Rapport ZHPDiag ( infection )
floopi
Messages postés
307
Statut
Membre
-
floopi Messages postés 307 Statut Membre -
floopi Messages postés 307 Statut Membre -
Bonjour,
Voilà je demande votre aide car depuis hier je suis infecté ( j'ai des avertissements de avira ) et il est impossible de faire un clique droit sur un fichier/icone sur le bureau ou dans explorer depuis hier ( je fais clique droit mais rien ne se passe et quelque fois explorer redémarré ). Voilà si vouspouviez m'aider svp...
Voilà le rapport zhp : http://cjoint.com/12au/BHcuCBSCyCU.htm
Voilà je demande votre aide car depuis hier je suis infecté ( j'ai des avertissements de avira ) et il est impossible de faire un clique droit sur un fichier/icone sur le bureau ou dans explorer depuis hier ( je fais clique droit mais rien ne se passe et quelque fois explorer redémarré ). Voilà si vouspouviez m'aider svp...
Voilà le rapport zhp : http://cjoint.com/12au/BHcuCBSCyCU.htm
A voir également:
- Rapport ZHPDiag ( infection )
- Zhpdiag - Télécharger - Informations & Diagnostic
- Plan rapport de stage - Guide
- Zhpdiag avis - Forum Antivirus
- Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport existant - Forum Excel
- Thème rapport de stage comptabilité - Forum Word
17 réponses
ok desinstalle tout Java c'est à cause de lui qui n'est pas à jour
ensuite :
Attention : cet outil peut etre détecté à tort comme virus
tous les processus "non vitaux de windows" vont être coupés , enregistre ton travail.
Désactive toutes tes protections si possible , antivirus , sandbox , etc....
telecharge et enregistre Pre_Scan sur ton bureau :
http://forums-fec.be/gen-hackman/Pre_Scan.exe
http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan
Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.
une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.
si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"
si l'outil est bloqué par l'infection utilise cette version avec extension .pif :
http://forums-fec.be/gen-hackman/Pre_Scan.pif
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan
Il est possible que l'outil fasse redemarrer ton pc plusieurs fois , laisse-le faire
NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)
Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider
ensuite :
Attention : cet outil peut etre détecté à tort comme virus
tous les processus "non vitaux de windows" vont être coupés , enregistre ton travail.
Désactive toutes tes protections si possible , antivirus , sandbox , etc....
telecharge et enregistre Pre_Scan sur ton bureau :
http://forums-fec.be/gen-hackman/Pre_Scan.exe
http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan
Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.
une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.
si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"
si l'outil est bloqué par l'infection utilise cette version avec extension .pif :
http://forums-fec.be/gen-hackman/Pre_Scan.pif
si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"
Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan
Il est possible que l'outil fasse redemarrer ton pc plusieurs fois , laisse-le faire
NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)
Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider
Merci de ta réponse, et bien il me dit " Avira a détecté un élément indésirable dans C:Users/Appdata/Roaming:easjfdssd.exe ( un nom comme ça, il m'en sort plusieurs ) puis TR\Ransom.f.60 et d'autres choses comme ça ...Là j'ai redémarrer en mode sans échec
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re
J'ai lancé pre_scan a 22:20 puis il est resté bloqué sur HKU\ TYPELIB mais je l'ai laisser tourner toute la nuit et toujours bloqué...J'ai redémarrer mon ordi je vais essayer la version pif
J'ai lancé pre_scan a 22:20 puis il est resté bloqué sur HKU\ TYPELIB mais je l'ai laisser tourner toute la nuit et toujours bloqué...J'ai redémarrer mon ordi je vais essayer la version pif
??? je ne la controle plus depuis longtemps cette clé....c'est bien une version recente que tu as telechargée ? c'est pas une vieille version que tu avais dans le pc ?
Bha j'ai télécharger pre_san a partir de tes liens ce dessus ... et là j'ai réessayer en mode sans échec et le même problème puis j'ai redémarrer en mode normal et là mon thème a changé en classique ..
Je viens de redémarrer en normal et là je vois que mon ordi est en mode sans échec... ( il démarre en mode normal mais il est en mode sans échec : thème basique, pas de son, pas de thème aero) ...
/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\
__________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================
▶ Surtout , à l'enregistrement change le nom de Combofix en "cequetuveux" avant qu'il soit enregistré sur ton disque dur
clique droit sur ce lien : Combofix =>enregistrer la cible sous....=> sur ton bureau => du nom que tu veux
Avant d'utiliser ComboFix :
Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\
Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :
▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau
▶ Lance le
Une fenêtre apparait : clique sur "Disable"
▶ Fais redémarrer l'ordinateur si l'outil te le demande
Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"
_________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur combofix renommé
¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤
▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!
▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur
Voilà j'ai fait combofix :) :
Après combofix j'ai passé un scan et une suppression avec usbfix ( raport en bas )
Je viens de redémarrer en mode normal et là il fonctionne correctement ! ( clic droit revenu, thème aero revenu :) )
ComboFix 12-07-31.05 - Return 03/08/2012 11:21:49.2.2 - x86 NETWORK
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.1.1033.18.3071.2359 [GMT 2:00]
Running from: c:\users\Return\Desktop\oueshouesh.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Return\AppData\Roaming\5C72AA.exe
c:\users\Return\AppData\Roaming\egkepxcackaofrwsjvh.exe
c:\users\Return\AppData\Roaming\System.Data.SQLite.DLL
c:\users\Return\S4_full_2012051519.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-03 to 2012-08-03 )))))))))))))))))))))))))))))))
.
.
2012-08-03 09:26 . 2012-08-03 09:26 -------- d-----w- c:\users\Return\AppData\Local\temp
2012-08-03 07:17 . 2012-08-03 07:17 -------- d-----w- c:\users\Return\AppData\Roaming\raidcall
2012-08-02 18:24 . 2012-08-02 18:27 -------- d-----w- C:\ZHP
2012-08-02 18:24 . 2012-08-02 18:26 -------- d-----w- c:\program files\ZHPDiag
2012-08-02 14:20 . 2012-08-02 14:20 -------- d-----w- c:\users\Return\AppData\Roaming\ts3overlay
2012-07-31 07:30 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA14E8E7-BA05-495A-BC52-2460BB3D7975}\mpengine.dll
2012-07-25 17:57 . 2012-07-25 17:57 -------- d-----w- c:\program files\Microsoft WSE
2012-07-25 17:53 . 2012-08-01 16:18 -------- d-----w- c:\program files\Electronic Arts
2012-07-25 17:44 . 2012-07-25 17:44 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-25 17:40 . 2012-07-25 17:44 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-07-24 09:32 . 2012-08-03 09:01 -------- d-----w- C:\UsbFix
2012-07-22 12:59 . 2012-07-22 12:59 -------- d-----w- c:\programdata\RELOADED
2012-07-20 13:09 . 2012-07-25 17:40 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-07-11 01:02 . 2012-06-02 09:08 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-07-11 01:00 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 19:25 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-10 19:25 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 19:25 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-10 19:25 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 19:25 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 19:25 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 19:25 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 19:25 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-10 19:25 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-10 19:25 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-10 19:25 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 19:25 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-10 19:24 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2012-07-10 19:24 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-10 19:24 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-08 09:14 . 2012-08-03 07:17 -------- d-----w- c:\program files\RaidCall
2012-07-04 18:14 . 2012-07-04 18:14 -------- d-----w- c:\program files\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 06:28 . 2012-04-09 20:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 06:28 . 2011-08-22 13:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-29 12:01 . 2011-08-24 15:32 2755072 ----a-w- c:\windows\system32\themeui.dll
2012-07-29 12:01 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2012-07-29 12:01 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2012-07-03 11:46 . 2012-05-05 07:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 18:06 . 2012-06-24 18:06 232616 ----a-w- c:\windows\system32\npPMangFX.dll
2012-06-03 17:42 . 2012-06-03 17:42 295011 ----a-w- C:\UsbFix_Upload_Me_GAME.zip
2012-06-02 22:19 . 2012-06-21 11:20 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:20 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:20 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:20 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 11:20 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 11:20 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 11:20 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 11:20 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 11:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2011-08-22 11:52 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-27 13:48 . 2012-05-27 13:48 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-05-16 11:22 . 2012-05-16 11:22 417448 ----a-w- c:\windows\system32\PMangAX0.dll
2012-05-16 11:21 . 2012-05-16 11:21 417448 ----a-w- c:\windows\system32\PMangAX.dll
2012-07-18 16:22 . 2012-07-16 22:54 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26104104]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"Akamai NetSession Interface"="c:\users\Return\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"RaidCall"="c:\program files\RaidCall\raidcall.exe" [2012-07-19 3076096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^xwidget.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\xwidget.lnk
backup=c:\windows\pss\xwidget.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Return^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^jSAjBQj.exe.lnk]
path=c:\users\Return\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jSAjBQj.exe.lnk
backup=c:\windows\pss\jSAjBQj.exe.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Return^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Return\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2011-09-23 15:26 2648384 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-11 21:53 138096 ----atw- c:\users\Return\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2010-08-09 12:47 248832 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-06-27 10:29 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-07-03 11:46 973488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-08-10 17:44 4217720 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - avipbb
*Deregistered* - ssmdrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 06:28]
.
2012-08-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656635725-449782252-1615114488-1000Core.job
- c:\users\Return\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-13 21:53]
.
2012-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656635725-449782252-1615114488-1000UA.job
- c:\users\Return\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-13 21:53]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-22 13:55]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-22 13:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
DPF: {07FF5CE9-6569-4905-8D88-F6AA23481430} - hxxps://secure1.playfps.com/play/s4l/ax/S4WebLauncher.cab
DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} - hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab
FF - ProfilePath - c:\users\Return\AppData\Roaming\Mozilla\Firefox\Profiles\2pw33n8z.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-90935353.sys
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
MSConfigStartUp-egkepxcackaofrwsjvh - c:\users\Return\AppData\Roaming\egkepxcackaofrwsjvh.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\XDva399]
"ImagePath"="\??\c:\users\Return\AppData\Local\Temp\Din475B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2656635725-449782252-1615114488-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2656635725-449782252-1615114488-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-03 11:28:15
ComboFix-quarantined-files.txt 2012-08-03 09:28
.
Pre-Run: 122 144 006 144 octets libres
Post-Run: 122 226 741 248 octets libres
.
- - End Of File - - 20FB11B4348692F5912DBAD08E8876CA
UsbFix
############################## | UsbFix V 7.084 | [Deletion]
User: Return (Administrator) # GAME
Updated 13/03/2012 by El Desaparecido
Started at 11:30:42 | 03/08/2012
Website: https://www.sosvirus.net/
Suspicious file ? : http://eldesaparecido.com/upload.html
Contact: contact@eldesaparecido.com
PC: Packard Bell (imedia S3210) (X86-based PC) # Desktop Computer
CPU: AMD Athlon(tm) II X2 215 Processor (2700)
RAM -> [ Total : 3071 | Free : 2247 ]
BIOS: )Phoenix - Award WorkstationBIOS v6.00PG
BOOT: Normal boot
OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [ Enabled ]
WU: Windows Update Service [ Enabled ]
AV: Avira Desktop [ Enabled | Updated ]
FW: Windows FireWall Service [ Enabled ]
C:\ (%systemdrive%) -> Fixed drive # 226 Gb (114 Mb free - 50%) [Packard Bell] # NTFS
D:\ -> Fixed drive # 227 Gb (220 Mb free - 97%) [DATA] # NTFS
E:\ -> CD-ROM
################## | Active Processes |
C:\Windows\system32\csrss.exe (352)
C:\Windows\system32\wininit.exe (408)
C:\Windows\system32\csrss.exe (420)
C:\Windows\system32\services.exe (456)
C:\Windows\system32\lsass.exe (472)
C:\Windows\system32\lsm.exe (480)
C:\Windows\system32\winlogon.exe (512)
C:\Windows\system32\svchost.exe (644)
C:\Windows\system32\svchost.exe (704)
C:\Windows\System32\svchost.exe (772)
C:\Windows\system32\svchost.exe (852)
C:\Windows\system32\svchost.exe (908)
C:\Windows\system32\svchost.exe (948)
C:\Windows\system32\svchost.exe (996)
C:\Windows\system32\svchost.exe (1116)
C:\Windows\System32\svchost.exe (1260)
C:\Windows\system32\svchost.exe (1572)
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (1820)
C:\Program Files\Logitech\Vid HD\Vid.exe (1932)
C:\Windows\explorer.exe (3628)
C:\Windows\system32\wbem\wmiprvse.exe (1040)
C:\UsbFix\Go.exe (3848)
################## | Stopped processes |
Stopped! C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (1820)
Stopped! C:\Program Files\Logitech\Vid HD\Vid.exe (1932)
################## | Files # Infected Folders |
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-2656635725-449782252-1615114488-1000
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-2656635725-449782252-1615114488-1000
(!) Temporary files deleted.
################## | Registry |
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
################## | Mountpoints2 |
################## | Listing |
[03/08/2012 - 11:31:13 | SHD ] C:\$RECYCLE.BIN
[24/06/2012 - 19:51:25 | N | 3362] C:\Ad-Report-CLEAN[1].txt
[24/07/2012 - 11:31:43 | N | 3499] C:\Ad-Report-CLEAN[2].txt
[03/06/2012 - 19:43:56 | N | 2881] C:\Ad-Report-SCAN[1].txt
[24/06/2012 - 19:49:51 | N | 3331] C:\Ad-Report-SCAN[2].txt
[24/07/2012 - 11:30:34 | N | 3648] C:\Ad-Report-SCAN[3].txt
[09/04/2012 - 22:25:26 | N | 1076] C:\AdwCleaner[R1].txt
[15/07/2012 - 12:00:27 | N | 1750] C:\AdwCleaner[R2].txt
[01/08/2012 - 14:32:11 | N | 1454] C:\AdwCleaner[R3].txt
[09/04/2012 - 22:25:51 | N | 1144] C:\AdwCleaner[S1].txt
[15/07/2012 - 12:00:43 | N | 264] C:\AdwCleaner[S2].txt
[15/07/2012 - 12:01:02 | N | 1883] C:\AdwCleaner[S3].txt
[01/08/2012 - 14:32:38 | N | 1516] C:\AdwCleaner[S4].txt
[10/06/2009 - 23:42:20 | N | 24] C:\autoexec.bat
[03/06/2012 - 19:42:22 | RAD ] C:\Autorun.inf
[28/10/2009 - 19:18:59 | N | 8192] C:\BOOTSECT.BAK
[03/08/2012 - 11:28:16 | N | 14692] C:\ComboFix.txt
[02/08/2012 - 22:15:10 | D ] C:\Config.Msi
[10/06/2009 - 23:42:20 | N | 10] C:\config.sys
[17/01/2012 - 08:24:38 | D ] C:\dell
[14/07/2009 - 06:53:55 | SHD ] C:\Documents and Settings
[27/06/2012 - 15:07:00 | D ] C:\Download
[04/08/2011 - 00:18:21 | D ] C:\found.000
[24/04/2012 - 11:51:12 | D ] C:\Fraps
[03/08/2012 - 11:10:04 | ASH | 2414776320] C:\hiberfil.sys
[01/08/2012 - 14:38:37 | N | 157016] C:\install.data
[26/07/2012 - 17:25:33 | N | 157016] C:\install.png
[05/08/2011 - 12:04:00 | N | 0] C:\IO.SYS
[05/08/2011 - 12:04:00 | N | 0] C:\MSDOS.SYS
[28/10/2009 - 18:51:53 | RD ] C:\MSOCache
[26/06/2012 - 14:44:03 | D ] C:\MyHosts
[31/07/2012 - 16:00:36 | N | 230] C:\MyHosts.txt
[21/07/2011 - 12:29:00 | D ] C:\Neowiz
[18/08/2011 - 11:20:18 | D ] C:\NVIDIA
[11/06/2011 - 11:27:36 | D ] C:\OEM
[03/08/2012 - 11:29:45 | D ] C:\oueshouesh
[03/08/2012 - 11:10:09 | ASH | 3219705856] C:\pagefile.sys
[14/07/2009 - 04:37:05 | D ] C:\PerfLogs
[03/08/2012 - 09:54:19 | D ] C:\Pre_Scan
[03/08/2012 - 09:54:19 | N | 494382] C:\Pre_Scan.txt
[02/08/2012 - 22:15:03 | D ] C:\Program Files
[13/07/2011 - 21:03:18 | D ] C:\Program Files (x86)
[03/08/2012 - 11:19:14 | D ] C:\ProgramData
[03/08/2012 - 11:28:18 | D ] C:\Qoobox
[22/08/2011 - 13:36:17 | D ] C:\Recovery
[28/10/2009 - 18:37:37 | N | 2035] C:\RHDSetup.log
[24/06/2012 - 20:06:04 | N | 44] C:\selog.txt
[01/10/2011 - 14:32:42 | D ] C:\SMCLpav
[29/07/2012 - 15:25:41 | SHD ] C:\System Volume Information
[01/08/2012 - 14:31:59 | N | 128870] C:\TDSSKiller.2.7.45.0_01.08.2012_14.31.23_log.txt
[03/08/2012 - 10:56:27 | N | 348] C:\TDSSKiller.2.7.45.0_03.08.2012_10.56.23_log.txt
[15/07/2012 - 11:59:59 | N | 129050] C:\TDSSKiller.2.7.45.0_15.07.2012_11.59.28_log.txt
[03/08/2012 - 10:57:54 | N | 127066] C:\TDSSKiller.2.7.48.0_03.08.2012_10.57.24_log.txt
[01/08/2012 - 14:31:54 | D ] C:\TDSSKiller_Quarantine
[15/06/2011 - 22:15:06 | D ] C:\tempocapt
[25/06/2012 - 12:18:46 | N | 0] C:\testDefBrow.html
[01/08/2012 - 14:38:37 | N | 2636] C:\uninstal.data
[03/08/2012 - 11:31:13 | D ] C:\UsbFix
[03/08/2012 - 11:30:47 | A | 2137] C:\UsbFix.txt
[03/06/2012 - 19:42:22 | N | 295011] C:\UsbFix_Upload_Me_GAME.zip
[13/04/2012 - 22:31:26 | D ] C:\Users
[03/08/2012 - 11:26:55 | D ] C:\Windows
[28/03/2012 - 09:14:03 | N | 11333] C:\XTrapd11.vxd
[02/08/2012 - 20:27:45 | D ] C:\ZHP
[29/02/2012 - 18:04:21 | N | 130136] C:\ZHPDiag.Txt
[03/08/2012 - 11:31:13 | D ] D:\$RECYCLE.BIN
[19/08/2011 - 17:55:38 | D ] D:\Adobe Photoshop CS5.1
[07/07/2011 - 22:35:33 | D ] D:\Adobe Photoshop Elements 9
[02/06/2010 - 05:21:16 | N | 1347354] D:\Apr2005_d3dx9_25_x64.cab
[02/06/2010 - 05:21:16 | N | 1078962] D:\Apr2005_d3dx9_25_x86.cab
[02/06/2010 - 05:21:16 | N | 1397830] D:\Apr2006_d3dx9_30_x64.cab
[02/06/2010 - 05:21:16 | N | 1115221] D:\Apr2006_d3dx9_30_x86.cab
[02/06/2010 - 05:21:18 | N | 916430] D:\Apr2006_MDX1_x86.cab
[02/06/2010 - 05:21:18 | N | 4162630] D:\Apr2006_MDX1_x86_Archive.cab
[02/06/2010 - 05:21:18 | N | 179133] D:\Apr2006_XACT_x64.cab
[02/06/2010 - 05:21:18 | N | 133103] D:\Apr2006_XACT_x86.cab
[02/06/2010 - 05:21:20 | N | 87101] D:\Apr2006_xinput_x64.cab
[02/06/2010 - 05:21:34 | N | 46010] D:\Apr2006_xinput_x86.cab
[02/06/2010 - 05:21:36 | N | 698612] D:\APR2007_d3dx10_33_x64.cab
[02/06/2010 - 05:21:36 | N | 695865] D:\APR2007_d3dx10_33_x86.cab
[02/06/2010 - 05:21:36 | N | 1607358] D:\APR2007_d3dx9_33_x64.cab
[02/06/2010 - 05:21:38 | N | 1606039] D:\APR2007_d3dx9_33_x86.cab
[02/06/2010 - 05:21:38 | N | 195766] D:\APR2007_XACT_x64.cab
[02/06/2010 - 05:21:38 | N | 151225] D:\APR2007_XACT_x86.cab
[02/06/2010 - 05:21:38 | N | 96817] D:\APR2007_xinput_x64.cab
[02/06/2010 - 05:21:40 | N | 53302] D:\APR2007_xinput_x86.cab
[03/07/2011 - 19:02:04 | D ] D:\ASIMASIM-PC
[02/06/2010 - 05:21:40 | N | 1350542] D:\Aug2005_d3dx9_27_x64.cab
[02/06/2010 - 05:21:40 | N | 1077644] D:\Aug2005_d3dx9_27_x86.cab
[02/06/2010 - 05:21:40 | N | 182903] D:\AUG2006_XACT_x64.cab
[02/06/2010 - 05:21:40 | N | 137235] D:\AUG2006_XACT_x86.cab
[02/06/2010 - 05:21:40 | N | 87142] D:\AUG2006_xinput_x64.cab
[02/06/2010 - 05:21:40 | N | 46058] D:\AUG2006_xinput_x86.cab
[02/06/2010 - 05:21:42 | N | 852286] D:\AUG2007_d3dx10_35_x64.cab
[02/06/2010 - 05:21:42 | N | 796867] D:\AUG2007_d3dx10_35_x86.cab
[02/06/2010 - 05:21:42 | N | 1800160] D:\AUG2007_d3dx9_35_x64.cab
[02/06/2010 - 05:21:42 | N | 1708152] D:\AUG2007_d3dx9_35_x86.cab
[02/06/2010 - 05:21:44 | N | 198096] D:\AUG2007_XACT_x64.cab
[02/06/2010 - 05:21:44 | N | 153012] D:\AUG2007_XACT_x86.cab
[02/06/2010 - 05:21:42 | N | 867612] D:\Aug2008_d3dx10_39_x64.cab
[02/06/2010 - 05:21:44 | N | 849167] D:\Aug2008_d3dx10_39_x86.cab
[02/06/2010 - 05:21:44 | N | 1794084] D:\Aug2008_d3dx9_39_x64.cab
[02/06/2010 - 05:21:44 | N | 1464672] D:\Aug2008_d3dx9_39_x86.cab
[02/06/2010 - 05:21:44 | N | 121772] D:\Aug2008_XACT_x64.cab
[02/06/2010 - 05:21:44 | N | 92996] D:\Aug2008_XACT_x86.cab
[02/06/2010 - 05:21:46 | N | 271412] D:\Aug2008_XAudio_x64.cab
[02/06/2010 - 05:21:46 | N | 271038] D:\Aug2008_XAudio_x86.cab
[02/06/2010 - 05:21:46 | N | 919044] D:\Aug2009_D3DCompiler_42_x64.cab
[02/06/2010 - 05:21:56 | N | 900598] D:\Aug2009_D3DCompiler_42_x86.cab
[02/06/2010 - 05:21:56 | N | 3112111] D:\Aug2009_d3dcsx_42_x64.cab
[02/06/2010 - 05:21:56 | N | 3319740] D:\Aug2009_d3dcsx_42_x86.cab
[02/06/2010 - 05:21:58 | N | 232635] D:\Aug2009_d3dx10_42_x64.cab
[02/06/2010 - 05:21:58 | N | 192131] D:\Aug2009_d3dx10_42_x86.cab
[02/06/2010 - 05:21:58 | N | 136301] D:\Aug2009_d3dx11_42_x64.cab
[02/06/2010 - 05:21:58 | N | 105044] D:\Aug2009_d3dx11_42_x86.cab
[02/06/2010 - 05:21:58 | N | 930116] D:\Aug2009_d3dx9_42_x64.cab
[02/06/2010 - 05:21:58 | N | 728456] D:\Aug2009_d3dx9_42_x86.cab
[02/06/2010 - 05:22:00 | N | 122408] D:\Aug2009_XACT_x64.cab
[02/06/2010 - 05:22:00 | N | 93106] D:\Aug2009_XACT_x86.cab
[02/06/2010 - 05:22:00 | N | 273264] D:\Aug2009_XAudio_x64.cab
[02/06/2010 - 05:22:00 | N | 272642] D:\Aug2009_XAudio_x86.cab
[03/06/2012 - 19:42:22 | RAD ] D:\Autorun.inf
[02/06/2010 - 05:22:00 | N | 1357976] D:\Dec2005_d3dx9_28_x64.cab
[02/06/2010 - 05:22:00 | N | 1079456] D:\Dec2005_d3dx9_28_x86.cab
[02/06/2010 - 05:22:00 | N | 212807] D:\DEC2006_d3dx10_00_x64.cab
[02/06/2010 - 05:22:00 | N | 191720] D:\DEC2006_d3dx10_00_x86.cab
[02/06/2010 - 05:22:00 | N | 1571154] D:\DEC2006_d3dx9_32_x64.cab
[02/06/2010 - 05:22:02 | N | 1574376] D:\DEC2006_d3dx9_32_x86.cab
[02/06/2010 - 05:22:02 | N | 192475] D:\DEC2006_XACT_x64.cab
[02/06/2010 - 05:22:02 | N | 145599] D:\DEC2006_XACT_x86.cab
[10/08/2011 - 23:04:17 | D ] D:\drivers
[02/06/2010 - 05:22:02 | N | 89944] D:\DSETUP.dll
[02/06/2010 - 05:22:02 | N | 1801048] D:\dsetup32.dll
[02/06/2010 - 05:22:02 | N | 42410] D:\dxdllreg_x86.cab
[02/06/2010 - 05:22:02 | N | 537432] D:\DXSETUP.exe
[02/06/2010 - 05:22:02 | N | 94011] D:\dxupdate.cab
[02/06/2010 - 05:22:02 | N | 1247499] D:\Feb2005_d3dx9_24_x64.cab
[02/06/2010 - 05:22:02 | N | 1013225] D:\Feb2005_d3dx9_24_x86.cab
[02/06/2010 - 05:22:02 | N | 1362796] D:\Feb2006_d3dx9_29_x64.cab
[02/06/2010 - 05:22:04 | N | 1084720] D:\Feb2006_d3dx9_29_x86.cab
[02/06/2010 - 05:22:10 | N | 178359] D:\Feb2006_XACT_x64.cab
[02/06/2010 - 05:22:10 | N | 132409] D:\Feb2006_XACT_x86.cab
[02/06/2010 - 05:22:12 | N | 194675] D:\FEB2007_XACT_x64.cab
[02/06/2010 - 05:22:12 | N | 147983] D:\FEB2007_XACT_x86.cab
[02/06/2010 - 05:22:12 | N | 54678] D:\Feb2010_X3DAudio_x64.cab
[02/06/2010 - 05:22:12 | N | 20713] D:\Feb2010_X3DAudio_x86.cab
[02/06/2010 - 05:22:14 | N | 122446] D:\Feb2010_XACT_x64.cab
[02/06/2010 - 05:22:14 | N | 93180] D:\Feb2010_XACT_x86.cab
[02/06/2010 - 05:22:14 | N | 276960] D:\Feb2010_XAudio_x64.cab
[02/06/2010 - 05:22:14 | N | 277191] D:\Feb2010_XAudio_x86.cab
[02/06/2010 - 05:22:14 | N | 1336002] D:\Jun2005_d3dx9_26_x64.cab
[02/06/2010 - 05:22:16 | N | 1064925] D:\Jun2005_d3dx9_26_x86.cab
[02/06/2010 - 05:22:16 | N | 180785] D:\JUN2006_XACT_x64.cab
[02/06/2010 - 05:22:16 | N | 133671] D:\JUN2006_XACT_x86.cab
[02/06/2010 - 05:22:16 | N | 699044] D:\JUN2007_d3dx10_34_x64.cab
[02/06/2010 - 05:22:16 | N | 698472] D:\JUN2007_d3dx10_34_x86.cab
[02/06/2010 - 05:22:16 | N | 1607774] D:\JUN2007_d3dx9_34_x64.cab
[02/06/2010 - 05:22:16 | N | 1607286] D:\JUN2007_d3dx9_34_x86.cab
[02/06/2010 - 05:22:16 | N | 197122] D:\JUN2007_XACT_x64.cab
[02/06/2010 - 05:22:18 | N | 152909] D:\JUN2007_XACT_x86.cab
[02/06/2010 - 05:22:18 | N | 867828] D:\JUN2008_d3dx10_38_x64.cab
[02/06/2010 - 05:22:18 | N | 849919] D:\JUN2008_d3dx10_38_x86.cab
[02/06/2010 - 05:22:18 | N | 1792608] D:\JUN2008_d3dx9_38_x64.cab
[02/06/2010 - 05:22:18 | N | 1463878] D:\JUN2008_d3dx9_38_x86.cab
[02/06/2010 - 05:22:18 | N | 55154] D:\JUN2008_X3DAudio_x64.cab
[02/06/2010 - 05:22:18 | N | 21905] D:\JUN2008_X3DAudio_x86.cab
[02/06/2010 - 05:22:18 | N | 121054] D:\JUN2008_XACT_x64.cab
[02/06/2010 - 05:22:18 | N | 93128] D:\JUN2008_XACT_x86.cab
[02/06/2010 - 05:22:18 | N | 269628] D:\JUN2008_XAudio_x64.cab
[02/06/2010 - 05:22:20 | N | 269024] D:\JUN2008_XAudio_x86.cab
[02/06/2010 - 05:22:28 | N | 944460] D:\Jun2010_D3DCompiler_43_x64.cab
[02/06/2010 - 05:22:28 | N | 931471] D:\Jun2010_D3DCompiler_43_x86.cab
[02/06/2010 - 05:22:28 | N | 752783] D:\Jun2010_d3dcsx_43_x64.cab
[02/06/2010 - 05:22:30 | N | 762188] D:\Jun2010_d3dcsx_43_x86.cab
[02/06/2010 - 05:22:30 | N | 235955] D:\Jun2010_d3dx10_43_x64.cab
[02/06/2010 - 05:22:30 | N | 197283] D:\Jun2010_d3dx10_43_x86.cab
[02/06/2010 - 05:22:30 | N | 138205] D:\Jun2010_d3dx11_43_x64.cab
[02/06/2010 - 05:22:30 | N | 109445] D:\Jun2010_d3dx11_43_x86.cab
[02/06/2010 - 05:22:32 | N | 937246] D:\Jun2010_d3dx9_43_x64.cab
[02/06/2010 - 05:22:32 | N | 768036] D:\Jun2010_d3dx9_43_x86.cab
[02/06/2010 - 05:22:32 | N | 124596] D:\Jun2010_XACT_x64.cab
[02/06/2010 - 05:22:32 | N | 93686] D:\Jun2010_XACT_x86.cab
[02/06/2010 - 05:22:32 | N | 277338] D:\Jun2010_XAudio_x64.cab
[02/06/2010 - 05:22:32 | N | 278060] D:\Jun2010_XAudio_x86.cab
[02/06/2010 - 05:22:32 | N | 844884] D:\Mar2008_d3dx10_37_x64.cab
[02/06/2010 - 05:22:34 | N | 818260] D:\Mar2008_d3dx10_37_x86.cab
[02/06/2010 - 05:22:34 | N | 1769862] D:\Mar2008_d3dx9_37_x64.cab
[02/06/2010 - 05:22:34 | N | 1443282] D:\Mar2008_d3dx9_37_x86.cab
[02/06/2010 - 05:22:34 | N | 55058] D:\Mar2008_X3DAudio_x64.cab
[02/06/2010 - 05:22:34 | N | 21867] D:\Mar2008_X3DAudio_x86.cab
[02/06/2010 - 05:22:36 | N | 122336] D:\Mar2008_XACT_x64.cab
[02/06/2010 - 05:22:36 | N | 93734] D:\Mar2008_XACT_x86.cab
[02/06/2010 - 05:22:36 | N | 251194] D:\Mar2008_XAudio_x64.cab
[02/06/2010 - 05:22:36 | N | 226250] D:\Mar2008_XAudio_x86.cab
[02/06/2010 - 05:22:36 | N | 1067160] D:\Mar2009_d3dx10_41_x64.cab
[02/06/2010 - 05:22:36 | N | 1040745] D:\Mar2009_d3dx10_41_x86.cab
[02/06/2010 - 05:22:36 | N | 1973702] D:\Mar2009_d3dx9_41_x64.cab
[02/06/2010 - 05:22:36 | N | 1612446] D:\Mar2009_d3dx9_41_x86.cab
[02/06/2010 - 05:22:38 | N | 54600] D:\Mar2009_X3DAudio_x64.cab
[02/06/2010 - 05:22:38 | N | 21298] D:\Mar2009_X3DAudio_x86.cab
[02/06/2010 - 05:22:46 | N | 121506] D:\Mar2009_XACT_x64.cab
[02/06/2010 - 05:22:46 | N | 92740] D:\Mar2009_XACT_x86.cab
[02/06/2010 - 05:22:46 | N | 275044] D:\Mar2009_XAudio_x64.cab
[02/06/2010 - 05:22:48 | N | 273018] D:\Mar2009_XAudio_x86.cab
[03/07/2011 - 19:01:42 | N | 528] D:\MediaID.bin
[13/09/2011 - 23:41:34 | D ] D:\msdownld.tmp
[02/06/2010 - 05:22:48 | N | 864600] D:\Nov2007_d3dx10_36_x64.cab
[02/06/2010 - 05:22:48 | N | 803884] D:\Nov2007_d3dx10_36_x86.cab
[02/06/2010 - 05:22:48 | N | 1802058] D:\Nov2007_d3dx9_36_x64.cab
[02/06/2010 - 05:22:48 | N | 1709360] D:\Nov2007_d3dx9_36_x86.cab
[02/06/2010 - 05:22:50 | N | 46144] D:\NOV2007_X3DAudio_x64.cab
[02/06/2010 - 05:22:50 | N | 18496] D:\NOV2007_X3DAudio_x86.cab
[02/06/2010 - 05:22:50 | N | 196762] D:\NOV2007_XACT_x64.cab
[02/06/2010 - 05:22:50 | N | 148264] D:\NOV2007_XACT_x86.cab
[02/06/2010 - 05:22:50 | N | 994154] D:\Nov2008_d3dx10_40_x64.cab
[02/06/2010 - 05:22:52 | N | 965421] D:\Nov2008_d3dx10_40_x86.cab
[02/06/2010 - 05:22:52 | N | 1906878] D:\Nov2008_d3dx9_40_x64.cab
[02/06/2010 - 05:22:52 | N | 1550796] D:\Nov2008_d3dx9_40_x86.cab
[02/06/2010 - 05:22:52 | N | 54522] D:\Nov2008_X3DAudio_x64.cab
[02/06/2010 - 05:22:52 | N | 21851] D:\Nov2008_X3DAudio_x86.cab
[02/06/2010 - 05:22:52 | N | 121794] D:\Nov2008_XACT_x64.cab
[02/06/2010 - 05:22:52 | N | 92684] D:\Nov2008_XACT_x86.cab
[02/06/2010 - 05:22:54 | N | 273960] D:\Nov2008_XAudio_x64.cab
[02/06/2010 - 05:22:54 | N | 272611] D:\Nov2008_XAudio_x86.cab
[02/06/2010 - 05:22:54 | N | 86037] D:\Oct2005_xinput_x64.cab
[02/06/2010 - 05:22:54 | N | 45359] D:\Oct2005_xinput_x86.cab
[02/06/2010 - 05:22:54 | N | 1412902] D:\OCT2006_d3dx9_31_x64.cab
[02/06/2010 - 05:22:54 | N | 1127217] D:\OCT2006_d3dx9_31_x86.cab
[02/06/2010 - 05:22:54 | N | 182361] D:\OCT2006_XACT_x64.cab
[02/06/2010 - 05:22:54 | N | 138017] D:\OCT2006_XACT_x86.cab
[26/05/2012 - 15:37:44 | N | 478] D:\Packard Bell (C) - Raccourci.lnk
[01/10/2011 - 14:45:15 | SHD ] D:\System Volume Information
[16/08/2011 - 12:43:10 | N | 396] D:\version.ini
[01/01/1995 - 02:00:00 | R | 44] E:\Track01.cda
[01/01/1995 - 02:00:00 | R | 44] E:\Track02.cda
[01/01/1995 - 02:00:00 | R | 44] E:\Track03.cda
[01/01/1995 - 02:00:00 | R | 44] E:\Track04.cda
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_GAME.zip
http://eldesaparecido.com/upload.html
Thank you for your contribution.
################## | E.O.F |
Après combofix j'ai passé un scan et une suppression avec usbfix ( raport en bas )
Je viens de redémarrer en mode normal et là il fonctionne correctement ! ( clic droit revenu, thème aero revenu :) )
ComboFix 12-07-31.05 - Return 03/08/2012 11:21:49.2.2 - x86 NETWORK
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.1.1033.18.3071.2359 [GMT 2:00]
Running from: c:\users\Return\Desktop\oueshouesh.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Return\AppData\Roaming\5C72AA.exe
c:\users\Return\AppData\Roaming\egkepxcackaofrwsjvh.exe
c:\users\Return\AppData\Roaming\System.Data.SQLite.DLL
c:\users\Return\S4_full_2012051519.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-03 to 2012-08-03 )))))))))))))))))))))))))))))))
.
.
2012-08-03 09:26 . 2012-08-03 09:26 -------- d-----w- c:\users\Return\AppData\Local\temp
2012-08-03 07:17 . 2012-08-03 07:17 -------- d-----w- c:\users\Return\AppData\Roaming\raidcall
2012-08-02 18:24 . 2012-08-02 18:27 -------- d-----w- C:\ZHP
2012-08-02 18:24 . 2012-08-02 18:26 -------- d-----w- c:\program files\ZHPDiag
2012-08-02 14:20 . 2012-08-02 14:20 -------- d-----w- c:\users\Return\AppData\Roaming\ts3overlay
2012-07-31 07:30 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA14E8E7-BA05-495A-BC52-2460BB3D7975}\mpengine.dll
2012-07-25 17:57 . 2012-07-25 17:57 -------- d-----w- c:\program files\Microsoft WSE
2012-07-25 17:53 . 2012-08-01 16:18 -------- d-----w- c:\program files\Electronic Arts
2012-07-25 17:44 . 2012-07-25 17:44 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-25 17:40 . 2012-07-25 17:44 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-07-24 09:32 . 2012-08-03 09:01 -------- d-----w- C:\UsbFix
2012-07-22 12:59 . 2012-07-22 12:59 -------- d-----w- c:\programdata\RELOADED
2012-07-20 13:09 . 2012-07-25 17:40 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-07-11 01:02 . 2012-06-02 09:08 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-07-11 01:00 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 19:25 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-10 19:25 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 19:25 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-10 19:25 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 19:25 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 19:25 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 19:25 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 19:25 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-10 19:25 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-10 19:25 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-10 19:25 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 19:25 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-10 19:24 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2012-07-10 19:24 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-10 19:24 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-08 09:14 . 2012-08-03 07:17 -------- d-----w- c:\program files\RaidCall
2012-07-04 18:14 . 2012-07-04 18:14 -------- d-----w- c:\program files\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 06:28 . 2012-04-09 20:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 06:28 . 2011-08-22 13:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-29 12:01 . 2011-08-24 15:32 2755072 ----a-w- c:\windows\system32\themeui.dll
2012-07-29 12:01 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2012-07-29 12:01 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2012-07-03 11:46 . 2012-05-05 07:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 18:06 . 2012-06-24 18:06 232616 ----a-w- c:\windows\system32\npPMangFX.dll
2012-06-03 17:42 . 2012-06-03 17:42 295011 ----a-w- C:\UsbFix_Upload_Me_GAME.zip
2012-06-02 22:19 . 2012-06-21 11:20 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:20 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:20 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:20 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 11:20 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 11:20 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 11:20 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 11:20 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 11:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2011-08-22 11:52 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-27 13:48 . 2012-05-27 13:48 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-05-16 11:22 . 2012-05-16 11:22 417448 ----a-w- c:\windows\system32\PMangAX0.dll
2012-05-16 11:21 . 2012-05-16 11:21 417448 ----a-w- c:\windows\system32\PMangAX.dll
2012-07-18 16:22 . 2012-07-16 22:54 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26104104]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"Akamai NetSession Interface"="c:\users\Return\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"RaidCall"="c:\program files\RaidCall\raidcall.exe" [2012-07-19 3076096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^xwidget.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\xwidget.lnk
backup=c:\windows\pss\xwidget.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Return^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^jSAjBQj.exe.lnk]
path=c:\users\Return\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jSAjBQj.exe.lnk
backup=c:\windows\pss\jSAjBQj.exe.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Return^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Return\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2011-09-23 15:26 2648384 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-11 21:53 138096 ----atw- c:\users\Return\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2010-08-09 12:47 248832 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-06-27 10:29 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-07-03 11:46 973488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-08-10 17:44 4217720 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - avipbb
*Deregistered* - ssmdrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 06:28]
.
2012-08-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656635725-449782252-1615114488-1000Core.job
- c:\users\Return\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-13 21:53]
.
2012-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2656635725-449782252-1615114488-1000UA.job
- c:\users\Return\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-13 21:53]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-22 13:55]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-22 13:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
DPF: {07FF5CE9-6569-4905-8D88-F6AA23481430} - hxxps://secure1.playfps.com/play/s4l/ax/S4WebLauncher.cab
DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} - hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab
FF - ProfilePath - c:\users\Return\AppData\Roaming\Mozilla\Firefox\Profiles\2pw33n8z.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-90935353.sys
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
MSConfigStartUp-egkepxcackaofrwsjvh - c:\users\Return\AppData\Roaming\egkepxcackaofrwsjvh.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\XDva399]
"ImagePath"="\??\c:\users\Return\AppData\Local\Temp\Din475B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2656635725-449782252-1615114488-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2656635725-449782252-1615114488-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-03 11:28:15
ComboFix-quarantined-files.txt 2012-08-03 09:28
.
Pre-Run: 122 144 006 144 octets libres
Post-Run: 122 226 741 248 octets libres
.
- - End Of File - - 20FB11B4348692F5912DBAD08E8876CA
UsbFix
############################## | UsbFix V 7.084 | [Deletion]
User: Return (Administrator) # GAME
Updated 13/03/2012 by El Desaparecido
Started at 11:30:42 | 03/08/2012
Website: https://www.sosvirus.net/
Suspicious file ? : http://eldesaparecido.com/upload.html
Contact: contact@eldesaparecido.com
PC: Packard Bell (imedia S3210) (X86-based PC) # Desktop Computer
CPU: AMD Athlon(tm) II X2 215 Processor (2700)
RAM -> [ Total : 3071 | Free : 2247 ]
BIOS: )Phoenix - Award WorkstationBIOS v6.00PG
BOOT: Normal boot
OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [ Enabled ]
WU: Windows Update Service [ Enabled ]
AV: Avira Desktop [ Enabled | Updated ]
FW: Windows FireWall Service [ Enabled ]
C:\ (%systemdrive%) -> Fixed drive # 226 Gb (114 Mb free - 50%) [Packard Bell] # NTFS
D:\ -> Fixed drive # 227 Gb (220 Mb free - 97%) [DATA] # NTFS
E:\ -> CD-ROM
################## | Active Processes |
C:\Windows\system32\csrss.exe (352)
C:\Windows\system32\wininit.exe (408)
C:\Windows\system32\csrss.exe (420)
C:\Windows\system32\services.exe (456)
C:\Windows\system32\lsass.exe (472)
C:\Windows\system32\lsm.exe (480)
C:\Windows\system32\winlogon.exe (512)
C:\Windows\system32\svchost.exe (644)
C:\Windows\system32\svchost.exe (704)
C:\Windows\System32\svchost.exe (772)
C:\Windows\system32\svchost.exe (852)
C:\Windows\system32\svchost.exe (908)
C:\Windows\system32\svchost.exe (948)
C:\Windows\system32\svchost.exe (996)
C:\Windows\system32\svchost.exe (1116)
C:\Windows\System32\svchost.exe (1260)
C:\Windows\system32\svchost.exe (1572)
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (1820)
C:\Program Files\Logitech\Vid HD\Vid.exe (1932)
C:\Windows\explorer.exe (3628)
C:\Windows\system32\wbem\wmiprvse.exe (1040)
C:\UsbFix\Go.exe (3848)
################## | Stopped processes |
Stopped! C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (1820)
Stopped! C:\Program Files\Logitech\Vid HD\Vid.exe (1932)
################## | Files # Infected Folders |
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-2656635725-449782252-1615114488-1000
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-2656635725-449782252-1615114488-1000
(!) Temporary files deleted.
################## | Registry |
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
################## | Mountpoints2 |
################## | Listing |
[03/08/2012 - 11:31:13 | SHD ] C:\$RECYCLE.BIN
[24/06/2012 - 19:51:25 | N | 3362] C:\Ad-Report-CLEAN[1].txt
[24/07/2012 - 11:31:43 | N | 3499] C:\Ad-Report-CLEAN[2].txt
[03/06/2012 - 19:43:56 | N | 2881] C:\Ad-Report-SCAN[1].txt
[24/06/2012 - 19:49:51 | N | 3331] C:\Ad-Report-SCAN[2].txt
[24/07/2012 - 11:30:34 | N | 3648] C:\Ad-Report-SCAN[3].txt
[09/04/2012 - 22:25:26 | N | 1076] C:\AdwCleaner[R1].txt
[15/07/2012 - 12:00:27 | N | 1750] C:\AdwCleaner[R2].txt
[01/08/2012 - 14:32:11 | N | 1454] C:\AdwCleaner[R3].txt
[09/04/2012 - 22:25:51 | N | 1144] C:\AdwCleaner[S1].txt
[15/07/2012 - 12:00:43 | N | 264] C:\AdwCleaner[S2].txt
[15/07/2012 - 12:01:02 | N | 1883] C:\AdwCleaner[S3].txt
[01/08/2012 - 14:32:38 | N | 1516] C:\AdwCleaner[S4].txt
[10/06/2009 - 23:42:20 | N | 24] C:\autoexec.bat
[03/06/2012 - 19:42:22 | RAD ] C:\Autorun.inf
[28/10/2009 - 19:18:59 | N | 8192] C:\BOOTSECT.BAK
[03/08/2012 - 11:28:16 | N | 14692] C:\ComboFix.txt
[02/08/2012 - 22:15:10 | D ] C:\Config.Msi
[10/06/2009 - 23:42:20 | N | 10] C:\config.sys
[17/01/2012 - 08:24:38 | D ] C:\dell
[14/07/2009 - 06:53:55 | SHD ] C:\Documents and Settings
[27/06/2012 - 15:07:00 | D ] C:\Download
[04/08/2011 - 00:18:21 | D ] C:\found.000
[24/04/2012 - 11:51:12 | D ] C:\Fraps
[03/08/2012 - 11:10:04 | ASH | 2414776320] C:\hiberfil.sys
[01/08/2012 - 14:38:37 | N | 157016] C:\install.data
[26/07/2012 - 17:25:33 | N | 157016] C:\install.png
[05/08/2011 - 12:04:00 | N | 0] C:\IO.SYS
[05/08/2011 - 12:04:00 | N | 0] C:\MSDOS.SYS
[28/10/2009 - 18:51:53 | RD ] C:\MSOCache
[26/06/2012 - 14:44:03 | D ] C:\MyHosts
[31/07/2012 - 16:00:36 | N | 230] C:\MyHosts.txt
[21/07/2011 - 12:29:00 | D ] C:\Neowiz
[18/08/2011 - 11:20:18 | D ] C:\NVIDIA
[11/06/2011 - 11:27:36 | D ] C:\OEM
[03/08/2012 - 11:29:45 | D ] C:\oueshouesh
[03/08/2012 - 11:10:09 | ASH | 3219705856] C:\pagefile.sys
[14/07/2009 - 04:37:05 | D ] C:\PerfLogs
[03/08/2012 - 09:54:19 | D ] C:\Pre_Scan
[03/08/2012 - 09:54:19 | N | 494382] C:\Pre_Scan.txt
[02/08/2012 - 22:15:03 | D ] C:\Program Files
[13/07/2011 - 21:03:18 | D ] C:\Program Files (x86)
[03/08/2012 - 11:19:14 | D ] C:\ProgramData
[03/08/2012 - 11:28:18 | D ] C:\Qoobox
[22/08/2011 - 13:36:17 | D ] C:\Recovery
[28/10/2009 - 18:37:37 | N | 2035] C:\RHDSetup.log
[24/06/2012 - 20:06:04 | N | 44] C:\selog.txt
[01/10/2011 - 14:32:42 | D ] C:\SMCLpav
[29/07/2012 - 15:25:41 | SHD ] C:\System Volume Information
[01/08/2012 - 14:31:59 | N | 128870] C:\TDSSKiller.2.7.45.0_01.08.2012_14.31.23_log.txt
[03/08/2012 - 10:56:27 | N | 348] C:\TDSSKiller.2.7.45.0_03.08.2012_10.56.23_log.txt
[15/07/2012 - 11:59:59 | N | 129050] C:\TDSSKiller.2.7.45.0_15.07.2012_11.59.28_log.txt
[03/08/2012 - 10:57:54 | N | 127066] C:\TDSSKiller.2.7.48.0_03.08.2012_10.57.24_log.txt
[01/08/2012 - 14:31:54 | D ] C:\TDSSKiller_Quarantine
[15/06/2011 - 22:15:06 | D ] C:\tempocapt
[25/06/2012 - 12:18:46 | N | 0] C:\testDefBrow.html
[01/08/2012 - 14:38:37 | N | 2636] C:\uninstal.data
[03/08/2012 - 11:31:13 | D ] C:\UsbFix
[03/08/2012 - 11:30:47 | A | 2137] C:\UsbFix.txt
[03/06/2012 - 19:42:22 | N | 295011] C:\UsbFix_Upload_Me_GAME.zip
[13/04/2012 - 22:31:26 | D ] C:\Users
[03/08/2012 - 11:26:55 | D ] C:\Windows
[28/03/2012 - 09:14:03 | N | 11333] C:\XTrapd11.vxd
[02/08/2012 - 20:27:45 | D ] C:\ZHP
[29/02/2012 - 18:04:21 | N | 130136] C:\ZHPDiag.Txt
[03/08/2012 - 11:31:13 | D ] D:\$RECYCLE.BIN
[19/08/2011 - 17:55:38 | D ] D:\Adobe Photoshop CS5.1
[07/07/2011 - 22:35:33 | D ] D:\Adobe Photoshop Elements 9
[02/06/2010 - 05:21:16 | N | 1347354] D:\Apr2005_d3dx9_25_x64.cab
[02/06/2010 - 05:21:16 | N | 1078962] D:\Apr2005_d3dx9_25_x86.cab
[02/06/2010 - 05:21:16 | N | 1397830] D:\Apr2006_d3dx9_30_x64.cab
[02/06/2010 - 05:21:16 | N | 1115221] D:\Apr2006_d3dx9_30_x86.cab
[02/06/2010 - 05:21:18 | N | 916430] D:\Apr2006_MDX1_x86.cab
[02/06/2010 - 05:21:18 | N | 4162630] D:\Apr2006_MDX1_x86_Archive.cab
[02/06/2010 - 05:21:18 | N | 179133] D:\Apr2006_XACT_x64.cab
[02/06/2010 - 05:21:18 | N | 133103] D:\Apr2006_XACT_x86.cab
[02/06/2010 - 05:21:20 | N | 87101] D:\Apr2006_xinput_x64.cab
[02/06/2010 - 05:21:34 | N | 46010] D:\Apr2006_xinput_x86.cab
[02/06/2010 - 05:21:36 | N | 698612] D:\APR2007_d3dx10_33_x64.cab
[02/06/2010 - 05:21:36 | N | 695865] D:\APR2007_d3dx10_33_x86.cab
[02/06/2010 - 05:21:36 | N | 1607358] D:\APR2007_d3dx9_33_x64.cab
[02/06/2010 - 05:21:38 | N | 1606039] D:\APR2007_d3dx9_33_x86.cab
[02/06/2010 - 05:21:38 | N | 195766] D:\APR2007_XACT_x64.cab
[02/06/2010 - 05:21:38 | N | 151225] D:\APR2007_XACT_x86.cab
[02/06/2010 - 05:21:38 | N | 96817] D:\APR2007_xinput_x64.cab
[02/06/2010 - 05:21:40 | N | 53302] D:\APR2007_xinput_x86.cab
[03/07/2011 - 19:02:04 | D ] D:\ASIMASIM-PC
[02/06/2010 - 05:21:40 | N | 1350542] D:\Aug2005_d3dx9_27_x64.cab
[02/06/2010 - 05:21:40 | N | 1077644] D:\Aug2005_d3dx9_27_x86.cab
[02/06/2010 - 05:21:40 | N | 182903] D:\AUG2006_XACT_x64.cab
[02/06/2010 - 05:21:40 | N | 137235] D:\AUG2006_XACT_x86.cab
[02/06/2010 - 05:21:40 | N | 87142] D:\AUG2006_xinput_x64.cab
[02/06/2010 - 05:21:40 | N | 46058] D:\AUG2006_xinput_x86.cab
[02/06/2010 - 05:21:42 | N | 852286] D:\AUG2007_d3dx10_35_x64.cab
[02/06/2010 - 05:21:42 | N | 796867] D:\AUG2007_d3dx10_35_x86.cab
[02/06/2010 - 05:21:42 | N | 1800160] D:\AUG2007_d3dx9_35_x64.cab
[02/06/2010 - 05:21:42 | N | 1708152] D:\AUG2007_d3dx9_35_x86.cab
[02/06/2010 - 05:21:44 | N | 198096] D:\AUG2007_XACT_x64.cab
[02/06/2010 - 05:21:44 | N | 153012] D:\AUG2007_XACT_x86.cab
[02/06/2010 - 05:21:42 | N | 867612] D:\Aug2008_d3dx10_39_x64.cab
[02/06/2010 - 05:21:44 | N | 849167] D:\Aug2008_d3dx10_39_x86.cab
[02/06/2010 - 05:21:44 | N | 1794084] D:\Aug2008_d3dx9_39_x64.cab
[02/06/2010 - 05:21:44 | N | 1464672] D:\Aug2008_d3dx9_39_x86.cab
[02/06/2010 - 05:21:44 | N | 121772] D:\Aug2008_XACT_x64.cab
[02/06/2010 - 05:21:44 | N | 92996] D:\Aug2008_XACT_x86.cab
[02/06/2010 - 05:21:46 | N | 271412] D:\Aug2008_XAudio_x64.cab
[02/06/2010 - 05:21:46 | N | 271038] D:\Aug2008_XAudio_x86.cab
[02/06/2010 - 05:21:46 | N | 919044] D:\Aug2009_D3DCompiler_42_x64.cab
[02/06/2010 - 05:21:56 | N | 900598] D:\Aug2009_D3DCompiler_42_x86.cab
[02/06/2010 - 05:21:56 | N | 3112111] D:\Aug2009_d3dcsx_42_x64.cab
[02/06/2010 - 05:21:56 | N | 3319740] D:\Aug2009_d3dcsx_42_x86.cab
[02/06/2010 - 05:21:58 | N | 232635] D:\Aug2009_d3dx10_42_x64.cab
[02/06/2010 - 05:21:58 | N | 192131] D:\Aug2009_d3dx10_42_x86.cab
[02/06/2010 - 05:21:58 | N | 136301] D:\Aug2009_d3dx11_42_x64.cab
[02/06/2010 - 05:21:58 | N | 105044] D:\Aug2009_d3dx11_42_x86.cab
[02/06/2010 - 05:21:58 | N | 930116] D:\Aug2009_d3dx9_42_x64.cab
[02/06/2010 - 05:21:58 | N | 728456] D:\Aug2009_d3dx9_42_x86.cab
[02/06/2010 - 05:22:00 | N | 122408] D:\Aug2009_XACT_x64.cab
[02/06/2010 - 05:22:00 | N | 93106] D:\Aug2009_XACT_x86.cab
[02/06/2010 - 05:22:00 | N | 273264] D:\Aug2009_XAudio_x64.cab
[02/06/2010 - 05:22:00 | N | 272642] D:\Aug2009_XAudio_x86.cab
[03/06/2012 - 19:42:22 | RAD ] D:\Autorun.inf
[02/06/2010 - 05:22:00 | N | 1357976] D:\Dec2005_d3dx9_28_x64.cab
[02/06/2010 - 05:22:00 | N | 1079456] D:\Dec2005_d3dx9_28_x86.cab
[02/06/2010 - 05:22:00 | N | 212807] D:\DEC2006_d3dx10_00_x64.cab
[02/06/2010 - 05:22:00 | N | 191720] D:\DEC2006_d3dx10_00_x86.cab
[02/06/2010 - 05:22:00 | N | 1571154] D:\DEC2006_d3dx9_32_x64.cab
[02/06/2010 - 05:22:02 | N | 1574376] D:\DEC2006_d3dx9_32_x86.cab
[02/06/2010 - 05:22:02 | N | 192475] D:\DEC2006_XACT_x64.cab
[02/06/2010 - 05:22:02 | N | 145599] D:\DEC2006_XACT_x86.cab
[10/08/2011 - 23:04:17 | D ] D:\drivers
[02/06/2010 - 05:22:02 | N | 89944] D:\DSETUP.dll
[02/06/2010 - 05:22:02 | N | 1801048] D:\dsetup32.dll
[02/06/2010 - 05:22:02 | N | 42410] D:\dxdllreg_x86.cab
[02/06/2010 - 05:22:02 | N | 537432] D:\DXSETUP.exe
[02/06/2010 - 05:22:02 | N | 94011] D:\dxupdate.cab
[02/06/2010 - 05:22:02 | N | 1247499] D:\Feb2005_d3dx9_24_x64.cab
[02/06/2010 - 05:22:02 | N | 1013225] D:\Feb2005_d3dx9_24_x86.cab
[02/06/2010 - 05:22:02 | N | 1362796] D:\Feb2006_d3dx9_29_x64.cab
[02/06/2010 - 05:22:04 | N | 1084720] D:\Feb2006_d3dx9_29_x86.cab
[02/06/2010 - 05:22:10 | N | 178359] D:\Feb2006_XACT_x64.cab
[02/06/2010 - 05:22:10 | N | 132409] D:\Feb2006_XACT_x86.cab
[02/06/2010 - 05:22:12 | N | 194675] D:\FEB2007_XACT_x64.cab
[02/06/2010 - 05:22:12 | N | 147983] D:\FEB2007_XACT_x86.cab
[02/06/2010 - 05:22:12 | N | 54678] D:\Feb2010_X3DAudio_x64.cab
[02/06/2010 - 05:22:12 | N | 20713] D:\Feb2010_X3DAudio_x86.cab
[02/06/2010 - 05:22:14 | N | 122446] D:\Feb2010_XACT_x64.cab
[02/06/2010 - 05:22:14 | N | 93180] D:\Feb2010_XACT_x86.cab
[02/06/2010 - 05:22:14 | N | 276960] D:\Feb2010_XAudio_x64.cab
[02/06/2010 - 05:22:14 | N | 277191] D:\Feb2010_XAudio_x86.cab
[02/06/2010 - 05:22:14 | N | 1336002] D:\Jun2005_d3dx9_26_x64.cab
[02/06/2010 - 05:22:16 | N | 1064925] D:\Jun2005_d3dx9_26_x86.cab
[02/06/2010 - 05:22:16 | N | 180785] D:\JUN2006_XACT_x64.cab
[02/06/2010 - 05:22:16 | N | 133671] D:\JUN2006_XACT_x86.cab
[02/06/2010 - 05:22:16 | N | 699044] D:\JUN2007_d3dx10_34_x64.cab
[02/06/2010 - 05:22:16 | N | 698472] D:\JUN2007_d3dx10_34_x86.cab
[02/06/2010 - 05:22:16 | N | 1607774] D:\JUN2007_d3dx9_34_x64.cab
[02/06/2010 - 05:22:16 | N | 1607286] D:\JUN2007_d3dx9_34_x86.cab
[02/06/2010 - 05:22:16 | N | 197122] D:\JUN2007_XACT_x64.cab
[02/06/2010 - 05:22:18 | N | 152909] D:\JUN2007_XACT_x86.cab
[02/06/2010 - 05:22:18 | N | 867828] D:\JUN2008_d3dx10_38_x64.cab
[02/06/2010 - 05:22:18 | N | 849919] D:\JUN2008_d3dx10_38_x86.cab
[02/06/2010 - 05:22:18 | N | 1792608] D:\JUN2008_d3dx9_38_x64.cab
[02/06/2010 - 05:22:18 | N | 1463878] D:\JUN2008_d3dx9_38_x86.cab
[02/06/2010 - 05:22:18 | N | 55154] D:\JUN2008_X3DAudio_x64.cab
[02/06/2010 - 05:22:18 | N | 21905] D:\JUN2008_X3DAudio_x86.cab
[02/06/2010 - 05:22:18 | N | 121054] D:\JUN2008_XACT_x64.cab
[02/06/2010 - 05:22:18 | N | 93128] D:\JUN2008_XACT_x86.cab
[02/06/2010 - 05:22:18 | N | 269628] D:\JUN2008_XAudio_x64.cab
[02/06/2010 - 05:22:20 | N | 269024] D:\JUN2008_XAudio_x86.cab
[02/06/2010 - 05:22:28 | N | 944460] D:\Jun2010_D3DCompiler_43_x64.cab
[02/06/2010 - 05:22:28 | N | 931471] D:\Jun2010_D3DCompiler_43_x86.cab
[02/06/2010 - 05:22:28 | N | 752783] D:\Jun2010_d3dcsx_43_x64.cab
[02/06/2010 - 05:22:30 | N | 762188] D:\Jun2010_d3dcsx_43_x86.cab
[02/06/2010 - 05:22:30 | N | 235955] D:\Jun2010_d3dx10_43_x64.cab
[02/06/2010 - 05:22:30 | N | 197283] D:\Jun2010_d3dx10_43_x86.cab
[02/06/2010 - 05:22:30 | N | 138205] D:\Jun2010_d3dx11_43_x64.cab
[02/06/2010 - 05:22:30 | N | 109445] D:\Jun2010_d3dx11_43_x86.cab
[02/06/2010 - 05:22:32 | N | 937246] D:\Jun2010_d3dx9_43_x64.cab
[02/06/2010 - 05:22:32 | N | 768036] D:\Jun2010_d3dx9_43_x86.cab
[02/06/2010 - 05:22:32 | N | 124596] D:\Jun2010_XACT_x64.cab
[02/06/2010 - 05:22:32 | N | 93686] D:\Jun2010_XACT_x86.cab
[02/06/2010 - 05:22:32 | N | 277338] D:\Jun2010_XAudio_x64.cab
[02/06/2010 - 05:22:32 | N | 278060] D:\Jun2010_XAudio_x86.cab
[02/06/2010 - 05:22:32 | N | 844884] D:\Mar2008_d3dx10_37_x64.cab
[02/06/2010 - 05:22:34 | N | 818260] D:\Mar2008_d3dx10_37_x86.cab
[02/06/2010 - 05:22:34 | N | 1769862] D:\Mar2008_d3dx9_37_x64.cab
[02/06/2010 - 05:22:34 | N | 1443282] D:\Mar2008_d3dx9_37_x86.cab
[02/06/2010 - 05:22:34 | N | 55058] D:\Mar2008_X3DAudio_x64.cab
[02/06/2010 - 05:22:34 | N | 21867] D:\Mar2008_X3DAudio_x86.cab
[02/06/2010 - 05:22:36 | N | 122336] D:\Mar2008_XACT_x64.cab
[02/06/2010 - 05:22:36 | N | 93734] D:\Mar2008_XACT_x86.cab
[02/06/2010 - 05:22:36 | N | 251194] D:\Mar2008_XAudio_x64.cab
[02/06/2010 - 05:22:36 | N | 226250] D:\Mar2008_XAudio_x86.cab
[02/06/2010 - 05:22:36 | N | 1067160] D:\Mar2009_d3dx10_41_x64.cab
[02/06/2010 - 05:22:36 | N | 1040745] D:\Mar2009_d3dx10_41_x86.cab
[02/06/2010 - 05:22:36 | N | 1973702] D:\Mar2009_d3dx9_41_x64.cab
[02/06/2010 - 05:22:36 | N | 1612446] D:\Mar2009_d3dx9_41_x86.cab
[02/06/2010 - 05:22:38 | N | 54600] D:\Mar2009_X3DAudio_x64.cab
[02/06/2010 - 05:22:38 | N | 21298] D:\Mar2009_X3DAudio_x86.cab
[02/06/2010 - 05:22:46 | N | 121506] D:\Mar2009_XACT_x64.cab
[02/06/2010 - 05:22:46 | N | 92740] D:\Mar2009_XACT_x86.cab
[02/06/2010 - 05:22:46 | N | 275044] D:\Mar2009_XAudio_x64.cab
[02/06/2010 - 05:22:48 | N | 273018] D:\Mar2009_XAudio_x86.cab
[03/07/2011 - 19:01:42 | N | 528] D:\MediaID.bin
[13/09/2011 - 23:41:34 | D ] D:\msdownld.tmp
[02/06/2010 - 05:22:48 | N | 864600] D:\Nov2007_d3dx10_36_x64.cab
[02/06/2010 - 05:22:48 | N | 803884] D:\Nov2007_d3dx10_36_x86.cab
[02/06/2010 - 05:22:48 | N | 1802058] D:\Nov2007_d3dx9_36_x64.cab
[02/06/2010 - 05:22:48 | N | 1709360] D:\Nov2007_d3dx9_36_x86.cab
[02/06/2010 - 05:22:50 | N | 46144] D:\NOV2007_X3DAudio_x64.cab
[02/06/2010 - 05:22:50 | N | 18496] D:\NOV2007_X3DAudio_x86.cab
[02/06/2010 - 05:22:50 | N | 196762] D:\NOV2007_XACT_x64.cab
[02/06/2010 - 05:22:50 | N | 148264] D:\NOV2007_XACT_x86.cab
[02/06/2010 - 05:22:50 | N | 994154] D:\Nov2008_d3dx10_40_x64.cab
[02/06/2010 - 05:22:52 | N | 965421] D:\Nov2008_d3dx10_40_x86.cab
[02/06/2010 - 05:22:52 | N | 1906878] D:\Nov2008_d3dx9_40_x64.cab
[02/06/2010 - 05:22:52 | N | 1550796] D:\Nov2008_d3dx9_40_x86.cab
[02/06/2010 - 05:22:52 | N | 54522] D:\Nov2008_X3DAudio_x64.cab
[02/06/2010 - 05:22:52 | N | 21851] D:\Nov2008_X3DAudio_x86.cab
[02/06/2010 - 05:22:52 | N | 121794] D:\Nov2008_XACT_x64.cab
[02/06/2010 - 05:22:52 | N | 92684] D:\Nov2008_XACT_x86.cab
[02/06/2010 - 05:22:54 | N | 273960] D:\Nov2008_XAudio_x64.cab
[02/06/2010 - 05:22:54 | N | 272611] D:\Nov2008_XAudio_x86.cab
[02/06/2010 - 05:22:54 | N | 86037] D:\Oct2005_xinput_x64.cab
[02/06/2010 - 05:22:54 | N | 45359] D:\Oct2005_xinput_x86.cab
[02/06/2010 - 05:22:54 | N | 1412902] D:\OCT2006_d3dx9_31_x64.cab
[02/06/2010 - 05:22:54 | N | 1127217] D:\OCT2006_d3dx9_31_x86.cab
[02/06/2010 - 05:22:54 | N | 182361] D:\OCT2006_XACT_x64.cab
[02/06/2010 - 05:22:54 | N | 138017] D:\OCT2006_XACT_x86.cab
[26/05/2012 - 15:37:44 | N | 478] D:\Packard Bell (C) - Raccourci.lnk
[01/10/2011 - 14:45:15 | SHD ] D:\System Volume Information
[16/08/2011 - 12:43:10 | N | 396] D:\version.ini
[01/01/1995 - 02:00:00 | R | 44] E:\Track01.cda
[01/01/1995 - 02:00:00 | R | 44] E:\Track02.cda
[01/01/1995 - 02:00:00 | R | 44] E:\Track03.cda
[01/01/1995 - 02:00:00 | R | 44] E:\Track04.cda
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_GAME.zip
http://eldesaparecido.com/upload.html
Thank you for your contribution.
################## | E.O.F |
Une petite question : Je peux parler avec mon casque mais je n'entends pas les sons ni les sons des vidéos dans le casque alors qu'hier j'entendais bien ( j'entends juste des petits bruits et quand je teste le son dans le volume j'entends le son dans le casque. Je ne sais pas si ça a un rapport avec un virus.
