cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþOTL logfile created on: 04/04/2016 17:19:14 - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Program Files\PortableApps\OTLPEPortable\App
Windows 7 Starter (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 79,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = X: | %SystemRoot% = X:\windows | %ProgramFiles% = X:\Program Files
Drive C: | 500,00 Mb Total Space | 158,37 Mb Free Space | 31,67% Space Free | Partition Type: NTFS
Drive D: | 146,49 Gb Total Space | 47,97 Gb Free Space | 32,75% Space Free | Partition Type: NTFS
Drive E: | 465,63 Gb Total Space | 348,01 Gb Free Space | 74,74% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 24,12 Gb Free Space | 49,41% Space Free | Partition Type: NTFS
Drive G: | 192,32 Gb Total Space | 48,78 Gb Free Space | 25,36% Space Free | Partition Type: NTFS
Drive H: | 118,75 Gb Total Space | 50,20 Gb Free Space | 42,27% Space Free | Partition Type: NTFS
Drive I: | 375,03 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive X: | 254,90 Mb Total Space | 252,47 Mb Free Space | 99,05% Space Free | Partition Type: NTFS

Computer Name: MININT-FV6G7LT | User Name: Système
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand] -- -- (WPDBusEnum)
SRV - File not found [On_Demand] -- -- (NetTcpPortSharing)
SRV - File not found [On_Demand] -- -- (AeLookupSvc)
SRV - [2009/07/14 02:16:13 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- X:\Windows\System32\sacsvr.dll -- (sacsvr)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Adapter | On_Demand] -- -- (Winsock)
DRV - [2015/05/17 12:24:27 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- X:\windows\system32\DRIVERS\nusb3xhc.sys -- (nusb3xhc)
DRV - [2015/05/17 12:24:27 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- X:\windows\system32\DRIVERS\nusb3hub.sys -- (nusb3hub)
DRV - [2015/05/17 12:24:25 | 000,014,671 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- X:\windows\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2015/05/17 12:24:25 | 000,005,810 | ---- | M] () [Kernel | On_Demand] -- X:\windows\system32\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 03:38:07 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- X:\windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:38:07 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- X:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:38:07 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- X:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 03:38:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- X:\windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 02:19:03 | 000,080,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- X:\Windows\System32\drivers\sacdrv.sys -- (sacdrv)
DRV - [2009/07/14 00:46:05 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- X:\Windows\System32\drivers\ramdisk.sys -- (Ramdisk)
DRV - [2009/07/14 00:18:10 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- X:\Windows\System32\drivers\fbwf.sys -- (FBWF)
DRV - [2009/07/14 00:17:59 | 000,053,248 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- X:\windows\System32\drivers\wimfsf.sys -- (WimFsf)
DRV - [2009/05/13 02:51:55 | 000,019,968 | ---- | M] (Olof Lagerkvist) [Kernel | Boot] -- X:\Windows\System32\drivers\imdisk.sys -- (ImDisk)
DRV - [2009/02/08 23:16:13 | 000,009,216 | ---- | M] (Olof Lagerkvist) [Kernel | Boot] -- X:\Windows\System32\drivers\awealloc.sys -- (AWEAlloc)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/iat/us_nl.aspx
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE 62 49 DF 7B E8 CA 01 [binary data]



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: X:\Windows\System32\Macromed\Flash\NPSWF32.dll ()



O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - X:\Windows\System32\drivers\etc\hosts
O4 - HKU\.DEFAULT..\Run: [HotSwap! Applet] X:\windows\System32\HotSwap!.EXE (Kazuyuki Nakayama)
O4 - HKLM..\RunOnce: [ASYNCMAC] File not found
O4 - HKLM..\RunOnce: [wmssetup] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableMIC = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIPI = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.31.79.142 172.31.79.144 157.54.104.75 157.54.14.146 157.54.14.162 157.54.80.10
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - File not found
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - X:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - X:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - File not found
O32 - HKLM CDRom: AutoRun - 1
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2016/04/04 17:14:07 | 000,000,000 | R--D | C] -- X:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2016/04/04 17:14:07 | 000,000,000 | R--D | C] -- X:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2016/04/04 17:14:07 | 000,000,000 | ---D | C] -- X:\Users\Default\AppData\LocalLow
[2016/04/04 17:14:06 | 000,000,000 | -HSD | C] -- X:\$RECYCLE.BIN
[2016/04/04 17:13:24 | 000,000,000 | ---D | C] -- X:\windows\debug
[2016/04/04 17:13:18 | 000,000,000 | --SD | C] -- X:\windows\System32\Microsoft
[2016/04/04 17:13:18 | 000,000,000 | ---D | C] -- X:\windows\System32\Tasks
[2015/05/17 12:23:13 | 000,523,264 | ---- | C] (PortableApps.com) -- X:\Program Files\Start.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2016/04/04 17:19:23 | 000,231,984 | ---- | M] () -- X:\windows\System32\FNTCACHE.DAT
[2016/04/04 17:13:25 | 000,900,054 | ---- | M] () -- X:\windows\wallpaper.bmp

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2016/04/04 17:13:25 | 000,900,054 | ---- | C] () -- X:\windows\wallpaper.bmp
[2016/04/04 17:13:17 | 000,231,984 | ---- | C] () -- X:\windows\System32\FNTCACHE.DAT
[2015/05/17 12:23:57 | 000,000,000 | ---- | C] () -- X:\windows\System32\drivers\rasirda.sys
[2015/05/17 12:23:54 | 000,461,897 | ---- | C] () -- X:\windows\System32\ppAppsGenPE.exe
[2015/05/17 12:23:54 | 000,332,800 | ---- | C] () -- X:\windows\System32\wget.exe
[2015/05/17 12:23:54 | 000,301,089 | ---- | C] () -- X:\windows\System32\UX.exe
[2015/05/17 12:23:54 | 000,272,955 | ---- | C] () -- X:\windows\System32\SetSpeaker.exe
[2015/05/17 12:23:54 | 000,222,720 | ---- | C] () -- X:\windows\System32\PECMD.EXE
[2015/05/17 12:23:54 | 000,199,024 | ---- | C] () -- X:\windows\System32\gimagex.exe
[2015/05/17 12:23:54 | 000,102,400 | ---- | C] () -- X:\windows\System32\unzip.exe
[2015/05/17 12:23:54 | 000,080,384 | ---- | C] () -- X:\windows\System32\RunScanner.exe
[2015/05/17 12:23:54 | 000,070,656 | ---- | C] () -- X:\windows\System32\HWPnp.exe
[2015/05/17 12:23:54 | 000,065,536 | ---- | C] () -- X:\windows\System32\RunScannerDLL.dll
[2015/05/17 12:23:54 | 000,049,152 | ---- | C] () -- X:\windows\System32\xlink.exe
[2015/05/17 12:23:54 | 000,048,128 | ---- | C] () -- X:\windows\System32\reg2WBSprg.exe
[2015/05/17 12:23:54 | 000,037,888 | ---- | C] () -- X:\windows\System32\HWPnPDLL.dll
[2015/05/17 12:23:54 | 000,020,992 | ---- | C] () -- X:\windows\System32\PecmdHelper.EXE
[2015/05/17 12:23:54 | 000,016,384 | ---- | C] () -- X:\windows\System32\PECAB.EXE
[2015/05/17 12:23:54 | 000,004,800 | ---- | C] () -- X:\windows\System32\pecmd.ini
[2015/05/17 12:23:54 | 000,004,262 | ---- | C] () -- X:\windows\System32\pecmd_xua.ini
[2015/05/17 12:23:54 | 000,000,127 | ---- | C] () -- X:\windows\System32\winpeshl.ini
[2015/05/17 12:23:54 | 000,000,027 | ---- | C] () -- X:\windows\System32\winpeshl_pecmd.ini
[2015/05/17 12:23:53 | 000,009,592 | ---- | C] () -- X:\windows\System32\ckill.exe
[2015/05/17 12:23:13 | 000,000,217 | ---- | C] () -- X:\Program Files\Applications.au3
[2015/05/17 12:22:59 | 000,673,088 | ---- | C] () -- X:\windows\System32\mlang.dat
[2015/05/17 11:14:06 | 000,005,810 | ---- | C] () -- X:\windows\System32\drivers\ASACPI.sys
[2009/07/14 04:43:51 | 000,348,408 | ---- | C] () -- X:\windows\System32\perfh00C.dat
[2009/07/14 04:43:51 | 000,344,522 | ---- | C] () -- X:\windows\System32\perfi00C.dat
[2009/07/14 04:43:51 | 000,039,224 | ---- | C] () -- X:\windows\System32\perfc00C.dat
[2009/07/14 04:43:51 | 000,038,160 | ---- | C] () -- X:\windows\System32\perfd00C.dat
[2009/07/14 03:04:10 | 000,294,734 | ---- | C] () -- X:\windows\System32\perfh009.dat
[2009/07/14 03:04:10 | 000,291,294 | ---- | C] () -- X:\windows\System32\perfi009.dat
[2009/07/14 03:04:10 | 000,032,454 | ---- | C] () -- X:\windows\System32\perfc009.dat
[2009/07/14 03:04:10 | 000,031,548 | ---- | C] () -- X:\windows\System32\perfd009.dat
[2009/07/14 01:34:38 | 000,090,112 | ---- | C] () -- X:\windows\System32\schema.dat

[color=#E56717]========== LOP Check ==========[/color]


[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]



[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- X:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2015/05/17 12:23:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=991B596EE59E3B5BB6F5AE19AD9EF457 -- X:\Windows\System32\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 64 bytes -> X:\windows\winhlp32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\xpsrchvw.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\xlink.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\winlogon.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\win7drv.cmd:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\wget.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\wermgr.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\WerFaultSecure.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\WerFault.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\verclsid.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\UX.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\unzip.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\TSTheme.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\SystemPropertiesRemote.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\SystemPropertiesProtection.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\SystemPropertiesPerformance.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\SystemPropertiesHardware.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\SystemPropertiesComputerName.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\SystemPropertiesAdvanced.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\systeminfo.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\start.cmd:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\SndVol.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\sleep.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\shrpubw.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\SetSpeaker.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\sc.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\RunScanner.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\reg2WBSprg.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\rasphone.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\rasdial.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\pskill.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\ppAppsGenPE.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\PnPutil.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\PnPUnattend.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\pnpbatch.cmd:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\pnp_fix.cmd:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\PecmdHelper.EXE:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\PECMD.EXE:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\PECAB.EXE:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\odbcad32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\ntvdm.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\nslookup.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\Netplwiz.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\mstsc.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\mspaint.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\msinfo32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\msiexec.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\mmc.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\MbrFix.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\LangbarReg.CMD:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\KeyboardLayoutChanger.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\imdsksvc.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\imdiskinst.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\imdisk.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\iexpress.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\ieUnatt.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\ie4uinit.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\icacls.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\HWPnp.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\HotSwap_Scan.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\HotSwap!.EXE:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\hide.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\hdwwiz.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\gimagex.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\fsutil.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\fontview.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\FolderSel.vbs:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\fix_7hdc.vbs:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\findstr.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\dwm.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\drv_del.cmd:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\system32\DRIVERS\nusb3xhc.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\system32\DRIVERS\nusb3hub.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\system32\DRIVERS\atisgkaf.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\system32\DRIVERS\ASACPI.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\driver_fix.cmd:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\dpinst.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\dpfolder.cmd:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\dialer.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\ctfmon.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\control.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\configras.cmd:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\configdot3svc.cmd:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\CompMgmtLauncher.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\ckill.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\choice.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\calc.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\cacls.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\autorun1Langbar.cmd:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\audiodg.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\AudioActivatorPE.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\audio_fix.cmd:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\audio.bat:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\System32\7za.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\windows\explorer.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\Users\Default\Desktop\FRST.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\Users\Default\Desktop\Applications.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> X:\Program Files\Start.exe:$CmdTcID
@Alternate Data Stream - 4554 bytes -> X:\windows\System32\startnet.cmd:$CmdTcID
< End of report >

Publicité


Signaler le contenu de ce document

Publicité