Jim Dolorian
Membres-
Compteur de contenus
7 -
Inscription
-
Dernière visite
Jim Dolorian's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Suspicion d'infection par un virus type Bugbear
Jim Dolorian a répondu à un(e) sujet de Jim Dolorian dans Analyses et éradication malwares
EDIT: Malwarebytes Anti-Malware (Essai) 1.60.1.1000 www.malwarebytes.org Version de la base de données: v2012.02.07.05 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 coco :: COCO-PC [administrateur] Protection: Activé 08/02/2012 11:48:23 mbam-log-2012-02-08 (11-48-23).txt Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 655875 Temps écoulé: 6 heure(s), 6 minute(s), 4 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 1 C:\Users\coco\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\6bf5a8e6-13bd1586 (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès. (fin) -
Suspicion d'infection par un virus type Bugbear
Jim Dolorian a répondu à un(e) sujet de Jim Dolorian dans Analyses et éradication malwares
j'essaye de regler le soucis. J'ai encore des alertes de MBAM. Merci =). -
Suspicion d'infection par un virus type Bugbear
Jim Dolorian a répondu à un(e) sujet de Jim Dolorian dans Analyses et éradication malwares
j'utilise le pare feu windows mais je ne sait pas du tout comment le désinstaller, pourtant j'ai cherché.. Quand je tente de le lancer il me répond : le pare-feu ne peut pas modifier certains de vos paramètres : code d'erreur 0x80070424 Mon pc est donc nettoyé ? Merci pour ce temps que vous prenez pour aider, vraiment. -
Suspicion d'infection par un virus type Bugbear
Jim Dolorian a répondu à un(e) sujet de Jim Dolorian dans Analyses et éradication malwares
Je n'arrive pas à réparer mon pare feu, si vous pouviez m'éclairer =). Merci d'avance. Rapport de ZHPFix 1.12.3380 par Nicolas Coolman, Update du 05/02/2011 Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-07-02-2012-11-08-37.txt Run by coco at 07/02/2012 11:08:37 Windows 7 Business Edition, 64-bit (Build 7600) Web site : ZHPFix Fix de rapport Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com ========== Logiciel(s) ========== ABSENT Software Key: Searchqu 0 MediaBar ========== Processus mémoire ========== SUPPRIME Memory Process: C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe ========== Clé(s) du Registre ========== ABSENT Key: CLSID BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} SUPPRIME Key: HKCU\Software\AppDataLow\Software\searchqutoolbar SUPPRIME Key: HKCU\Software\DataMngr ABSENT Key: HKLM\Software\DataMngr ABSENT Key: HKLM\Software\SearchquMediabarTb SUPPRIME Key: SearchScopes :{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} SUPPRIME Key: HKLM\Software\WOW6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} SUPPRIME Key: HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} SUPPRIME Key: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} SUPPRIME Key: HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} SUPPRIME Key: HKLM\Software\WOW6432Node\DataMngr SUPPRIME Key: HKLM\Software\WOW6432Node\SearchquMediabarTb SUPPRIME Key: HKLM\Software\Wow6432Node\mIRC\OpenCandy SUPPRIME Key**: StartupReg: HFALoader SUPPRIME Key: SearchScopes :{afdbddaa-5d3f-42ee-b79c-185a7020515b} SUPPRIME Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} SUPPRIME Key: HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} SUPPRIME Key: HKLM\Software\Classes\Toolbar.CT2849852 ========== Valeur(s) du Registre ========== SUPPRIME RunValue: DATAMNGR SUPPRIME {8FA1DCC0-DDF8-490A-A93D-A12F81D6F1A6} SUPPRIME {E817560F-2EFF-43A9-8115-A7DC598CD13D} SUPPRIME RunValue: PlayNC Launcher ABSENT RunValue: PlayNC Launcher SUPPRIME {26743AB3-78D6-4679-93B3-190105E091D9} SUPPRIME {28266D91-3DFD-452A-8E98-E7AA37F39141} SUPPRIME TCP Query User{8997DF1B-9D06-49FE-9C82-9BED6B66FEA6}C:/program files (x86)/pfportchecker/pfportchecker.exe SUPPRIME UDP Query User{C50B2B4A-7629-42E3-8949-F0EDBCAF8F02}C:/program files (x86)/pfportchecker/pfportchecker.exe SUPPRIME TCP Query User{0CE59A07-7E10-4A69-BDAB-BA15DE739158}C:/program files (x86)/ggpo/ggpo.exe SUPPRIME UDP Query User{E40513CD-5AFA-47AD-B5B0-46B84C91D069}C:/program files (x86)/ggpo/ggpo.exe SUPPRIME TCP Query User{7B9A2F0A-17E9-49CD-BDD1-F7B22C86C5A2}C:/program files (x86)/ggpo/ggpofba.exe SUPPRIME UDP Query User{21840081-B474-4F46-91BB-38B97524B11C}C:/program files (x86)/ggpo/ggpofba.exe SUPPRIME {526749AE-B1CA-4010-A504-652D6631996F} SUPPRIME {CC6F1833-CE19-4D65-8207-C7D67CFA2396} SUPPRIME {5F012ED9-D2C7-4118-890B-A7A58FCDAEA4} SUPPRIME {77CBF78F-4268-43D5-A558-D0D527D0C13A} SUPPRIME {72A4FA47-8CE3-46AC-912B-F72C8B2B11B8} SUPPRIME {F33D8E96-7E44-4A76-B400-B2CB836C6A01} SUPPRIME {CC021135-920E-4663-8E10-5A53619C6719} SUPPRIME {54715B7C-2D7A-4C5B-B00B-2F11C0C90788} SUPPRIME {0CCA43BD-C5F8-47C4-9E3F-1BBF06820BEA} SUPPRIME {748EDFF2-6A0C-42F1-97BF-451060E276C5} SUPPRIME {B89B3AAA-AF59-4EC2-B2A8-9BE73E1BFD01} SUPPRIME {BA496C46-1F71-4E6F-8479-CAA02980D30E} SUPPRIME URLSearchHook: {ef79f67a-6ad7-4715-a0f8-932fca442023} SUPPRIME [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} ABSENT Valeur Domain Profile: FirewallRaz : SUPPRIME FirewallRaz (Public) : {1C928716-8F8B-43AD-9065-D78C2783E972} SUPPRIME FirewallRaz (Public) : {987CA77C-7C2B-4AA6-824E-9FD3A5F3BDF1} SUPPRIME FirewallRaz (Public) : {20A29E43-1A06-4EF9-9A78-A588BE08F99C} SUPPRIME FirewallRaz (Public) : {E87C670B-964E-469E-A879-84BC0D2B4EC3} SUPPRIME FirewallRaz (Public) : {5136ACA6-1E24-43AE-93B2-86C849BA730D} SUPPRIME FirewallRaz (Public) : {68DBD15E-CB23-4F34-9E38-AD04B9C1888F} SUPPRIME FirewallRaz (Public) : TCP Query User{7AC91213-8DC6-4CB0-9D2E-704C26FBB16E}C:\program files (x86)\codemasters\le seigneur des anneaux online\lotroclient.exe SUPPRIME FirewallRaz (Public) : UDP Query User{90923DE5-3B9A-4367-8726-6C9296AD34C1}C:\program files (x86)\codemasters\le seigneur des anneaux online\lotroclient.exe SUPPRIME FirewallRaz (Public) : TCP Query User{93A15E66-11B1-4D7F-A2D3-E276FCF888C2}C:\program files (x86)\steam\steamapps\lolo93210\team fortress 2\hl2.exe SUPPRIME FirewallRaz (Public) : UDP Query User{33F7A941-C1D2-4A6C-BE7E-BBCA2C7C7773}C:\program files (x86)\steam\steamapps\lolo93210\team fortress 2\hl2.exe SUPPRIME FirewallRaz (Public) : {6ECA74A7-9B94-4954-BC5C-E863E49F97DB} SUPPRIME FirewallRaz (Public) : {B8806353-4657-4D58-94E3-A3873253E86F} SUPPRIME FirewallRaz (Public) : {F7C56CB2-2C9B-4507-999D-CE74A4E98905} SUPPRIME FirewallRaz (Public) : {47D6E58A-656C-4223-AF88-4E0B710E7386} SUPPRIME FirewallRaz (Public) : {22B4EB22-86BD-424D-AEC4-C13AA50881CA} SUPPRIME FirewallRaz (Public) : {5B31CF58-EAF0-4105-9A94-73A12503617E} SUPPRIME FirewallRaz (Public) : {2562EC86-291D-432C-BF50-BC7F743F317E} SUPPRIME FirewallRaz (Public) : {A38B9824-F407-4EA5-9FA0-BFFABF9866A9} SUPPRIME FirewallRaz (Public) : {5FAC6D93-0E54-4354-82DE-AFD1ADED94D3} SUPPRIME FirewallRaz (Public) : {F2687314-4975-449A-9186-38CBAD37383E} SUPPRIME FirewallRaz (Public) : {5846D058-D8D5-4973-94D3-4CE3C613AA51} SUPPRIME FirewallRaz (Public) : {C3A74DB3-E479-43B4-94FE-BFF4CBBB7694} SUPPRIME FirewallRaz (Public) : {D5B14652-BFFD-48BE-BCCA-8EB988B6BD39} SUPPRIME FirewallRaz (Public) : {A735FB24-5168-4027-9DF3-656F635C44E9} SUPPRIME FirewallRaz (Public) : {A1DC2671-D368-49A2-A6C5-C9AD4F011FEA} SUPPRIME FirewallRaz (Public) : {A4FF640A-8A76-47A2-B097-C8E977CED7BC} SUPPRIME FirewallRaz (Public) : TCP Query User{19304792-0E4B-491D-8F8F-318261B41411}C:\program files (x86)\rockstar games\eflc\eflc.exe SUPPRIME FirewallRaz (Public) : UDP Query User{50B5A93D-B1D6-41C3-AEF5-0AD16CF8C579}C:\program files (x86)\rockstar games\eflc\eflc.exe SUPPRIME FirewallRaz (Public) : {FB791286-FDB8-4591-A9DB-F223605B09D1} SUPPRIME FirewallRaz (Public) : {480774C1-0E5E-4784-8218-CB4E157EF94D} SUPPRIME FirewallRaz (Public) : {425FA5F2-50F6-47D0-A28C-E7248395D083} SUPPRIME FirewallRaz (Public) : {E6D4519C-D7D3-4E2B-ADB5-C9277BFA8592} SUPPRIME FirewallRaz (Public) : TCP Query User{1C859A4B-02C8-47C9-851E-09EFE45FF9DF}C:\program files (x86)\ccp\eve\bin\exefile.exe SUPPRIME FirewallRaz (Public) : UDP Query User{EFB01331-38C5-4240-8FAA-DF268BCF49EF}C:\program files (x86)\ccp\eve\bin\exefile.exe SUPPRIME FirewallRaz (Public) : {D7C0BDF6-7F38-477C-B0C4-C52D56C2F063} SUPPRIME FirewallRaz (Public) : {58C3C950-200E-43D9-AADA-DDCF88747BDF} SUPPRIME FirewallRaz (Public) : TCP Query User{1F63F11F-47D1-4DC8-B9E4-BD01D6CD66A1}C:\program files (x86)\steam\steamapps\snake61100\team fortress 2\hl2.exe SUPPRIME FirewallRaz (Public) : UDP Query User{32B0C0C8-14A7-46F4-AF41-93E11F6A3EAE}C:\program files (x86)\steam\steamapps\snake61100\team fortress 2\hl2.exe SUPPRIME FirewallRaz (Public) : TCP Query User{58F4E3DD-70A7-47D2-8F8A-22ADCBC0BBEA}C:\program files (x86)\microsoft games\age of mythology\aomx.exe SUPPRIME FirewallRaz (Public) : UDP Query User{3FC2F0F5-44CF-408C-9462-F3D734D71406}C:\program files (x86)\microsoft games\age of mythology\aomx.exe SUPPRIME FirewallRaz (Public) : {573BF040-C7CE-473C-84BF-6C13A37DF2F0} SUPPRIME FirewallRaz (Public) : {D1577C7F-B833-4BE8-B1A3-15AABA924411} SUPPRIME FirewallRaz (Public) : {620343F3-6FDF-46E4-B14E-12D0EDB96296} SUPPRIME FirewallRaz (Public) : {6DFCA9BF-711F-4E37-809F-F072870BE47B} SUPPRIME FirewallRaz (Private) : TCP Query User{ED687A51-2287-4673-A845-87401D86C7BC}C:\program files (x86)\steam\steamapps\snake61100\team fortress 2\hl2.exe SUPPRIME FirewallRaz (Private) : UDP Query User{D88A4FA1-FF55-40A1-87AE-A4A809DDC639}C:\program files (x86)\steam\steamapps\snake61100\team fortress 2\hl2.exe SUPPRIME FirewallRaz (Private) : {1E76B06F-9D62-4D27-BFA6-D829856EE7A1} SUPPRIME FirewallRaz (Private) : {BBE5DC86-70D3-4F0B-8DCD-FAE0BC41AC35} SUPPRIME FirewallRaz (Public) : {6C52E874-2858-42A8-BC0F-43477CABAB8C} SUPPRIME FirewallRaz (Public) : {6D4041F7-4D8C-4182-93A7-A204CA105E6B} SUPPRIME FirewallRaz (Private) : TCP Query User{200EAFF4-A01D-44E8-8696-8C7C45854A6C}C:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe SUPPRIME FirewallRaz (Private) : UDP Query User{8F61A800-447D-49AE-B8AC-888FE5AA0C36}C:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe SUPPRIME FirewallRaz (Private) : TCP Query User{17B18639-EA13-4821-97A8-684596FB534E}C:\program files (x86)\heroes of newerth\hon.exe SUPPRIME FirewallRaz (Private) : UDP Query User{9B089CCD-AD1B-4DB5-9BAA-B550F1AC554E}C:\program files (x86)\heroes of newerth\hon.exe SUPPRIME FirewallRaz (Private) : {254B8D6C-4BF1-400F-9BC3-18573FEE3601} SUPPRIME FirewallRaz (Private) : {58E70633-B791-4384-9B0B-78F136447613} SUPPRIME FirewallRaz (Private) : {F4FC83D8-698A-42B4-A683-B8F04A7958D9} SUPPRIME FirewallRaz (Private) : {B6FC722B-1A75-4C84-BAD9-7E0ACD1F3150} SUPPRIME FirewallRaz (Private) : {11864493-191A-4ADD-A75E-352C5E1F121B} SUPPRIME FirewallRaz (Private) : {B8583DE3-C594-49C5-A559-F212F7985A7C} SUPPRIME FirewallRaz (Private) : {9093AA75-60BD-491C-9A9F-EEB87FD386A2} SUPPRIME FirewallRaz (Private) : {566B84B6-310E-4259-B657-DD4C8FFC68FF} SUPPRIME FirewallRaz (Public) : {08E06791-868C-47FB-9C12-AF852BA20848} SUPPRIME FirewallRaz (Public) : {78BE96D0-1D61-47AB-BCA8-80F6490FFE2A} SUPPRIME FirewallRaz (Public) : {8CFF8895-28FE-4D41-B4E3-C0267E77AB98} SUPPRIME FirewallRaz (Public) : {B22D1A91-FD9B-4DCA-B2CA-AED9B9E5344D} SUPPRIME FirewallRaz (Public) : {F0EAFC47-9BB9-4792-AB55-D54D479AB7CF} SUPPRIME FirewallRaz (Public) : {5CE0ECE1-6EC5-4FDA-8F5E-1091FB9465E4} ========== Elément(s) de donnée du Registre ========== SUPPRIME PhishingFilter Value: Enabled = 0 SUPPRIME AppInit: ta Manager.) - C:\Program Files (x86)\WINDOW~2\Datamngr\x64\datamngr.dll ========== Préférences navigateur ========== SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "http://www.searchqu.com//web?src=ffb&appid=0&systemid=410&sr=0&q="); SUPPRIME Mozilla Pref: user_pref("CT2849852..clientLogIsEnabled", false); SUPPRIME Mozilla Pref: user_pref("CT2849852..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); SUPPRIME Mozilla Pref: user_pref("CT2849852..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); SUPPRIME Mozilla Pref: user_pref("CT2849852.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx"); SUPPRIME Mozilla Pref: user_pref("CT2849852.AppTrackingLastCheckTime", "Mon Feb 06 2012 12:05:35 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.BrowserCompStateIsOpen_129642290922900978", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.CTID", "CT2849852"); ABSENT Mozilla Pref: user_pref("CT2849852.CurrentServerDate", "6-2-2012"); SUPPRIME Mozilla Pref: user_pref("CT2849852.DSInstall", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.DialogsAlignMode", "LTR"); SUPPRIME Mozilla Pref: user_pref("CT2849852.DialogsGetterLastCheckTime", "Sat Feb 04 2012 17:19:03 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.DownloadReferralCookieData", ""); SUPPRIME Mozilla Pref: user_pref("CT2849852.EMailNotifierPollDate", "Sat Feb 04 2012 17:49:05 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.EnableClickToSearchBox", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.EnableSearchHistory", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.EnableSearchSuggest", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedLastCount129349795937781608", 180); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313974171006416", "Sat Feb 04 2012 20:44:20 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313975698350231", "Sat Feb 04 2012 20:44:20 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313976370850190", "Sat Feb 04 2012 20:44:20 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313976648818968", "Sat Feb 04 2012 20:44:20 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313977444757117", "Sat Feb 04 2012 20:44:20 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313980389131455", "Sat Feb 04 2012 20:44:20 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313980655381977", "Sat Feb 04 2012 20:44:20 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313980886163259", "Sat Feb 04 2012 20:44:20 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313981234756535", "Sat Feb 04 2012 20:44:21 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313983226631720", "Sat Feb 04 2012 20:44:21 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313983607725691", "Sat Feb 04 2012 20:44:21 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedTTL129313974171006416", 10); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedTTL129313977444757117", 15); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedTTL129313980655381977", 5); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedTTL129313981234756535", 5); SUPPRIME Mozilla Pref: user_pref("CT2849852.FirstServerDate", "4-2-2012"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FirstTime", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.FirstTimeFF3", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.FixPageNotFoundErrors", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.GroupingServerCheckInterval", 1440); SUPPRIME Mozilla Pref: user_pref("CT2849852.GroupingServiceUrl", "http://grouping.services.conduit.com/"); SUPPRIME Mozilla Pref: user_pref("CT2849852.HPInstall", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.HasUserGlobalKeys", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.HomePageProtectorEnabled", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.Initialize", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.InitializeCommonPrefs", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.InstallationAndCookieDataSentCount", 3); SUPPRIME Mozilla Pref: user_pref("CT2849852.InstallationId", "ConduitXPEIntegration"); SUPPRIME Mozilla Pref: user_pref("CT2849852.InstallationType", "ConduitXPEIntegration"); SUPPRIME Mozilla Pref: user_pref("CT2849852.InstalledDate", "Sat Feb 04 2012 17:19:03 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.IsAlertDBUpdated", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.IsGrouping", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.IsInitSetupIni", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.IsMulticommunity", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.IsOpenThankYouPage", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.IsOpenUninstallPage", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.LanguagePackLastCheckTime", "Mon Feb 06 2012 19:01:26 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.LanguagePackReloadIntervalMM", 1440); SUPPRIME Mozilla Pref: user_pref("CT2849852.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx"); ABSENT Mozilla Pref: user_pref("CT2849852.LastLogin_3.9.0.3", "Mon Feb 06 2012 16:05:25 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.LatestVersion", "3.9.0.3"); SUPPRIME Mozilla Pref: user_pref("CT2849852.Locale", "fr"); SUPPRIME Mozilla Pref: user_pref("CT2849852.MCDetectTooltipHeight", "83"); SUPPRIME Mozilla Pref: user_pref("CT2849852.MCDetectTooltipShow", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); SUPPRIME Mozilla Pref: user_pref("CT2849852.MCDetectTooltipWidth", "295"); SUPPRIME Mozilla Pref: user_pref("CT2849852.MyStuffEnabledAtInstallation", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.OriginalFirstVersion", "3.9.0.3"); SUPPRIME Mozilla Pref: user_pref("CT2849852.SHRINK_TOOLBAR", 1); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchBackToDefaultEngine", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchCaption", "BittorrentBar_FR Customized Web Search"); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchEngineBeforeUnload", "Google"); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchFromAddressBarIsInit", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=2&q="); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchInNewTabEnabled", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchInNewTabIntervalMM", 1440); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchInNewTabLastCheckTime", "Mon Feb 06 2012 19:01:25 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchInNewTabUserEnabled", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchProtectorEnabled", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchProtectorToolbarDisabled", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.SendProtectorDataViaLogin", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.ServiceMapLastCheckTime", "Mon Feb 06 2012 19:01:25 GMT+0100"); ABSENT Mozilla Pref: user_pref("CT2849852.SettingsLastCheckTime", "Mon Feb 06 2012 16:16:13 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.SettingsLastUpdate", "1326994324"); SUPPRIME Mozilla Pref: user_pref("CT2849852.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2849852&SearchSource=13"); SUPPRIME Mozilla Pref: user_pref("CT2849852.ThirdPartyComponentsInterval", 504); SUPPRIME Mozilla Pref: user_pref("CT2849852.ThirdPartyComponentsLastCheck", "Sat Feb 04 2012 17:19:02 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.ThirdPartyComponentsLastUpdate", "1255344667"); SUPPRIME Mozilla Pref: user_pref("CT2849852.ToolbarShrinkedFromSetup", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.TrusteLinkUrl", "http://trust.conduit.com/CT2849852"); SUPPRIME Mozilla Pref: user_pref("CT2849852.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit- SUPPRIME Mozilla Pref: user_pref("CT2849852.UserID", "UN71520763480499428"); SUPPRIME Mozilla Pref: user_pref("CT2849852.ValidationData_Search", 1); SUPPRIME Mozilla Pref: user_pref("CT2849852.ValidationData_Toolbar", 0); SUPPRIME Mozilla Pref: user_pref("CT2849852.WeatherNetwork", ""); SUPPRIME Mozilla Pref: user_pref("CT2849852.WeatherPollDate", "Sat Feb 04 2012 17:49:05 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.WeatherUnit", "C"); SUPPRIME Mozilla Pref: user_pref("CT2849852.alertChannelId", "1241893"); SUPPRIME Mozilla Pref: user_pref("CT2849852.approveUntrustedApps", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.autoDisableScopes", -1); SUPPRIME Mozilla Pref: user_pref("CT2849852.backendstorage.cbfirsttime", "5361742046656220303420323031322031373A31393A313620474D542B30313030"); SUPPRIME Mozilla Pref: user_pref("CT2849852.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F"); SUPPRIME Mozilla Pref: user_pref("CT2849852.components.1000034", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.components.1000234", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129349795936062815", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129349795936375318", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129349795937781608", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129349795937937859", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129349795937937860", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129431554657187564", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129642290922900978", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\": SUPPRIME Mozilla Pref: user_pref("CT2849852.homepageProtectorEnableByLogin", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.initDone", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.isAppTrackingManagerOn", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.isSearchProtectorNotifyChanges", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.myStuffEnabled", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.myStuffPublihserMinWidth", 400); SUPPRIME Mozilla Pref: user_pref("CT2849852.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29 SUPPRIME Mozilla Pref: user_pref("CT2849852.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx? SUPPRIME Mozilla Pref: user_pref("CT2849852.searchProtectorDialogDelayInSec", 10); SUPPRIME Mozilla Pref: user_pref("CT2849852.searchProtectorEnableByLogin", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.testingCtid", ""); SUPPRIME Mozilla Pref: user_pref("CT2849852.toolbarAppMetaDataLastCheckTime", "Mon Feb 06 2012 19:01:27 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.toolbarContextMenuLastCheckTime", "Sat Feb 04 2012 17:19:05 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.usageEnabled", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.usagesFlag", 2); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2849852/CT2849852", SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849852", "\"1319755492\""); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=fr", "kLE3EoupXhh+ SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"80ee9485875dcc1:0\"")[...] SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849852", SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\coco\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\bg7ax0xp.defa[...] SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ToolbarsList", "CT2849852"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ToolbarsList2", "CT2849852"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ToolbarsList4", "CT2849852"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Feb 04 2012 17:19:05 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.globalUserId", "82efcb7a-df12-464d-84a3-bf9369df4759"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Feb 06 2012 03:20:44 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Feb 06 2012 12:05:34 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.locale", "en"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Feb 06 2012 19:01:25 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.showTrayIcon", false); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.userId", "6c8898dd-1e03-4fa9-bdb3-64a6d35495e1"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.originalSearchEngine", "Google"); ========== Dossier(s) ========== SUPPRIME Folder: C:\Users\coco\AppData\Roaming\Mozilla\Firefox\Profiles\bg7ax0xp.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} SUPPRIME Folder: C:\Program Files (x86)\Windows Searchqu Toolbar SUPPRIME Folder: c:\users\coco\appdata\locallow\searchquband SUPPRIME Folder: c:\users\coco\appdata\locallow\searchqutoolbar SUPPRIME Folder: c:\users\coco\appdata\local\temp\opencandy SUPPRIME Folder: c:\users\coco\appdata\roaming\mozilla\firefox\profiles\bg7ax0xp.default\searchqutoolbar SUPPRIME Folder: C:\ProgramData\regid.1986-12.com.adobe SUPPRIME Folder: C:\Users\coco\AppData\Local\28050 SUPPRIME Folder: C:\Users\coco\AppData\Local\SCE SUPPRIME Folder: C:\Users\coco\AppData\Local\Wings of Prey SUPPRIME Folder: C:\Users\coco\AppData\Local\{67109EBE-A773-4AF9-A0A8-51FFB24F61D1} SUPPRIME Folder: C:\Users\coco\AppData\Local\{82A7E5EC-A213-4B75-BD2F-69D6402D8990} SUPPRIME Folder: C:\Users\coco\AppData\Local\{86703F31-F03E-4945-82F6-815906036ABE} SUPPRIME Folder: C:\Users\coco\AppData\Local\{E02C1177-E75E-48D3-89DE-648FBE2A0741} SUPPRIME Folder: C:\Users\coco\AppData\Roaming\Mozilla\Firefox\Profiles\bg7ax0xp.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023} SUPPRIME Folder: C:\Users\coco\AppData\Roaming\teamspeak2 SUPPRIME Folder: C:\Users\coco\AppData\Local\Conduit SUPPRIME Folder: C:\Program Files (x86)\Conduit SUPPRIME Folder: c:\users\coco\appdata\locallow\conduit SUPPRIME Flash Cookies: 19 SUPPRIME Temporaires Windows: : 278 ========== Fichier(s) ========== SUPPRIME File***: c:\program files (x86)\windows searchqu toolbar\datamngr\datamngrui.exe SUPPRIME File: c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\searchqudtx.dll ABSENT File: c:\program files (x86)\windows searchqu toolbar\datamngr\datamngrui.exe ABSENT Folder/File: c:\program files (x86)\windows searchqu toolbar SUPPRIME File: C:\Users\coco\AppData\Roaming\BitTorrent\Atomix Virtual DJ Pro V6.1.1 Full cracked by Belin (les crackers).rar.torrent SUPPRIME File: C:\Users\coco\Desktop\dl\alt.binaries.nl\ToonTrack EZ Drummer VSTi RTAS v1 2 1 x86 x64 UPDATE Incl Keygen-AiR.rar SUPPRIME File***: c:\users\coco\desktop\dl\alt.binaries.nl\toontrack ez drummer vsti rtas v1 2 1 x86 x64 update incl keygen-air.rar ABSENT Folder/File: c:\users\coco\appdata\local\conduit SUPPRIME Flash Cookies: 6 SUPPRIME Temporaires Windows: : 1338 ========== Tache planifiée ========== SUPPRIME Task: {1E4647DA-D343-4479-807E-30554BD966FC} SUPPRIME Task: {723D3D40-3DA7-4FBD-8812-5BD6E81BA15E} ========== Autre ========== NON TRAITE PROCESSUS MALWARE (Rootkit, trojan, ver, spyware, adware,...) NON TRAITE PROCESSUS SUPERFLU DU SYSTEME NON TRAITE TOOLBAR INUTILE (Navigateur internet) ========== Récapitulatif ========== 1 : Processus mémoire 22 : Clé(s) du Registre 96 : Valeur(s) du Registre 2 : Elément(s) de donnée du Registre 21 : Dossier(s) 10 : Fichier(s) 1 : Logiciel(s) 154 : Préférences navigateur 2 : Tache planifiée 3 : Autre End of clean in 01mn 03s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 07/02/2012 11:08:37 [28417] -
Suspicion d'infection par un virus type Bugbear
Jim Dolorian a répondu à un(e) sujet de Jim Dolorian dans Analyses et éradication malwares
Voila: Lien CJoint.com BBgwWc66FlZ -
Suspicion d'infection par un virus type Bugbear
Jim Dolorian a répondu à un(e) sujet de Jim Dolorian dans Analyses et éradication malwares
Merci pour votre réponse rapide. Je voudrais ajouter que mon pare feu ne fonctionne pas. Voila ce que donne UsbFix: ############################## | UsbFix V 7.081 | [Recherche] Utilisateur: coco (Administrateur) # COCO-PC Mis à jour le 05/02/2012 par El Desaparecido Lancé à 11:47:06 | 06/02/2012 Site Web: http://eldesaparecido.com Fichier suspect ? : http://eldesaparecido.com/upload.html Contact: [email protected] PC: MEDION (X781x) (x64-based PC) # Notebook CPU: Intel® Core i3 CPU M 330 @ 2.13GHz (2133) RAM -> [ Total : 4014 | Free : 2285 ] BIOS: BIOS Date: 10/22/09 17:13:05 Ver: 08.00.10 BOOT: Normal boot OS: Microsoft Windows 7 Professionnel (6.1.7600 64-Bit) # WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [ (!) Disabled ] WU: Windows Update Service [ Enabled ] AV: Avira Desktop [ Enabled | Updated ] FW: Windows FireWall Service [ (!) Disabled ] C:\ (%systemdrive%) -> Disque fixe # 435 Go (76 Go libre(s) - 18%) [boot] # NTFS D:\ -> Disque fixe # 30 Go (22 Go libre(s) - 74%) [Recover] # NTFS E:\ -> CD-ROM F:\ -> CD-ROM ################## | Processus Actif | C:\Windows\system32\csrss.exe (480) C:\Windows\system32\wininit.exe (540) C:\Windows\system32\csrss.exe (560) C:\Windows\system32\services.exe (604) C:\Windows\system32\lsass.exe (620) C:\Windows\system32\lsm.exe (628) C:\Windows\system32\winlogon.exe (708) C:\Windows\system32\svchost.exe (776) C:\Windows\system32\svchost.exe (864) C:\Windows\system32\atiesrxx.exe (928) C:\Windows\System32\svchost.exe (1004) C:\Windows\System32\svchost.exe (368) C:\Windows\system32\svchost.exe (380) C:\Windows\system32\svchost.exe (1128) C:\Windows\system32\svchost.exe (1240) C:\Windows\system32\atieclxx.exe (1408) C:\Windows\System32\spoolsv.exe (1536) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (1564) C:\Windows\SysWOW64\svchost.exe (1740) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (1760) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1780) C:\Program Files\Bonjour\mDNSResponder.exe (1848) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1880) C:\Windows\System32\svchost.exe (1912) C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (1956) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (1992) c:\xampp\mysql\bin\mysqld.exe (2016) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (2044) C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe (1188) C:\Windows\SysWOW64\PnkBstrA.exe (1324) C:\Windows\system32\svchost.exe (552) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (1176) C:\Program Files\Common Files\WireHelpSvc.exe (2096) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2124) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (2152) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2300) C:\Windows\system32\taskhost.exe (2540) C:\Windows\system32\Dwm.exe (2720) C:\Windows\Explorer.EXE (2768) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (1356) C:\Windows\system32\conhost.exe (1352) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2388) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (2424) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (2420) C:\Users\coco\AppData\Local\Akamai\netsession_win.exe (2408) C:\Users\coco\AppData\Roaming\Evmela\biegs.exe (2856) C:\Users\coco\AppData\Local\Akamai\netsession_win.exe (2460) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (3284) C:\Windows\system32\SearchIndexer.exe (3304) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3328) C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (3340) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (3356) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (3528) C:\Program Files (x86)\Orange\Connexion Internet Orange\Launcher\Launcher.exe (3564) C:\Windows\system32\svchost.exe (3928) C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe (4024) C:\Windows\System32\svchost.exe (3948) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (4124) C:\Program Files\Windows Media Player\wmpnetwk.exe (4144) C:\Program Files (x86)\Orange\Connexion Internet Orange\systray\systrayapp.exe (4276) C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe (4284) C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe (4476) C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\OraConfigRecover.exe (4576) C:\Windows\system32\wbem\wmiprvse.exe (4696) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (4932) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (2500) C:\Windows\system32\wuauclt.exe (4768) C:\Windows\servicing\TrustedInstaller.exe (2836) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4172) C:\Windows\system32\taskmgr.exe (4016) C:\Windows\system32\SearchProtocolHost.exe (4316) C:\Windows\system32\SearchFilterHost.exe (3176) C:\UsbFix\Go.exe (4664) C:\Windows\system32\wbem\wmiprvse.exe (2992) ################## | Éléments infectieux | Présent! C:\Users\coco\AppData\Local\Temp\10-8_mobility_vista_win7_64_dd_ccc.exe Présent! C:\Users\coco\AppData\Local\Temp\11-9_mobility_vista_win7_64_dd_ccc_ocl.exe Présent! C:\Users\coco\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe ################## | Registre | Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoResolveSearch ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{58bbde01-ba4c-11df-9674-4061861ea256} Shell\AutoRun\Command = F:\LaunchU3.exe -a ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné! ################## | E.O.F | ############################# | UsbFix V 7.081 | [suppression] Utilisateur: coco (Administrateur) # COCO-PC Mis à jour le 05/02/2012 par El Desaparecido Lancé à 12:02:08 | 06/02/2012 Site Web: http://eldesaparecido.com Fichier suspect ? : http://eldesaparecido.com/upload.html Contact: [email protected] PC: MEDION (X781x) (x64-based PC) # Notebook CPU: Intel® Core i3 CPU M 330 @ 2.13GHz (2133) RAM -> [ Total : 4014 | Free : 2113 ] BIOS: BIOS Date: 10/22/09 17:13:05 Ver: 08.00.10 BOOT: Normal boot OS: Microsoft Windows 7 Professionnel (6.1.7600 64-Bit) # WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [ (!) Disabled ] WU: Windows Update Service [ Enabled ] AV: Avira Desktop [ Enabled | Updated ] FW: Windows FireWall Service [ (!) Disabled ] C:\ (%systemdrive%) -> Disque fixe # 435 Go (76 Go libre(s) - 17%) [boot] # NTFS D:\ -> Disque fixe # 30 Go (22 Go libre(s) - 74%) [Recover] # NTFS E:\ -> CD-ROM F:\ -> CD-ROM ################## | Processus Actif | C:\Windows\system32\csrss.exe (480) C:\Windows\system32\wininit.exe (540) C:\Windows\system32\csrss.exe (560) C:\Windows\system32\services.exe (604) C:\Windows\system32\lsass.exe (620) C:\Windows\system32\lsm.exe (628) C:\Windows\system32\winlogon.exe (708) C:\Windows\system32\svchost.exe (776) C:\Windows\system32\svchost.exe (864) C:\Windows\system32\atiesrxx.exe (928) C:\Windows\System32\svchost.exe (1004) C:\Windows\System32\svchost.exe (368) C:\Windows\system32\svchost.exe (380) C:\Windows\system32\svchost.exe (1128) C:\Windows\system32\svchost.exe (1240) C:\Windows\system32\atieclxx.exe (1408) C:\Windows\System32\spoolsv.exe (1536) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (1564) C:\Windows\SysWOW64\svchost.exe (1740) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (1760) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1780) C:\Program Files\Bonjour\mDNSResponder.exe (1848) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1880) C:\Windows\System32\svchost.exe (1912) C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (1956) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (1992) c:\xampp\mysql\bin\mysqld.exe (2016) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (2044) C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe (1188) C:\Windows\SysWOW64\PnkBstrA.exe (1324) C:\Windows\system32\svchost.exe (552) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (1176) C:\Program Files\Common Files\WireHelpSvc.exe (2096) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2124) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (2152) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2300) C:\Windows\system32\taskhost.exe (2540) C:\Windows\system32\Dwm.exe (2720) C:\Windows\Explorer.EXE (2768) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (1356) C:\Windows\system32\conhost.exe (1352) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2388) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (2424) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (2420) C:\Users\coco\AppData\Local\Akamai\netsession_win.exe (2408) C:\Users\coco\AppData\Roaming\Evmela\biegs.exe (2856) C:\Users\coco\AppData\Local\Akamai\netsession_win.exe (2460) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (3284) C:\Windows\system32\SearchIndexer.exe (3304) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3328) C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (3340) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (3356) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (3528) C:\Program Files (x86)\Orange\Connexion Internet Orange\Launcher\Launcher.exe (3564) C:\Windows\system32\svchost.exe (3928) C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe (4024) C:\Windows\System32\svchost.exe (3948) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (4124) C:\Program Files\Windows Media Player\wmpnetwk.exe (4144) C:\Program Files (x86)\Orange\Connexion Internet Orange\systray\systrayapp.exe (4276) C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe (4284) C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe (4476) C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\OraConfigRecover.exe (4576) C:\Windows\system32\wbem\wmiprvse.exe (4696) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (4932) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (2500) C:\Windows\system32\wuauclt.exe (4768) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4172) C:\Windows\system32\taskmgr.exe (4016) C:\Windows\system32\wbem\wmiprvse.exe (2992) C:\Windows\system32\taskhost.exe (4264) C:\Windows\SysWOW64\NOTEPAD.EXE (2976) C:\UsbFix\Go.exe (896) ################## | Processus Stoppés | Stoppé! C:\Windows\system32\atiesrxx.exe (928) Stoppé! C:\Windows\system32\atieclxx.exe (1408) Stoppé! C:\Windows\System32\spoolsv.exe (1536) Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (1564) Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (1760) Stoppé! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1780) Stoppé! C:\Program Files\Bonjour\mDNSResponder.exe (1848) Stoppé! C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1880) Stoppé! C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (1956) Stoppé! C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (1992) Stoppé! c:\xampp\mysql\bin\mysqld.exe (2016) Stoppé! C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (2044) Stoppé! C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe (1188) Stoppé! C:\Windows\SysWOW64\PnkBstrA.exe (1324) Stoppé! C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (1176) Stoppé! C:\Program Files\Common Files\WireHelpSvc.exe (2096) Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2124) Stoppé! C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (2152) Stoppé! C:\Windows\system32\taskhost.exe (2540) Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (1356) Stoppé! C:\Windows\system32\conhost.exe (1352) Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2388) Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (2424) Stoppé! C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (2420) Stoppé! C:\Users\coco\AppData\Local\Akamai\netsession_win.exe (2408) Stoppé! C:\Users\coco\AppData\Roaming\Evmela\biegs.exe (2856) Stoppé! C:\Users\coco\AppData\Local\Akamai\netsession_win.exe (2460) Stoppé! C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (3284) Stoppé! C:\Windows\system32\SearchIndexer.exe (3304) Stoppé! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3328) Stoppé! C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (3340) Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (3356) Stoppé! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (3528) Stoppé! C:\Program Files (x86)\Orange\Connexion Internet Orange\Launcher\Launcher.exe (3564) Stoppé! C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe (4024) Stoppé! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (4124) Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (4144) Stoppé! C:\Program Files (x86)\Orange\Connexion Internet Orange\systray\systrayapp.exe (4276) Stoppé! C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe (4284) Stoppé! C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe (4476) Stoppé! C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\OraConfigRecover.exe (4576) Stoppé! C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (4932) Stoppé! C:\Program Files (x86)\Mozilla Firefox\firefox.exe (2500) Stoppé! C:\Windows\system32\wuauclt.exe (4768) Stoppé! C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4172) Stoppé! C:\Windows\system32\taskmgr.exe (4016) Stoppé! C:\Windows\system32\taskhost.exe (4264) ################## | Éléments infectieux | Supprimé! C:\Users\coco\AppData\Local\Temp\10-8_mobility_vista_win7_64_dd_ccc.exe Supprimé! C:\Users\coco\AppData\Local\Temp\11-9_mobility_vista_win7_64_dd_ccc_ocl.exe Supprimé! C:\Users\coco\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe Supprimé! C:\$RECYCLE.BIN\S-1-5-20 Supprimé! C:\$RECYCLE.BIN\S-1-5-21-2785893074-595747820-1594240593-1000 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-1292132930-1676903531-2991972072-1000 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-1519444400-1794461273-710662950-500 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-2149421345-3150679066-3066144613-500 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-2182524660-674847601-3640508224-500 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-2785893074-595747820-1594240593-1000 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-3122571555-3205367151-3062972803-1000 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-4057543656-1902096578-4069866551-500 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-900403819-932455162-659764423-1000 (!) Fichiers temporaires supprimés. ################## | Registre | Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoResolveSearch ################## | Mountpoints2 | Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{58bbde01-ba4c-11df-9674-4061861ea256} ################## | Listing | [06/02/2012 - 12:03:42 | SHD ] C:\$Recycle.Bin [15/04/2011 - 17:26:26 | D ] C:\56e05bdfcb686d0270fdecb448410c [16/09/2011 - 16:39:37 | D ] C:\770a90d92908eec2e112814fd8e1e050 [12/04/2011 - 10:17:26 | N | 0] C:\AdobeDebug.txt [06/06/2011 - 11:23:27 | D ] C:\AMD [26/08/2010 - 18:58:58 | D ] C:\ATI [10/06/2009 - 22:42:20 | N | 24] C:\autoexec.bat [10/06/2009 - 22:42:20 | N | 10] C:\config.sys [14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings [28/12/2011 - 11:50:54 | D ] C:\Down [12/10/2010 - 22:20:29 | D ] C:\e45d6c3994caa493a08cd34f21 [07/11/2007 - 07:00:40 | N | 17734] C:\eula.1028.txt [07/11/2007 - 07:00:40 | N | 17734] C:\eula.1031.txt [07/11/2007 - 07:00:40 | N | 10134] C:\eula.1033.txt [07/11/2007 - 07:00:40 | N | 17734] C:\eula.1036.txt [07/11/2007 - 07:00:40 | N | 17734] C:\eula.1040.txt [07/11/2007 - 07:00:40 | N | 118] C:\eula.1041.txt [07/11/2007 - 07:00:40 | N | 17734] C:\eula.1042.txt [07/11/2007 - 07:00:40 | N | 17734] C:\eula.2052.txt [07/11/2007 - 07:00:40 | N | 17734] C:\eula.3082.txt [23/04/2011 - 08:48:48 | D ] C:\found.000 [07/11/2007 - 07:00:40 | N | 1110] C:\globdata.ini [06/02/2012 - 11:37:56 | ASH | 3156795392] C:\hiberfil.sys [07/11/2007 - 07:44:20 | N | 855040] C:\install.exe [07/11/2007 - 07:00:40 | N | 843] C:\install.ini [07/11/2007 - 07:44:20 | N | 75280] C:\install.res.1028.dll [07/11/2007 - 07:44:20 | N | 95248] C:\install.res.1031.dll [07/11/2007 - 07:44:20 | N | 90128] C:\install.res.1033.dll [07/11/2007 - 07:44:20 | N | 96272] C:\install.res.1036.dll [07/11/2007 - 07:44:20 | N | 94224] C:\install.res.1040.dll [07/11/2007 - 07:44:20 | N | 80400] C:\install.res.1041.dll [07/11/2007 - 07:44:20 | N | 78864] C:\install.res.1042.dll [07/11/2007 - 07:44:20 | N | 74768] C:\install.res.2052.dll [07/11/2007 - 07:44:20 | N | 95248] C:\install.res.3082.dll [30/03/2010 - 16:45:38 | D ] C:\Intel [31/03/2010 - 13:12:12 | N | 0] C:\IO.SYS [31/03/2010 - 13:12:12 | N | 0] C:\MSDOS.SYS [31/03/2010 - 08:38:51 | RHD ] C:\MSOCache [06/02/2012 - 11:37:57 | ASH | 4209061888] C:\pagefile.sys [28/12/2011 - 11:50:38 | D ] C:\Perfect World Entertainment [14/07/2009 - 04:20:08 | D ] C:\PerfLogs [05/02/2012 - 23:17:54 | D ] C:\Program Files [06/02/2012 - 11:34:12 | D ] C:\Program Files (x86) [05/02/2012 - 20:58:11 | HD ] C:\ProgramData [26/08/2010 - 18:41:33 | SHD ] C:\Recovery [28/10/2010 - 12:40:31 | D ] C:\Riot Games [04/10/2011 - 16:15:31 | N | 81686] C:\shared.log [05/02/2012 - 21:53:35 | SHD ] C:\System Volume Information [06/02/2012 - 12:03:43 | D ] C:\UsbFix [06/02/2012 - 12:02:33 | A | 12662] C:\UsbFix.txt [26/08/2010 - 18:44:15 | D ] C:\Users [07/11/2007 - 07:00:40 | N | 5686] C:\vcredist.bmp [07/11/2007 - 07:09:22 | N | 1442522] C:\VC_RED.cab [07/11/2007 - 07:12:28 | N | 232960] C:\VC_RED.MSI [06/02/2012 - 11:32:56 | D ] C:\Windows [15/02/2011 - 20:43:33 | D ] C:\xampp [06/02/2012 - 12:03:43 | SHD ] D:\$RECYCLE.BIN [30/03/2010 - 16:43:15 | D ] D:\DRIVER [26/04/2010 - 12:29:57 | D ] D:\RECOVER [26/04/2010 - 10:09:50 | N | 95] D:\SWCONF.dat [26/02/2010 - 13:45:03 | SHD ] D:\System Volume Information [26/02/2010 - 16:47:55 | D ] D:\TOOLS ################## | Vaccin | C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) ################## | Upload | Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_COCO-PC.zip http://eldesaparecido.com/upload.html Merci de votre contribution. ################## | E.O.F | Rogue Killer : RogueKiller V7.0.3 [06/02/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/45) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode normal Utilisateur: coco [Droits d'admin] Mode: Recherche -- Date : 06/02/2012 12:07:49 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 10 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : {E8B9155B-E45B-AD7F-6A2F-F2FE7C50D1E3} (C:\Users\coco\AppData\Roaming\Evmela\biegs.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-21-2785893074-595747820-1594240593-1000[...]\Run : {E8B9155B-E45B-AD7F-6A2F-F2FE7C50D1E3} (C:\Users\coco\AppData\Roaming\Evmela\biegs.exe) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost 127.0.0.1 genuine.microsoft.com 127.0.0.1 mpa.one.microsoft.com 127.0.0.1 sa.windows.com 127.0.0.1 se.windows.com 127.0.0.1 ie.search.msn.com 127.0.0.1 wustat.windows.com 127.0.0.1 wutrack.windows.com 127.0.0.1 catalog.microsoft.com 127.0.0.1 sls.microsoft.com 127.0.0.1 spynet2.microsoft.com 127.0.0.1 spynettest.microsoft.com 127.0.0.1 activation.guitar-pro.com ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: ST9500325AS +++++ --- User --- [MBR] dbc9d427d53fbb122228d5942fe4ff49 [bSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 445091 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 911753216 | Size: 30720 Mo 3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 974667776 | Size: 1027 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[1].txt >> RKreport[1].txt ^RogueKiller V7.0.3 [06/02/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/45) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode normal Utilisateur: coco [Droits d'admin] Mode: Suppression -- Date : 06/02/2012 12:10:11 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 9 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : {E8B9155B-E45B-AD7F-6A2F-F2FE7C50D1E3} (C:\Users\coco\AppData\Roaming\Evmela\biegs.exe) -> DELETED [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1) [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost 127.0.0.1 genuine.microsoft.com 127.0.0.1 mpa.one.microsoft.com 127.0.0.1 sa.windows.com 127.0.0.1 se.windows.com 127.0.0.1 ie.search.msn.com 127.0.0.1 wustat.windows.com 127.0.0.1 wutrack.windows.com 127.0.0.1 catalog.microsoft.com 127.0.0.1 sls.microsoft.com 127.0.0.1 spynet2.microsoft.com 127.0.0.1 spynettest.microsoft.com 127.0.0.1 activation.guitar-pro.com ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: ST9500325AS +++++ --- User --- [MBR] dbc9d427d53fbb122228d5942fe4ff49 [bSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 445091 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 911753216 | Size: 30720 Mo 3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 974667776 | Size: 1027 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt RogueKiller V7.0.3 [06/02/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/45) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode normal Utilisateur: coco [Droits d'admin] Mode: Proxy RAZ -- Date : 06/02/2012 12:10:42 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Entrees de registre: 0 ¤¤¤ Termine : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt RogueKiller V7.0.3 [06/02/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/45) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode normal Utilisateur: coco [Droits d'admin] Mode: DNS RAZ -- Date : 06/02/2012 12:11:05 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Entrees de registre: 0 ¤¤¤ Termine : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt RogueKiller V7.0.3 [06/02/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/45) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode normal Utilisateur: coco [Droits d'admin] Mode: Raccourcis RAZ -- Date : 06/02/2012 12:17:13 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Attributs de fichiers restaures: ¤¤¤ Bureau: Success 3 / Fail 0 Lancement rapide: Success 1 / Fail 0 Programmes: Success 14 / Fail 0 Menu demarrer: Success 1 / Fail 0 Dossier utilisateur: Success 64 / Fail 0 Mes documents: Success 1 / Fail 0 Mes favoris: Success 0 / Fail 0 Mes images: Success 0 / Fail 0 Ma musique: Success 2 / Fail 0 Mes videos: Success 0 / Fail 0 Disques locaux: Success 59 / Fail 0 Sauvegarde: [NOT FOUND] Lecteurs: [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored [D:] \Device\HarddiskVolume3 -- 0x3 --> Restored [E:] \Device\CdRom0 -- 0x5 --> Skipped [F:] \Device\CdRom1 -- 0x5 --> Skipped ¤¤¤ Infection : ¤¤¤ Termine : << RKreport[5].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt Malwarebytes Anti-Malware (Essai) 1.60.1.1000 www.malwarebytes.org Version de la base de données: v2012.02.06.01 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 coco :: COCO-PC [administrateur] Protection: Activé 06/02/2012 12:25:06 mbam-log-2012-02-06 (12-25-06).txt Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 653504 Temps écoulé: 3 heure(s), 11 minute(s), 19 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 1 HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Mauvais: ("regedit.exe" "%1") Bon: (regedit.exe "%1") -> Mis en quarantaine et réparé avec succès Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 8 C:\ProgramData\VhhxBEvUjcMtwRtxMW\VhhxBEvUjcMtwRtxMW\1.0.1.0\cpQkbSfpZY.exe (Trojan.MSIL.Gen) -> Mis en quarantaine et supprimé avec succès. C:\ProgramData\VhhxBEvUjcMtwRtxMW\VhhxBEvUjcMtwRtxMW\1.0.1.0\QMBVLCQaJJ.exe (Trojan.MSIL.Gen) -> Mis en quarantaine et supprimé avec succès. C:\Users\coco\AppData\Local\Temp\tmp5032ce99\crnosok.exe (Trojan.Downloader) -> Mis en quarantaine et supprimé avec succès. C:\Users\coco\AppData\Local\Xenocode\Sandbox\Stub\1.0.0.0\2010.11.28T01.47\Virtual\STUBEXE\8.0.1112\@PROFILE@\Downloads\boudbid_BOT_product.exe (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès. C:\Users\coco\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1aa8a1e-204db27c (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès. C:\Users\coco\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\1a77c1ed-7ffe83f6 (Trojan.Downloader) -> Mis en quarantaine et supprimé avec succès. C:\Users\coco\AppData\Roaming\Evmela\biegs.exe (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès. C:\Users\coco\Desktop\RK_Quarantine\biegs.exe.vir (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès. (fin) -
Suspicion d'infection par un virus type Bugbear
Jim Dolorian a posté un sujet dans Analyses et éradication malwares
Bonsoir, Je pense avoir été infecté par un virus de type bugbear. Ma touche ^^ renvois toujours deux réponses. Merci =). Voici ce que me donne hijackthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:47:35, on 05/02/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16912) Boot mode: Normal Running processes: C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Users\coco\AppData\Local\Akamai\netsession_win.exe C:\Users\coco\AppData\Roaming\Evmela\biegs.exe C:\Users\coco\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe C:\Program Files (x86)\Orange\Connexion Internet Orange\Launcher\Launcher.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files (x86)\Orange\Connexion Internet Orange\systray\systrayapp.exe C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\OraConfigRecover.exe C:\program files (x86)\avira\antivir desktop\avcenter.exe C:\Program Files (x86)\Steam\Steam.exe C:\Windows\system32\taskmgr.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files (x86)\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll R3 - URLSearchHook: (no name) - {ef79f67a-6ad7-4715-a0f8-932fca442023} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\WINDOW~2\Datamngr\ToolBar\searchqudtx.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\WINDOW~2\Datamngr\ToolBar\searchqudtx.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [ORAHSSSessionManager] "C:\Program Files (x86)\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DATAMNGR] C:\Program Files (x86)\WINDOW~2\Datamngr\DATAMN~1.EXE O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\coco\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [{E8B9155B-E45B-AD7F-6A2F-F2FE7C50D1E3}] C:\Users\coco\AppData\Roaming\Evmela\biegs.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU') O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'ℑ au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Envoyer à Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Envoyer au périphérique &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O20 - AppInit_DLLs: C:\Program Files (x86)\WINDOW~2\Datamngr\datamngr.dll C:\Program Files (x86)\WINDOW~2\Datamngr\IEBHO.dll O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Akamai NetSession Interface (Akamai) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira Planificateur (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Protection temps réel (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Superfetch (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: WireHelpSvc - Unknown owner - C:\Program Files\Common Files\WireHelpSvc.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 25744 bytes