Sujet Précédent Sujet Suivant

URL:Mal H1VZCRUQ5J.exe bloqué par Avast

Fermé
Gagzzz - 31 mars 2011 à 10:42
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 6 avril 2011 à 09:55
Bonjour,

Je viens demander de l'aide sur ce très bon forum, car j'ai actuellement un virus sur mon ordinateur que je n'arrive pas à trouver.

Le scan d'avast, y compris au redémarrage, ne trouvent rien. Et Securiser en ligne non plus.

Voici ma config:


Dès que j'ouvre une page internet, Avast me prévient d'une menace bloquée avec plusieurs messages successifs:

Objet: imageshare.cc/bs/cmd.php?key=ars344u (après la fin varie)
Infection: URL:Mal
Action: bloqué
Processus: C:\Users\Gael\Appdata\Roamgin\H1VZCRUQ5J.exe

J'ai récemment eu un message de facebook m'informant que quelqu'un avait voulu se connecter sur mon compte aux Etats Unis, et je crois que c'est lié. J'aimerais donc rapidement trouver une solution.

En vous remerciant!

18 réponses

Réponse 1 / 18
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
31 mars 2011 à 10:43
Salut,

Voici la procédure à suivre.
Prière de lire attentivement les instructions pour les suivre correctement.
Bien poster les rapports comme demandés afin de pouvoir les analyser.


ETAPE 1 :
Passe un coup de TDSSKiller : https://forum.malekal.com/viewtopic.php?t=28637&start=
Poste le rapport ici.

ETAPE 2 :

Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour, fais un scan rapide, supprime tout et poste le rapport ici.
!!! Malwarebyte doit être à jour avant de faire le scan !!!

ETAPE 3 :

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

* Lance OTL
* Sous Peronnalisation, copie-colle ce qu'il y a dans le cadre ci-dessous :
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
CREATERESTOREPOINT
nslookup www.google.fr /c
* Clique sur le bouton Analyse.
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer les rapports.
Donnes le liens pjjoint ici ensuite pour pouvoir être consultés.
0
Réponse 2 / 18
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
Modifié par Lyonnais92 le 31/03/2011 à 10:50
Bonjour,

grilled

bonne suite.
@+
Science sans conscience n'est que ruine de l'âme. Rabelais
0
Réponse 3 / 18
Gagzzz Messages postés 2 Date d'inscription jeudi 31 mars 2011 Statut Membre Dernière intervention 31 mars 2011
31 mars 2011 à 11:19
Message pour Malekale-morte:

Tout d'abord merci pour votre aide. Voici ce que vous m'avez demandé:

ETAPE1

VOici le rapport de TDSSkiller:

2011/03/31 10:48:46.0047 5140 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/31 10:48:46.0359 5140 ================================================================================
2011/03/31 10:48:46.0359 5140 SystemInfo:
2011/03/31 10:48:46.0359 5140
2011/03/31 10:48:46.0359 5140 OS Version: 6.1.7601 ServicePack: 1.0
2011/03/31 10:48:46.0359 5140 Product type: Workstation
2011/03/31 10:48:46.0359 5140 ComputerName: GAEL-PC
2011/03/31 10:48:46.0359 5140 UserName: Gael
2011/03/31 10:48:46.0359 5140 Windows directory: C:\Windows
2011/03/31 10:48:46.0359 5140 System windows directory: C:\Windows
2011/03/31 10:48:46.0359 5140 Running under WOW64
2011/03/31 10:48:46.0359 5140 Processor architecture: Intel x64
2011/03/31 10:48:46.0359 5140 Number of processors: 8
2011/03/31 10:48:46.0359 5140 Page size: 0x1000
2011/03/31 10:48:46.0359 5140 Boot type: Normal boot
2011/03/31 10:48:46.0359 5140 ================================================================================
2011/03/31 10:48:46.0593 5140 Initialize success
2011/03/31 10:49:29.0899 6436 ================================================================================
2011/03/31 10:49:29.0899 6436 Scan started
2011/03/31 10:49:29.0899 6436 Mode: Manual;
2011/03/31 10:49:29.0899 6436 ================================================================================
2011/03/31 10:49:30.0367 6436 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/03/31 10:49:30.0414 6436 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/03/31 10:49:30.0445 6436 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/03/31 10:49:30.0476 6436 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/31 10:49:30.0492 6436 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/31 10:49:30.0507 6436 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/31 10:49:30.0554 6436 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/03/31 10:49:30.0570 6436 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/03/31 10:49:30.0585 6436 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/03/31 10:49:30.0617 6436 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/03/31 10:49:30.0632 6436 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/31 10:49:30.0757 6436 amdkmdag (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/31 10:49:30.0804 6436 amdkmdap (4003b34b4a83de29cd1c88eb6c869e58) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/03/31 10:49:30.0819 6436 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/31 10:49:30.0835 6436 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/03/31 10:49:30.0851 6436 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/31 10:49:30.0866 6436 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/03/31 10:49:30.0913 6436 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/03/31 10:49:30.0944 6436 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/03/31 10:49:30.0960 6436 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/31 10:49:30.0991 6436 aswFsBlk (6923740db573b46fdda13e1df412c577) C:\Windows\system32\drivers\aswFsBlk.sys
2011/03/31 10:49:31.0007 6436 aswMonFlt (de001b988b58bfd453f667842655b22e) C:\Windows\system32\drivers\aswMonFlt.sys
2011/03/31 10:49:31.0022 6436 aswRdr (e0d1002d7fa65dd023788b17f714e682) C:\Windows\system32\drivers\aswRdr.sys
2011/03/31 10:49:31.0038 6436 aswSP (c3eafdc0f533425614430a112ba71e9a) C:\Windows\system32\drivers\aswSP.sys
2011/03/31 10:49:31.0053 6436 aswTdi (0226ffbc420d8fb67ba3b9dbdd1f2dca) C:\Windows\system32\drivers\aswTdi.sys
2011/03/31 10:49:31.0069 6436 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/31 10:49:31.0100 6436 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/03/31 10:49:31.0147 6436 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/03/31 10:49:31.0256 6436 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/03/31 10:49:31.0287 6436 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/03/31 10:49:31.0334 6436 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/31 10:49:31.0350 6436 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/31 10:49:31.0365 6436 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/31 10:49:31.0381 6436 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/31 10:49:31.0412 6436 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/03/31 10:49:31.0428 6436 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/31 10:49:31.0428 6436 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/31 10:49:31.0443 6436 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/31 10:49:31.0459 6436 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/31 10:49:31.0490 6436 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/31 10:49:31.0537 6436 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/03/31 10:49:31.0553 6436 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/31 10:49:31.0584 6436 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/03/31 10:49:31.0631 6436 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/31 10:49:31.0646 6436 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/03/31 10:49:31.0677 6436 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/03/31 10:49:31.0693 6436 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/31 10:49:31.0709 6436 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/03/31 10:49:31.0818 6436 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/31 10:49:31.0849 6436 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
2011/03/31 10:49:31.0911 6436 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/03/31 10:49:31.0911 6436 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/03/31 10:49:31.0943 6436 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/03/31 10:49:31.0974 6436 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/03/31 10:49:32.0005 6436 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/31 10:49:32.0052 6436 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/03/31 10:49:32.0099 6436 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/31 10:49:32.0130 6436 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/03/31 10:49:32.0145 6436 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/03/31 10:49:32.0161 6436 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/03/31 10:49:32.0192 6436 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/31 10:49:32.0223 6436 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/03/31 10:49:32.0239 6436 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/03/31 10:49:32.0270 6436 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/31 10:49:32.0301 6436 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/03/31 10:49:32.0333 6436 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/03/31 10:49:32.0364 6436 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/31 10:49:32.0395 6436 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/31 10:49:32.0411 6436 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/31 10:49:32.0442 6436 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/31 10:49:32.0473 6436 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/31 10:49:32.0520 6436 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/03/31 10:49:32.0535 6436 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/03/31 10:49:32.0551 6436 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/31 10:49:32.0567 6436 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/31 10:49:32.0582 6436 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/31 10:49:32.0645 6436 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/03/31 10:49:32.0660 6436 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/03/31 10:49:32.0707 6436 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/03/31 10:49:32.0738 6436 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/31 10:49:32.0754 6436 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/03/31 10:49:32.0785 6436 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/03/31 10:49:32.0801 6436 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/31 10:49:32.0847 6436 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
2011/03/31 10:49:32.0879 6436 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/03/31 10:49:32.0910 6436 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/31 10:49:32.0925 6436 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/31 10:49:32.0957 6436 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/03/31 10:49:32.0972 6436 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/03/31 10:49:33.0003 6436 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/03/31 10:49:33.0019 6436 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/03/31 10:49:33.0035 6436 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/03/31 10:49:33.0066 6436 JRAID (aef3a925cac519cc6a9a48e9bdca1ae3) C:\Windows\system32\DRIVERS\jraid.sys
2011/03/31 10:49:33.0081 6436 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/03/31 10:49:33.0097 6436 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/03/31 10:49:33.0128 6436 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/31 10:49:33.0144 6436 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/31 10:49:33.0159 6436 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/03/31 10:49:33.0206 6436 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/31 10:49:33.0237 6436 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/31 10:49:33.0237 6436 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/31 10:49:33.0269 6436 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/31 10:49:33.0284 6436 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/31 10:49:33.0300 6436 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/03/31 10:49:33.0347 6436 mcdbus (0e511aaf050c4dbafc7d0cfc99a37fd9) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/03/31 10:49:33.0362 6436 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/31 10:49:33.0378 6436 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/31 10:49:33.0393 6436 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/03/31 10:49:33.0425 6436 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/31 10:49:33.0440 6436 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/03/31 10:49:33.0471 6436 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/31 10:49:33.0503 6436 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/03/31 10:49:33.0518 6436 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/03/31 10:49:33.0534 6436 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/31 10:49:33.0565 6436 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/03/31 10:49:33.0581 6436 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/31 10:49:33.0612 6436 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/31 10:49:33.0627 6436 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/31 10:49:33.0643 6436 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/03/31 10:49:33.0659 6436 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/03/31 10:49:33.0690 6436 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/03/31 10:49:33.0705 6436 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/31 10:49:33.0721 6436 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/03/31 10:49:33.0752 6436 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/31 10:49:33.0768 6436 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/31 10:49:33.0783 6436 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/03/31 10:49:33.0815 6436 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/03/31 10:49:33.0846 6436 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/03/31 10:49:33.0861 6436 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/03/31 10:49:33.0877 6436 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/31 10:49:33.0908 6436 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/03/31 10:49:33.0924 6436 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/03/31 10:49:33.0939 6436 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/31 10:49:33.0986 6436 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/03/31 10:49:34.0002 6436 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/31 10:49:34.0017 6436 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/31 10:49:34.0049 6436 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/31 10:49:34.0080 6436 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/31 10:49:34.0111 6436 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/03/31 10:49:34.0127 6436 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/31 10:49:34.0173 6436 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/31 10:49:34.0189 6436 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/31 10:49:34.0205 6436 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/03/31 10:49:34.0236 6436 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/31 10:49:34.0283 6436 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/03/31 10:49:34.0345 6436 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/03/31 10:49:34.0376 6436 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/03/31 10:49:34.0407 6436 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/03/31 10:49:34.0423 6436 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/03/31 10:49:34.0454 6436 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/03/31 10:49:34.0485 6436 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/03/31 10:49:34.0517 6436 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/03/31 10:49:34.0532 6436 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/03/31 10:49:34.0548 6436 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/03/31 10:49:34.0563 6436 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/03/31 10:49:34.0595 6436 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/31 10:49:34.0610 6436 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/03/31 10:49:34.0626 6436 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/03/31 10:49:34.0688 6436 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
2011/03/31 10:49:34.0719 6436 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/31 10:49:34.0735 6436 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/03/31 10:49:34.0782 6436 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/31 10:49:34.0813 6436 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/31 10:49:34.0829 6436 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/31 10:49:34.0860 6436 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/31 10:49:34.0875 6436 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/31 10:49:34.0907 6436 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/31 10:49:34.0938 6436 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/31 10:49:34.0953 6436 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/31 10:49:34.0985 6436 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/31 10:49:35.0016 6436 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/31 10:49:35.0031 6436 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/31 10:49:35.0047 6436 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/31 10:49:35.0078 6436 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/31 10:49:35.0094 6436 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/31 10:49:35.0109 6436 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/03/31 10:49:35.0156 6436 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/03/31 10:49:35.0187 6436 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/31 10:49:35.0234 6436 RTHDMIAzAudService (34f05c417f038ffa3bef69b798d7d7dd) C:\Windows\system32\drivers\RtHDMIVX.sys
2011/03/31 10:49:35.0265 6436 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/03/31 10:49:35.0297 6436 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/03/31 10:49:35.0343 6436 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
2011/03/31 10:49:35.0375 6436 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/31 10:49:35.0406 6436 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/03/31 10:49:35.0437 6436 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/31 10:49:35.0453 6436 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/03/31 10:49:35.0484 6436 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/31 10:49:35.0515 6436 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/03/31 10:49:35.0531 6436 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/31 10:49:35.0546 6436 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/31 10:49:35.0577 6436 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/31 10:49:35.0593 6436 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/31 10:49:35.0624 6436 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/31 10:49:35.0640 6436 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/03/31 10:49:35.0671 6436 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/03/31 10:49:35.0718 6436 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
2011/03/31 10:49:35.0733 6436 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/31 10:49:35.0765 6436 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/31 10:49:35.0811 6436 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/31 10:49:35.0827 6436 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/03/31 10:49:35.0889 6436 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/03/31 10:49:35.0936 6436 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/31 10:49:35.0983 6436 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/31 10:49:36.0014 6436 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/03/31 10:49:36.0030 6436 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/03/31 10:49:36.0045 6436 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/31 10:49:36.0077 6436 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/03/31 10:49:36.0123 6436 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/31 10:49:36.0155 6436 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/03/31 10:49:36.0201 6436 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/31 10:49:36.0217 6436 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/31 10:49:36.0279 6436 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/31 10:49:36.0326 6436 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/31 10:49:36.0373 6436 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/03/31 10:49:36.0373 6436 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/31 10:49:36.0420 6436 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/03/31 10:49:36.0451 6436 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/03/31 10:49:36.0467 6436 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
2011/03/31 10:49:36.0498 6436 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/03/31 10:49:36.0513 6436 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
2011/03/31 10:49:36.0529 6436 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/03/31 10:49:36.0545 6436 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/31 10:49:36.0560 6436 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/31 10:49:36.0591 6436 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/31 10:49:36.0607 6436 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
2011/03/31 10:49:36.0638 6436 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
2011/03/31 10:49:36.0654 6436 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/03/31 10:49:36.0669 6436 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/31 10:49:36.0701 6436 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/03/31 10:49:36.0716 6436 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/03/31 10:49:36.0732 6436 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/03/31 10:49:36.0747 6436 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/03/31 10:49:36.0779 6436 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/03/31 10:49:36.0810 6436 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/03/31 10:49:36.0825 6436 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/31 10:49:36.0841 6436 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/03/31 10:49:36.0872 6436 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/31 10:49:36.0888 6436 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/31 10:49:36.0888 6436 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/31 10:49:36.0950 6436 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/03/31 10:49:36.0966 6436 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/31 10:49:37.0013 6436 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/31 10:49:37.0013 6436 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/03/31 10:49:37.0075 6436 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/03/31 10:49:37.0122 6436 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
2011/03/31 10:49:37.0169 6436 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
2011/03/31 10:49:37.0200 6436 WmHidLo (ac4331af118a720f13c9c5cabbfe27bd) C:\Windows\system32\drivers\WmHidLo.sys
2011/03/31 10:49:37.0215 6436 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/31 10:49:37.0247 6436 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
2011/03/31 10:49:37.0262 6436 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
2011/03/31 10:49:37.0278 6436 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/31 10:49:37.0325 6436 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/03/31 10:49:37.0356 6436 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/31 10:49:37.0387 6436 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
2011/03/31 10:49:37.0418 6436 ================================================================================
2011/03/31 10:49:37.0418 6436 Scan finished
2011/03/31 10:49:37.0418 6436 ================================================================================


ETAPE 2

Voici le rapport de Malewarebyte. Il m'a trouvé 85 fichiers infectés, et j'ai tout supprimé. Depuis je ne reçois plus aucun message d'avast concernant des menaces!

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6224

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

31/03/2011 10:56:56
mbam-log-2011-03-31 (10-56-56).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 169473
Temps écoulé: 2 minute(s), 24 seconde(s)

Processus mémoire infecté(s): 9
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 14
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 92

Processus mémoire infecté(s):
c:\Users\Gael\AppData\Roaming\New 2.exe (Spyware.Passwords.XGen) -> 1904 -> Unloaded process successfully.
c:\Users\Gael\AppData\Roaming\h1vzcruq5j.exe (Trojan.Agent) -> 1940 -> Unloaded process successfully.
c:\Users\Gael\AppData\Roaming\WinDef\WinDef.exe (Heuristics.Shuriken) -> 2540 -> Unloaded process successfully.
c:\Users\Gael\AppData\Roaming\WinDef\WinDef.exe (Heuristics.Shuriken) -> 2564 -> Unloaded process successfully.
c:\Users\Gael\AppData\Roaming\googleap.ex.exe (Heuristics.Shuriken) -> 2548 -> Unloaded process successfully.
c:\Users\Gael\AppData\Roaming\WinDefe\WinDefe.exe (Heuristics.Shuriken) -> 2572 -> Unloaded process successfully.
c:\Users\Gael\AppData\Roaming\csrss.exe (Trojan.Agent) -> 2864 -> Unloaded process successfully.
c:\Users\Gael\AppData\Roaming\PRDIIY64.exe (Trojan.Agent) -> 3172 -> Unloaded process successfully.
c:\Users\Gael\AppData\Roaming\msconfig.exe (Backdoor.Bot) -> 1892 -> Unloaded process successfully.

Module(s) mémoire infecté(s):
c:\Users\Gael\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\Driver.dll (Trojan.Downloader) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{1D8A4C14-6C96-C8EC-BD4E-162DADEB4ECE} (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D8A4C14-6C96-C8EC-BD4E-162DADEB4ECE} (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{529DE05B-9BEB-B842-AD2E-E785ED19DFEE} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{529DE05B-9BEB-B842-AD2E-E785ED19DFEE} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{D9BCDC1D-ADED-4BEB-FD79-371EB9DEB9CD} (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{AB27ADDD-DBBC-DEE9-6C07-AABD1CA7EC2F} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{AB27ADDD-DBBC-DEE9-6C07-AABD1CA7EC2F} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B21CF879-9107-1EEB-B773-3B2C16E1FCBE} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{B21CF879-9107-1EEB-B773-3B2C16E1FCBE} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msnenger (Spyware.Passwords.XGen) -> Value: msnenger -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KKE2LOWHTU3XO (Trojan.Agent) -> Value: KKE2LOWHTU3XO -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinDef (Heuristics.Shuriken) -> Value: WinDef -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GoogleAp (Heuristics.Shuriken) -> Value: GoogleAp -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinDefe (Heuristics.Shuriken) -> Value: WinDefe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender (Trojan.Agent) -> Value: Windows Defender -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TAXLRU7VO84EK (Trojan.Agent) -> Value: TAXLRU7VO84EK -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msconfig (Trojan.Agent) -> Value: msconfig -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Java (Trojan.Agent) -> Value: Java -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Java(TM) Update Scheduler (Trojan.Agent) -> Value: Java(TM) Update Scheduler -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsUpdate (Backdoor.Bot) -> Value: WindowsUpdate -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Core Drivers (Trojan.Agent) -> Value: Core Drivers -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Host (Trojan.Agent) -> Value: Windows Host -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Win32 (Backdoor.Agent.Gen) -> Value: Win32 -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\Users\Gael\AppData\Roaming\New 2.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\h1vzcruq5j.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\WinDef\WinDef.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\googleap.ex.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\WinDefe\WinDefe.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\Driver.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\PRDIIY64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\file_25672.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\k9omv7nrp0.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\mllat90wb1.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\spreading.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\10555.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\10784.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\11772.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\12727.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\13073.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\14685.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\15789.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\17838.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\19566.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\2368.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\26789.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\27879.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\28306.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\29932.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\34222.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\35887.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\44173.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\46677.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\51116.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\55931.EXE (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\56276.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\58807.EXE (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\61671.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\62634.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\63205.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\63663.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\65840.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\69539.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\69686.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\70984.exe (Malware.Generic) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\71867.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\73626.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\7390.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\74047.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\75165.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\76860.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\80332.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\80855.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\88059.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\88397.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\89298.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\92174.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\95123.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\96658.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\97672.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\97815.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\aw8f3mrtb5.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\Drive.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\h1vzcruq5j.exe.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\jre5.EXE (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\prdiiy64.exe.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\vyaac4faaq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Gael\local settings\temporary internet files\Content.IE5\3FXWXW3W\server1[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Gael\local settings\temporary internet files\Content.IE5\3FXWXW3W\spreading_4[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\local settings\temporary internet files\Content.IE5\3FXWXW3W\wormmmm[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\local settings\temporary internet files\Content.IE5\W5OHUF1R\bscrypted[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Gael\local settings\temporary internet files\Content.IE5\W5OHUF1R\callum[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\local settings\temporary internet files\Content.IE5\W5OHUF1R\server_crypted[1].exe (Malware.Generic) -> Quarantined and deleted successfully.
c:\Users\Gael\local settings\temporary internet files\Content.IE5\W5OHUF1R\svchost_crypted[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Gael\local settings\temporary internet files\Content.IE5\XRAZCRGD\chriss[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\local settings\temporary internet files\Content.IE5\XRAZCRGD\jre5[1].EXE (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Gael\local settings\temporary internet files\Content.IE5\XRAZCRGD\keys[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\local settings\temporary internet files\Content.IE5\XRAZCRGD\morph_cff938c1[1].exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Gael\local settings\temporary internet files\Content.IE5\XRAZCRGD\russel[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Gael\local settings\temporary internet files\Content.IE5\XRAZCRGD\svchost[1].exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Gael\local settings\temporary internet files\Content.IE5\YGRZNVE5\csrss[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Gael\local settings\temporary internet files\Content.IE5\YGRZNVE5\Lucy[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\local settings\temporary internet files\Content.IE5\YGRZNVE5\New 2[1].EXE (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Gael\local settings\temporary internet files\Content.IE5\YGRZNVE5\spreading_3[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\microsoft\System\Services\msconfig.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\java.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\System32\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\lovely.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\msconfig.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

ETAPE 3:

Voici le lien pour lire mon rapport OTL:
http://www.cijoint.fr/cjlink.php?file=cj201103/cijvkB7YsK.txt

Merci d'avance pour votre aide!
0
Réponse 4 / 18
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
31 mars 2011 à 12:29
Relance OTL.
o sous Personnalisation, copie_colle le contenu du cadre ci dessous et clic Correction, un rapport apparraitra suite à l'operation que tu conserveras sur clé usb par exemple afin d'en coller le resultat:

:OTL
PRC - [2011/03/31 10:58:47 | 000,016,384 | ---- | M] () -- C:\Users\Gael\AppData\Roaming\svchost.exe
PRC - [2011/03/31 10:58:47 | 000,016,384 | ---- | M] () -- C:\Users\Gael\AppData\Roaming\svchost.exe
PRC - [2011/03/30 02:03:11 | 000,198,656 | ---- | M] () -- C:\Users\Gael\AppData\Roaming\IBUK0E2W.exe
O4 - HKCU..\Run: [69140] C:\Users\Gael\AppData\Roaming\Update\69140.exe ()
O4 - HKCU..\Run: [8ZY1ND1764] C:\Users\Gael\AppData\Roaming\Update\8ZY1ND1764.exe ()
O4 - HKCU..\Run: [JVYRFU994N] C:\Users\Gael\AppData\Roaming\Update\JVYRFU994N.exe ()
O4 - HKCU..\Run: [LVDN9A3NZ6FYK] C:\Users\Gael\AppData\Roaming\IBUK0E2W.exe ()
O4 - HKCU..\Run: [MIDFX2RH64] C:\Users\Gael\AppData\Roaming\Update\MIDFX2RH64.exe ()
O4 - HKCU..\Run: [tmp4D36.tmp] C:\Users\Gael\AppData\Roaming\Update\tmp4D36.tmp.exe ()
O4 - HKCU..\Run: [tmp9F79.tmp] C:\Users\Gael\AppData\Roaming\Update\tmp9F79.tmp.exe ()
O4 - HKCU..\Run: [tmpB413.tmp] C:\Users\Gael\AppData\Roaming\Update\tmpB413.tmp.exe ()
O4 - HKCU..\Run: [tmpF8E0.tmp] C:\Users\Gael\AppData\Roaming\Update\tmpF8E0.tmp.exe ()
[2011/03/30 06:17:35 | 000,000,000 | RHSD | C] -- C:\Users\Gael\AppData\Roaming\Update
[2011/03/30 02:18:28 | 000,000,000 | -HSD | C] -- C:\Users\Gael\AppData\Roaming\lolbot
[2011/03/30 01:10:33 | 000,000,000 | ---D | C] -- C:\Users\Gael\AppData\Roaming\WinDefe
[2011/03/29 23:45:32 | 000,000,000 | ---D | C] -- C:\Users\Gael\AppData\Roaming\WinDef
[2011/03/29 19:11:50 | 000,016,384 | ---- | M] () -- C:\Users\Gael\AppData\Roaming\0Q11SIUAOM.exe
[2011/03/30 02:03:11 | 000,198,656 | ---- | M] () -- C:\Users\Gael\AppData\Roaming\IBUK0E2W.exe
[2011/03/31 10:58:47 | 000,016,384 | ---- | M] () -- C:\Users\Gael\AppData\Roaming\svchost.exe
[2010/11/05 03:58:15 | 001,169,224 | ---- | M] (Microsoft Corporation) -- C:\Users\Gael\AppData\Roaming\Windowdefefender.exe
:files
C:\Users\Gael\AppData\Roaming\lolbot\lolbot.exe
C:\Users\Gael\AppData\Roaming\Update\69140.exe
C:\Users\Gael\AppData\Roaming\Update\8ZY1ND1764.exe
C:\Users\Gael\AppData\Roaming\Update\JVYRFU994N.exe
C:\Users\Gael\AppData\Roaming\Update\MIDFX2RH64.exe
C:\Users\Gael\AppData\Roaming\Update\tmp4D36.tmp.exe
C:\Users\Gael\AppData\Roaming\Update\tmp9F79.tmp.exe
C:\Users\Gael\AppData\Roaming\Update\tmpB413.tmp.exe
C:\Users\Gael\AppData\Roaming\Update\tmpF8E0.tmp.exe
C:\Users\Gael\AppData\Roaming\WinDir\Svchost.exe

* redemarre le pc sous windows et poste le rapport ici

Mets à jour Malwarebyte.
Fais un scan complet poste le rapport ici.

Refais un scan OTL comme avant et donne le lien du rapport ici.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
Gagzzz Messages postés 2 Date d'inscription jeudi 31 mars 2011 Statut Membre Dernière intervention 31 mars 2011
31 mars 2011 à 14:42
Voici le rapport de correction d'OTL:

========== OTL ==========
Process svchost.exe killed successfully!
No active process named svchost.exe was found!
Process IBUK0E2W.exe killed successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\69140 deleted successfully.
C:\Users\Gael\AppData\Roaming\Update\69140.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\8ZY1ND1764 deleted successfully.
C:\Users\Gael\AppData\Roaming\Update\8ZY1ND1764.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\JVYRFU994N deleted successfully.
C:\Users\Gael\AppData\Roaming\Update\JVYRFU994N.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LVDN9A3NZ6FYK deleted successfully.
C:\Users\Gael\AppData\Roaming\IBUK0E2W.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MIDFX2RH64 deleted successfully.
C:\Users\Gael\AppData\Roaming\Update\MIDFX2RH64.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tmp4D36.tmp deleted successfully.
C:\Users\Gael\AppData\Roaming\Update\tmp4D36.tmp.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tmp9F79.tmp deleted successfully.
C:\Users\Gael\AppData\Roaming\Update\tmp9F79.tmp.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tmpB413.tmp deleted successfully.
C:\Users\Gael\AppData\Roaming\Update\tmpB413.tmp.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tmpF8E0.tmp deleted successfully.
C:\Users\Gael\AppData\Roaming\Update\tmpF8E0.tmp.exe moved successfully.
C:\Users\Gael\AppData\Roaming\Update folder moved successfully.
C:\Users\Gael\AppData\Roaming\lolbot folder moved successfully.
C:\Users\Gael\AppData\Roaming\WinDefe folder moved successfully.
C:\Users\Gael\AppData\Roaming\WinDef folder moved successfully.
C:\Users\Gael\AppData\Roaming\0Q11SIUAOM.exe moved successfully.
File C:\Users\Gael\AppData\Roaming\IBUK0E2W.exe not found.
C:\Users\Gael\AppData\Roaming\svchost.exe moved successfully.
C:\Users\Gael\AppData\Roaming\Windowdefefender.exe moved successfully.
========== FILES ==========
File\Folder C:\Users\Gael\AppData\Roaming\lolbot\lolbot.exe not found.
File\Folder C:\Users\Gael\AppData\Roaming\Update\69140.exe not found.
File\Folder C:\Users\Gael\AppData\Roaming\Update\8ZY1ND1764.exe not found.
File\Folder C:\Users\Gael\AppData\Roaming\Update\JVYRFU994N.exe not found.
File\Folder C:\Users\Gael\AppData\Roaming\Update\MIDFX2RH64.exe not found.
File\Folder C:\Users\Gael\AppData\Roaming\Update\tmp4D36.tmp.exe not found.
File\Folder C:\Users\Gael\AppData\Roaming\Update\tmp9F79.tmp.exe not found.
File\Folder C:\Users\Gael\AppData\Roaming\Update\tmpB413.tmp.exe not found.
File\Folder C:\Users\Gael\AppData\Roaming\Update\tmpF8E0.tmp.exe not found.
C:\Users\Gael\AppData\Roaming\WinDir\Svchost.exe moved successfully.

OTL by OldTimer - Version 3.2.22.3 log created on 03312011_124052


Voici le rapport de Maleware qui a trouvé 6 fichiers infectés que j'ai supprimé:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6224

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

31/03/2011 13:31:56
mbam-log-2011-03-31 (13-31-56).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 403309
Temps écoulé: 39 minute(s), 27 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
c:\Users\Gael\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\Driver.dll (Trojan.Downloader) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\Users\Gael\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\Driver.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\System32\jre5.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\WinDir\Svchost.exe (Malware.Generic) -> Quarantined and deleted successfully.
c:\Users\Gael\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.

Enfin, voila le lien pour le 2ème scan d'OTL:
https://pjjoint.malekal.com/files.php?id=aed215cf12141015

Merci!
0
Réponse 6 / 18
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
31 mars 2011 à 16:47
zip le dossier C:\_OTL\MovedFiles
envoie le zip sur http://upload.malekal.com

Demain, mets à jour Malwarebyte
fais un scan complet et poste le rapport ici
0
Réponse 7 / 18
Gagzzz
2 avril 2011 à 11:10
Salut,

Je n'ai pas trouvé le dossier C:\_OTL\MovedFiles sur mon PC.

J'ai mis à jour malwarebyte et j'ai fait un scan complet, qui n'a détecté aucune erreur. Voici le rapport:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6244

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

02/04/2011 11:06:33
mbam-log-2011-04-02 (11-06-33).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 403518
Temps écoulé: 43 minute(s), 29 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Merci par avance!
0
Réponse 8 / 18
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
3 avril 2011 à 23:40
Comment se comporte le PC ?
0
Réponse 9 / 18
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
3 avril 2011 à 23:44
Bonsoir,

10 sec :

Je n'ai pas trouvé le dossier C:\_OTL\MovedFiles sur mon PC

Normal, pour une raison que je n'ai pas cherchée, il est en
D:\_OTL\MovedFiles .
0
Réponse 10 / 18
Gagzzz
4 avril 2011 à 10:05
Bonjour,

Mon PC se comporte maintenant tout à fait normalement. J'ai bien trouvé le dossier _OTL et j'ai envoyé le zip sur http://upload.malekal.com/

Merci!
0
Réponse 11 / 18
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
4 avril 2011 à 11:52
Merci pour l'envoi et Lyonnais, la détection était mauvais.
J'ai tout envoyé aux AV.

Fais plus attention à l'avenir....

Maintiens tes logiciel à jour c'est important, utilise ce programme : /faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite
Absolument à faire.

Les antivirus ne font pas tout en ce qui concerne la sécurité de ta machine (mettre à jour ses logiciels etc etc)
La meilleur protection reste de connaître les infections pour pouvoir les éviter et avoir de bonne habitude.
Donc faut se documenter.

Un peu de lecture pour éviter les infections :
- connaitre et éviter les infections : https://www.malekal.com/fichiers/projetantimalwares/ProjetAntiMalware-courte.pdf
- sécuriser son PC : http://forum.malekal.com/comment-securiser-son-ordinateur.html
- lire : http://www.commentcamarche.net/faq/27128-malwares-quels-enjeux-version-synthese

Ce qu'il ne faut pas faire :
Je télécharge n'importe quoi - je m'infecte :
https://forums.commentcamarche.net/forum/affich-19719198-onglets-pub-intempestifs#14
https://forums.commentcamarche.net/forum/affich-18347759-le-nouveau-avast-sonne-trop-souvent#9
Je télécharge depuis n'importe où - je m'infecte : https://forums.commentcamarche.net/forum/affich-19916973-clickpotato-vlc-virus#6
Recommandations sur la sécurité : https://forums.commentcamarche.net/forum/affich-18680013-windows-7-et-antispyware#1

Fonctionnement de quelques catégories de malwares :
https://forums.commentcamarche.net/forum/affich-17725521-virus-programme-troyen
https://forums.commentcamarche.net/forum/affich-17746390-concernant-la-propagation-des-virus

Si tu as des questions sur le fonctionement des malwares.
N'hésite pas.

0
Réponse 12 / 18
Gagzzz
5 avril 2011 à 21:10
Salut,

Je me suis fait piraté ce matin mon compte mail, et facebook. J'ai refais un scan avec Avast et j'ai viré de nouveaux fichiers infectés. Aussi, j'ai change le mot de passe de tous mes comptes.

Certains fichiers infectés s'appelaient Maleware-gen... Je me suis même demandé si ton logiciel ne contrôlait pas mon PC... je deviens parano...

Enfin bon voilà.
0
Réponse 13 / 18
Gagzzz
5 avril 2011 à 21:35
Yo,

J'ai mis à jour Maleware et j'ai faire une recherche rapide, j'ai supprimé encore 9 fichiers infectés. J'ai redémarré l'ordinateur. Je suis en train de faire un scan avast, puis je referrais un scan complet avec malware.
0
Réponse 14 / 18
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
5 avril 2011 à 21:36
Faut que tu postes les rapports sinon je peux rien voir.
0
Réponse 15 / 18
Gagzzz
5 avril 2011 à 21:40
Je refais un scan complet avec Maleware et je poste le rapport tout de suite.
0
Réponse 16 / 18
Gagzzz
5 avril 2011 à 22:42
Voici le rapport du scan complet de maleware qui a encore trouvé 11 fichiers infectés. Je suis étonné de voir que les fichiers proviennent du dossier _OTL/Moved files:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6280

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

05/04/2011 22:40:50
mbam-log-2011-04-05 (22-40-50).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 405987
Temps écoulé: 42 minute(s), 48 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
d:\PornPic.scr (Backdoor.Bot) -> Quarantined and deleted successfully.
d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\IBUK0E2W.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\lolbot\lolbot.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\Update\69140.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\Update\8zy1nd1764.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\Update\jvyrfu994n.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\Update\midfx2rh64.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\Update\tmp4d36.tmp.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\Update\tmp9f79.tmp.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\Update\tmpb413.tmp.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\Update\tmpf8e0.tmp.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Je redémarre le pc comme maleware le demande.
0
Réponse 17 / 18
Gagzzz
6 avril 2011 à 04:07
Pour info,

Le hacker arrive encore à changer les mots de passe de mes comptes de son côté, je ne comprends pas pourquoi...

C'est à devenir dingue!!
0
Réponse 18 / 18
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
6 avril 2011 à 09:55
Ce qui est détecté ce sont des restes dans la quarantaine d'OTL.
Je pense pas que ton PC soit encore infecté.
Eventuellement, refais un scan OTL comme là : https://forums.commentcamarche.net/forum/affich-21438642-url-mal-h1vzcruq5j-exe-bloque-par-avast#1
et donne les liens des rapports.

Le hacker arrive encore à changer les mots de passe de mes comptes de son côté, je ne comprends pas pourquoi...

Tu peux être plus clair ? si les mots de passe ont été changés tu n'as plus accès à tes comptes alors ?
0

Discussions similaires

Sécurité de l'URL
ghaouar -
fiddy -

2 réponses
La nouvelle messagerie du Boncoin....
Utilisateur anonyme -
Madabatro -

69 réponses
comment lire un message masqué????
linx33 -
linx33 -

6 réponses
problème reconnaissance url liste iptv avec smartiptv
jo56jo -
Farid43 -

8 réponses
Comment cacher ou masquer une URL
Jean-Pierre G -
Ahahaaa -

33 réponses