URL:Mal H1VZCRUQ5J.exe bloqué par Avast

Gagzzz -  
Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,

Je viens demander de l'aide sur ce très bon forum, car j'ai actuellement un virus sur mon ordinateur que je n'arrive pas à trouver.

Le scan d'avast, y compris au redémarrage, ne trouvent rien. Et Securiser en ligne non plus.

Voici ma config:


Dès que j'ouvre une page internet, Avast me prévient d'une menace bloquée avec plusieurs messages successifs:

Objet: imageshare.cc/bs/cmd.php?key=ars344u (après la fin varie)
Infection: URL:Mal
Action: bloqué
Processus: C:\Users\Gael\Appdata\Roamgin\H1VZCRUQ5J.exe

J'ai récemment eu un message de facebook m'informant que quelqu'un avait voulu se connecter sur mon compte aux Etats Unis, et je crois que c'est lié. J'aimerais donc rapidement trouver une solution.

En vous remerciant!

18 réponses

  1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Salut,

    Voici la procédure à suivre.
    Prière de lire attentivement les instructions pour les suivre correctement.
    Bien poster les rapports comme demandés afin de pouvoir les analyser.

    ETAPE 1 :
    Passe un coup de TDSSKiller : https://forum.malekal.com/viewtopic.php?t=28637&start=
    Poste le rapport ici.

    ETAPE 2 :

    Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    Mets le à jour, fais un scan rapide, supprime tout et poste le rapport ici.
    !!! Malwarebyte doit être à jour avant de faire le scan !!!

    ETAPE 3 :

    Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

    * Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

    * Lance OTL
    * Sous Peronnalisation, copie-colle ce qu'il y a dans le cadre ci-dessous :
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %temp%\.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    /md5stop
    CREATERESTOREPOINT
    nslookup www.google.fr /c

    * Clique sur le bouton Analyse.
    * Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer les rapports.
    Donnes le liens pjjoint ici ensuite pour pouvoir être consultés.
    0
  2. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    grilled

    bonne suite.
    @+
    Science sans conscience n'est que ruine de l'âme. Rabelais
    0
  3. Gagzzz Messages postés 2 Statut Membre
     
    Message pour Malekale-morte:

    Tout d'abord merci pour votre aide. Voici ce que vous m'avez demandé:

    ETAPE1

    VOici le rapport de TDSSkiller:

    2011/03/31 10:48:46.0047 5140 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/03/31 10:48:46.0359 5140 ================================================================================
    2011/03/31 10:48:46.0359 5140 SystemInfo:
    2011/03/31 10:48:46.0359 5140
    2011/03/31 10:48:46.0359 5140 OS Version: 6.1.7601 ServicePack: 1.0
    2011/03/31 10:48:46.0359 5140 Product type: Workstation
    2011/03/31 10:48:46.0359 5140 ComputerName: GAEL-PC
    2011/03/31 10:48:46.0359 5140 UserName: Gael
    2011/03/31 10:48:46.0359 5140 Windows directory: C:\Windows
    2011/03/31 10:48:46.0359 5140 System windows directory: C:\Windows
    2011/03/31 10:48:46.0359 5140 Running under WOW64
    2011/03/31 10:48:46.0359 5140 Processor architecture: Intel x64
    2011/03/31 10:48:46.0359 5140 Number of processors: 8
    2011/03/31 10:48:46.0359 5140 Page size: 0x1000
    2011/03/31 10:48:46.0359 5140 Boot type: Normal boot
    2011/03/31 10:48:46.0359 5140 ================================================================================
    2011/03/31 10:48:46.0593 5140 Initialize success
    2011/03/31 10:49:29.0899 6436 ================================================================================
    2011/03/31 10:49:29.0899 6436 Scan started
    2011/03/31 10:49:29.0899 6436 Mode: Manual;
    2011/03/31 10:49:29.0899 6436 ================================================================================
    2011/03/31 10:49:30.0367 6436 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    2011/03/31 10:49:30.0414 6436 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    2011/03/31 10:49:30.0445 6436 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    2011/03/31 10:49:30.0476 6436 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/03/31 10:49:30.0492 6436 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/03/31 10:49:30.0507 6436 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/03/31 10:49:30.0554 6436 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
    2011/03/31 10:49:30.0570 6436 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    2011/03/31 10:49:30.0585 6436 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    2011/03/31 10:49:30.0617 6436 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    2011/03/31 10:49:30.0632 6436 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/03/31 10:49:30.0757 6436 amdkmdag (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/03/31 10:49:30.0804 6436 amdkmdap (4003b34b4a83de29cd1c88eb6c869e58) C:\Windows\system32\DRIVERS\atikmpag.sys
    2011/03/31 10:49:30.0819 6436 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/03/31 10:49:30.0835 6436 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
    2011/03/31 10:49:30.0851 6436 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/03/31 10:49:30.0866 6436 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
    2011/03/31 10:49:30.0913 6436 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    2011/03/31 10:49:30.0944 6436 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/03/31 10:49:30.0960 6436 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/03/31 10:49:30.0991 6436 aswFsBlk (6923740db573b46fdda13e1df412c577) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/03/31 10:49:31.0007 6436 aswMonFlt (de001b988b58bfd453f667842655b22e) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/03/31 10:49:31.0022 6436 aswRdr (e0d1002d7fa65dd023788b17f714e682) C:\Windows\system32\drivers\aswRdr.sys
    2011/03/31 10:49:31.0038 6436 aswSP (c3eafdc0f533425614430a112ba71e9a) C:\Windows\system32\drivers\aswSP.sys
    2011/03/31 10:49:31.0053 6436 aswTdi (0226ffbc420d8fb67ba3b9dbdd1f2dca) C:\Windows\system32\drivers\aswTdi.sys
    2011/03/31 10:49:31.0069 6436 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/03/31 10:49:31.0100 6436 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    2011/03/31 10:49:31.0147 6436 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/03/31 10:49:31.0256 6436 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/03/31 10:49:31.0287 6436 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/03/31 10:49:31.0334 6436 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/03/31 10:49:31.0350 6436 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2011/03/31 10:49:31.0365 6436 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/03/31 10:49:31.0381 6436 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/03/31 10:49:31.0412 6436 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/03/31 10:49:31.0428 6436 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/03/31 10:49:31.0428 6436 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/03/31 10:49:31.0443 6436 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/03/31 10:49:31.0459 6436 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/03/31 10:49:31.0490 6436 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/03/31 10:49:31.0537 6436 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    2011/03/31 10:49:31.0553 6436 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/03/31 10:49:31.0584 6436 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/03/31 10:49:31.0631 6436 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/03/31 10:49:31.0646 6436 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    2011/03/31 10:49:31.0677 6436 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    2011/03/31 10:49:31.0693 6436 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/03/31 10:49:31.0709 6436 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    2011/03/31 10:49:31.0818 6436 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/03/31 10:49:31.0849 6436 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
    2011/03/31 10:49:31.0911 6436 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    2011/03/31 10:49:31.0911 6436 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/03/31 10:49:31.0943 6436 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/03/31 10:49:31.0974 6436 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/03/31 10:49:32.0005 6436 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/03/31 10:49:32.0052 6436 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/03/31 10:49:32.0099 6436 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/03/31 10:49:32.0130 6436 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    2011/03/31 10:49:32.0145 6436 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/03/31 10:49:32.0161 6436 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/03/31 10:49:32.0192 6436 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/03/31 10:49:32.0223 6436 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/03/31 10:49:32.0239 6436 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/03/31 10:49:32.0270 6436 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/03/31 10:49:32.0301 6436 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    2011/03/31 10:49:32.0333 6436 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/03/31 10:49:32.0364 6436 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/03/31 10:49:32.0395 6436 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/03/31 10:49:32.0411 6436 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/03/31 10:49:32.0442 6436 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/03/31 10:49:32.0473 6436 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/03/31 10:49:32.0520 6436 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    2011/03/31 10:49:32.0535 6436 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    2011/03/31 10:49:32.0551 6436 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/03/31 10:49:32.0567 6436 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/03/31 10:49:32.0582 6436 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/03/31 10:49:32.0645 6436 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    2011/03/31 10:49:32.0660 6436 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    2011/03/31 10:49:32.0707 6436 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    2011/03/31 10:49:32.0738 6436 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    2011/03/31 10:49:32.0754 6436 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    2011/03/31 10:49:32.0785 6436 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
    2011/03/31 10:49:32.0801 6436 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/03/31 10:49:32.0847 6436 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
    2011/03/31 10:49:32.0879 6436 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    2011/03/31 10:49:32.0910 6436 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/03/31 10:49:32.0925 6436 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/03/31 10:49:32.0957 6436 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/03/31 10:49:32.0972 6436 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/03/31 10:49:33.0003 6436 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/03/31 10:49:33.0019 6436 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    2011/03/31 10:49:33.0035 6436 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    2011/03/31 10:49:33.0066 6436 JRAID (aef3a925cac519cc6a9a48e9bdca1ae3) C:\Windows\system32\DRIVERS\jraid.sys
    2011/03/31 10:49:33.0081 6436 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    2011/03/31 10:49:33.0097 6436 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    2011/03/31 10:49:33.0128 6436 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    2011/03/31 10:49:33.0144 6436 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/03/31 10:49:33.0159 6436 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/03/31 10:49:33.0206 6436 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/03/31 10:49:33.0237 6436 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/03/31 10:49:33.0237 6436 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/03/31 10:49:33.0269 6436 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/03/31 10:49:33.0284 6436 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/03/31 10:49:33.0300 6436 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/03/31 10:49:33.0347 6436 mcdbus (0e511aaf050c4dbafc7d0cfc99a37fd9) C:\Windows\system32\DRIVERS\mcdbus.sys
    2011/03/31 10:49:33.0362 6436 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/03/31 10:49:33.0378 6436 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/03/31 10:49:33.0393 6436 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/03/31 10:49:33.0425 6436 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/03/31 10:49:33.0440 6436 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    2011/03/31 10:49:33.0471 6436 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/03/31 10:49:33.0503 6436 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    2011/03/31 10:49:33.0518 6436 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    2011/03/31 10:49:33.0534 6436 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/03/31 10:49:33.0565 6436 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    2011/03/31 10:49:33.0581 6436 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/03/31 10:49:33.0612 6436 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/03/31 10:49:33.0627 6436 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/03/31 10:49:33.0643 6436 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    2011/03/31 10:49:33.0659 6436 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    2011/03/31 10:49:33.0690 6436 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/03/31 10:49:33.0705 6436 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/03/31 10:49:33.0721 6436 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    2011/03/31 10:49:33.0752 6436 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/03/31 10:49:33.0768 6436 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/03/31 10:49:33.0783 6436 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/03/31 10:49:33.0815 6436 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    2011/03/31 10:49:33.0846 6436 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    2011/03/31 10:49:33.0861 6436 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/03/31 10:49:33.0877 6436 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/03/31 10:49:33.0908 6436 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
    2011/03/31 10:49:33.0924 6436 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/03/31 10:49:33.0939 6436 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/03/31 10:49:33.0986 6436 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    2011/03/31 10:49:34.0002 6436 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/03/31 10:49:34.0017 6436 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/03/31 10:49:34.0049 6436 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/03/31 10:49:34.0080 6436 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/03/31 10:49:34.0111 6436 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    2011/03/31 10:49:34.0127 6436 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/03/31 10:49:34.0173 6436 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    2011/03/31 10:49:34.0189 6436 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/03/31 10:49:34.0205 6436 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/03/31 10:49:34.0236 6436 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/03/31 10:49:34.0283 6436 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
    2011/03/31 10:49:34.0345 6436 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
    2011/03/31 10:49:34.0376 6436 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/03/31 10:49:34.0407 6436 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
    2011/03/31 10:49:34.0423 6436 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
    2011/03/31 10:49:34.0454 6436 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    2011/03/31 10:49:34.0485 6436 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    2011/03/31 10:49:34.0517 6436 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/03/31 10:49:34.0532 6436 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    2011/03/31 10:49:34.0548 6436 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    2011/03/31 10:49:34.0563 6436 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    2011/03/31 10:49:34.0595 6436 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/03/31 10:49:34.0610 6436 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/03/31 10:49:34.0626 6436 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/03/31 10:49:34.0688 6436 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
    2011/03/31 10:49:34.0719 6436 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/03/31 10:49:34.0735 6436 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/03/31 10:49:34.0782 6436 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    2011/03/31 10:49:34.0813 6436 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/03/31 10:49:34.0829 6436 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/03/31 10:49:34.0860 6436 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/03/31 10:49:34.0875 6436 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/03/31 10:49:34.0907 6436 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/03/31 10:49:34.0938 6436 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/03/31 10:49:34.0953 6436 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/03/31 10:49:34.0985 6436 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/03/31 10:49:35.0016 6436 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/03/31 10:49:35.0031 6436 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/03/31 10:49:35.0047 6436 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/03/31 10:49:35.0078 6436 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/03/31 10:49:35.0094 6436 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/03/31 10:49:35.0109 6436 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    2011/03/31 10:49:35.0156 6436 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    2011/03/31 10:49:35.0187 6436 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/03/31 10:49:35.0234 6436 RTHDMIAzAudService (34f05c417f038ffa3bef69b798d7d7dd) C:\Windows\system32\drivers\RtHDMIVX.sys
    2011/03/31 10:49:35.0265 6436 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
    2011/03/31 10:49:35.0297 6436 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    2011/03/31 10:49:35.0343 6436 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
    2011/03/31 10:49:35.0375 6436 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/03/31 10:49:35.0406 6436 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/03/31 10:49:35.0437 6436 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/03/31 10:49:35.0453 6436 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/03/31 10:49:35.0484 6436 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/03/31 10:49:35.0515 6436 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    2011/03/31 10:49:35.0531 6436 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/03/31 10:49:35.0546 6436 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    2011/03/31 10:49:35.0577 6436 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/03/31 10:49:35.0593 6436 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/03/31 10:49:35.0624 6436 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/03/31 10:49:35.0640 6436 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/03/31 10:49:35.0671 6436 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/03/31 10:49:35.0718 6436 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
    2011/03/31 10:49:35.0733 6436 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
    2011/03/31 10:49:35.0765 6436 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/03/31 10:49:35.0811 6436 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/03/31 10:49:35.0827 6436 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    2011/03/31 10:49:35.0889 6436 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
    2011/03/31 10:49:35.0936 6436 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/03/31 10:49:35.0983 6436 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    2011/03/31 10:49:36.0014 6436 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/03/31 10:49:36.0030 6436 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/03/31 10:49:36.0045 6436 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    2011/03/31 10:49:36.0077 6436 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    2011/03/31 10:49:36.0123 6436 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/03/31 10:49:36.0155 6436 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    2011/03/31 10:49:36.0201 6436 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/03/31 10:49:36.0217 6436 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/03/31 10:49:36.0279 6436 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    2011/03/31 10:49:36.0326 6436 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    2011/03/31 10:49:36.0373 6436 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    2011/03/31 10:49:36.0373 6436 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/03/31 10:49:36.0420 6436 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
    2011/03/31 10:49:36.0451 6436 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    2011/03/31 10:49:36.0467 6436 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
    2011/03/31 10:49:36.0498 6436 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    2011/03/31 10:49:36.0513 6436 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
    2011/03/31 10:49:36.0529 6436 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
    2011/03/31 10:49:36.0545 6436 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/03/31 10:49:36.0560 6436 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/03/31 10:49:36.0591 6436 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/03/31 10:49:36.0607 6436 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
    2011/03/31 10:49:36.0638 6436 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
    2011/03/31 10:49:36.0654 6436 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    2011/03/31 10:49:36.0669 6436 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/03/31 10:49:36.0701 6436 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/03/31 10:49:36.0716 6436 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    2011/03/31 10:49:36.0732 6436 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    2011/03/31 10:49:36.0747 6436 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    2011/03/31 10:49:36.0779 6436 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    2011/03/31 10:49:36.0810 6436 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    2011/03/31 10:49:36.0825 6436 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/03/31 10:49:36.0841 6436 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    2011/03/31 10:49:36.0872 6436 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/03/31 10:49:36.0888 6436 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/31 10:49:36.0888 6436 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/03/31 10:49:36.0950 6436 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/03/31 10:49:36.0966 6436 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/03/31 10:49:37.0013 6436 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/03/31 10:49:37.0013 6436 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/03/31 10:49:37.0075 6436 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/03/31 10:49:37.0122 6436 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
    2011/03/31 10:49:37.0169 6436 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
    2011/03/31 10:49:37.0200 6436 WmHidLo (ac4331af118a720f13c9c5cabbfe27bd) C:\Windows\system32\drivers\WmHidLo.sys
    2011/03/31 10:49:37.0215 6436 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    2011/03/31 10:49:37.0247 6436 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
    2011/03/31 10:49:37.0262 6436 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
    2011/03/31 10:49:37.0278 6436 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/03/31 10:49:37.0325 6436 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    2011/03/31 10:49:37.0356 6436 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/03/31 10:49:37.0387 6436 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
    2011/03/31 10:49:37.0418 6436 ================================================================================
    2011/03/31 10:49:37.0418 6436 Scan finished
    2011/03/31 10:49:37.0418 6436 ================================================================================

    ETAPE 2

    Voici le rapport de Malewarebyte. Il m'a trouvé 85 fichiers infectés, et j'ai tout supprimé. Depuis je ne reçois plus aucun message d'avast concernant des menaces!

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Version de la base de données: 6224

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    31/03/2011 10:56:56
    mbam-log-2011-03-31 (10-56-56).txt

    Type d'examen: Examen rapide
    Elément(s) analysé(s): 169473
    Temps écoulé: 2 minute(s), 24 seconde(s)

    Processus mémoire infecté(s): 9
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 10
    Valeur(s) du Registre infectée(s): 14
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 92

    Processus mémoire infecté(s):
    c:\Users\Gael\AppData\Roaming\New 2.exe (Spyware.Passwords.XGen) -> 1904 -> Unloaded process successfully.
    c:\Users\Gael\AppData\Roaming\h1vzcruq5j.exe (Trojan.Agent) -> 1940 -> Unloaded process successfully.
    c:\Users\Gael\AppData\Roaming\WinDef\WinDef.exe (Heuristics.Shuriken) -> 2540 -> Unloaded process successfully.
    c:\Users\Gael\AppData\Roaming\WinDef\WinDef.exe (Heuristics.Shuriken) -> 2564 -> Unloaded process successfully.
    c:\Users\Gael\AppData\Roaming\googleap.ex.exe (Heuristics.Shuriken) -> 2548 -> Unloaded process successfully.
    c:\Users\Gael\AppData\Roaming\WinDefe\WinDefe.exe (Heuristics.Shuriken) -> 2572 -> Unloaded process successfully.
    c:\Users\Gael\AppData\Roaming\csrss.exe (Trojan.Agent) -> 2864 -> Unloaded process successfully.
    c:\Users\Gael\AppData\Roaming\PRDIIY64.exe (Trojan.Agent) -> 3172 -> Unloaded process successfully.
    c:\Users\Gael\AppData\Roaming\msconfig.exe (Backdoor.Bot) -> 1892 -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    c:\Users\Gael\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\Driver.dll (Trojan.Downloader) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{1D8A4C14-6C96-C8EC-BD4E-162DADEB4ECE} (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D8A4C14-6C96-C8EC-BD4E-162DADEB4ECE} (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{529DE05B-9BEB-B842-AD2E-E785ED19DFEE} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{529DE05B-9BEB-B842-AD2E-E785ED19DFEE} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{D9BCDC1D-ADED-4BEB-FD79-371EB9DEB9CD} (Backdoor.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{AB27ADDD-DBBC-DEE9-6C07-AABD1CA7EC2F} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{AB27ADDD-DBBC-DEE9-6C07-AABD1CA7EC2F} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{B21CF879-9107-1EEB-B773-3B2C16E1FCBE} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{B21CF879-9107-1EEB-B773-3B2C16E1FCBE} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msnenger (Spyware.Passwords.XGen) -> Value: msnenger -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KKE2LOWHTU3XO (Trojan.Agent) -> Value: KKE2LOWHTU3XO -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinDef (Heuristics.Shuriken) -> Value: WinDef -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GoogleAp (Heuristics.Shuriken) -> Value: GoogleAp -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinDefe (Heuristics.Shuriken) -> Value: WinDefe -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender (Trojan.Agent) -> Value: Windows Defender -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TAXLRU7VO84EK (Trojan.Agent) -> Value: TAXLRU7VO84EK -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msconfig (Trojan.Agent) -> Value: msconfig -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Java (Trojan.Agent) -> Value: Java -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Java(TM) Update Scheduler (Trojan.Agent) -> Value: Java(TM) Update Scheduler -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsUpdate (Backdoor.Bot) -> Value: WindowsUpdate -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Core Drivers (Trojan.Agent) -> Value: Core Drivers -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Host (Trojan.Agent) -> Value: Windows Host -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Win32 (Backdoor.Agent.Gen) -> Value: Win32 -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\Users\Gael\AppData\Roaming\New 2.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\h1vzcruq5j.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\WinDef\WinDef.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\googleap.ex.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\WinDefe\WinDefe.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\Driver.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\PRDIIY64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\file_25672.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\k9omv7nrp0.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\mllat90wb1.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\spreading.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\10555.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\10784.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\11772.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\12727.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\13073.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\14685.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\15789.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\17838.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\19566.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\2368.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\26789.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\27879.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\28306.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\29932.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\34222.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\35887.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\44173.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\46677.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\51116.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\55931.EXE (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\56276.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\58807.EXE (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\61671.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\62634.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\63205.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\63663.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\65840.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\69539.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\69686.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\70984.exe (Malware.Generic) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\71867.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\73626.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\7390.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\74047.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\75165.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\76860.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\80332.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\80855.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\88059.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\88397.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\89298.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\92174.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\95123.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\96658.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\97672.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\97815.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\aw8f3mrtb5.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\Drive.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\h1vzcruq5j.exe.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\jre5.EXE (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\prdiiy64.exe.jpg (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\vyaac4faaq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Gael\local settings\temporary internet files\Content.IE5\3FXWXW3W\server1[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Gael\local settings\temporary internet files\Content.IE5\3FXWXW3W\spreading_4[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\local settings\temporary internet files\Content.IE5\3FXWXW3W\wormmmm[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\local settings\temporary internet files\Content.IE5\W5OHUF1R\bscrypted[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Gael\local settings\temporary internet files\Content.IE5\W5OHUF1R\callum[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\local settings\temporary internet files\Content.IE5\W5OHUF1R\server_crypted[1].exe (Malware.Generic) -> Quarantined and deleted successfully.
    c:\Users\Gael\local settings\temporary internet files\Content.IE5\W5OHUF1R\svchost_crypted[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\Users\Gael\local settings\temporary internet files\Content.IE5\XRAZCRGD\chriss[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\local settings\temporary internet files\Content.IE5\XRAZCRGD\jre5[1].EXE (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Users\Gael\local settings\temporary internet files\Content.IE5\XRAZCRGD\keys[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\local settings\temporary internet files\Content.IE5\XRAZCRGD\morph_cff938c1[1].exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Users\Gael\local settings\temporary internet files\Content.IE5\XRAZCRGD\russel[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Gael\local settings\temporary internet files\Content.IE5\XRAZCRGD\svchost[1].exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Users\Gael\local settings\temporary internet files\Content.IE5\YGRZNVE5\csrss[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Gael\local settings\temporary internet files\Content.IE5\YGRZNVE5\Lucy[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\local settings\temporary internet files\Content.IE5\YGRZNVE5\New 2[1].EXE (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Users\Gael\local settings\temporary internet files\Content.IE5\YGRZNVE5\spreading_3[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\microsoft\System\Services\msconfig.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\java.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\System32\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\lovely.ini (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\msconfig.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    ETAPE 3:

    Voici le lien pour lire mon rapport OTL:
    http://www.cijoint.fr/cjlink.php?file=cj201103/cijvkB7YsK.txt

    Merci d'avance pour votre aide!
    0
  4. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Relance OTL.
    o sous Personnalisation, copie_colle le contenu du cadre ci dessous et clic Correction, un rapport apparraitra suite à l'operation que tu conserveras sur clé usb par exemple afin d'en coller le resultat:

    :OTL
    PRC - [2011/03/31 10:58:47 | 000,016,384 | ---- | M] () -- C:\Users\Gael\AppData\Roaming\svchost.exe
    PRC - [2011/03/31 10:58:47 | 000,016,384 | ---- | M] () -- C:\Users\Gael\AppData\Roaming\svchost.exe
    PRC - [2011/03/30 02:03:11 | 000,198,656 | ---- | M] () -- C:\Users\Gael\AppData\Roaming\IBUK0E2W.exe
    O4 - HKCU..\Run: [69140] C:\Users\Gael\AppData\Roaming\Update\69140.exe ()
    O4 - HKCU..\Run: [8ZY1ND1764] C:\Users\Gael\AppData\Roaming\Update\8ZY1ND1764.exe ()
    O4 - HKCU..\Run: [JVYRFU994N] C:\Users\Gael\AppData\Roaming\Update\JVYRFU994N.exe ()
    O4 - HKCU..\Run: [LVDN9A3NZ6FYK] C:\Users\Gael\AppData\Roaming\IBUK0E2W.exe ()
    O4 - HKCU..\Run: [MIDFX2RH64] C:\Users\Gael\AppData\Roaming\Update\MIDFX2RH64.exe ()
    O4 - HKCU..\Run: [tmp4D36.tmp] C:\Users\Gael\AppData\Roaming\Update\tmp4D36.tmp.exe ()
    O4 - HKCU..\Run: [tmp9F79.tmp] C:\Users\Gael\AppData\Roaming\Update\tmp9F79.tmp.exe ()
    O4 - HKCU..\Run: [tmpB413.tmp] C:\Users\Gael\AppData\Roaming\Update\tmpB413.tmp.exe ()
    O4 - HKCU..\Run: [tmpF8E0.tmp] C:\Users\Gael\AppData\Roaming\Update\tmpF8E0.tmp.exe ()
    [2011/03/30 06:17:35 | 000,000,000 | RHSD | C] -- C:\Users\Gael\AppData\Roaming\Update
    [2011/03/30 02:18:28 | 000,000,000 | -HSD | C] -- C:\Users\Gael\AppData\Roaming\lolbot
    [2011/03/30 01:10:33 | 000,000,000 | ---D | C] -- C:\Users\Gael\AppData\Roaming\WinDefe
    [2011/03/29 23:45:32 | 000,000,000 | ---D | C] -- C:\Users\Gael\AppData\Roaming\WinDef
    [2011/03/29 19:11:50 | 000,016,384 | ---- | M] () -- C:\Users\Gael\AppData\Roaming\0Q11SIUAOM.exe
    [2011/03/30 02:03:11 | 000,198,656 | ---- | M] () -- C:\Users\Gael\AppData\Roaming\IBUK0E2W.exe
    [2011/03/31 10:58:47 | 000,016,384 | ---- | M] () -- C:\Users\Gael\AppData\Roaming\svchost.exe
    [2010/11/05 03:58:15 | 001,169,224 | ---- | M] (Microsoft Corporation) -- C:\Users\Gael\AppData\Roaming\Windowdefefender.exe
    :files
    C:\Users\Gael\AppData\Roaming\lolbot\lolbot.exe
    C:\Users\Gael\AppData\Roaming\Update\69140.exe
    C:\Users\Gael\AppData\Roaming\Update\8ZY1ND1764.exe
    C:\Users\Gael\AppData\Roaming\Update\JVYRFU994N.exe
    C:\Users\Gael\AppData\Roaming\Update\MIDFX2RH64.exe
    C:\Users\Gael\AppData\Roaming\Update\tmp4D36.tmp.exe
    C:\Users\Gael\AppData\Roaming\Update\tmp9F79.tmp.exe
    C:\Users\Gael\AppData\Roaming\Update\tmpB413.tmp.exe
    C:\Users\Gael\AppData\Roaming\Update\tmpF8E0.tmp.exe
    C:\Users\Gael\AppData\Roaming\WinDir\Svchost.exe

    * redemarre le pc sous windows et poste le rapport ici

    Mets à jour Malwarebyte.
    Fais un scan complet poste le rapport ici.

    Refais un scan OTL comme avant et donne le lien du rapport ici.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Gagzzz Messages postés 2 Statut Membre
     
    Voici le rapport de correction d'OTL:

    ========== OTL ==========
    Process svchost.exe killed successfully!
    No active process named svchost.exe was found!
    Process IBUK0E2W.exe killed successfully!
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\69140 deleted successfully.
    C:\Users\Gael\AppData\Roaming\Update\69140.exe moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\8ZY1ND1764 deleted successfully.
    C:\Users\Gael\AppData\Roaming\Update\8ZY1ND1764.exe moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\JVYRFU994N deleted successfully.
    C:\Users\Gael\AppData\Roaming\Update\JVYRFU994N.exe moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LVDN9A3NZ6FYK deleted successfully.
    C:\Users\Gael\AppData\Roaming\IBUK0E2W.exe moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MIDFX2RH64 deleted successfully.
    C:\Users\Gael\AppData\Roaming\Update\MIDFX2RH64.exe moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tmp4D36.tmp deleted successfully.
    C:\Users\Gael\AppData\Roaming\Update\tmp4D36.tmp.exe moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tmp9F79.tmp deleted successfully.
    C:\Users\Gael\AppData\Roaming\Update\tmp9F79.tmp.exe moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tmpB413.tmp deleted successfully.
    C:\Users\Gael\AppData\Roaming\Update\tmpB413.tmp.exe moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\tmpF8E0.tmp deleted successfully.
    C:\Users\Gael\AppData\Roaming\Update\tmpF8E0.tmp.exe moved successfully.
    C:\Users\Gael\AppData\Roaming\Update folder moved successfully.
    C:\Users\Gael\AppData\Roaming\lolbot folder moved successfully.
    C:\Users\Gael\AppData\Roaming\WinDefe folder moved successfully.
    C:\Users\Gael\AppData\Roaming\WinDef folder moved successfully.
    C:\Users\Gael\AppData\Roaming\0Q11SIUAOM.exe moved successfully.
    File C:\Users\Gael\AppData\Roaming\IBUK0E2W.exe not found.
    C:\Users\Gael\AppData\Roaming\svchost.exe moved successfully.
    C:\Users\Gael\AppData\Roaming\Windowdefefender.exe moved successfully.
    ========== FILES ==========
    File\Folder C:\Users\Gael\AppData\Roaming\lolbot\lolbot.exe not found.
    File\Folder C:\Users\Gael\AppData\Roaming\Update\69140.exe not found.
    File\Folder C:\Users\Gael\AppData\Roaming\Update\8ZY1ND1764.exe not found.
    File\Folder C:\Users\Gael\AppData\Roaming\Update\JVYRFU994N.exe not found.
    File\Folder C:\Users\Gael\AppData\Roaming\Update\MIDFX2RH64.exe not found.
    File\Folder C:\Users\Gael\AppData\Roaming\Update\tmp4D36.tmp.exe not found.
    File\Folder C:\Users\Gael\AppData\Roaming\Update\tmp9F79.tmp.exe not found.
    File\Folder C:\Users\Gael\AppData\Roaming\Update\tmpB413.tmp.exe not found.
    File\Folder C:\Users\Gael\AppData\Roaming\Update\tmpF8E0.tmp.exe not found.
    C:\Users\Gael\AppData\Roaming\WinDir\Svchost.exe moved successfully.

    OTL by OldTimer - Version 3.2.22.3 log created on 03312011_124052

    Voici le rapport de Maleware qui a trouvé 6 fichiers infectés que j'ai supprimé:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Version de la base de données: 6224

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    31/03/2011 13:31:56
    mbam-log-2011-03-31 (13-31-56).txt

    Type d'examen: Examen complet (C:\|D:\|)
    Elément(s) analysé(s): 403309
    Temps écoulé: 39 minute(s), 27 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    c:\Users\Gael\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\Driver.dll (Trojan.Downloader) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\Users\Gael\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\Driver.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\System32\jre5.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\WinDir\Svchost.exe (Malware.Generic) -> Quarantined and deleted successfully.
    c:\Users\Gael\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.

    Enfin, voila le lien pour le 2ème scan d'OTL:
    https://pjjoint.malekal.com/files.php?id=aed215cf12141015

    Merci!
    0
  7. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    zip le dossier C:\_OTL\MovedFiles
    envoie le zip sur http://upload.malekal.com

    Demain, mets à jour Malwarebyte
    fais un scan complet et poste le rapport ici
    0
  8. Gagzzz
     
    Salut,

    Je n'ai pas trouvé le dossier C:\_OTL\MovedFiles sur mon PC.

    J'ai mis à jour malwarebyte et j'ai fait un scan complet, qui n'a détecté aucune erreur. Voici le rapport:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Version de la base de données: 6244

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    02/04/2011 11:06:33
    mbam-log-2011-04-02 (11-06-33).txt

    Type d'examen: Examen complet (C:\|D:\|)
    Elément(s) analysé(s): 403518
    Temps écoulé: 43 minute(s), 29 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Merci par avance!
    0
  9. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Comment se comporte le PC ?
    0
  10. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonsoir,

    10 sec :

    Je n'ai pas trouvé le dossier C:\_OTL\MovedFiles sur mon PC


    Normal, pour une raison que je n'ai pas cherchée, il est en
    D:\_OTL\MovedFiles .
    0
  11. Gagzzz
     
    Bonjour,

    Mon PC se comporte maintenant tout à fait normalement. J'ai bien trouvé le dossier _OTL et j'ai envoyé le zip sur http://upload.malekal.com/

    Merci!
    0
  12. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Merci pour l'envoi et Lyonnais, la détection était mauvais.
    J'ai tout envoyé aux AV.

    Fais plus attention à l'avenir....

    Maintiens tes logiciel à jour c'est important, utilise ce programme : /faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite
    Absolument à faire.

    Les antivirus ne font pas tout en ce qui concerne la sécurité de ta machine (mettre à jour ses logiciels etc etc)
    La meilleur protection reste de connaître les infections pour pouvoir les éviter et avoir de bonne habitude.
    Donc faut se documenter.

    Un peu de lecture pour éviter les infections :
    - connaitre et éviter les infections : https://www.malekal.com/fichiers/projetantimalwares/ProjetAntiMalware-courte.pdf
    - sécuriser son PC : http://forum.malekal.com/comment-securiser-son-ordinateur.html
    - lire : http://www.commentcamarche.net/faq/27128-malwares-quels-enjeux-version-synthese

    Ce qu'il ne faut pas faire :
    Je télécharge n'importe quoi - je m'infecte :
    https://forums.commentcamarche.net/forum/affich-19719198-onglets-pub-intempestifs#14
    https://forums.commentcamarche.net/forum/affich-18347759-le-nouveau-avast-sonne-trop-souvent#9
    Je télécharge depuis n'importe où - je m'infecte : https://forums.commentcamarche.net/forum/affich-19916973-clickpotato-vlc-virus#6
    Recommandations sur la sécurité : https://forums.commentcamarche.net/forum/affich-18680013-windows-7-et-antispyware#1

    Fonctionnement de quelques catégories de malwares :
    https://forums.commentcamarche.net/forum/affich-17725521-virus-programme-troyen
    https://forums.commentcamarche.net/forum/affich-17746390-concernant-la-propagation-des-virus

    Si tu as des questions sur le fonctionement des malwares.
    N'hésite pas.

    0
  13. Gagzzz
     
    Salut,

    Je me suis fait piraté ce matin mon compte mail, et facebook. J'ai refais un scan avec Avast et j'ai viré de nouveaux fichiers infectés. Aussi, j'ai change le mot de passe de tous mes comptes.

    Certains fichiers infectés s'appelaient Maleware-gen... Je me suis même demandé si ton logiciel ne contrôlait pas mon PC... je deviens parano...

    Enfin bon voilà.
    0
  14. Gagzzz
     
    Yo,

    J'ai mis à jour Maleware et j'ai faire une recherche rapide, j'ai supprimé encore 9 fichiers infectés. J'ai redémarré l'ordinateur. Je suis en train de faire un scan avast, puis je referrais un scan complet avec malware.
    0
  15. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Faut que tu postes les rapports sinon je peux rien voir.
    0
  16. Gagzzz
     
    Je refais un scan complet avec Maleware et je poste le rapport tout de suite.
    0
  17. Gagzzz
     
    Voici le rapport du scan complet de maleware qui a encore trouvé 11 fichiers infectés. Je suis étonné de voir que les fichiers proviennent du dossier _OTL/Moved files:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Version de la base de données: 6280

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    05/04/2011 22:40:50
    mbam-log-2011-04-05 (22-40-50).txt

    Type d'examen: Examen complet (C:\|D:\|)
    Elément(s) analysé(s): 405987
    Temps écoulé: 42 minute(s), 48 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 11

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    d:\PornPic.scr (Backdoor.Bot) -> Quarantined and deleted successfully.
    d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\IBUK0E2W.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\lolbot\lolbot.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\Update\69140.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\Update\8zy1nd1764.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\Update\jvyrfu994n.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\Update\midfx2rh64.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\Update\tmp4d36.tmp.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\Update\tmp9f79.tmp.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\Update\tmpb413.tmp.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    d:\_OTL\movedfiles\03312011_124052\C_Users\Gael\AppData\Roaming\Update\tmpf8e0.tmp.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

    Je redémarre le pc comme maleware le demande.
    0
  18. Gagzzz
     
    Pour info,

    Le hacker arrive encore à changer les mots de passe de mes comptes de son côté, je ne comprends pas pourquoi...

    C'est à devenir dingue!!
    0
  19. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Ce qui est détecté ce sont des restes dans la quarantaine d'OTL.
    Je pense pas que ton PC soit encore infecté.
    Eventuellement, refais un scan OTL comme là : https://forums.commentcamarche.net/forum/affich-21438642-url-mal-h1vzcruq5j-exe-bloque-par-avast#1
    et donne les liens des rapports.

    Le hacker arrive encore à changer les mots de passe de mes comptes de son côté, je ne comprends pas pourquoi...

    Tu peux être plus clair ? si les mots de passe ont été changés tu n'as plus accès à tes comptes alors ?
    0