Sujet Précédent Sujet Suivant

Probleme, les virus bloquent mes antivirus...

Fermé
John - 15 juil. 2011 à 20:55
 Utilisateur anonyme - 17 juil. 2011 à 07:38
Bonjour,


J'ai un problème de virus, j'ai téléchargé un jeu qui ne marchait pas alors j'ai essayer des logiciels (faux loaders, etc...) qui ont quasiment bloqués mon PC. j'ai essayé d'utilisé avira, accés refusé, comme avec l'anti malmware. J'ai lu un peu partout qu'il faudrai posté un raport "HiJackThis" mais il ne veut pas le lancer non plus...ça me dit "Windows ne parvient pas à accéder au périphérique, au chemin d'accès ou au fichier spécifié. Vous ne disposez peut-être pas des autorisations appropriées pour avoir accès à l'élément." J'ai seulement réussi à faire 3 log : Un avec Combofix, un avec findykill et le dernier avec SDfix qui m'a aussi averti que j'avais un "Rootkit Zeroaccess"...Enfin voila, si vous voulez les log je peux les postés, si quelqu'un pouvait m'aider à régler le/les problèmes j'en serai ravi.
Merci beaucoup, cordialement
A voir également:

8 réponses

Réponse 1 / 8
Utilisateur anonyme
15 juil. 2011 à 20:58
Bonsoir

Télécharge TDSSKiller

* Créez un nouveau dossier sur votre bureau puis décompressez l'archive dedans
* Lancez le programme en cliquant sur TDSSKiller.exe, l'analyse se fait automatiquement, si l'infection est détectée, des éléments cachés (= hidden) seront alors affichés.


Cochez les et cliquez sur "Delete/Repair Selected".

* Un message peut ensuite apparaitre demandant de redémarrer le pc (reboot)pour finir le nettoyage. taper "Y" pour redémarrer le PC ("close all programs and choose Y to restart").

Poste moi son rapport à l'issue; merci


@+
0
Réponse 2 / 8
John
15 juil. 2011 à 21:07
Re-bonsoir,

j'ai suivi votre démarche, j'ai analysé, le logiciel m'a trouvé un résultats, j'ai sélectionné "delete", puis le reboot comme proposé. je vous poste le rapport qu'il mon affiché si dessous :


2011/07/15 21:00:13.0171 2412 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/15 21:00:13.0343 2412 ================================================================================
2011/07/15 21:00:13.0343 2412 SystemInfo:
2011/07/15 21:00:13.0343 2412
2011/07/15 21:00:13.0343 2412 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/15 21:00:13.0343 2412 Product type: Workstation
2011/07/15 21:00:13.0343 2412 ComputerName: USER-3ED31FB81D
2011/07/15 21:00:13.0343 2412 UserName: user
2011/07/15 21:00:13.0343 2412 Windows directory: C:\WINDOWS
2011/07/15 21:00:13.0343 2412 System windows directory: C:\WINDOWS
2011/07/15 21:00:13.0343 2412 Processor architecture: Intel x86
2011/07/15 21:00:13.0343 2412 Number of processors: 2
2011/07/15 21:00:13.0343 2412 Page size: 0x1000
2011/07/15 21:00:13.0343 2412 Boot type: Normal boot
2011/07/15 21:00:13.0343 2412 ================================================================================
2011/07/15 21:00:15.0296 2412 Initialize success
2011/07/15 21:00:18.0812 2532 ================================================================================
2011/07/15 21:00:18.0812 2532 Scan started
2011/07/15 21:00:18.0812 2532 Mode: Manual;
2011/07/15 21:00:18.0812 2532 ================================================================================
2011/07/15 21:00:22.0921 2532 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/15 21:00:23.0093 2532 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/15 21:00:23.0281 2532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/15 21:00:23.0500 2532 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/07/15 21:00:24.0046 2532 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/15 21:00:24.0562 2532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/15 21:00:24.0609 2532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/15 21:00:24.0703 2532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/15 21:00:24.0734 2532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/15 21:00:24.0828 2532 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/07/15 21:00:24.0890 2532 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/07/15 21:00:24.0921 2532 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/07/15 21:00:25.0031 2532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/15 21:00:25.0062 2532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/15 21:00:25.0203 2532 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/15 21:00:25.0437 2532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/15 21:00:25.0500 2532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/15 21:00:25.0531 2532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/15 21:00:25.0562 2532 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
2011/07/15 21:00:25.0765 2532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/15 21:00:25.0859 2532 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/15 21:00:26.0031 2532 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/15 21:00:26.0109 2532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/15 21:00:26.0187 2532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/15 21:00:26.0359 2532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/15 21:00:26.0390 2532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/15 21:00:26.0406 2532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/15 21:00:26.0515 2532 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/15 21:00:26.0546 2532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/15 21:00:26.0562 2532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/07/15 21:00:26.0656 2532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/15 21:00:26.0671 2532 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/15 21:00:26.0687 2532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/15 21:00:26.0718 2532 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/15 21:00:26.0843 2532 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/15 21:00:26.0937 2532 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/15 21:00:27.0000 2532 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/07/15 21:00:27.0031 2532 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/15 21:00:27.0109 2532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/15 21:00:27.0453 2532 IntcAzAudAddService (fb4293b1eab313c28d4a1b8db61aca72) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/07/15 21:00:27.0750 2532 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/15 21:00:27.0984 2532 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/07/15 21:00:28.0125 2532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/15 21:00:28.0140 2532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/15 21:00:28.0265 2532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/15 21:00:28.0281 2532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/15 21:00:28.0359 2532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/15 21:00:28.0421 2532 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/15 21:00:28.0453 2532 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/15 21:00:28.0562 2532 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/15 21:00:28.0578 2532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/15 21:00:28.0671 2532 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/15 21:00:28.0703 2532 L1e (fa46f5d09edf93e0c71fe6500fe3f4ae) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
2011/07/15 21:00:28.0781 2532 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
2011/07/15 21:00:28.0828 2532 MAUSB (c72f7d8712e698e0aabe6f030105fb30) C:\WINDOWS\system32\DRIVERS\mausb.sys
2011/07/15 21:00:28.0937 2532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/15 21:00:28.0968 2532 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/15 21:00:29.0062 2532 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/15 21:00:29.0093 2532 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/15 21:00:29.0093 2532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/15 21:00:29.0187 2532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/15 21:00:29.0234 2532 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/15 21:00:29.0343 2532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/15 21:00:29.0359 2532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/15 21:00:29.0375 2532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/15 21:00:29.0468 2532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/15 21:00:29.0484 2532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/15 21:00:29.0609 2532 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/15 21:00:29.0625 2532 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/07/15 21:00:29.0703 2532 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/15 21:00:29.0734 2532 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/15 21:00:29.0859 2532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/15 21:00:29.0875 2532 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/15 21:00:29.0937 2532 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/15 21:00:30.0000 2532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/15 21:00:30.0015 2532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/15 21:00:30.0031 2532 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/15 21:00:30.0046 2532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/15 21:00:30.0156 2532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/15 21:00:30.0171 2532 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/15 21:00:30.0421 2532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/15 21:00:30.0453 2532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/15 21:00:30.0578 2532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/15 21:00:31.0015 2532 nv (4f15e1e56703f59c0ac00022162e5308) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/15 21:00:31.0515 2532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/15 21:00:31.0531 2532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/15 21:00:31.0656 2532 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/15 21:00:31.0687 2532 PAC7302 (aff9a1986555e4592de8092f9a5fa2d2) C:\WINDOWS\system32\DRIVERS\PAC7302.SYS
2011/07/15 21:00:31.0828 2532 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/15 21:00:31.0859 2532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/15 21:00:31.0968 2532 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/15 21:00:31.0984 2532 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/15 21:00:32.0093 2532 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/15 21:00:32.0125 2532 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/15 21:00:32.0437 2532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/15 21:00:32.0437 2532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/15 21:00:32.0484 2532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/15 21:00:32.0625 2532 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/15 21:00:32.0750 2532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/15 21:00:32.0781 2532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/15 21:00:32.0890 2532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/15 21:00:32.0906 2532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/15 21:00:32.0937 2532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/15 21:00:33.0031 2532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/15 21:00:33.0062 2532 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/15 21:00:33.0093 2532 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/15 21:00:33.0203 2532 s1039bus (20eb79fd0a13a18b70b6731a1285ca94) C:\WINDOWS\system32\DRIVERS\s1039bus.sys
2011/07/15 21:00:33.0234 2532 s1039mdfl (58780c6c3ad51da84b57d6ae42dc49ca) C:\WINDOWS\system32\DRIVERS\s1039mdfl.sys
2011/07/15 21:00:33.0359 2532 s1039mdm (1ff8b42d1346133a945b52876376ed40) C:\WINDOWS\system32\DRIVERS\s1039mdm.sys
2011/07/15 21:00:33.0390 2532 s1039mgmt (f64c13c549cb4732fe99c771fa35d038) C:\WINDOWS\system32\DRIVERS\s1039mgmt.sys
2011/07/15 21:00:33.0406 2532 s1039nd5 (ec22d9baa464a892c0637982b67292e6) C:\WINDOWS\system32\DRIVERS\s1039nd5.sys
2011/07/15 21:00:33.0515 2532 s1039obex (69e9ce002e7249e61ff2ea1336c71d89) C:\WINDOWS\system32\DRIVERS\s1039obex.sys
2011/07/15 21:00:33.0546 2532 s1039unic (482dfb3721a0de11cc22b439d17c348c) C:\WINDOWS\system32\DRIVERS\s1039unic.sys
2011/07/15 21:00:33.0609 2532 SAVRKBootTasks (0aef47e0a6b0cba8c9833d55298b2791) C:\WINDOWS\system32\SAVRKBootTasks.sys
2011/07/15 21:00:33.0687 2532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/15 21:00:33.0703 2532 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/15 21:00:33.0718 2532 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/15 21:00:33.0812 2532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/15 21:00:33.0859 2532 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/15 21:00:33.0953 2532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/15 21:00:34.0000 2532 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/07/15 21:00:34.0000 2532 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/07/15 21:00:34.0000 2532 sptd - detected LockedFile.Multi.Generic (1)
2011/07/15 21:00:34.0078 2532 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/15 21:00:34.0109 2532 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/15 21:00:34.0234 2532 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/07/15 21:00:34.0265 2532 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/07/15 21:00:34.0437 2532 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/15 21:00:34.0453 2532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/15 21:00:34.0468 2532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/15 21:00:34.0625 2532 SynasUSB (418bd80a7fefaa3fcbd3dcfc021cb294) C:\WINDOWS\system32\drivers\SynasUSB.sys
2011/07/15 21:00:34.0718 2532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/15 21:00:34.0750 2532 TCNear (e7f4d348aa01eadb48c7997b150ec8a8) C:\WINDOWS\system32\Drivers\TCNear.sys
2011/07/15 21:00:34.0875 2532 TCNearAudio (6fd682077637fcda6a44caa291101b23) C:\WINDOWS\system32\drivers\TCNearAudio.sys
2011/07/15 21:00:34.0890 2532 TCNearMidi (e398e61789688c65cbadcbb5b56bb5d8) C:\WINDOWS\system32\drivers\TCNearMidi.sys
2011/07/15 21:00:34.0984 2532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/15 21:00:35.0015 2532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/15 21:00:35.0109 2532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/15 21:00:35.0140 2532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/15 21:00:35.0343 2532 TPkd (5815ae5ef8519066f19e575d67f6f191) C:\WINDOWS\system32\drivers\TPkd.sys
2011/07/15 21:00:35.0375 2532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/15 21:00:35.0500 2532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/15 21:00:35.0625 2532 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/15 21:00:35.0656 2532 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/15 21:00:35.0750 2532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/15 21:00:35.0781 2532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/15 21:00:35.0796 2532 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/15 21:00:35.0921 2532 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/15 21:00:35.0937 2532 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/15 21:00:36.0046 2532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/15 21:00:36.0062 2532 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/15 21:00:36.0078 2532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/15 21:00:36.0218 2532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/15 21:00:36.0375 2532 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/07/15 21:00:36.0421 2532 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/15 21:00:36.0515 2532 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/15 21:00:36.0531 2532 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/15 21:00:36.0562 2532 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
2011/07/15 21:00:36.0953 2532 Boot (0x1200) (532607f21282f7f3382e4b36c0a87e2f) \Device\Harddisk0\DR0\Partition0
2011/07/15 21:00:36.0968 2532 Boot (0x1200) (324b81d8f5735c526f7c088aa5964ff3) \Device\Harddisk0\DR0\Partition1
2011/07/15 21:00:36.0968 2532 ================================================================================
2011/07/15 21:00:36.0968 2532 Scan finished
2011/07/15 21:00:36.0968 2532 ================================================================================
2011/07/15 21:00:36.0984 2524 Detected object count: 1
2011/07/15 21:00:36.0984 2524 Actual detected object count: 1
2011/07/15 21:00:40.0640 2524 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/07/15 21:01:35.0375 2620 ================================================================================
2011/07/15 21:01:35.0375 2620 Scan started
2011/07/15 21:01:35.0375 2620 Mode: Manual;
2011/07/15 21:01:35.0375 2620 ================================================================================
2011/07/15 21:01:36.0265 2620 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/15 21:01:36.0328 2620 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/15 21:01:36.0421 2620 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/15 21:01:36.0531 2620 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/07/15 21:01:36.0703 2620 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/15 21:01:36.0843 2620 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/15 21:01:36.0937 2620 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/15 21:01:36.0968 2620 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/15 21:01:37.0140 2620 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/15 21:01:37.0234 2620 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/07/15 21:01:37.0312 2620 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/07/15 21:01:37.0328 2620 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/07/15 21:01:37.0343 2620 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/15 21:01:37.0421 2620 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/15 21:01:37.0453 2620 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/15 21:01:37.0531 2620 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/15 21:01:37.0578 2620 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/15 21:01:37.0609 2620 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/15 21:01:37.0640 2620 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
2011/07/15 21:01:37.0812 2620 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/15 21:01:37.0890 2620 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/15 21:01:37.0906 2620 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/15 21:01:38.0015 2620 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/15 21:01:38.0046 2620 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/15 21:01:38.0187 2620 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/15 21:01:38.0218 2620 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/15 21:01:38.0281 2620 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/15 21:01:38.0343 2620 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/15 21:01:38.0359 2620 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/15 21:01:38.0406 2620 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/07/15 21:01:38.0468 2620 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/15 21:01:38.0468 2620 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/15 21:01:38.0500 2620 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/15 21:01:38.0515 2620 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/15 21:01:38.0640 2620 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/15 21:01:38.0703 2620 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/15 21:01:38.0781 2620 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/07/15 21:01:38.0828 2620 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/15 21:01:38.0875 2620 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/15 21:01:39.0187 2620 IntcAzAudAddService (fb4293b1eab313c28d4a1b8db61aca72) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/07/15 21:01:39.0296 2620 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/15 21:01:39.0312 2620 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/07/15 21:01:39.0328 2620 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/15 21:01:39.0421 2620 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/15 21:01:39.0453 2620 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/15 21:01:39.0453 2620 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/15 21:01:39.0531 2620 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/15 21:01:39.0609 2620 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/15 21:01:39.0625 2620 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/15 21:01:39.0734 2620 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/15 21:01:39.0765 2620 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/15 21:01:39.0859 2620 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/15 21:01:39.0875 2620 L1e (fa46f5d09edf93e0c71fe6500fe3f4ae) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
2011/07/15 21:01:39.0906 2620 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
2011/07/15 21:01:40.0015 2620 MAUSB (c72f7d8712e698e0aabe6f030105fb30) C:\WINDOWS\system32\DRIVERS\mausb.sys
2011/07/15 21:01:40.0156 2620 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/15 21:01:40.0187 2620 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/15 21:01:40.0203 2620 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/15 21:01:40.0296 2620 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/15 21:01:40.0296 2620 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/15 21:01:40.0328 2620 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/15 21:01:40.0468 2620 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/15 21:01:40.0484 2620 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/15 21:01:40.0593 2620 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/15 21:01:40.0609 2620 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/15 21:01:40.0734 2620 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/15 21:01:40.0750 2620 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/15 21:01:40.0796 2620 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/15 21:01:40.0875 2620 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/07/15 21:01:40.0890 2620 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/15 21:01:40.0921 2620 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/15 21:01:41.0062 2620 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/15 21:01:41.0093 2620 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/15 21:01:41.0093 2620 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/15 21:01:41.0125 2620 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/15 21:01:41.0218 2620 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/15 21:01:41.0218 2620 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/15 21:01:41.0234 2620 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/15 21:01:41.0265 2620 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/15 21:01:41.0375 2620 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/15 21:01:41.0406 2620 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/15 21:01:41.0421 2620 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/15 21:01:41.0531 2620 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/15 21:01:41.0968 2620 nv (4f15e1e56703f59c0ac00022162e5308) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/15 21:01:42.0109 2620 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/15 21:01:42.0125 2620 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/15 21:01:42.0250 2620 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/15 21:01:42.0281 2620 PAC7302 (aff9a1986555e4592de8092f9a5fa2d2) C:\WINDOWS\system32\DRIVERS\PAC7302.SYS
2011/07/15 21:01:42.0390 2620 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/15 21:01:42.0390 2620 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/15 21:01:42.0421 2620 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/15 21:01:42.0484 2620 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/15 21:01:42.0546 2620 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/15 21:01:42.0578 2620 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/15 21:01:42.0828 2620 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/15 21:01:42.0828 2620 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/15 21:01:42.0859 2620 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/15 21:01:42.0968 2620 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/15 21:01:43.0140 2620 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/15 21:01:43.0156 2620 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/15 21:01:43.0171 2620 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/15 21:01:43.0265 2620 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/15 21:01:43.0296 2620 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/15 21:01:43.0296 2620 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/15 21:01:43.0437 2620 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/15 21:01:43.0468 2620 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/15 21:01:43.0562 2620 s1039bus (20eb79fd0a13a18b70b6731a1285ca94) C:\WINDOWS\system32\DRIVERS\s1039bus.sys
2011/07/15 21:01:43.0640 2620 s1039mdfl (58780c6c3ad51da84b57d6ae42dc49ca) C:\WINDOWS\system32\DRIVERS\s1039mdfl.sys
2011/07/15 21:01:43.0656 2620 s1039mdm (1ff8b42d1346133a945b52876376ed40) C:\WINDOWS\system32\DRIVERS\s1039mdm.sys
2011/07/15 21:01:43.0687 2620 s1039mgmt (f64c13c549cb4732fe99c771fa35d038) C:\WINDOWS\system32\DRIVERS\s1039mgmt.sys
2011/07/15 21:01:43.0796 2620 s1039nd5 (ec22d9baa464a892c0637982b67292e6) C:\WINDOWS\system32\DRIVERS\s1039nd5.sys
2011/07/15 21:01:43.0812 2620 s1039obex (69e9ce002e7249e61ff2ea1336c71d89) C:\WINDOWS\system32\DRIVERS\s1039obex.sys
2011/07/15 21:01:43.0843 2620 s1039unic (482dfb3721a0de11cc22b439d17c348c) C:\WINDOWS\system32\DRIVERS\s1039unic.sys
2011/07/15 21:01:43.0968 2620 SAVRKBootTasks (0aef47e0a6b0cba8c9833d55298b2791) C:\WINDOWS\system32\SAVRKBootTasks.sys
2011/07/15 21:01:44.0000 2620 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/15 21:01:44.0031 2620 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/15 21:01:44.0171 2620 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/15 21:01:44.0187 2620 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/15 21:01:44.0250 2620 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/15 21:01:44.0343 2620 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/15 21:01:44.0390 2620 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/07/15 21:01:44.0390 2620 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/07/15 21:01:44.0390 2620 sptd - detected LockedFile.Multi.Generic (1)
2011/07/15 21:01:44.0500 2620 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/15 21:01:44.0531 2620 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/15 21:01:44.0656 2620 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/07/15 21:01:44.0687 2620 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/07/15 21:01:44.0781 2620 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/15 21:01:44.0796 2620 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/15 21:01:44.0812 2620 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/15 21:01:44.0984 2620 SynasUSB (418bd80a7fefaa3fcbd3dcfc021cb294) C:\WINDOWS\system32\drivers\SynasUSB.sys
2011/07/15 21:01:45.0171 2620 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/15 21:01:45.0218 2620 TCNear (e7f4d348aa01eadb48c7997b150ec8a8) C:\WINDOWS\system32\Drivers\TCNear.sys
2011/07/15 21:01:45.0328 2620 TCNearAudio (6fd682077637fcda6a44caa291101b23) C:\WINDOWS\system32\drivers\TCNearAudio.sys
2011/07/15 21:01:45.0343 2620 TCNearMidi (e398e61789688c65cbadcbb5b56bb5d8) C:\WINDOWS\system32\drivers\TCNearMidi.sys
2011/07/15 21:01:45.0453 2620 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/15 21:01:45.0500 2620 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/15 21:01:45.0609 2620 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/15 21:01:45.0625 2620 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/15 21:01:45.0781 2620 TPkd (5815ae5ef8519066f19e575d67f6f191) C:\WINDOWS\system32\drivers\TPkd.sys
2011/07/15 21:01:45.0812 2620 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/15 21:01:45.0937 2620 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/15 21:01:45.0968 2620 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/15 21:01:46.0203 2620 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/15 21:01:46.0234 2620 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/15 21:01:46.0359 2620 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/15 21:01:46.0375 2620 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/15 21:01:46.0406 2620 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/15 21:01:46.0500 2620 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/15 21:01:46.0515 2620 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/15 21:01:46.0578 2620 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/15 21:01:46.0656 2620 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/15 21:01:46.0687 2620 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/15 21:01:46.0812 2620 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/07/15 21:01:46.0843 2620 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/15 21:01:46.0937 2620 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/15 21:01:46.0953 2620 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/15 21:01:46.0968 2620 ================================================================================
2011/07/15 21:01:46.0968 2620 Scan finished
2011/07/15 21:01:46.0968 2620 ================================================================================
2011/07/15 21:01:47.0000 2228 Detected object count: 1
2011/07/15 21:01:47.0000 2228 Actual detected object count: 1
2011/07/15 21:01:58.0328 2228 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/07/15 21:01:58.0328 2228 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/07/15 21:01:58.0359 2228 C:\WINDOWS\system32\Drivers\sptd.sys - will be deleted after reboot
2011/07/15 21:01:58.0359 2228 LockedFile.Multi.Generic(sptd) - User select action: Delete
0
Réponse 3 / 8
Utilisateur anonyme
15 juil. 2011 à 21:12
Re

Inscris toi avant tout ,sinon je ne pourrais lire ce rapport demandé.

Pour de plus amples informations, fait ceci stp

Ouvre ce lien et télécharge ZHPDiag de Nicolas Coolman :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

Ou

https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/

Serveur N°2

Ou

http://www.premiumorange.com/zeb-help-process/zhpdiag.html
en bas de la page ZHP avec un numéro de version.

Une fois le téléchargement achevé, dé zippe le fichier obtenu et place ZHPDiag.exe sur ton Bureau.

Double-clique sur l'icône pour lancer le programme. Sous Vista ou Seven clic droit « exécuter en tant que administrateur »


Clique sur la loupe pour lancer l'analyse.

Laisse l'outil travailler, il peut être assez long.

Ferme ZHPDiag en fin d'analyse.


Pour transmettre le rapport clique sur ce lien :

http://www.cijoint.fr/index.php

http://pjjoint.malekal.com/

Clique sur Parcourir et cherche le répertoire où est installé ZHPDiag (en général C:\Program Files\ZHPDiag).

Sélectionne le fichier ZHPDiag.txt.

Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt

est ajouté dans la page.

Copie ce lien dans ta réponse.

Merci

A+
0
Réponse 4 / 8
JohnLange Messages postés 4 Date d'inscription mardi 8 février 2011 Statut Membre Dernière intervention 16 juillet 2011
15 juil. 2011 à 21:26
Voici le fichier demandé :


https://pjjoint.malekal.com/files.php?id=f26d97dffd5512



En tout cas merci beaucoup pour vos réponses, c'est vraiment sympa de voir qu'il y a encore des gens aimables, même sur la toile.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
JohnLange Messages postés 4 Date d'inscription mardi 8 février 2011 Statut Membre Dernière intervention 16 juillet 2011
15 juil. 2011 à 22:08
hum...toujours la =/ ?
0
Réponse 6 / 8
Utilisateur anonyme
16 juil. 2011 à 05:52
Bonjour

J'ai seulement réussi à faire 3 log : Un avec Combofix, un avec findykill et le dernier avec SDfix

Poste moi ces trois rapports;merci.

@+
0
Réponse 7 / 8
JohnLange Messages postés 4 Date d'inscription mardi 8 février 2011 Statut Membre Dernière intervention 16 juillet 2011
16 juil. 2011 à 13:49
Bonjour, voici les 3 rapports :



############################## | FindyKill V5.053 |

# User : user (Administrateurs) # USER-3ED31FB81D
# Update on 23/10/2010 by El Desaparecido
# Start at: 17:40:47 | 15/07/2011
# Website : http://www.teamxscript.org/
# Contact : eldesaparecido@teamxscript.org

# Processeur Intel Pentium III Xeon
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 10.0.1.58 [ (!) Disabled | Updated ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 97,65 Go (44,51 Go free) [Systeme] # NTFS
# D:\ # Disque fixe local # 274,95 Go (252,69 Go free) [Données] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM

################## | Processus infectieux stoppés |


################## | Eléments infectieux |


################## | Reference Bagle MD5 ... |


################## | MD5 ... |


################## | Bagle Trace ... |


################## | Crack .... |

[01/10/2009 16:15|--a------|48394240] C:\Documents and Settings\user\Mes documents\Downloads\guitarRig4\guitarRig4\Crack\Guitar Rig 4.exe
[15/07/2011 02:47|--a------|3534411] C:\Documents and Settings\user\Mes documents\Firefox DDL\Manip+crack.rar
[31/01/2009 19:18|--a------|8910843] D:\Clef 16Go\Divers\Progs\Guitar Pro 5.0 Full Crack\GP5FULL.exe

################## | Registre |


################## | Etat |

# Affichage des fichiers cachés : OK

# Mode sans echec : OK

# Ndisuio ( NDIS User Mode ) -> Start = 3 ( Good = 3 | Bad = 4 )

# EapHost ( Extensible Authentication Protocol Host ) -> Start = 2 ( Good = 2 | Bad = 4 )

# Ip6Fw ( IPv6 Windows Firewall Driver ) -> Start = 2 ( Good = 2 | Bad = 4 )

# SharedAccess ( Windows Firewall - Internet Connection Sharing ) -> Start = 2 ( Good = 2 | Bad = 4 )

# wuauserv ( Windows Update ) -> Start = 2 ( Good = 2 | Bad = 4 )

# wscsvc ( Windows Security Center ) -> Start = 2 ( Good = 2 | Bad = 4 )


################## | ! Fin du rapport # FindyKill V5.053 ! |









ComboFix 11-07-15.01 - user 15/07/2011 17:54:58.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3327.2950 [GMT 2:00]
Lancé depuis: c:\documents and settings\user\Mes documents\Firefox DDL\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\jestertb.dll
c:\windows\system32\c_54005.nls
c:\windows\system32\drivers\1251827900.sys
c:\windows\system32\msvcsv60.dll
c:\windows\XSxS
.
Une copie infectée de c:\windows\system32\drivers\cdrom.sys a été trouvée et désinfectée
Copie restaurée à partir de - The cat found it :)
Une copie infectée de c:\windows\system32\wuauclt.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\system32\dllcache\wuauclt.exe
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_1251827900
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-06-15 au 2011-07-15 ))))))))))))))))))))))))))))))))))))
.
.
2011-07-15 15:51 . 2008-04-14 12:00 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2011-07-15 15:51 . 2008-04-14 12:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-07-15 15:10 . 2011-07-15 15:10 -------- d-----w- c:\windows\ERUNT
2011-07-15 15:03 . 2011-07-15 15:29 -------- d-----w- C:\SDFix
2011-07-15 14:52 . 2011-07-15 14:52 -------- d-----w- c:\program files\CCleaner
2011-07-15 00:32 . 2011-07-15 00:32 -------- d-----w- c:\program files\revLoader_v2_2
2011-07-14 23:03 . 2008-10-27 08:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2011-07-14 23:03 . 2008-10-27 08:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2011-07-14 23:03 . 2008-10-10 02:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-07-14 23:03 . 2008-10-27 08:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2011-07-14 23:03 . 2008-07-30 04:20 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-07-14 23:03 . 2008-07-30 04:20 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2011-07-14 23:03 . 2008-07-10 09:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-07-14 23:03 . 2008-05-30 12:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2011-07-14 23:03 . 2011-07-15 14:54 -------- d-----w- c:\windows\Logs
2011-07-14 17:45 . 2011-07-14 17:45 -------- d-----w- c:\program files\Corsair
2011-07-14 17:44 . 2002-12-05 12:12 692224 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-07-14 17:44 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-07-14 17:44 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-07-14 17:44 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-07-14 17:44 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-07-14 17:44 . 2011-07-14 17:44 282756 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-07-14 17:44 . 2011-07-14 17:44 163972 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-07-06 04:07 . 2011-07-06 04:07 -------- d-----w- c:\documents and settings\user\Application Data\MeldaProduction MUtility
2011-06-25 15:42 . 2011-06-25 15:42 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-25 15:42 . 2011-06-25 15:42 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-23 23:54 . 2011-06-24 00:41 -------- d-----w- c:\program files\Vstplugins
2011-06-23 23:54 . 2011-06-24 00:40 -------- d-----w- c:\program files\Softube
2011-06-15 22:19 . 2011-06-15 22:19 -------- d-----w- c:\documents and settings\user\Application Data\Publish Providers
2011-06-15 22:14 . 2011-06-15 22:14 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Sony
2011-06-15 22:10 . 2011-06-15 22:10 -------- d-----w- c:\program files\Sony
2011-06-15 22:10 . 2011-06-15 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2011-06-15 22:08 . 2011-06-15 22:19 -------- d-----w- c:\documents and settings\user\Application Data\Sony
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 07:11 . 2011-04-30 14:44 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2011-04-30 14:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-22 12:20 . 2009-09-02 13:10 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-18 18:17 . 2011-04-18 18:17 1641105 ----a-w- c:\windows\WANEUninstaller.exe
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-06-25 15:42 . 2011-03-25 11:20 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-08-03 . FCE4485CF2370661218AFFA9753A8D75 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\SfcFiles.dll
[-] 2010-08-03 . FCE4485CF2370661218AFFA9753A8D75 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-17 1242448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"X'nBeep"="c:\program files\X'nBeep 1.1\XnBeep.exe" [2007-01-06 1067520]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-12-08 774144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-02-04 281768]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2005-12-13 91136]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"UpdatePDRShortCut"="d:\program files\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-03-31 273544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\user\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\avnotify.exe"=
"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson PC Companion\\PCCompanion.exe"=
"c:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe"=
"c:\\Documents and Settings\\user\\Mes documents\\Firefox DDL\\ccsetup308.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/03/2010 19:44 691696]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [20/05/2011 21:40 18816]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [02/09/2009 15:10 136360]
R2 MAudioUSBService;M-Audio USB Installer;c:\program files\M-Audio\Fast Track Pro\MAUSBInst.exe [13/09/2009 21:03 49152]
R2 NIHardwareService;NIHardwareService;c:\program files\Fichiers communs\Native Instruments\Hardware\NIHardwareService.exe [17/07/2009 15:32 3578368]
S2 FlexService;Remote Connections Service;"c:\program files\RapidBIT\cisvc.exe" --> c:\program files\RapidBIT\cisvc.exe [?]
S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [13/09/2009 21:03 102528]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\252.tmp --> c:\windows\system32\252.tmp [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/04/2008 14:00 14336]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [01/04/2011 01:18 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [01/04/2011 01:18 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [01/04/2011 01:18 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [01/04/2011 01:18 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [01/04/2011 01:18 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [01/04/2011 01:18 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [01/04/2011 01:18 123504]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [19/08/2010 02:47 18432]
S3 TCNear;TC Near;c:\windows\system32\drivers\TCNear.sys [25/08/2010 13:13 124544]
S3 TCNearAudio;TC Near Audio;c:\windows\system32\drivers\TCNearAudio.sys [25/08/2010 13:13 20864]
S3 TCNearMidi;TC Near MIDI;c:\windows\system32\drivers\TCNearMidi.sys [25/08/2010 13:13 20480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contenu du dossier 'Tâches planifiées'
.
2011-07-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-1425521274-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 12:25]
.
2011-06-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-1425521274-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 12:25]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\5bu21d8j.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-Cld2000.exe - c:\program files\Calendrier\Cld2000.exe
HKCU-Run-AVEDESK - c:\documents and settings\user\Bureau\avedesk-crystalxp.net-fr-167\AVEDESK.EXE
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-15 18:06
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
.
c:\windows\$NtUninstallKB59061$:SummaryInformation 0 bytes hidden from API
.
Scan terminé avec succès
Fichiers cachés: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\252.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-1425521274-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1082EE21-9A82-23D8-70AD-83FC7DDCCF94}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oamepgpbdjpbjdoegjllaiflcdabnj"=hex:64,61,66,63,62,6e,69,67,00,85
"oaaehhfgakgmcdbhdbmbmejfmpfdlc"=hex:69,61,6b,63,65,6b,6f,6d,65,69,65,6c,70,6f,
6f,63,6a,6c,00,ff
"nacebfepgofijlhegdfahhccnjab"=hex:69,61,6b,63,65,6b,6f,6d,65,69,65,6c,70,6f,
6f,63,6a,6c,00,ff
"oamepgpbdjpbjdoegjllaiflhcdbal"=hex:64,61,66,63,62,6e,69,67,00,85
"oaaehhfgakgmcdbhdbmbmejfppockl"=hex:6a,61,6d,63,64,6d,67,6a,63,6b,6b,6d,6b,69,
6f,6f,63,70,65,6c,00,02
"nacebfepgofijlhegdfahhfcgide"=hex:6a,61,6d,63,64,6d,67,6a,63,6b,6b,6d,6b,69,
6f,6f,63,70,65,6c,00,02
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(3624)
c:\windows\system32\msi.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Heure de fin: 2011-07-15 18:11:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-07-15 16:11
.
Avant-CF: 47 596 904 448 octets libres
Après-CF: 47 631 941 632 octets libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
.
- - End Of File - - 66EA7FED41405F12947607E4247F037D










[b]SDFix: Version 1.240 /b
Run by user on 15/07/2011 at 17:13

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services /b:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files /b:

No Trojan Files Found






Removing Temp Files

[b]ADS Check /b:



[b]Final Check /b:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-15 17:24:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\*PNPd5de\0000]
"Service"="1251827900"
"ClassGUID"="{4D36E97D-E325-11CE-BFC1-08002BE10318}"
"Class"="System"
"DeviceDesc"="PCI bus"
"Mfg"="Technologies Inc"
"LocationInformation"="on Microsoft ACPI-Compliant System"
"ConfigFlags"=dword:00000000
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\1251827900]
"Start"=dword:00000003
"Type"=dword:00000001
"ErrorControl"=dword:00000001
"DisplayName"="Virtual Bus for Microsoft ACPI-Compliant System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"h0"=dword:00000000
"hdf12"=hex:f3,b4,ef,e7,50,13,53,d0,c8,8b,b6,ba,02,25,b0,68,cc,38,7a,84,20,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,84,91,77,8b,23,9c,07,8f,2c,61,f7,22,38,da,91,b9,0a,..
"hdf12"=hex:1e,6f,2a,b8,8e,91,37,cc,00,93,63,e4,75,9c,2d,85,57,bf,22,72,d4,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:43,48,c6,a4,2f,8d,ca,2b,5c,d7,f0,dc,a1,80,75,75,83,6e,a7,8b,b2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:71,0c,3f,b3,83,fe,92,2c,ad,d4,fd,4f,a9,87,70,b3,d0,2f,1b,94,f2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]
"hdf12"=hex:78,c8,8b,f3,1a,7b,e0,44,41,53,a4,97,33,47,98,14,b0,3e,6e,40,5b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\*PNPd5de\0000]
"Service"="1251827900"
"ClassGUID"="{4D36E97D-E325-11CE-BFC1-08002BE10318}"
"Class"="System"
"DeviceDesc"="PCI bus"
"Mfg"="Technologies Inc"
"LocationInformation"="on Microsoft ACPI-Compliant System"
"ConfigFlags"=dword:00000000
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\1251827900]
"Start"=dword:00000003
"Type"=dword:00000001
"ErrorControl"=dword:00000001
"DisplayName"="Virtual Bus for Microsoft ACPI-Compliant System"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"h0"=dword:00000000
"hdf12"=hex:f3,b4,ef,e7,50,13,53,d0,c8,8b,b6,ba,02,25,b0,68,cc,38,7a,84,20,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,84,91,77,8b,23,9c,07,8f,2c,61,f7,22,38,da,91,b9,0a,..
"hdf12"=hex:1e,6f,2a,b8,8e,91,37,cc,00,93,63,e4,75,9c,2d,85,57,bf,22,72,d4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:43,48,c6,a4,2f,8d,ca,2b,5c,d7,f0,dc,a1,80,75,75,83,6e,a7,8b,b2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:71,0c,3f,b3,83,fe,92,2c,ad,d4,fd,4f,a9,87,70,b3,d0,2f,1b,94,f2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]
"hdf12"=hex:78,c8,8b,f3,1a,7b,e0,44,41,53,a4,97,33,47,98,14,b0,3e,6e,40,5b,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1082EE21-9A82-23D8-70AD-83FC7DDCCF94}]
"oamepgpbdjpbjdoegjllaiflcdabnj"=hex:64,61,66,63,62,6e,69,67,00,85
"oaaehhfgakgmcdbhdbmbmejfmpfdlc"=hex:69,61,6b,63,65,6b,6f,6d,65,69,65,6c,70,6f,6f,63,6a,6c,00,ff
"nacebfepgofijlhegdfahhccnjab"=hex:69,61,6b,63,65,6b,6f,6d,65,69,65,6c,70,6f,6f,63,6a,6c,00,ff
"oamepgpbdjpbjdoegjllaiflhcdbal"=hex:64,61,66,63,62,6e,69,67,00,85
"oaaehhfgakgmcdbhdbmbmejfppockl"=hex:6a,61,6d,63,64,6d,67,6a,63,6b,6b,6d,6b,69,6f,6f,63,70,65,6c,00,..
"nacebfepgofijlhegdfahhfcgide"=hex:6a,61,6d,63,64,6d,67,6a,63,6b,6b,6d,6b,69,6f,6f,63,70,65,6c,00,..

scanning hidden files ...

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
C:\WINDOWS\$NtUninstallKB59061$:SummaryInformation 0 bytes hidden from API
C:\WINDOWS\$NtUninstallKB59061$\2988510624 0 bytes
C:\WINDOWS\$NtUninstallKB59061$\606289257
C:\WINDOWS\$NtUninstallKB59061$\606289257\click.tlb 2144 bytes
C:\WINDOWS\$NtUninstallKB59061$\606289257\L
C:\WINDOWS\$NtUninstallKB59061$\606289257\L\tczmeuag 62976 bytes
C:\WINDOWS\$NtUninstallKB59061$\606289257\loader.tlb 2540 bytes
C:\WINDOWS\$NtUninstallKB59061$\606289257\U
C:\WINDOWS\$NtUninstallKB59061$\606289257\U\@00000001 54368 bytes
C:\WINDOWS\$NtUninstallKB59061$\606289257\U\@000000c0 2560 bytes
C:\WINDOWS\$NtUninstallKB59061$\606289257\U\@000000cb 2048 bytes
C:\WINDOWS\$NtUninstallKB59061$\606289257\U\@000000cf 1536 bytes
C:\WINDOWS\$NtUninstallKB59061$\606289257\U\@80000000 24576 bytes
C:\WINDOWS\$NtUninstallKB59061$\606289257\U\@800000c0 33280 bytes
C:\WINDOWS\$NtUninstallKB59061$\606289257\U\@800000cb 27648 bytes
C:\WINDOWS\$NtUninstallKB59061$\606289257\U\@800000cf 27136 bytes
C:\WINDOWS\$NtUninstallKB59061$\606289257\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} 2048 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 19


[b]Remaining Services /b:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"D:\\Bin\\SeriousSam.exe"="D:\\Bin\\SeriousSam.exe:*:Disabled:SeriousSam"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\World of Padman\\wop.exe"="C:\\World of Padman\\wop.exe:*:Enabled:wop"
"C:\\Program Files\\UrbanTerror\\ioUrbanTerror.exe"="C:\\Program Files\\UrbanTerror\\ioUrbanTerror.exe:*:Enabled:ioUrbanTerror"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\UrbanTerror\\ioUrTded.exe"="C:\\Program Files\\UrbanTerror\\ioUrTded.exe:*:Enabled:ioUrTded"
"C:\\Program Files\\Adobe\\Adobe Bridge CS4\\Bridge.exe"="C:\\Program Files\\Adobe\\Adobe Bridge CS4\\Bridge.exe:*:Disabled:Adobe Bridge CS4"
"C:\\Program Files\\Adobe\\Adobe Device Central CS4\\DeviceCentral.exe"="C:\\Program Files\\Adobe\\Adobe Device Central CS4\\DeviceCentral.exe:*:Disabled:Adobe Device Central CS4"
"C:\\Program Files\\Adobe\\Adobe Utilities\\ExtendScript Toolkit CS4\\ExtendScript Toolkit.exe"="C:\\Program Files\\Adobe\\Adobe Utilities\\ExtendScript Toolkit CS4\\ExtendScript Toolkit.exe:*:Disabled:Adobe ExtendScript Toolkit CS4"
"C:\\Program Files\\Adobe\\Adobe Extension Manager CS4\\Adobe Extension Manager CS4.exe"="C:\\Program Files\\Adobe\\Adobe Extension Manager CS4\\Adobe Extension Manager CS4.exe:*:Disabled:Adobe Extension Manager CS4"
"C:\\Program Files\\Adobe\\Adobe Media Encoder CS4\\Adobe Media Encoder.exe"="C:\\Program Files\\Adobe\\Adobe Media Encoder CS4\\Adobe Media Encoder.exe:*:Disabled:Adobe Media Encoder CS4"
"C:\\Program Files\\Adobe\\Adobe Utilities\\Pixel Bender Toolkit\\pixel_bender_toolkit.exe"="C:\\Program Files\\Adobe\\Adobe Utilities\\Pixel Bender Toolkit\\pixel_bender_toolkit.exe:*:Disabled:Adobe Pixel Bender Toolkit"
"C:\\Program Files\\Adobe\\Adobe After Effects CS4\\Support Files\\AfterFX.exe"="C:\\Program Files\\Adobe\\Adobe After Effects CS4\\Support Files\\AfterFX.exe:*:Disabled:Adobe After Effects CS4"
"C:\\Documents and Settings\\user\\Mes documents\\Downloads\\czero\\czero\\czero.exe"="C:\\Documents and Settings\\user\\Mes documents\\Downloads\\czero\\czero\\czero.exe:*:Enabled:Condition Zero Launcher"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"="C:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe:*:Disabled:RealUpgrade Launcher"
"C:\\Program Files\\Avira\\AntiVir Desktop\\avnotify.exe"="C:\\Program Files\\Avira\\AntiVir Desktop\\avnotify.exe:*:Enabled:Notification Tool"
"C:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"="C:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe:*:Disabled:DivX Update"
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson PC Companion\\PCCompanion.exe"="C:\\Program Files\\Sony Ericsson\\Sony Ericsson PC Companion\\PCCompanion.exe:*:Disabled:Sony Ericsson PC Companion"
"C:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe"="C:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe:*:Enabled:Windows Live Communications Platform"
"C:\\Documents and Settings\\user\\Mes documents\\Firefox DDL\\ccsetup308.exe"="C:\\Documents and Settings\\user\\Mes documents\\Firefox DDL\\ccsetup308.exe:*:Enabled:CCleaner Installer"
"C:\\Documents and Settings\\user\\Local Settings\\Temp\\is-1EIRO.tmp\\spybotsd162.tmp"="C:\\Documents and Settings\\user\\Local Settings\\Temp\\is-1EIRO.tmp\\spybotsd162.tmp:*:Enabled:Setup/Uninstall"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[b]Remaining Files /b:



[b]Files with Hidden Attributes /b:

Tue 28 Jul 2009 1,548,120 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Thu 21 Apr 2011 14,276,088 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Tue 5 Apr 2011 14,284,280 A..H. --- "C:\System Volume Information\_restore{DCAB3396-6F6B-48EF-987F-503D91B0B7B0}\RP619\A0111317.exe"
Fri 25 Apr 2008 198,384 A..H. --- "C:\WINDOWS\Resources\Themes\Cuxtheme3.exe"
Wed 2 Sep 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 27 Oct 2010 444 ...HR --- "C:\Documents and Settings\user\Application Data\SecuROM\UserData\securom_v7_01.bak"

[b]Finished!/b
0
Réponse 8 / 8
Utilisateur anonyme
17 juil. 2011 à 07:38
Bonjour

Télécharge ceci Pre_Scan.exe
de Gen Hackman


Avertissement: Il y aura une extinction courte du bureau --> pas de panique.

une fois telechargé lance-le , laisse faire le scan puis colle le contenu de "Pre_scan.txt" qui apparaitra à son terme , sur le bureau.

si l'outil détecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

si l'outil semble ne pas avoir fonctionné clique plusieurs fois très rapidement dessus ou renomme-le winlogon ou change son extension en .com ou .scr

@+
0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses