:06|-rahs----|222207] - G:\bnjugc.exe
[29.03.2009 18:26|-r-hs----|0] - G:\marvab.exe
[07.09.2008 23:48|-r-hs----|69120] - G:\tsvpd.cmd
[29.01.2009 23:43|-r-hs----|0] - G:\cpgxa.exe
[17.04.2009 20:07|-rahs----|222207] - G:\yjdeae.pif
[17.04.2009 20:07|-rahs----|222207] - G:\qiik.pif
[04.04.2009 22:20|--a------|296] - G:\WMPInfo.xml
[17.04.2009 20:07|-rahs----|222207] - G:\provl.exe
[17.04.2009 20:06|-rahs----|222207] - G:\heiv.pif
[03.05.2009 16:06|--a------|1509591] - G:\Playlist.exe
[04.12.2008 13:00|-r-hs----|119808] - G:\ounn.exe
[03.05.2009 16:06|--a------|1509591] - G:\cave..exe
[03.05.2009 16:06|--a------|1509591] - G:\System.exe
[03.05.2009 16:06|--a------|1509591] - G:\RECYCLER.exe
[03.05.2009 16:06|--a------|1587415] - G:\NADFOLDER.exe
[10.05.2009 19:31|-r-hs----|222207] - G:\plyeb.exe
[12.05.2009 21:07|-r-hs----|222207] - G:\tjvbds.pif
[12.05.2009 21:43|-r-hs----|171519] - G:\qkgfrl.pif
[17.04.2009 20:06|-rahs----|222207] - G:\mmdm.cmd
[04.12.2008 13:00|-r-hs----|222207] - G:\kqywhb.pif
###################### [ Listing des dossiers prйsents G:\ ]
[01.01.1601 04:00|d--h-----|0] - G:\Playlist
[?|?|?] - G:\cave.
[31.03.2008 16:07|d--h-----|0] - G:\System
[30.09.2008 12:33|d--hs----|0] - G:\RECYCLER
[14.04.2009 18:45|dr-hs----|0] - G:\NADFOLDER
[04.05.2008 12:31|dr-hs----|0] - G:\DRIVE
[09.05.2009 17:16|d--------|0] - G:\2009_05_09
[09.05.2009 17:16|d--------|0] - G:\2009_05_08
[11.06.2008 21:43|d--------|0] - G:\Music
[13.06.2008 13:08|d--------|0] - G:\Recorded
[30.08.2008 22:47|dr-hs----|0] - G:\Recycled
###################### [ Listing des fichiers prйsents H:\ ]
[16.03.2009 21:28|--a------|35328] - H:\Дневник по практике.doc
[12.05.2009 21:07|-r-hs----|222207] - H:\dwtffl.cmd
[11.12.2008 16:42|-r-hs----|69120] - H:\etjt.pif
[20.12.2007 01:57|-rahs----|29696] - H:\RECYCLER.exe
[04.12.2008 13:03|-r-hs----|119808] - H:\efugv.exe
[23.12.2008 13:54|-r-hs----|222207] - H:\riqta.pif
[18.08.2004 17:44|-rahs----|339068] - H:\ovswjb.exe
[11.12.2008 16:42|-r-hs----|69120] - H:\urbo.pif
[22.03.2009 19:20|-r-hs----|171519] - H:\ibugx.exe
[22.03.2009 19:19|--a------|56832] - H:\The_News_Lead.doc
[12.04.2009 23:07|--a------|101888] - H:\ВВЕДЕНИ1.doc
[03.05.2009 15:58|-r-hs----|171519] - H:\orurxb.pif
[01.04.2009 10:30|-r-hs----|89599] - H:\suwc.cmd
[08.04.2009 08:25|-r-hs----|171519] - H:\ecec.cmd
[23.12.2007 19:30|--ahs----|2] - H:\ldupver.txt
[12.04.2009 22:38|--a------|158720] - H:\ВВЕДЕНИЕ.doc
[16.04.2007 18:54|-r-hs----|293] - H:\AutoRun.inf
[26.04.2009 22:48|-r-hs----|171519] - H:\jeev.exe
[09.03.2009 15:10|-r-hs----|171519] - H:\tide.exe
[12.05.2009 21:43|-r-hs----|171519] - H:\pfarhv.exe
[11.12.2008 22:04|-r-hs----|171519] - H:\pwuwef.pif
[08.09.2008 10:45|-r-hs----|502708] - H:\jdhc2x2.com
[04.12.2008 13:03|-r-hs----|222207] - H:\tufdxj.pif
[16.04.2009 23:36|--a------|51712] - H:\религия.doc
[10.10.2008 20:27|-r-hs----|69120] - H:\jaxm.exe
[21.04.2009 08:44|--a------|25088] - H:\Frenchman.doc
[11.05.2009 01:52|-r-hs----|1509591] - H:\Recycled.exe
[11.05.2009 15:01|--a------|214016] - H:\Курсач.doc
[28.04.2009 22:23|--a------|99840] - H:\Договор лизинга.doc
[14.12.2008 21:37|-r-hs----|171519] - H:\whkbgo.exe
[26.04.2009 21:41|--a------|247296] - H:\Афнанистан- готовый реферат.doc
[28.04.2009 22:25|--a------|28160] - H:\Преступления против государства.doc
[04.05.2009 16:52|--a------|81408] - H:\European Union.doc
[27.04.2009 20:35|--a------|1056768] - H:\Южная Осетия.doc
[04.12.2008 13:04|-r-hs----|222207] - H:\kvejp.cmd
[31.07.2006 01:20|-rahs----|959] - H:\autorun.bin
[12.09.2005 12:52|-rahs----|778240] - H:\autorun.exe.exe
[16.08.2001 08:42|-rahs----|2238] - H:\Autorun.ico
[08.06.2007 13:40|-rahs----|4434] - H:\autorun.inf.rar
[14.03.2007 12:11|-rahs----|17213] - H:\Autorun.ini
[02.05.2004 05:35|-rahs----|967] - H:\autorun.pif
[09.09.2006 18:04|-rahs----|15210] - H:\autorun.rar
[22.08.2006 21:20|-rahs----|0] - H:\autorun.srm
[14.06.2006 12:26|-rahs----|24] - H:\autorun.txt
[10.11.2006 08:19|-rahs----|0] - H:\autorun.wsh
###################### [ Listing des dossiers prйsents H:\ ]
[18.09.2008 13:06|d--hs----|0] - H:\RECYCLER
[17.03.2009 17:44|d--h-----|0] - H:\Уголовное право З.С. 2 семестр
[?|?|?] - H:\cave.
[12.04.2009 22:51|dr-hs----|0] - H:\NADFOLDER
[02.12.2008 10:33|d--h-----|0] - H:\CONFIG
[03.05.2009 16:02|dr-------|0] - H:\Foto
[15.05.2007 10:16|dr-hs----|0] - H:\Recycled
################## [ ! Fin du rapport # UsbFix V3.018 ! ] -
voici si tu veu je relance usbfix selection 2
############################## [ UsbFix V3.018 # Listing ]
# User : пользователь (Администраторы) # ACER-027F9640B7
# Update on 11/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:57:27 | 12.05.2009
# Intel(R) Celeron(R) M processor 1.60GHz
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : Антивирусная защита Касперского для Я.Онлайн 7.0.1.321 [ (!) Disabled | Updated ]
# C:\ # Локальный жесткий диск # 26,27 Go (7,12 Go free) [ЯНА] # FAT32
# D:\ # Локальный жесткий диск # 26,66 Go (11,6 Go free) [ЯНА] # FAT32
# E:\ # Компакт-диск # 340,1 Mo (0 Mo free) [QC_10_51_Retail] # CDFS
# F:\ # Съемный диск # 7,47 Go (5,97 Go free) [ARNO 8GO] # FAT32
# G:\ # Съемный диск # 3,76 Go (1,57 Go free) [U3] # FAT32
# H:\ # Съемный диск # 495,23 Mo (81,22 Mo free) [PHILIPS UFD] # FAT
###################### [ Listing des fichiers prйsents C:\ ]
[20.09.2004 09:25|---hs----|512] - C:\BOOTSECT.DOS
[18.08.2004 20:00|-rahs----|4952] - C:\Bootfont.bin
[18.08.2004 20:00|-rahs----|250624] - C:\ntldr
[18.08.2004 20:00|-rahs----|47564] - C:\NTDETECT.COM
[24.03.2006 23:41|-rahs----|214] - C:\boot.ini
[15.07.2005 11:32|-rahs----|66] - C:\PRELOAD.AAA
[12.05.2009 16:39|--a------|1477] - C:\resultat.txt
[15.07.2005 11:32|-rahs----|66] - C:\PRELOAD.REV
[13.08.2005 13:07|--ahs----|1202] - C:\PATCH.REV
[16.04.2006 17:46|-rahs----|0] - C:\MSDOS.SYS
[16.04.2006 17:46|-rahs----|0] - C:\IO.SYS
[16.04.2006 17:46|--a------|6] - C:\ISACER.ID
[?|?|?] - C:\pagefile.sys
[?|?|?] - C:\hiberfil.sys
[20.12.2008 17:47|-rahs----|0] - C:\khs
[12.05.2009 10:44|--a------|646] - C:\Vaccin.txt
[12.05.2009 21:57|--a------|1773] - C:\UsbFix.txt
[12.05.2009 17:11|--a------|16695] - C:\ComboFix.txt
###################### [ Listing des dossiers prйsents C:\ ]
[20.09.2004 09:16|d--------|0] - C:\DOCS
[20.09.2004 09:16|d--------|0] - C:\DOTNETFX
[20.09.2004 09:16|d--------|0] - C:\I386
[20.09.2004 09:19|d--------|0] - C:\SUPPORT
[12.05.2009 10:43|d--h-----|0] - C:\autorun.inf
[20.09.2004 09:20|d--------|0] - C:\ELEMENTS
[20.09.2004 09:31|d--------|0] - C:\WINDOWS
[20.09.2004 09:35|d--------|0] - C:\Documents and Settings
[20.09.2004 09:43|dr-------|0] - C:\Program Files
[20.09.2004 09:48|d--hs----|0] - C:\System Volume Information
[13.07.2005 17:04|d--------|0] - C:\BOOK
[13.07.2005 17:05|d--------|0] - C:\Sysinfo
[13.07.2005 17:21|d--------|0] - C:\Acer
[13.07.2005 17:41|d--hs----|0] - C:\Recycled
[18.02.2007 23:54|d--hs----|0] - C:\FOUND.000
[22.08.2007 20:01|d--hs----|0] - C:\FOUND.001
[07.02.2009 13:16|d--hs----|0] - C:\FOUND.002
[09.04.2009 08:02|d--hs----|0] - C:\FOUND.003
[02.06.2008 21:02|d--------|0] - C:\Downloads
[14.04.2009 16:28|d--hs----|0] - C:\FOUND.004
[16.04.2009 19:54|d--hs----|0] - C:\FOUND.005
[29.04.2009 20:25|d--hs----|0] - C:\FOUND.007
[28.04.2009 16:54|d--hs----|0] - C:\FOUND.006
[19.04.2006 22:24|d--------|0] - C:\GENIUS
[12.05.2009 15:40|d--------|0] - C:\_OTMoveIt
[12.05.2009 14:10|d--------|0] - C:\Qoobox
[12.05.2009 21:16|d--------|0] - C:\UsbFix
[12.05.2009 16:57|d--------|0] - C:\killbagle
[20.06.2006 01:00|d--------|0] - C:\ConsLocalUserData
[13.09.2006 21:49|d--------|0] - C:\addons
[11.11.2006 12:26|d--------|0] - C:\ConsHS
[13.12.2006 17:16|d--------|0] - C:\Temp
[05.04.2007 21:24|d--------|0] - C:\KAV
###################### [ Listing des fichiers prйsents D:\ ]
[20.12.2008 17:47|-rahs----|0] - D:\khs
[24.01.2009 12:33|--a------|0] - D:\cda0
[09.02.2009 21:02|--a------|0] - D:\a95f
[16.03.2009 00:13|--a------|0] - D:\9f42d0
[09.04.2009 11:36|--a------|0] - D:\ef51
[21.04.2009 08:35|--a------|0] - D:\acca
###################### [ Listing des dossiers prйsents D:\ ]
[15.04.2006 23:31|d--hs----|0] - D:\System Volume Information
[12.05.2009 10:43|d--h-----|0] - D:\autorun.inf
[15.04.2006 23:43|d-a------|0] - D:\xOxBxR_tmpFolder
[17.04.2006 21:38|d--hs----|0] - D:\Recycled
[22.04.2006 21:43|d--------|0] - D:\Distr
[22.04.2006 22:29|d--------|0] - D:\Music
[23.04.2006 00:43|d--------|0] - D:\Foto
###################### [ Listing des fichiers prйsents E:\ ]
[27.01.2007 03:39|-r-------|269] - E:\autorun.inf
[09.07.2004 14:03|-r-------|62976] - E:\dsetup.dll
[08.02.2007 13:15|-r-------|321048] - E:\Setup.exe
[06.02.2007 03:45|-r-------|42779] - E:\Setup.ini
###################### [ Listing des dossiers prйsents E:\ ]
[10.02.2007 00:21|dr-------|0] - E:\Drivers
[10.02.2007 00:20|dr-------|0] - E:\Manuals
[10.02.2007 00:20|dr-------|0] - E:\QuickCam
[10.02.2007 00:20|dr-------|0] - E:\Readme
[10.02.2007 00:20|dr-------|0] - E:\Redist
[10.02.2007 00:19|dr-------|0] - E:\Setup
[10.02.2007 00:19|dr-------|0] - E:\techsupt
[10.02.2007 00:19|dr-------|0] - E:\Warranty
[10.02.2007 00:19|dr-------|0] - E:\WUApp
###################### [ Listing des fichiers prйsents F:\ ]
[10.11.2008 20:04|--ah-----|296] - F:\WMPInfo.xml
[11.05.2009 23:52|-r-hs----|171519] - F:\fwoy.pif
[12.05.2009 01:07|-r-hs----|171519] - F:\unwved.pif
[12.05.2009 01:15|-r-hs----|171519] - F:\ujxlg.pif
[12.05.2009 01:19|-r-hs----|171519] - F:\dhohw.exe
[12.05.2009 01:52|--a------|1579223] - F:\RECYCLER.exe
[12.05.2009 01:52|--a------|1587415] - F:\film.exe
[12.05.2009 01:52|--a------|1579223] - F:\cours.exe
[12.05.2009 01:52|--a------|1583319] - F:\ELIS.exe
[12.05.2009 02:27|-r-hs----|171519] - F:\nxkn.exe
[12.05.2009 02:39|-r-hs----|171519] - F:\jensx.exe
[12.05.2009 02:51|-r-hs----|171519] - F:\xcxy.pif
[12.05.2009 02:54|-r-hs----|171519] - F:\tndo.pif
[12.05.2009 01:02|-r-hs----|253439] - F:\gpfia.exe
[12.05.2009 07:04|--a------|1562] - F:\BOOTEX.LOG
[12.05.2009 11:50|-r-hs----|1579223] - F:\Recycled.exe
[12.05.2009 11:41|--a------|1579223] - F:\FOUND.000.exe
[12.05.2009 11:41|-r-hs----|222207] - F:\ggdwq.exe
[12.05.2009 11:42|--a------|1135104] - F:\rapport rolling store2[1].doc
[12.05.2009 14:41|-r-hs----|171519] - F:\ikfo.pif
[12.05.2009 15:43|-r-hs----|222207] - F:\kjjfpw.cmd
[12.05.2009 16:20|-r-hs----|171519] - F:\corlai.pif
[12.05.2009 17:07|-r-hs----|222207] - F:\enkwa.cmd
[12.05.2009 21:00|-r-hs----|222207] - F:\neovhm.exe
[12.05.2009 21:02|-r-hs----|222207] - F:\tesrq.pif
[12.05.2009 20:58|--a------|396288] - F:\Федеральный Свод законов пополнился новыми главами.doc
[11.05.2009 11:04|--a------|139776] - F:\Заняв Белый дом.doc
[11.05.2009 11:04|--a------|72192] - F:\Закон USA PATRIOT.doc
[12.05.2009 00:07|--a------|28672] - F:\Совет Безопасности занимается проблемой терроризма с начала 90.doc
[12.05.2009 21:07|-r-hs----|222207] - F:\ihqoyx.exe
[16.04.2007 18:54|-r-hs----|251] - F:\autorun.inf
[12.05.2009 21:43|-r-hs----|171519] - F:\mucgid.exe
###################### [ Listing des dossiers prйsents F:\ ]
[11.05.2009 16:38|d--h-----|0] - F:\FOUND.000
[04.01.2009 13:04|d--hs----|0] - F:\RECYCLER
[29.04.2009 11:44|d--h-----|0] - F:\film
[29.04.2009 11:44|d--h-----|0] - F:\cours
[30.04.2009 18:17|d--h-----|0] - F:\ELIS
[11.05.2009 11:48|dr-hs----|0] - F:\NADFOLDER
[12.05.2009 01:51|d--------|0] - F:\К барьеру
###################### [ Listing des fichiers prйsents G:\ ]
[16.04.2007 18:54|-r-hs----|293] - G:\autorun.inf
[07.09.2008 23:48|-r-hs----|119808] - G:\sqvafn.pif
[09.05.2009 17:15|-r-hs----|1579223] - G:\Recycled.exe
[17.04.2009 20:07|-rahs----|222207] - G:\vidrc.pif
[17.04.2009 20:06|-rahs----|222207] - G:\bnjugc.exe
[29.03.2009 18:26|-r-hs----|0] - G:\marvab.exe
[07.09.2008 23:48|-r-hs----|69120] - G:\tsvpd.cmd
[29.01.2009 23:43|-r-hs----|0] - G:\cpgxa.exe
[17.04.2009 20:07|-rahs----|222207] - G:\yjdeae.pif
[17.04.2009 20:07|-rahs----|222207] - G:\qiik.pif
[04.04.2009 22:20|--a------|296] - G:\WMPInfo.xml
[17.04.2009 20:07|-rahs----|222207] - G:\provl.exe
[17.04.2009 20:06|-rahs----|222207] - G:\heiv.pif
[03.05.2009 16:06|--a------|1509591] - G:\Playlist.exe
[04.12.2008 13:00|-r-hs----|119808] - G:\ounn.exe
[03.05.2009 16:06|--a------|1509591] - G:\cave..exe
[03.05.2009 16:06|--a------|1509591] - G:\System.exe
[03.05.2009 16:06|--a------|1509591] - G:\RECYCLER.exe
[03.05.2009 16:06|--a------|1587415] - G:\NADFOLDER.exe
[10.05.2009 19:31|-r-hs----|222207] - G:\plyeb.exe
[12.05.2009 21:07|-r-hs----|222207] - G:\tjvbds.pif
[12.05.2009 21:43|-r-hs----|171519] - G:\qkgfrl.pif
[17.04.2009 20:06|-rahs----|222207] - G:\mmdm.cmd
[04.12.2008 13:00|-r-hs----|222207] - G:\kqywhb.pif
###################### [ Listing des dossiers prйsents G:\ ]
[01.01.1601 04:00|d--h-----|0] - G:\Playlist
[?|?|?] - G:\cave.
[31.03.2008 16:07|d--h-----|0] - G:\System
[30.09.2008 12:33|d--hs----|0] - G:\RECYCLER
[14.04.2009 18:45|dr-hs----|0] - G:\NADFOLDER
[04.05.2008 12:31|dr-hs----|0] - G:\DRIVE
[09.05.2009 17:16|d--------|0] - G:\2009_05_09
[09.05.2009 17:16|d--------|0] - G:\2009_05_08
[11.06.2008 21:43|d--------|0] - G:\Music
[13.06.2008 13:08|d--------|0] - G:\Recorded
[30.08.2008 22:47|dr-hs----|0] - G:\Recycled
###################### [ Listing des fichiers prйsents H:\ ]
[16.03.2009 21:28|--a------|35328] - H:\Дневник по практике.doc
[12.05.2009 21:07|-r-hs----|222207] - H:\dwtffl.cmd
[11.12.2008 16:42|-r-hs----|69120] - H:\etjt.pif
[20.12.2007 01:57|-rahs----|29696] - H:\RECYCLER.exe
[04.12.2008 13:03|-r-hs----|119808] - H:\efugv.exe
[23.12.2008 13:54|-r-hs----|222207] - H:\riqta.pif
[18.08.2004 17:44|-rahs----|339068] - H:\ovswjb.exe
[11.12.2008 16:42|-r-hs----|69120] - H:\urbo.pif
[22.03.2009 19:20|-r-hs----|171519] - H:\ibugx.exe
[22.03.2009 19:19|--a------|56832] - H:\The_News_Lead.doc
[12.04.2009 23:07|--a------|101888] - H:\ВВЕДЕНИ1.doc
[03.05.2009 15:58|-r-hs----|171519] - H:\orurxb.pif
[01.04.2009 10:30|-r-hs----|89599] - H:\suwc.cmd
[08.04.2009 08:25|-r-hs----|171519] - H:\ecec.cmd
[23.12.2007 19:30|--ahs----|2] - H:\ldupver.txt
[12.04.2009 22:38|--a------|158720] - H:\ВВЕДЕНИЕ.doc
[16.04.2007 18:54|-r-hs----|293] - H:\AutoRun.inf
[26.04.2009 22:48|-r-hs----|171519] - H:\jeev.exe
[09.03.2009 15:10|-r-hs----|171519] - H:\tide.exe
[12.05.2009 21:43|-r-hs----|171519] - H:\pfarhv.exe
[11.12.2008 22:04|-r-hs----|171519] - H:\pwuwef.pif
[08.09.2008 10:45|-r-hs----|502708] - H:\jdhc2x2.com
[04.12.2008 13:03|-r-hs----|222207] - H:\tufdxj.pif
[16.04.2009 23:36|--a------|51712] - H:\религия.doc
[10.10.2008 20:27|-r-hs----|69120] - H:\jaxm.exe
[21.04.2009 08:44|--a------|25088] - H:\Frenchman.doc
[11.05.2009 01:52|-r-hs----|1509591] - H:\Recycled.exe
[11.05.2009 15:01|--a------|214016] - H:\Курсач.doc
[28.04.2009 22:23|--a------|99840] - H:\Договор лизинга.doc
[14.12.2008 21:37|-r-hs----|171519] - H:\whkbgo.exe
[26.04.2009 21:41|--a------|247296] - H:\Афнанистан- готовый реферат.doc
[28.04.2009 22:25|--a------|28160] - H:\Преступления против государства.doc
[04.05.2009 16:52|--a------|81408] - H:\European Union.doc
[27.04.2009 20:35|--a------|1056768] - H:\Южная Осетия.doc
[04.12.2008 13:04|-r-hs----|222207] - H:\kvejp.cmd
[31.07.2006 01:20|-rahs----|959] - H:\autorun.bin
[12.09.2005 12:52|-rahs----|778240] - H:\autorun.exe.exe
[16.08.2001 08:42|-rahs----|2238] - H:\Autorun.ico
[08.06.2007 13:40|-rahs----|4434] - H:\autorun.inf.rar
[14.03.2007 12:11|-rahs----|17213] - H:\Autorun.ini
[02.05.2004 05:35|-rahs----|967] - H:\autorun.pif
[09.09.2006 18:04|-rahs----|15210] - H:\autorun.rar
[22.08.2006 21:20|-rahs----|0] - H:\autorun.srm
[14.06.2006 12:26|-rahs----|24] - H:\autorun.txt
[10.11.2006 08:19|-rahs----|0] - H:\autorun.wsh
###################### [ Listing des dossiers prйsents H:\ ]
[18.09.2008 13:06|d--hs----|0] - H:\RECYCLER
[17.03.2009 17:44|d--h-----|0] - H:\Уголовное право З.С. 2 семестр
[?|?|?] - H:\cave.
[12.04.2009 22:51|dr-hs----|0] - H:\NADFOLDER
[02.12.2008 10:33|d--h-----|0] - H:\CONFIG
[03.05.2009 16:02|dr-------|0] - H:\Foto
[15.05.2007 10:16|dr-hs----|0] - H:\Recycled
################## [ ! Fin du rapport # UsbFix V3.018 ! ] -
voici si tu veu je relance usbfix selection 2
############################## [ UsbFix V3.018 # Listing ]
# User : пользователь (Администраторы) # ACER-027F9640B7
# Update on 11/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:57:27 | 12.05.2009
# Intel(R) Celeron(R) M processor 1.60GHz
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : Антивирусная защита Касперского для Я.Онлайн 7.0.1.321 [ (!) Disabled | Updated ]
# C:\ # Локальный жесткий диск # 26,27 Go (7,12 Go free) [ЯНА] # FAT32
# D:\ # Локальный жесткий диск # 26,66 Go (11,6 Go free) [ЯНА] # FAT32
# E:\ # Компакт-диск # 340,1 Mo (0 Mo free) [QC_10_51_Retail] # CDFS
# F:\ # Съемный диск # 7,47 Go (5,97 Go free) [ARNO 8GO] # FAT32
# G:\ # Съемный диск # 3,76 Go (1,57 Go free) [U3] # FAT32
# H:\ # Съемный диск # 495,23 Mo (81,22 Mo free) [PHILIPS UFD] # FAT
###################### [ Listing des fichiers prйsents C:\ ]
[20.09.2004 09:25|---hs----|512] - C:\BOOTSECT.DOS
[18.08.2004 20:00|-rahs----|4952] - C:\Bootfont.bin
[18.08.2004 20:00|-rahs----|250624] - C:\ntldr
[18.08.2004 20:00|-rahs----|47564] - C:\NTDETECT.COM
[24.03.2006 23:41|-rahs----|214] - C:\boot.ini
[15.07.2005 11:32|-rahs----|66] - C:\PRELOAD.AAA
[12.05.2009 16:39|--a------|1477] - C:\resultat.txt
[15.07.2005 11:32|-rahs----|66] - C:\PRELOAD.REV
[13.08.2005 13:07|--ahs----|1202] - C:\PATCH.REV
[16.04.2006 17:46|-rahs----|0] - C:\MSDOS.SYS
[16.04.2006 17:46|-rahs----|0] - C:\IO.SYS
[16.04.2006 17:46|--a------|6] - C:\ISACER.ID
[?|?|?] - C:\pagefile.sys
[?|?|?] - C:\hiberfil.sys
[20.12.2008 17:47|-rahs----|0] - C:\khs
[12.05.2009 10:44|--a------|646] - C:\Vaccin.txt
[12.05.2009 21:57|--a------|1773] - C:\UsbFix.txt
[12.05.2009 17:11|--a------|16695] - C:\ComboFix.txt
###################### [ Listing des dossiers prйsents C:\ ]
[20.09.2004 09:16|d--------|0] - C:\DOCS
[20.09.2004 09:16|d--------|0] - C:\DOTNETFX
[20.09.2004 09:16|d--------|0] - C:\I386
[20.09.2004 09:19|d--------|0] - C:\SUPPORT
[12.05.2009 10:43|d--h-----|0] - C:\autorun.inf
[20.09.2004 09:20|d--------|0] - C:\ELEMENTS
[20.09.2004 09:31|d--------|0] - C:\WINDOWS
[20.09.2004 09:35|d--------|0] - C:\Documents and Settings
[20.09.2004 09:43|dr-------|0] - C:\Program Files
[20.09.2004 09:48|d--hs----|0] - C:\System Volume Information
[13.07.2005 17:04|d--------|0] - C:\BOOK
[13.07.2005 17:05|d--------|0] - C:\Sysinfo
[13.07.2005 17:21|d--------|0] - C:\Acer
[13.07.2005 17:41|d--hs----|0] - C:\Recycled
[18.02.2007 23:54|d--hs----|0] - C:\FOUND.000
[22.08.2007 20:01|d--hs----|0] - C:\FOUND.001
[07.02.2009 13:16|d--hs----|0] - C:\FOUND.002
[09.04.2009 08:02|d--hs----|0] - C:\FOUND.003
[02.06.2008 21:02|d--------|0] - C:\Downloads
[14.04.2009 16:28|d--hs----|0] - C:\FOUND.004
[16.04.2009 19:54|d--hs----|0] - C:\FOUND.005
[29.04.2009 20:25|d--hs----|0] - C:\FOUND.007
[28.04.2009 16:54|d--hs----|0] - C:\FOUND.006
[19.04.2006 22:24|d--------|0] - C:\GENIUS
[12.05.2009 15:40|d--------|0] - C:\_OTMoveIt
[12.05.2009 14:10|d--------|0] - C:\Qoobox
[12.05.2009 21:16|d--------|0] - C:\UsbFix
[12.05.2009 16:57|d--------|0] - C:\killbagle
[20.06.2006 01:00|d--------|0] - C:\ConsLocalUserData
[13.09.2006 21:49|d--------|0] - C:\addons
[11.11.2006 12:26|d--------|0] - C:\ConsHS
[13.12.2006 17:16|d--------|0] - C:\Temp
[05.04.2007 21:24|d--------|0] - C:\KAV
###################### [ Listing des fichiers prйsents D:\ ]
[20.12.2008 17:47|-rahs----|0] - D:\khs
[24.01.2009 12:33|--a------|0] - D:\cda0
[09.02.2009 21:02|--a------|0] - D:\a95f
[16.03.2009 00:13|--a------|0] - D:\9f42d0
[09.04.2009 11:36|--a------|0] - D:\ef51
[21.04.2009 08:35|--a------|0] - D:\acca
###################### [ Listing des dossiers prйsents D:\ ]
[15.04.2006 23:31|d--hs----|0] - D:\System Volume Information
[12.05.2009 10:43|d--h-----|0] - D:\autorun.inf
[15.04.2006 23:43|d-a------|0] - D:\xOxBxR_tmpFolder
[17.04.2006 21:38|d--hs----|0] - D:\Recycled
[22.04.2006 21:43|d--------|0] - D:\Distr
[22.04.2006 22:29|d--------|0] - D:\Music
[23.04.2006 00:43|d--------|0] - D:\Foto
###################### [ Listing des fichiers prйsents E:\ ]
[27.01.2007 03:39|-r-------|269] - E:\autorun.inf
[09.07.2004 14:03|-r-------|62976] - E:\dsetup.dll
[08.02.2007 13:15|-r-------|321048] - E:\Setup.exe
[06.02.2007 03:45|-r-------|42779] - E:\Setup.ini
###################### [ Listing des dossiers prйsents E:\ ]
[10.02.2007 00:21|dr-------|0] - E:\Drivers
[10.02.2007 00:20|dr-------|0] - E:\Manuals
[10.02.2007 00:20|dr-------|0] - E:\QuickCam
[10.02.2007 00:20|dr-------|0] - E:\Readme
[10.02.2007 00:20|dr-------|0] - E:\Redist
[10.02.2007 00:19|dr-------|0] - E:\Setup
[10.02.2007 00:19|dr-------|0] - E:\techsupt
[10.02.2007 00:19|dr-------|0] - E:\Warranty
[10.02.2007 00:19|dr-------|0] - E:\WUApp
###################### [ Listing des fichiers prйsents F:\ ]
[10.11.2008 20:04|--ah-----|296] - F:\WMPInfo.xml
[11.05.2009 23:52|-r-hs----|171519] - F:\fwoy.pif
[12.05.2009 01:07|-r-hs----|171519] - F:\unwved.pif
[12.05.2009 01:15|-r-hs----|171519] - F:\ujxlg.pif
[12.05.2009 01:19|-r-hs----|171519] - F:\dhohw.exe
[12.05.2009 01:52|--a------|1579223] - F:\RECYCLER.exe
[12.05.2009 01:52|--a------|1587415] - F:\film.exe
[12.05.2009 01:52|--a------|1579223] - F:\cours.exe
[12.05.2009 01:52|--a------|1583319] - F:\ELIS.exe
[12.05.2009 02:27|-r-hs----|171519] - F:\nxkn.exe
[12.05.2009 02:39|-r-hs----|171519] - F:\jensx.exe
[12.05.2009 02:51|-r-hs----|171519] - F:\xcxy.pif
[12.05.2009 02:54|-r-hs----|171519] - F:\tndo.pif
[12.05.2009 01:02|-r-hs----|253439] - F:\gpfia.exe
[12.05.2009 07:04|--a------|1562] - F:\BOOTEX.LOG
[12.05.2009 11:50|-r-hs----|1579223] - F:\Recycled.exe
[12.05.2009 11:41|--a------|1579223] - F:\FOUND.000.exe
[12.05.2009 11:41|-r-hs----|222207] - F:\ggdwq.exe
[12.05.2009 11:42|--a------|1135104] - F:\rapport rolling store2[1].doc
[12.05.2009 14:41|-r-hs----|171519] - F:\ikfo.pif
[12.05.2009 15:43|-r-hs----|222207] - F:\kjjfpw.cmd
[12.05.2009 16:20|-r-hs----|171519] - F:\corlai.pif
[12.05.2009 17:07|-r-hs----|222207] - F:\enkwa.cmd
[12.05.2009 21:00|-r-hs----|222207] - F:\neovhm.exe
[12.05.2009 21:02|-r-hs----|222207] - F:\tesrq.pif
[12.05.2009 20:58|--a------|396288] - F:\Федеральный Свод законов пополнился новыми главами.doc
[11.05.2009 11:04|--a------|139776] - F:\Заняв Белый дом.doc
[11.05.2009 11:04|--a------|72192] - F:\Закон USA PATRIOT.doc
[12.05.2009 00:07|--a------|28672] - F:\Совет Безопасности занимается проблемой терроризма с начала 90.doc
[12.05.2009 21:07|-r-hs----|222207] - F:\ihqoyx.exe
[16.04.2007 18:54|-r-hs----|251] - F:\autorun.inf
[12.05.2009 21:43|-r-hs----|171519] - F:\mucgid.exe
###################### [ Listing des dossiers prйsents F:\ ]
[11.05.2009 16:38|d--h-----|0] - F:\FOUND.000
[04.01.2009 13:04|d--hs----|0] - F:\RECYCLER
[29.04.2009 11:44|d--h-----|0] - F:\film
[29.04.2009 11:44|d--h-----|0] - F:\cours
[30.04.2009 18:17|d--h-----|0] - F:\ELIS
[11.05.2009 11:48|dr-hs----|0] - F:\NADFOLDER
[12.05.2009 01:51|d--------|0] - F:\К барьеру
###################### [ Listing des fichiers prйsents G:\ ]
[16.04.2007 18:54|-r-hs----|293] - G:\autorun.inf
[07.09.2008 23:48|-r-hs----|119808] - G:\sqvafn.pif
[09.05.2009 17:15|-r-hs----|1579223] - G:\Recycled.exe
[17.04.2009 20:07|-rahs----|222207] - G:\vidrc.pif
[17.04.2009 20:06|-rahs----|222207] - G:\bnjugc.exe
[29.03.2009 18:26|-r-hs----|0] - G:\marvab.exe
[07.09.2008 23:48|-r-hs----|69120] - G:\tsvpd.cmd
[29.01.2009 23:43|-r-hs----|0] - G:\cpgxa.exe
[17.04.2009 20:07|-rahs----|222207] - G:\yjdeae.pif
[17.04.2009 20:07|-rahs----|222207] - G:\qiik.pif
[04.04.2009 22:20|--a------|296] - G:\WMPInfo.xml
[17.04.2009 20:07|-rahs----|222207] - G:\provl.exe
[17.04.2009 20:06|-rahs----|222207] - G:\heiv.pif
[03.05.2009 16:06|--a------|1509591] - G:\Playlist.exe
[04.12.2008 13:00|-r-hs----|119808] - G:\ounn.exe
[03.05.2009 16:06|--a------|1509591] - G:\cave..exe
[03.05.2009 16:06|--a------|1509591] - G:\System.exe
[03.05.2009 16:06|--a------|1509591] - G:\RECYCLER.exe
[03.05.2009 16:06|--a------|1587415] - G:\NADFOLDER.exe
[10.05.2009 19:31|-r-hs----|222207] - G:\plyeb.exe
[12.05.2009 21:07|-r-hs----|222207] - G:\tjvbds.pif
[12.05.2009 21:43|-r-hs----|171519] - G:\qkgfrl.pif
[17.04.2009 20:06|-rahs----|222207] - G:\mmdm.cmd
[04.12.2008 13:00|-r-hs----|222207] - G:\kqywhb.pif
###################### [ Listing des dossiers prйsents G:\ ]
[01.01.1601 04:00|d--h-----|0] - G:\Playlist
[?|?|?] - G:\cave.
[31.03.2008 16:07|d--h-----|0] - G:\System
[30.09.2008 12:33|d--hs----|0] - G:\RECYCLER
[14.04.2009 18:45|dr-hs----|0] - G:\NADFOLDER
[04.05.2008 12:31|dr-hs----|0] - G:\DRIVE
[09.05.2009 17:16|d--------|0] - G:\2009_05_09
[09.05.2009 17:16|d--------|0] - G:\2009_05_08
[11.06.2008 21:43|d--------|0] - G:\Music
[13.06.2008 13:08|d--------|0] - G:\Recorded
[30.08.2008 22:47|dr-hs----|0] - G:\Recycled
###################### [ Listing des fichiers prйsents H:\ ]
[16.03.2009 21:28|--a------|35328] - H:\Дневник по практике.doc
[12.05.2009 21:07|-r-hs----|222207] - H:\dwtffl.cmd
[11.12.2008 16:42|-r-hs----|69120] - H:\etjt.pif
[20.12.2007 01:57|-rahs----|29696] - H:\RECYCLER.exe
[04.12.2008 13:03|-r-hs----|119808] - H:\efugv.exe
[23.12.2008 13:54|-r-hs----|222207] - H:\riqta.pif
[18.08.2004 17:44|-rahs----|339068] - H:\ovswjb.exe
[11.12.2008 16:42|-r-hs----|69120] - H:\urbo.pif
[22.03.2009 19:20|-r-hs----|171519] - H:\ibugx.exe
[22.03.2009 19:19|--a------|56832] - H:\The_News_Lead.doc
[12.04.2009 23:07|--a------|101888] - H:\ВВЕДЕНИ1.doc
[03.05.2009 15:58|-r-hs----|171519] - H:\orurxb.pif
[01.04.2009 10:30|-r-hs----|89599] - H:\suwc.cmd
[08.04.2009 08:25|-r-hs----|171519] - H:\ecec.cmd
[23.12.2007 19:30|--ahs----|2] - H:\ldupver.txt
[12.04.2009 22:38|--a------|158720] - H:\ВВЕДЕНИЕ.doc
[16.04.2007 18:54|-r-hs----|293] - H:\AutoRun.inf
[26.04.2009 22:48|-r-hs----|171519] - H:\jeev.exe
[09.03.2009 15:10|-r-hs----|171519] - H:\tide.exe
[12.05.2009 21:43|-r-hs----|171519] - H:\pfarhv.exe
[11.12.2008 22:04|-r-hs----|171519] - H:\pwuwef.pif
[08.09.2008 10:45|-r-hs----|502708] - H:\jdhc2x2.com
[04.12.2008 13:03|-r-hs----|222207] - H:\tufdxj.pif
[16.04.2009 23:36|--a------|51712] - H:\религия.doc
[10.10.2008 20:27|-r-hs----|69120] - H:\jaxm.exe
[21.04.2009 08:44|--a------|25088] - H:\Frenchman.doc
[11.05.2009 01:52|-r-hs----|1509591] - H:\Recycled.exe
[11.05.2009 15:01|--a------|214016] - H:\Курсач.doc
[28.04.2009 22:23|--a------|99840] - H:\Договор лизинга.doc
[14.12.2008 21:37|-r-hs----|171519] - H:\whkbgo.exe
[26.04.2009 21:41|--a------|247296] - H:\Афнанистан- готовый реферат.doc
[28.04.2009 22:25|--a------|28160] - H:\Преступления против государства.doc
[04.05.2009 16:52|--a------|81408] - H:\European Union.doc
[27.04.2009 20:35|--a------|1056768] - H:\Южная Осетия.doc
[04.12.2008 13:04|-r-hs----|222207] - H:\kvejp.cmd
[31.07.2006 01:20|-rahs----|959] - H:\autorun.bin
[12.09.2005 12:52|-rahs----|778240] - H:\autorun.exe.exe
[16.08.2001 08:42|-rahs----|2238] - H:\Autorun.ico
[08.06.2007 13:40|-rahs----|4434] - H:\autorun.inf.rar
[14.03.2007 12:11|-rahs----|17213] - H:\Autorun.ini
[02.05.2004 05:35|-rahs----|967] - H:\autorun.pif
[09.09.2006 18:04|-rahs----|15210] - H:\autorun.rar
[22.08.2006 21:20|-rahs----|0] - H:\autorun.srm
[14.06.2006 12:26|-rahs----|24] - H:\autorun.txt
[10.11.2006 08:19|-rahs----|0] - H:\autorun.wsh
###################### [ Listing des dossiers prйsents H:\ ]
[18.09.2008 13:06|d--hs----|0] - H:\RECYCLER
[17.03.2009 17:44|d--h-----|0] - H:\Уголовное право З.С. 2 семестр
[?|?|?] - H:\cave.
[12.04.2009 22:51|dr-hs----|0] - H:\NADFOLDER
[02.12.2008 10:33|d--h-----|0] - H:\CONFIG
[03.05.2009 16:02|dr-------|0] - H:\Foto
[15.05.2007 10:16|dr-hs----|0] - H:\Recycled
################## [ ! Fin du rapport # UsbFix V3.018 ! ]
-
-
-
voici le rapport par
############################## [ UsbFix V3.018 # Cleaning ]
# User : пользователь (Администраторы) # ACER-027F9640B7
# Update on 11/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 22:06:46 | 12.05.2009
# Intel(R) Celeron(R) M processor 1.60GHz
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : Антивирусная защита Касперского для Я.Онлайн 7.0.1.321 [ (!) Disabled | Updated ]
# C:\ # Локальный жесткий диск # 26,27 Go (7,12 Go free) [ЯНА] # FAT32
# D:\ # Локальный жесткий диск # 26,66 Go (11,6 Go free) [ЯНА] # FAT32
# E:\ # Компакт-диск # 340,1 Mo (0 Mo free) [QC_10_51_Retail] # CDFS
# F:\ # Съемный диск # 7,47 Go (5,97 Go free) [ARNO 8GO] # FAT32
# G:\ # Съемный диск # 3,76 Go (1,55 Go free) [U3] # FAT32
# H:\ # Съемный диск # 495,23 Mo (81,22 Mo free) [PHILIPS UFD] # FAT
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Fichiers # Dossiers infectieux ]
(!) Not Deleted ! E:\Setup.exe
(!) Not Deleted ! E:\autorun.inf
Deleted ! F:\Recycled.exe
Deleted ! F:\RECYCLER.exe
Deleted ! F:\autorun.inf
Deleted ! F:\fwoy.pif
Deleted ! F:\unwved.pif
Deleted ! F:\ujxlg.pif
Deleted ! F:\xcxy.pif
Deleted ! F:\tndo.pif
Deleted ! F:\ikfo.pif
Deleted ! F:\corlai.pif
Deleted ! F:\tesrq.pif
Deleted ! F:\recycler\sxmpdlhn.exe
Deleted ! F:\recycler\qxoggohn.exe
Deleted ! F:\recycler\hlbrtrhn.exe
Deleted ! F:\recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Deleted ! G:\Recycled.exe
Deleted ! G:\RECYCLER.exe
Deleted ! G:\system.exe
Deleted ! G:\autorun.inf
Deleted ! G:\sqvafn.pif
Deleted ! G:\vidrc.pif
Deleted ! G:\yjdeae.pif
Deleted ! G:\qiik.pif
Deleted ! G:\heiv.pif
Deleted ! G:\tjvbds.pif
Deleted ! G:\qkgfrl.pif
Deleted ! G:\kqywhb.pif
Deleted ! G:\recycler\rmvrwnhn.exe
Deleted ! G:\recycler\bmjieghn.exe
Deleted ! G:\recycler\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
Deleted ! G:\recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Deleted ! H:\.\RECYCLER\autorun.exe
Deleted ! H:\autorun.ini
Deleted ! H:\autorun.pif
Deleted ! H:\jdhc2x2.com
Deleted ! H:\Recycled.exe
Deleted ! H:\RECYCLER.exe
Deleted ! H:\autorun.inf
Deleted ! H:\etjt.pif
Deleted ! H:\riqta.pif
Deleted ! H:\urbo.pif
Deleted ! H:\orurxb.pif
Deleted ! H:\pwuwef.pif
Deleted ! H:\tufdxj.pif
Deleted ! H:\recycler\xamxorhn.exe
Deleted ! H:\recycler\xqbijzhn.exe
Deleted ! H:\recycler\vxubyphn.exe
Deleted ! H:\recycler\kkdafghn.exe
Deleted ! H:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
Deleted ! H:\recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Deleted ! H:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
Deleted ! H:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
################## [ Registre # Clйs Run infectieuses ]
# HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
################## [ Registre # Mountpoints2 ]
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\F\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\G\Shell\AutoRun\command
################## [ Listing des fichiers prйsent ]
[20.09.2004 09:25|---hs----|512] - C:\BOOTSECT.DOS
[18.08.2004 20:00|-rahs----|4952] - C:\Bootfont.bin
[18.08.2004 20:00|-rahs----|250624] - C:\ntldr
[18.08.2004 20:00|-rahs----|47564] - C:\NTDETECT.COM
[24.03.2006 23:41|-rahs----|214] - C:\boot.ini
[15.07.2005 11:32|-rahs----|66] - C:\PRELOAD.AAA
[12.05.2009 16:39|--a------|1477] - C:\resultat.txt
[15.07.2005 11:32|-rahs----|66] - C:\PRELOAD.REV
[13.08.2005 13:07|--ahs----|1202] - C:\PATCH.REV
[16.04.2006 17:46|-rahs----|0] - C:\MSDOS.SYS
[16.04.2006 17:46|-rahs----|0] - C:\IO.SYS
[16.04.2006 17:46|--a------|6] - C:\ISACER.ID
[?|?|?] - C:\pagefile.sys
[?|?|?] - C:\hiberfil.sys
[20.12.2008 17:47|-rahs----|0] - C:\khs
[12.05.2009 10:44|--a------|646] - C:\Vaccin.txt
[12.05.2009 22:09|--a------|5511] - C:\UsbFix.txt
[12.05.2009 17:11|--a------|16695] - C:\ComboFix.txt
[20.12.2008 17:47|-rahs----|0] - D:\khs
[24.01.2009 12:33|--a------|0] - D:\cda0
[09.02.2009 21:02|--a------|0] - D:\a95f
[16.03.2009 00:13|--a------|0] - D:\9f42d0
[09.04.2009 11:36|--a------|0] - D:\ef51
[21.04.2009 08:35|--a------|0] - D:\acca
[27.01.2007 03:39|-r-------|269] - E:\autorun.inf
[09.07.2004 14:03|-r-------|62976] - E:\dsetup.dll
[08.02.2007 13:15|-r-------|321048] - E:\Setup.exe
[06.02.2007 03:45|-r-------|42779] - E:\Setup.ini
[10.11.2008 20:04|--ah-----|296] - F:\WMPInfo.xml
[12.05.2009 01:19|-r-hs----|171519] - F:\dhohw.exe
[12.05.2009 01:52|--a------|1587415] - F:\film.exe
[12.05.2009 01:52|--a------|1579223] - F:\cours.exe
[12.05.2009 01:52|--a------|1583319] - F:\ELIS.exe
[12.05.2009 02:27|-r-hs----|171519] - F:\nxkn.exe
[12.05.2009 02:39|-r-hs----|171519] - F:\jensx.exe
[12.05.2009 01:02|-r-hs----|253439] - F:\gpfia.exe
[12.05.2009 07:04|--a------|1562] - F:\BOOTEX.LOG
[12.05.2009 11:41|--a------|1579223] - F:\FOUND.000.exe
[12.05.2009 11:41|-r-hs----|222207] - F:\ggdwq.exe
[12.05.2009 11:42|--a------|1135104] - F:\rapport rolling store2[1].doc
[12.05.2009 15:43|-r-hs----|222207] - F:\kjjfpw.cmd
[12.05.2009 17:07|-r-hs----|222207] - F:\enkwa.cmd
[12.05.2009 21:00|-r-hs----|222207] - F:\neovhm.exe
[12.05.2009 20:58|--a------|396288] - F:\Федеральный Свод законов пополнился новыми главами.doc
[11.05.2009 11:04|--a------|139776] - F:\Заняв Белый дом.doc
[11.05.2009 11:04|--a------|72192] - F:\Закон USA PATRIOT.doc
[12.05.2009 00:07|--a------|28672] - F:\Совет Безопасности занимается проблемой терроризма с начала 90.doc
[12.05.2009 21:07|-r-hs----|222207] - F:\ihqoyx.exe
[12.05.2009 21:43|-r-hs----|171519] - F:\mucgid.exe
[17.04.2009 20:06|-rahs----|222207] - G:\bnjugc.exe
[29.03.2009 18:26|-r-hs----|0] - G:\marvab.exe
[07.09.2008 23:48|-r-hs----|69120] - G:\tsvpd.cmd
[29.01.2009 23:43|-r-hs----|0] - G:\cpgxa.exe
[04.04.2009 22:20|--a------|296] - G:\WMPInfo.xml
[17.04.2009 20:07|-rahs----|222207] - G:\provl.exe
[03.05.2009 16:06|--a------|1509591] - G:\Playlist.exe
[04.12.2008 13:00|-r-hs----|119808] - G:\ounn.exe
[03.05.2009 16:06|--a------|1509591] - G:\cave..exe
[03.05.2009 16:06|--a------|1587415] - G:\NADFOLDER.exe
[10.05.2009 19:31|-r-hs----|222207] - G:\plyeb.exe
[17.04.2009 20:06|-rahs----|222207] - G:\mmdm.cmd
[16.03.2009 21:28|--a------|35328] - H:\Дневник по практике.doc
[12.05.2009 21:07|-r-hs----|222207] - H:\dwtffl.cmd
[04.12.2008 13:03|-r-hs----|119808] - H:\efugv.exe
[18.08.2004 17:44|-rahs----|339068] - H:\ovswjb.exe
[22.03.2009 19:20|-r-hs----|171519] - H:\ibugx.exe
[22.03.2009 19:19|--a------|56832] - H:\The_News_Lead.doc
[12.04.2009 23:07|--a------|101888] - H:\ВВЕДЕНИ1.doc
[01.04.2009 10:30|-r-hs----|89599] - H:\suwc.cmd
[08.04.2009 08:25|-r-hs----|171519] - H:\ecec.cmd
[23.12.2007 19:30|--ahs----|2] - H:\ldupver.txt
[12.04.2009 22:38|--a------|158720] - H:\ВВЕДЕНИЕ.doc
[26.04.2009 22:48|-r-hs----|171519] - H:\jeev.exe
[09.03.2009 15:10|-r-hs----|171519] - H:\tide.exe
[12.05.2009 21:43|-r-hs----|171519] - H:\pfarhv.exe
[16.04.2009 23:36|--a------|51712] - H:\религия.doc
[10.10.2008 20:27|-r-hs----|69120] - H:\jaxm.exe
[21.04.2009 08:44|--a------|25088] - H:\Frenchman.doc
[11.05.2009 15:01|--a------|214016] - H:\Курсач.doc
[28.04.2009 22:23|--a------|99840] - H:\Договор лизинга.doc
[14.12.2008 21:37|-r-hs----|171519] - H:\whkbgo.exe
[26.04.2009 21:41|--a------|247296] - H:\Афнанистан- готовый реферат.doc
[28.04.2009 22:25|--a------|28160] - H:\Преступления против государства.doc
[04.05.2009 16:52|--a------|81408] - H:\European Union.doc
[27.04.2009 20:35|--a------|1056768] - H:\Южная Осетия.doc
[04.12.2008 13:04|-r-hs----|222207] - H:\kvejp.cmd
[31.07.2006 01:20|-rahs----|959] - H:\autorun.bin
[12.09.2005 12:52|-rahs----|778240] - H:\autorun.exe.exe
[16.08.2001 08:42|-rahs----|2238] - H:\Autorun.ico
[08.06.2007 13:40|-rahs----|4434] - H:\autorun.inf.rar
[09.09.2006 18:04|-rahs----|15210] - H:\autorun.rar
[22.08.2006 21:20|-rahs----|0] - H:\autorun.srm
[14.06.2006 12:26|-rahs----|24] - H:\autorun.txt
[10.11.2006 08:19|-rahs----|0] - H:\autorun.wsh
################## [ Vaccination ]
# F:\autorun.inf -> Folder created by UsbFix.
# G:\autorun.inf -> Folder created by UsbFix.
# H:\autorun.inf -> Folder created by UsbFix.
################## [ Cracks / Keygens / Serials ]
# -> Nothing found !
################## [ ! Fin du rapport # UsbFix V3.018 ! ]
est ce normale que mon spyware ne ce soit pas redemarre au demarrage
-
-
-
- 1
- 2
Suivant
