Aller au contenu

Jim Dolorian

Membres
  • Compteur de contenus

    7
  • Inscription

  • Dernière visite

Jim Dolorian's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. EDIT: Malwarebytes Anti-Malware (Essai) 1.60.1.1000 www.malwarebytes.org Version de la base de données: v2012.02.07.05 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 coco :: COCO-PC [administrateur] Protection: Activé 08/02/2012 11:48:23 mbam-log-2012-02-08 (11-48-23).txt Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 655875 Temps écoulé: 6 heure(s), 6 minute(s), 4 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 1 C:\Users\coco\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\6bf5a8e6-13bd1586 (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès. (fin)
  2. j'essaye de regler le soucis. J'ai encore des alertes de MBAM. Merci =).
  3. j'utilise le pare feu windows mais je ne sait pas du tout comment le désinstaller, pourtant j'ai cherché.. Quand je tente de le lancer il me répond : le pare-feu ne peut pas modifier certains de vos paramètres : code d'erreur 0x80070424 Mon pc est donc nettoyé ? Merci pour ce temps que vous prenez pour aider, vraiment.
  4. Je n'arrive pas à réparer mon pare feu, si vous pouviez m'éclairer =). Merci d'avance. Rapport de ZHPFix 1.12.3380 par Nicolas Coolman, Update du 05/02/2011 Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-07-02-2012-11-08-37.txt Run by coco at 07/02/2012 11:08:37 Windows 7 Business Edition, 64-bit (Build 7600) Web site : ZHPFix Fix de rapport Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com ========== Logiciel(s) ========== ABSENT Software Key: Searchqu 0 MediaBar ========== Processus mémoire ========== SUPPRIME Memory Process: C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe ========== Clé(s) du Registre ========== ABSENT Key: CLSID BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} SUPPRIME Key: HKCU\Software\AppDataLow\Software\searchqutoolbar SUPPRIME Key: HKCU\Software\DataMngr ABSENT Key: HKLM\Software\DataMngr ABSENT Key: HKLM\Software\SearchquMediabarTb SUPPRIME Key: SearchScopes :{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} SUPPRIME Key: HKLM\Software\WOW6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} SUPPRIME Key: HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} SUPPRIME Key: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} SUPPRIME Key: HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} SUPPRIME Key: HKLM\Software\WOW6432Node\DataMngr SUPPRIME Key: HKLM\Software\WOW6432Node\SearchquMediabarTb SUPPRIME Key: HKLM\Software\Wow6432Node\mIRC\OpenCandy SUPPRIME Key**: StartupReg: HFALoader SUPPRIME Key: SearchScopes :{afdbddaa-5d3f-42ee-b79c-185a7020515b} SUPPRIME Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} SUPPRIME Key: HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} SUPPRIME Key: HKLM\Software\Classes\Toolbar.CT2849852 ========== Valeur(s) du Registre ========== SUPPRIME RunValue: DATAMNGR SUPPRIME {8FA1DCC0-DDF8-490A-A93D-A12F81D6F1A6} SUPPRIME {E817560F-2EFF-43A9-8115-A7DC598CD13D} SUPPRIME RunValue: PlayNC Launcher ABSENT RunValue: PlayNC Launcher SUPPRIME {26743AB3-78D6-4679-93B3-190105E091D9} SUPPRIME {28266D91-3DFD-452A-8E98-E7AA37F39141} SUPPRIME TCP Query User{8997DF1B-9D06-49FE-9C82-9BED6B66FEA6}C:/program files (x86)/pfportchecker/pfportchecker.exe SUPPRIME UDP Query User{C50B2B4A-7629-42E3-8949-F0EDBCAF8F02}C:/program files (x86)/pfportchecker/pfportchecker.exe SUPPRIME TCP Query User{0CE59A07-7E10-4A69-BDAB-BA15DE739158}C:/program files (x86)/ggpo/ggpo.exe SUPPRIME UDP Query User{E40513CD-5AFA-47AD-B5B0-46B84C91D069}C:/program files (x86)/ggpo/ggpo.exe SUPPRIME TCP Query User{7B9A2F0A-17E9-49CD-BDD1-F7B22C86C5A2}C:/program files (x86)/ggpo/ggpofba.exe SUPPRIME UDP Query User{21840081-B474-4F46-91BB-38B97524B11C}C:/program files (x86)/ggpo/ggpofba.exe SUPPRIME {526749AE-B1CA-4010-A504-652D6631996F} SUPPRIME {CC6F1833-CE19-4D65-8207-C7D67CFA2396} SUPPRIME {5F012ED9-D2C7-4118-890B-A7A58FCDAEA4} SUPPRIME {77CBF78F-4268-43D5-A558-D0D527D0C13A} SUPPRIME {72A4FA47-8CE3-46AC-912B-F72C8B2B11B8} SUPPRIME {F33D8E96-7E44-4A76-B400-B2CB836C6A01} SUPPRIME {CC021135-920E-4663-8E10-5A53619C6719} SUPPRIME {54715B7C-2D7A-4C5B-B00B-2F11C0C90788} SUPPRIME {0CCA43BD-C5F8-47C4-9E3F-1BBF06820BEA} SUPPRIME {748EDFF2-6A0C-42F1-97BF-451060E276C5} SUPPRIME {B89B3AAA-AF59-4EC2-B2A8-9BE73E1BFD01} SUPPRIME {BA496C46-1F71-4E6F-8479-CAA02980D30E} SUPPRIME URLSearchHook: {ef79f67a-6ad7-4715-a0f8-932fca442023} SUPPRIME [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} ABSENT Valeur Domain Profile: FirewallRaz : SUPPRIME FirewallRaz (Public) : {1C928716-8F8B-43AD-9065-D78C2783E972} SUPPRIME FirewallRaz (Public) : {987CA77C-7C2B-4AA6-824E-9FD3A5F3BDF1} SUPPRIME FirewallRaz (Public) : {20A29E43-1A06-4EF9-9A78-A588BE08F99C} SUPPRIME FirewallRaz (Public) : {E87C670B-964E-469E-A879-84BC0D2B4EC3} SUPPRIME FirewallRaz (Public) : {5136ACA6-1E24-43AE-93B2-86C849BA730D} SUPPRIME FirewallRaz (Public) : {68DBD15E-CB23-4F34-9E38-AD04B9C1888F} SUPPRIME FirewallRaz (Public) : TCP Query User{7AC91213-8DC6-4CB0-9D2E-704C26FBB16E}C:\program files (x86)\codemasters\le seigneur des anneaux online\lotroclient.exe SUPPRIME FirewallRaz (Public) : UDP Query User{90923DE5-3B9A-4367-8726-6C9296AD34C1}C:\program files (x86)\codemasters\le seigneur des anneaux online\lotroclient.exe SUPPRIME FirewallRaz (Public) : TCP Query User{93A15E66-11B1-4D7F-A2D3-E276FCF888C2}C:\program files (x86)\steam\steamapps\lolo93210\team fortress 2\hl2.exe SUPPRIME FirewallRaz (Public) : UDP Query User{33F7A941-C1D2-4A6C-BE7E-BBCA2C7C7773}C:\program files (x86)\steam\steamapps\lolo93210\team fortress 2\hl2.exe SUPPRIME FirewallRaz (Public) : {6ECA74A7-9B94-4954-BC5C-E863E49F97DB} SUPPRIME FirewallRaz (Public) : {B8806353-4657-4D58-94E3-A3873253E86F} SUPPRIME FirewallRaz (Public) : {F7C56CB2-2C9B-4507-999D-CE74A4E98905} SUPPRIME FirewallRaz (Public) : {47D6E58A-656C-4223-AF88-4E0B710E7386} SUPPRIME FirewallRaz (Public) : {22B4EB22-86BD-424D-AEC4-C13AA50881CA} SUPPRIME FirewallRaz (Public) : {5B31CF58-EAF0-4105-9A94-73A12503617E} SUPPRIME FirewallRaz (Public) : {2562EC86-291D-432C-BF50-BC7F743F317E} SUPPRIME FirewallRaz (Public) : {A38B9824-F407-4EA5-9FA0-BFFABF9866A9} SUPPRIME FirewallRaz (Public) : {5FAC6D93-0E54-4354-82DE-AFD1ADED94D3} SUPPRIME FirewallRaz (Public) : {F2687314-4975-449A-9186-38CBAD37383E} SUPPRIME FirewallRaz (Public) : {5846D058-D8D5-4973-94D3-4CE3C613AA51} SUPPRIME FirewallRaz (Public) : {C3A74DB3-E479-43B4-94FE-BFF4CBBB7694} SUPPRIME FirewallRaz (Public) : {D5B14652-BFFD-48BE-BCCA-8EB988B6BD39} SUPPRIME FirewallRaz (Public) : {A735FB24-5168-4027-9DF3-656F635C44E9} SUPPRIME FirewallRaz (Public) : {A1DC2671-D368-49A2-A6C5-C9AD4F011FEA} SUPPRIME FirewallRaz (Public) : {A4FF640A-8A76-47A2-B097-C8E977CED7BC} SUPPRIME FirewallRaz (Public) : TCP Query User{19304792-0E4B-491D-8F8F-318261B41411}C:\program files (x86)\rockstar games\eflc\eflc.exe SUPPRIME FirewallRaz (Public) : UDP Query User{50B5A93D-B1D6-41C3-AEF5-0AD16CF8C579}C:\program files (x86)\rockstar games\eflc\eflc.exe SUPPRIME FirewallRaz (Public) : {FB791286-FDB8-4591-A9DB-F223605B09D1} SUPPRIME FirewallRaz (Public) : {480774C1-0E5E-4784-8218-CB4E157EF94D} SUPPRIME FirewallRaz (Public) : {425FA5F2-50F6-47D0-A28C-E7248395D083} SUPPRIME FirewallRaz (Public) : {E6D4519C-D7D3-4E2B-ADB5-C9277BFA8592} SUPPRIME FirewallRaz (Public) : TCP Query User{1C859A4B-02C8-47C9-851E-09EFE45FF9DF}C:\program files (x86)\ccp\eve\bin\exefile.exe SUPPRIME FirewallRaz (Public) : UDP Query User{EFB01331-38C5-4240-8FAA-DF268BCF49EF}C:\program files (x86)\ccp\eve\bin\exefile.exe SUPPRIME FirewallRaz (Public) : {D7C0BDF6-7F38-477C-B0C4-C52D56C2F063} SUPPRIME FirewallRaz (Public) : {58C3C950-200E-43D9-AADA-DDCF88747BDF} SUPPRIME FirewallRaz (Public) : TCP Query User{1F63F11F-47D1-4DC8-B9E4-BD01D6CD66A1}C:\program files (x86)\steam\steamapps\snake61100\team fortress 2\hl2.exe SUPPRIME FirewallRaz (Public) : UDP Query User{32B0C0C8-14A7-46F4-AF41-93E11F6A3EAE}C:\program files (x86)\steam\steamapps\snake61100\team fortress 2\hl2.exe SUPPRIME FirewallRaz (Public) : TCP Query User{58F4E3DD-70A7-47D2-8F8A-22ADCBC0BBEA}C:\program files (x86)\microsoft games\age of mythology\aomx.exe SUPPRIME FirewallRaz (Public) : UDP Query User{3FC2F0F5-44CF-408C-9462-F3D734D71406}C:\program files (x86)\microsoft games\age of mythology\aomx.exe SUPPRIME FirewallRaz (Public) : {573BF040-C7CE-473C-84BF-6C13A37DF2F0} SUPPRIME FirewallRaz (Public) : {D1577C7F-B833-4BE8-B1A3-15AABA924411} SUPPRIME FirewallRaz (Public) : {620343F3-6FDF-46E4-B14E-12D0EDB96296} SUPPRIME FirewallRaz (Public) : {6DFCA9BF-711F-4E37-809F-F072870BE47B} SUPPRIME FirewallRaz (Private) : TCP Query User{ED687A51-2287-4673-A845-87401D86C7BC}C:\program files (x86)\steam\steamapps\snake61100\team fortress 2\hl2.exe SUPPRIME FirewallRaz (Private) : UDP Query User{D88A4FA1-FF55-40A1-87AE-A4A809DDC639}C:\program files (x86)\steam\steamapps\snake61100\team fortress 2\hl2.exe SUPPRIME FirewallRaz (Private) : {1E76B06F-9D62-4D27-BFA6-D829856EE7A1} SUPPRIME FirewallRaz (Private) : {BBE5DC86-70D3-4F0B-8DCD-FAE0BC41AC35} SUPPRIME FirewallRaz (Public) : {6C52E874-2858-42A8-BC0F-43477CABAB8C} SUPPRIME FirewallRaz (Public) : {6D4041F7-4D8C-4182-93A7-A204CA105E6B} SUPPRIME FirewallRaz (Private) : TCP Query User{200EAFF4-A01D-44E8-8696-8C7C45854A6C}C:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe SUPPRIME FirewallRaz (Private) : UDP Query User{8F61A800-447D-49AE-B8AC-888FE5AA0C36}C:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe SUPPRIME FirewallRaz (Private) : TCP Query User{17B18639-EA13-4821-97A8-684596FB534E}C:\program files (x86)\heroes of newerth\hon.exe SUPPRIME FirewallRaz (Private) : UDP Query User{9B089CCD-AD1B-4DB5-9BAA-B550F1AC554E}C:\program files (x86)\heroes of newerth\hon.exe SUPPRIME FirewallRaz (Private) : {254B8D6C-4BF1-400F-9BC3-18573FEE3601} SUPPRIME FirewallRaz (Private) : {58E70633-B791-4384-9B0B-78F136447613} SUPPRIME FirewallRaz (Private) : {F4FC83D8-698A-42B4-A683-B8F04A7958D9} SUPPRIME FirewallRaz (Private) : {B6FC722B-1A75-4C84-BAD9-7E0ACD1F3150} SUPPRIME FirewallRaz (Private) : {11864493-191A-4ADD-A75E-352C5E1F121B} SUPPRIME FirewallRaz (Private) : {B8583DE3-C594-49C5-A559-F212F7985A7C} SUPPRIME FirewallRaz (Private) : {9093AA75-60BD-491C-9A9F-EEB87FD386A2} SUPPRIME FirewallRaz (Private) : {566B84B6-310E-4259-B657-DD4C8FFC68FF} SUPPRIME FirewallRaz (Public) : {08E06791-868C-47FB-9C12-AF852BA20848} SUPPRIME FirewallRaz (Public) : {78BE96D0-1D61-47AB-BCA8-80F6490FFE2A} SUPPRIME FirewallRaz (Public) : {8CFF8895-28FE-4D41-B4E3-C0267E77AB98} SUPPRIME FirewallRaz (Public) : {B22D1A91-FD9B-4DCA-B2CA-AED9B9E5344D} SUPPRIME FirewallRaz (Public) : {F0EAFC47-9BB9-4792-AB55-D54D479AB7CF} SUPPRIME FirewallRaz (Public) : {5CE0ECE1-6EC5-4FDA-8F5E-1091FB9465E4} ========== Elément(s) de donnée du Registre ========== SUPPRIME PhishingFilter Value: Enabled = 0 SUPPRIME AppInit: ta Manager.) - C:\Program Files (x86)\WINDOW~2\Datamngr\x64\datamngr.dll ========== Préférences navigateur ========== SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "http://www.searchqu.com//web?src=ffb&appid=0&systemid=410&sr=0&q="); SUPPRIME Mozilla Pref: user_pref("CT2849852..clientLogIsEnabled", false); SUPPRIME Mozilla Pref: user_pref("CT2849852..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); SUPPRIME Mozilla Pref: user_pref("CT2849852..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); SUPPRIME Mozilla Pref: user_pref("CT2849852.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx"); SUPPRIME Mozilla Pref: user_pref("CT2849852.AppTrackingLastCheckTime", "Mon Feb 06 2012 12:05:35 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.BrowserCompStateIsOpen_129642290922900978", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.CTID", "CT2849852"); ABSENT Mozilla Pref: user_pref("CT2849852.CurrentServerDate", "6-2-2012"); SUPPRIME Mozilla Pref: user_pref("CT2849852.DSInstall", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.DialogsAlignMode", "LTR"); SUPPRIME Mozilla Pref: user_pref("CT2849852.DialogsGetterLastCheckTime", "Sat Feb 04 2012 17:19:03 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.DownloadReferralCookieData", ""); SUPPRIME Mozilla Pref: user_pref("CT2849852.EMailNotifierPollDate", "Sat Feb 04 2012 17:49:05 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.EnableClickToSearchBox", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.EnableSearchHistory", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.EnableSearchSuggest", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedLastCount129349795937781608", 180); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313974171006416", "Sat Feb 04 2012 20:44:20 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313975698350231", "Sat Feb 04 2012 20:44:20 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313976370850190", "Sat Feb 04 2012 20:44:20 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313976648818968", "Sat Feb 04 2012 20:44:20 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313977444757117", "Sat Feb 04 2012 20:44:20 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313980389131455", "Sat Feb 04 2012 20:44:20 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313980655381977", "Sat Feb 04 2012 20:44:20 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313980886163259", "Sat Feb 04 2012 20:44:20 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313981234756535", "Sat Feb 04 2012 20:44:21 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313983226631720", "Sat Feb 04 2012 20:44:21 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313983607725691", "Sat Feb 04 2012 20:44:21 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedTTL129313974171006416", 10); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedTTL129313977444757117", 15); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedTTL129313980655381977", 5); SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedTTL129313981234756535", 5); SUPPRIME Mozilla Pref: user_pref("CT2849852.FirstServerDate", "4-2-2012"); SUPPRIME Mozilla Pref: user_pref("CT2849852.FirstTime", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.FirstTimeFF3", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.FixPageNotFoundErrors", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.GroupingServerCheckInterval", 1440); SUPPRIME Mozilla Pref: user_pref("CT2849852.GroupingServiceUrl", "http://grouping.services.conduit.com/"); SUPPRIME Mozilla Pref: user_pref("CT2849852.HPInstall", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.HasUserGlobalKeys", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.HomePageProtectorEnabled", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.Initialize", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.InitializeCommonPrefs", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.InstallationAndCookieDataSentCount", 3); SUPPRIME Mozilla Pref: user_pref("CT2849852.InstallationId", "ConduitXPEIntegration"); SUPPRIME Mozilla Pref: user_pref("CT2849852.InstallationType", "ConduitXPEIntegration"); SUPPRIME Mozilla Pref: user_pref("CT2849852.InstalledDate", "Sat Feb 04 2012 17:19:03 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.IsAlertDBUpdated", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.IsGrouping", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.IsInitSetupIni", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.IsMulticommunity", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.IsOpenThankYouPage", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.IsOpenUninstallPage", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.LanguagePackLastCheckTime", "Mon Feb 06 2012 19:01:26 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.LanguagePackReloadIntervalMM", 1440); SUPPRIME Mozilla Pref: user_pref("CT2849852.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx"); ABSENT Mozilla Pref: user_pref("CT2849852.LastLogin_3.9.0.3", "Mon Feb 06 2012 16:05:25 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.LatestVersion", "3.9.0.3"); SUPPRIME Mozilla Pref: user_pref("CT2849852.Locale", "fr"); SUPPRIME Mozilla Pref: user_pref("CT2849852.MCDetectTooltipHeight", "83"); SUPPRIME Mozilla Pref: user_pref("CT2849852.MCDetectTooltipShow", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); SUPPRIME Mozilla Pref: user_pref("CT2849852.MCDetectTooltipWidth", "295"); SUPPRIME Mozilla Pref: user_pref("CT2849852.MyStuffEnabledAtInstallation", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.OriginalFirstVersion", "3.9.0.3"); SUPPRIME Mozilla Pref: user_pref("CT2849852.SHRINK_TOOLBAR", 1); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchBackToDefaultEngine", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchCaption", "BittorrentBar_FR Customized Web Search"); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchEngineBeforeUnload", "Google"); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchFromAddressBarIsInit", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=2&q="); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchInNewTabEnabled", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchInNewTabIntervalMM", 1440); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchInNewTabLastCheckTime", "Mon Feb 06 2012 19:01:25 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchInNewTabUserEnabled", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchProtectorEnabled", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchProtectorToolbarDisabled", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.SendProtectorDataViaLogin", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.ServiceMapLastCheckTime", "Mon Feb 06 2012 19:01:25 GMT+0100"); ABSENT Mozilla Pref: user_pref("CT2849852.SettingsLastCheckTime", "Mon Feb 06 2012 16:16:13 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.SettingsLastUpdate", "1326994324"); SUPPRIME Mozilla Pref: user_pref("CT2849852.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2849852&SearchSource=13"); SUPPRIME Mozilla Pref: user_pref("CT2849852.ThirdPartyComponentsInterval", 504); SUPPRIME Mozilla Pref: user_pref("CT2849852.ThirdPartyComponentsLastCheck", "Sat Feb 04 2012 17:19:02 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.ThirdPartyComponentsLastUpdate", "1255344667"); SUPPRIME Mozilla Pref: user_pref("CT2849852.ToolbarShrinkedFromSetup", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.TrusteLinkUrl", "http://trust.conduit.com/CT2849852"); SUPPRIME Mozilla Pref: user_pref("CT2849852.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit- SUPPRIME Mozilla Pref: user_pref("CT2849852.UserID", "UN71520763480499428"); SUPPRIME Mozilla Pref: user_pref("CT2849852.ValidationData_Search", 1); SUPPRIME Mozilla Pref: user_pref("CT2849852.ValidationData_Toolbar", 0); SUPPRIME Mozilla Pref: user_pref("CT2849852.WeatherNetwork", ""); SUPPRIME Mozilla Pref: user_pref("CT2849852.WeatherPollDate", "Sat Feb 04 2012 17:49:05 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.WeatherUnit", "C"); SUPPRIME Mozilla Pref: user_pref("CT2849852.alertChannelId", "1241893"); SUPPRIME Mozilla Pref: user_pref("CT2849852.approveUntrustedApps", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.autoDisableScopes", -1); SUPPRIME Mozilla Pref: user_pref("CT2849852.backendstorage.cbfirsttime", "5361742046656220303420323031322031373A31393A313620474D542B30313030"); SUPPRIME Mozilla Pref: user_pref("CT2849852.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F"); SUPPRIME Mozilla Pref: user_pref("CT2849852.components.1000034", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.components.1000234", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129349795936062815", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129349795936375318", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129349795937781608", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129349795937937859", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129349795937937860", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129431554657187564", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129642290922900978", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\": SUPPRIME Mozilla Pref: user_pref("CT2849852.homepageProtectorEnableByLogin", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.initDone", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.isAppTrackingManagerOn", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.isSearchProtectorNotifyChanges", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.myStuffEnabled", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.myStuffPublihserMinWidth", 400); SUPPRIME Mozilla Pref: user_pref("CT2849852.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29 SUPPRIME Mozilla Pref: user_pref("CT2849852.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx? SUPPRIME Mozilla Pref: user_pref("CT2849852.searchProtectorDialogDelayInSec", 10); SUPPRIME Mozilla Pref: user_pref("CT2849852.searchProtectorEnableByLogin", true); SUPPRIME Mozilla Pref: user_pref("CT2849852.testingCtid", ""); SUPPRIME Mozilla Pref: user_pref("CT2849852.toolbarAppMetaDataLastCheckTime", "Mon Feb 06 2012 19:01:27 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.toolbarContextMenuLastCheckTime", "Sat Feb 04 2012 17:19:05 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CT2849852.usageEnabled", false); SUPPRIME Mozilla Pref: user_pref("CT2849852.usagesFlag", 2); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2849852/CT2849852", SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849852", "\"1319755492\""); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=fr", "kLE3EoupXhh+ SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"80ee9485875dcc1:0\"")[...] SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849852", SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\coco\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\bg7ax0xp.defa[...] SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ToolbarsList", "CT2849852"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ToolbarsList2", "CT2849852"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ToolbarsList4", "CT2849852"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Feb 04 2012 17:19:05 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.globalUserId", "82efcb7a-df12-464d-84a3-bf9369df4759"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Feb 06 2012 03:20:44 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Feb 06 2012 12:05:34 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.locale", "en"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Feb 06 2012 19:01:25 GMT+0100"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.showTrayIcon", false); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.userId", "6c8898dd-1e03-4fa9-bdb3-64a6d35495e1"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.originalSearchEngine", "Google"); ========== Dossier(s) ========== SUPPRIME Folder: C:\Users\coco\AppData\Roaming\Mozilla\Firefox\Profiles\bg7ax0xp.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} SUPPRIME Folder: C:\Program Files (x86)\Windows Searchqu Toolbar SUPPRIME Folder: c:\users\coco\appdata\locallow\searchquband SUPPRIME Folder: c:\users\coco\appdata\locallow\searchqutoolbar SUPPRIME Folder: c:\users\coco\appdata\local\temp\opencandy SUPPRIME Folder: c:\users\coco\appdata\roaming\mozilla\firefox\profiles\bg7ax0xp.default\searchqutoolbar SUPPRIME Folder: C:\ProgramData\regid.1986-12.com.adobe SUPPRIME Folder: C:\Users\coco\AppData\Local\28050 SUPPRIME Folder: C:\Users\coco\AppData\Local\SCE SUPPRIME Folder: C:\Users\coco\AppData\Local\Wings of Prey SUPPRIME Folder: C:\Users\coco\AppData\Local\{67109EBE-A773-4AF9-A0A8-51FFB24F61D1} SUPPRIME Folder: C:\Users\coco\AppData\Local\{82A7E5EC-A213-4B75-BD2F-69D6402D8990} SUPPRIME Folder: C:\Users\coco\AppData\Local\{86703F31-F03E-4945-82F6-815906036ABE} SUPPRIME Folder: C:\Users\coco\AppData\Local\{E02C1177-E75E-48D3-89DE-648FBE2A0741} SUPPRIME Folder: C:\Users\coco\AppData\Roaming\Mozilla\Firefox\Profiles\bg7ax0xp.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023} SUPPRIME Folder: C:\Users\coco\AppData\Roaming\teamspeak2 SUPPRIME Folder: C:\Users\coco\AppData\Local\Conduit SUPPRIME Folder: C:\Program Files (x86)\Conduit SUPPRIME Folder: c:\users\coco\appdata\locallow\conduit SUPPRIME Flash Cookies: 19 SUPPRIME Temporaires Windows: : 278 ========== Fichier(s) ========== SUPPRIME File***: c:\program files (x86)\windows searchqu toolbar\datamngr\datamngrui.exe SUPPRIME File: c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\searchqudtx.dll ABSENT File: c:\program files (x86)\windows searchqu toolbar\datamngr\datamngrui.exe ABSENT Folder/File: c:\program files (x86)\windows searchqu toolbar SUPPRIME File: C:\Users\coco\AppData\Roaming\BitTorrent\Atomix Virtual DJ Pro V6.1.1 Full cracked by Belin (les crackers).rar.torrent SUPPRIME File: C:\Users\coco\Desktop\dl\alt.binaries.nl\ToonTrack EZ Drummer VSTi RTAS v1 2 1 x86 x64 UPDATE Incl Keygen-AiR.rar SUPPRIME File***: c:\users\coco\desktop\dl\alt.binaries.nl\toontrack ez drummer vsti rtas v1 2 1 x86 x64 update incl keygen-air.rar ABSENT Folder/File: c:\users\coco\appdata\local\conduit SUPPRIME Flash Cookies: 6 SUPPRIME Temporaires Windows: : 1338 ========== Tache planifiée ========== SUPPRIME Task: {1E4647DA-D343-4479-807E-30554BD966FC} SUPPRIME Task: {723D3D40-3DA7-4FBD-8812-5BD6E81BA15E} ========== Autre ========== NON TRAITE PROCESSUS MALWARE (Rootkit, trojan, ver, spyware, adware,...) NON TRAITE PROCESSUS SUPERFLU DU SYSTEME NON TRAITE TOOLBAR INUTILE (Navigateur internet) ========== Récapitulatif ========== 1 : Processus mémoire 22 : Clé(s) du Registre 96 : Valeur(s) du Registre 2 : Elément(s) de donnée du Registre 21 : Dossier(s) 10 : Fichier(s) 1 : Logiciel(s) 154 : Préférences navigateur 2 : Tache planifiée 3 : Autre End of clean in 01mn 03s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 07/02/2012 11:08:37 [28417]
  5. Merci pour votre réponse rapide. Je voudrais ajouter que mon pare feu ne fonctionne pas. Voila ce que donne UsbFix: ############################## | UsbFix V 7.081 | [Recherche] Utilisateur: coco (Administrateur) # COCO-PC Mis à jour le 05/02/2012 par El Desaparecido Lancé à 11:47:06 | 06/02/2012 Site Web: http://eldesaparecido.com Fichier suspect ? : http://eldesaparecido.com/upload.html Contact: [email protected] PC: MEDION (X781x) (x64-based PC) # Notebook CPU: Intel® Core i3 CPU M 330 @ 2.13GHz (2133) RAM -> [ Total : 4014 | Free : 2285 ] BIOS: BIOS Date: 10/22/09 17:13:05 Ver: 08.00.10 BOOT: Normal boot OS: Microsoft Windows 7 Professionnel (6.1.7600 64-Bit) # WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [ (!) Disabled ] WU: Windows Update Service [ Enabled ] AV: Avira Desktop [ Enabled | Updated ] FW: Windows FireWall Service [ (!) Disabled ] C:\ (%systemdrive%) -> Disque fixe # 435 Go (76 Go libre(s) - 18%) [boot] # NTFS D:\ -> Disque fixe # 30 Go (22 Go libre(s) - 74%) [Recover] # NTFS E:\ -> CD-ROM F:\ -> CD-ROM ################## | Processus Actif | C:\Windows\system32\csrss.exe (480) C:\Windows\system32\wininit.exe (540) C:\Windows\system32\csrss.exe (560) C:\Windows\system32\services.exe (604) C:\Windows\system32\lsass.exe (620) C:\Windows\system32\lsm.exe (628) C:\Windows\system32\winlogon.exe (708) C:\Windows\system32\svchost.exe (776) C:\Windows\system32\svchost.exe (864) C:\Windows\system32\atiesrxx.exe (928) C:\Windows\System32\svchost.exe (1004) C:\Windows\System32\svchost.exe (368) C:\Windows\system32\svchost.exe (380) C:\Windows\system32\svchost.exe (1128) C:\Windows\system32\svchost.exe (1240) C:\Windows\system32\atieclxx.exe (1408) C:\Windows\System32\spoolsv.exe (1536) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (1564) C:\Windows\SysWOW64\svchost.exe (1740) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (1760) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1780) C:\Program Files\Bonjour\mDNSResponder.exe (1848) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1880) C:\Windows\System32\svchost.exe (1912) C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (1956) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (1992) c:\xampp\mysql\bin\mysqld.exe (2016) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (2044) C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe (1188) C:\Windows\SysWOW64\PnkBstrA.exe (1324) C:\Windows\system32\svchost.exe (552) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (1176) C:\Program Files\Common Files\WireHelpSvc.exe (2096) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2124) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (2152) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2300) C:\Windows\system32\taskhost.exe (2540) C:\Windows\system32\Dwm.exe (2720) C:\Windows\Explorer.EXE (2768) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (1356) C:\Windows\system32\conhost.exe (1352) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2388) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (2424) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (2420) C:\Users\coco\AppData\Local\Akamai\netsession_win.exe (2408) C:\Users\coco\AppData\Roaming\Evmela\biegs.exe (2856) C:\Users\coco\AppData\Local\Akamai\netsession_win.exe (2460) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (3284) C:\Windows\system32\SearchIndexer.exe (3304) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3328) C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (3340) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (3356) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (3528) C:\Program Files (x86)\Orange\Connexion Internet Orange\Launcher\Launcher.exe (3564) C:\Windows\system32\svchost.exe (3928) C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe (4024) C:\Windows\System32\svchost.exe (3948) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (4124) C:\Program Files\Windows Media Player\wmpnetwk.exe (4144) C:\Program Files (x86)\Orange\Connexion Internet Orange\systray\systrayapp.exe (4276) C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe (4284) C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe (4476) C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\OraConfigRecover.exe (4576) C:\Windows\system32\wbem\wmiprvse.exe (4696) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (4932) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (2500) C:\Windows\system32\wuauclt.exe (4768) C:\Windows\servicing\TrustedInstaller.exe (2836) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4172) C:\Windows\system32\taskmgr.exe (4016) C:\Windows\system32\SearchProtocolHost.exe (4316) C:\Windows\system32\SearchFilterHost.exe (3176) C:\UsbFix\Go.exe (4664) C:\Windows\system32\wbem\wmiprvse.exe (2992) ################## | Éléments infectieux | Présent! C:\Users\coco\AppData\Local\Temp\10-8_mobility_vista_win7_64_dd_ccc.exe Présent! C:\Users\coco\AppData\Local\Temp\11-9_mobility_vista_win7_64_dd_ccc_ocl.exe Présent! C:\Users\coco\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe ################## | Registre | Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoResolveSearch ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{58bbde01-ba4c-11df-9674-4061861ea256} Shell\AutoRun\Command = F:\LaunchU3.exe -a ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné! ################## | E.O.F | ############################# | UsbFix V 7.081 | [suppression] Utilisateur: coco (Administrateur) # COCO-PC Mis à jour le 05/02/2012 par El Desaparecido Lancé à 12:02:08 | 06/02/2012 Site Web: http://eldesaparecido.com Fichier suspect ? : http://eldesaparecido.com/upload.html Contact: [email protected] PC: MEDION (X781x) (x64-based PC) # Notebook CPU: Intel® Core i3 CPU M 330 @ 2.13GHz (2133) RAM -> [ Total : 4014 | Free : 2113 ] BIOS: BIOS Date: 10/22/09 17:13:05 Ver: 08.00.10 BOOT: Normal boot OS: Microsoft Windows 7 Professionnel (6.1.7600 64-Bit) # WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [ (!) Disabled ] WU: Windows Update Service [ Enabled ] AV: Avira Desktop [ Enabled | Updated ] FW: Windows FireWall Service [ (!) Disabled ] C:\ (%systemdrive%) -> Disque fixe # 435 Go (76 Go libre(s) - 17%) [boot] # NTFS D:\ -> Disque fixe # 30 Go (22 Go libre(s) - 74%) [Recover] # NTFS E:\ -> CD-ROM F:\ -> CD-ROM ################## | Processus Actif | C:\Windows\system32\csrss.exe (480) C:\Windows\system32\wininit.exe (540) C:\Windows\system32\csrss.exe (560) C:\Windows\system32\services.exe (604) C:\Windows\system32\lsass.exe (620) C:\Windows\system32\lsm.exe (628) C:\Windows\system32\winlogon.exe (708) C:\Windows\system32\svchost.exe (776) C:\Windows\system32\svchost.exe (864) C:\Windows\system32\atiesrxx.exe (928) C:\Windows\System32\svchost.exe (1004) C:\Windows\System32\svchost.exe (368) C:\Windows\system32\svchost.exe (380) C:\Windows\system32\svchost.exe (1128) C:\Windows\system32\svchost.exe (1240) C:\Windows\system32\atieclxx.exe (1408) C:\Windows\System32\spoolsv.exe (1536) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (1564) C:\Windows\SysWOW64\svchost.exe (1740) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (1760) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1780) C:\Program Files\Bonjour\mDNSResponder.exe (1848) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1880) C:\Windows\System32\svchost.exe (1912) C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (1956) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (1992) c:\xampp\mysql\bin\mysqld.exe (2016) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (2044) C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe (1188) C:\Windows\SysWOW64\PnkBstrA.exe (1324) C:\Windows\system32\svchost.exe (552) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (1176) C:\Program Files\Common Files\WireHelpSvc.exe (2096) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2124) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (2152) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2300) C:\Windows\system32\taskhost.exe (2540) C:\Windows\system32\Dwm.exe (2720) C:\Windows\Explorer.EXE (2768) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (1356) C:\Windows\system32\conhost.exe (1352) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2388) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (2424) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (2420) C:\Users\coco\AppData\Local\Akamai\netsession_win.exe (2408) C:\Users\coco\AppData\Roaming\Evmela\biegs.exe (2856) C:\Users\coco\AppData\Local\Akamai\netsession_win.exe (2460) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (3284) C:\Windows\system32\SearchIndexer.exe (3304) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3328) C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (3340) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (3356) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (3528) C:\Program Files (x86)\Orange\Connexion Internet Orange\Launcher\Launcher.exe (3564) C:\Windows\system32\svchost.exe (3928) C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe (4024) C:\Windows\System32\svchost.exe (3948) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (4124) C:\Program Files\Windows Media Player\wmpnetwk.exe (4144) C:\Program Files (x86)\Orange\Connexion Internet Orange\systray\systrayapp.exe (4276) C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe (4284) C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe (4476) C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\OraConfigRecover.exe (4576) C:\Windows\system32\wbem\wmiprvse.exe (4696) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (4932) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (2500) C:\Windows\system32\wuauclt.exe (4768) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4172) C:\Windows\system32\taskmgr.exe (4016) C:\Windows\system32\wbem\wmiprvse.exe (2992) C:\Windows\system32\taskhost.exe (4264) C:\Windows\SysWOW64\NOTEPAD.EXE (2976) C:\UsbFix\Go.exe (896) ################## | Processus Stoppés | Stoppé! C:\Windows\system32\atiesrxx.exe (928) Stoppé! C:\Windows\system32\atieclxx.exe (1408) Stoppé! C:\Windows\System32\spoolsv.exe (1536) Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (1564) Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (1760) Stoppé! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1780) Stoppé! C:\Program Files\Bonjour\mDNSResponder.exe (1848) Stoppé! C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1880) Stoppé! C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (1956) Stoppé! C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (1992) Stoppé! c:\xampp\mysql\bin\mysqld.exe (2016) Stoppé! C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (2044) Stoppé! C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe (1188) Stoppé! C:\Windows\SysWOW64\PnkBstrA.exe (1324) Stoppé! C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (1176) Stoppé! C:\Program Files\Common Files\WireHelpSvc.exe (2096) Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2124) Stoppé! C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (2152) Stoppé! C:\Windows\system32\taskhost.exe (2540) Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (1356) Stoppé! C:\Windows\system32\conhost.exe (1352) Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2388) Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (2424) Stoppé! C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (2420) Stoppé! C:\Users\coco\AppData\Local\Akamai\netsession_win.exe (2408) Stoppé! C:\Users\coco\AppData\Roaming\Evmela\biegs.exe (2856) Stoppé! C:\Users\coco\AppData\Local\Akamai\netsession_win.exe (2460) Stoppé! C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (3284) Stoppé! C:\Windows\system32\SearchIndexer.exe (3304) Stoppé! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3328) Stoppé! C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (3340) Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (3356) Stoppé! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (3528) Stoppé! C:\Program Files (x86)\Orange\Connexion Internet Orange\Launcher\Launcher.exe (3564) Stoppé! C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe (4024) Stoppé! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (4124) Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (4144) Stoppé! C:\Program Files (x86)\Orange\Connexion Internet Orange\systray\systrayapp.exe (4276) Stoppé! C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe (4284) Stoppé! C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe (4476) Stoppé! C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\OraConfigRecover.exe (4576) Stoppé! C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (4932) Stoppé! C:\Program Files (x86)\Mozilla Firefox\firefox.exe (2500) Stoppé! C:\Windows\system32\wuauclt.exe (4768) Stoppé! C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4172) Stoppé! C:\Windows\system32\taskmgr.exe (4016) Stoppé! C:\Windows\system32\taskhost.exe (4264) ################## | Éléments infectieux | Supprimé! C:\Users\coco\AppData\Local\Temp\10-8_mobility_vista_win7_64_dd_ccc.exe Supprimé! C:\Users\coco\AppData\Local\Temp\11-9_mobility_vista_win7_64_dd_ccc_ocl.exe Supprimé! C:\Users\coco\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe Supprimé! C:\$RECYCLE.BIN\S-1-5-20 Supprimé! C:\$RECYCLE.BIN\S-1-5-21-2785893074-595747820-1594240593-1000 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-1292132930-1676903531-2991972072-1000 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-1519444400-1794461273-710662950-500 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-2149421345-3150679066-3066144613-500 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-2182524660-674847601-3640508224-500 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-2785893074-595747820-1594240593-1000 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-3122571555-3205367151-3062972803-1000 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-4057543656-1902096578-4069866551-500 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-900403819-932455162-659764423-1000 (!) Fichiers temporaires supprimés. ################## | Registre | Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoResolveSearch ################## | Mountpoints2 | Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{58bbde01-ba4c-11df-9674-4061861ea256} ################## | Listing | [06/02/2012 - 12:03:42 | SHD ] C:\$Recycle.Bin [15/04/2011 - 17:26:26 | D ] C:\56e05bdfcb686d0270fdecb448410c [16/09/2011 - 16:39:37 | D ] C:\770a90d92908eec2e112814fd8e1e050 [12/04/2011 - 10:17:26 | N | 0] C:\AdobeDebug.txt [06/06/2011 - 11:23:27 | D ] C:\AMD [26/08/2010 - 18:58:58 | D ] C:\ATI [10/06/2009 - 22:42:20 | N | 24] C:\autoexec.bat [10/06/2009 - 22:42:20 | N | 10] C:\config.sys [14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings [28/12/2011 - 11:50:54 | D ] C:\Down [12/10/2010 - 22:20:29 | D ] C:\e45d6c3994caa493a08cd34f21 [07/11/2007 - 07:00:40 | N | 17734] C:\eula.1028.txt [07/11/2007 - 07:00:40 | N | 17734] C:\eula.1031.txt [07/11/2007 - 07:00:40 | N | 10134] C:\eula.1033.txt [07/11/2007 - 07:00:40 | N | 17734] C:\eula.1036.txt [07/11/2007 - 07:00:40 | N | 17734] C:\eula.1040.txt [07/11/2007 - 07:00:40 | N | 118] C:\eula.1041.txt [07/11/2007 - 07:00:40 | N | 17734] C:\eula.1042.txt [07/11/2007 - 07:00:40 | N | 17734] C:\eula.2052.txt [07/11/2007 - 07:00:40 | N | 17734] C:\eula.3082.txt [23/04/2011 - 08:48:48 | D ] C:\found.000 [07/11/2007 - 07:00:40 | N | 1110] C:\globdata.ini [06/02/2012 - 11:37:56 | ASH | 3156795392] C:\hiberfil.sys [07/11/2007 - 07:44:20 | N | 855040] C:\install.exe [07/11/2007 - 07:00:40 | N | 843] C:\install.ini [07/11/2007 - 07:44:20 | N | 75280] C:\install.res.1028.dll [07/11/2007 - 07:44:20 | N | 95248] C:\install.res.1031.dll [07/11/2007 - 07:44:20 | N | 90128] C:\install.res.1033.dll [07/11/2007 - 07:44:20 | N | 96272] C:\install.res.1036.dll [07/11/2007 - 07:44:20 | N | 94224] C:\install.res.1040.dll [07/11/2007 - 07:44:20 | N | 80400] C:\install.res.1041.dll [07/11/2007 - 07:44:20 | N | 78864] C:\install.res.1042.dll [07/11/2007 - 07:44:20 | N | 74768] C:\install.res.2052.dll [07/11/2007 - 07:44:20 | N | 95248] C:\install.res.3082.dll [30/03/2010 - 16:45:38 | D ] C:\Intel [31/03/2010 - 13:12:12 | N | 0] C:\IO.SYS [31/03/2010 - 13:12:12 | N | 0] C:\MSDOS.SYS [31/03/2010 - 08:38:51 | RHD ] C:\MSOCache [06/02/2012 - 11:37:57 | ASH | 4209061888] C:\pagefile.sys [28/12/2011 - 11:50:38 | D ] C:\Perfect World Entertainment [14/07/2009 - 04:20:08 | D ] C:\PerfLogs [05/02/2012 - 23:17:54 | D ] C:\Program Files [06/02/2012 - 11:34:12 | D ] C:\Program Files (x86) [05/02/2012 - 20:58:11 | HD ] C:\ProgramData [26/08/2010 - 18:41:33 | SHD ] C:\Recovery [28/10/2010 - 12:40:31 | D ] C:\Riot Games [04/10/2011 - 16:15:31 | N | 81686] C:\shared.log [05/02/2012 - 21:53:35 | SHD ] C:\System Volume Information [06/02/2012 - 12:03:43 | D ] C:\UsbFix [06/02/2012 - 12:02:33 | A | 12662] C:\UsbFix.txt [26/08/2010 - 18:44:15 | D ] C:\Users [07/11/2007 - 07:00:40 | N | 5686] C:\vcredist.bmp [07/11/2007 - 07:09:22 | N | 1442522] C:\VC_RED.cab [07/11/2007 - 07:12:28 | N | 232960] C:\VC_RED.MSI [06/02/2012 - 11:32:56 | D ] C:\Windows [15/02/2011 - 20:43:33 | D ] C:\xampp [06/02/2012 - 12:03:43 | SHD ] D:\$RECYCLE.BIN [30/03/2010 - 16:43:15 | D ] D:\DRIVER [26/04/2010 - 12:29:57 | D ] D:\RECOVER [26/04/2010 - 10:09:50 | N | 95] D:\SWCONF.dat [26/02/2010 - 13:45:03 | SHD ] D:\System Volume Information [26/02/2010 - 16:47:55 | D ] D:\TOOLS ################## | Vaccin | C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) ################## | Upload | Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_COCO-PC.zip http://eldesaparecido.com/upload.html Merci de votre contribution. ################## | E.O.F | Rogue Killer : RogueKiller V7.0.3 [06/02/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/45) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode normal Utilisateur: coco [Droits d'admin] Mode: Recherche -- Date : 06/02/2012 12:07:49 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 10 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : {E8B9155B-E45B-AD7F-6A2F-F2FE7C50D1E3} (C:\Users\coco\AppData\Roaming\Evmela\biegs.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-21-2785893074-595747820-1594240593-1000[...]\Run : {E8B9155B-E45B-AD7F-6A2F-F2FE7C50D1E3} (C:\Users\coco\AppData\Roaming\Evmela\biegs.exe) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost 127.0.0.1 genuine.microsoft.com 127.0.0.1 mpa.one.microsoft.com 127.0.0.1 sa.windows.com 127.0.0.1 se.windows.com 127.0.0.1 ie.search.msn.com 127.0.0.1 wustat.windows.com 127.0.0.1 wutrack.windows.com 127.0.0.1 catalog.microsoft.com 127.0.0.1 sls.microsoft.com 127.0.0.1 spynet2.microsoft.com 127.0.0.1 spynettest.microsoft.com 127.0.0.1 activation.guitar-pro.com ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: ST9500325AS +++++ --- User --- [MBR] dbc9d427d53fbb122228d5942fe4ff49 [bSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 445091 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 911753216 | Size: 30720 Mo 3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 974667776 | Size: 1027 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[1].txt >> RKreport[1].txt ^RogueKiller V7.0.3 [06/02/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/45) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode normal Utilisateur: coco [Droits d'admin] Mode: Suppression -- Date : 06/02/2012 12:10:11 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 9 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : {E8B9155B-E45B-AD7F-6A2F-F2FE7C50D1E3} (C:\Users\coco\AppData\Roaming\Evmela\biegs.exe) -> DELETED [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1) [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost 127.0.0.1 genuine.microsoft.com 127.0.0.1 mpa.one.microsoft.com 127.0.0.1 sa.windows.com 127.0.0.1 se.windows.com 127.0.0.1 ie.search.msn.com 127.0.0.1 wustat.windows.com 127.0.0.1 wutrack.windows.com 127.0.0.1 catalog.microsoft.com 127.0.0.1 sls.microsoft.com 127.0.0.1 spynet2.microsoft.com 127.0.0.1 spynettest.microsoft.com 127.0.0.1 activation.guitar-pro.com ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: ST9500325AS +++++ --- User --- [MBR] dbc9d427d53fbb122228d5942fe4ff49 [bSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 445091 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 911753216 | Size: 30720 Mo 3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 974667776 | Size: 1027 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt RogueKiller V7.0.3 [06/02/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/45) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode normal Utilisateur: coco [Droits d'admin] Mode: Proxy RAZ -- Date : 06/02/2012 12:10:42 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Entrees de registre: 0 ¤¤¤ Termine : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt RogueKiller V7.0.3 [06/02/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/45) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode normal Utilisateur: coco [Droits d'admin] Mode: DNS RAZ -- Date : 06/02/2012 12:11:05 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Entrees de registre: 0 ¤¤¤ Termine : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt RogueKiller V7.0.3 [06/02/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/45) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode normal Utilisateur: coco [Droits d'admin] Mode: Raccourcis RAZ -- Date : 06/02/2012 12:17:13 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Attributs de fichiers restaures: ¤¤¤ Bureau: Success 3 / Fail 0 Lancement rapide: Success 1 / Fail 0 Programmes: Success 14 / Fail 0 Menu demarrer: Success 1 / Fail 0 Dossier utilisateur: Success 64 / Fail 0 Mes documents: Success 1 / Fail 0 Mes favoris: Success 0 / Fail 0 Mes images: Success 0 / Fail 0 Ma musique: Success 2 / Fail 0 Mes videos: Success 0 / Fail 0 Disques locaux: Success 59 / Fail 0 Sauvegarde: [NOT FOUND] Lecteurs: [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored [D:] \Device\HarddiskVolume3 -- 0x3 --> Restored [E:] \Device\CdRom0 -- 0x5 --> Skipped [F:] \Device\CdRom1 -- 0x5 --> Skipped ¤¤¤ Infection : ¤¤¤ Termine : << RKreport[5].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt Malwarebytes Anti-Malware (Essai) 1.60.1.1000 www.malwarebytes.org Version de la base de données: v2012.02.06.01 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 coco :: COCO-PC [administrateur] Protection: Activé 06/02/2012 12:25:06 mbam-log-2012-02-06 (12-25-06).txt Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 653504 Temps écoulé: 3 heure(s), 11 minute(s), 19 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 1 HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Mauvais: ("regedit.exe" "%1") Bon: (regedit.exe "%1") -> Mis en quarantaine et réparé avec succès Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 8 C:\ProgramData\VhhxBEvUjcMtwRtxMW\VhhxBEvUjcMtwRtxMW\1.0.1.0\cpQkbSfpZY.exe (Trojan.MSIL.Gen) -> Mis en quarantaine et supprimé avec succès. C:\ProgramData\VhhxBEvUjcMtwRtxMW\VhhxBEvUjcMtwRtxMW\1.0.1.0\QMBVLCQaJJ.exe (Trojan.MSIL.Gen) -> Mis en quarantaine et supprimé avec succès. C:\Users\coco\AppData\Local\Temp\tmp5032ce99\crnosok.exe (Trojan.Downloader) -> Mis en quarantaine et supprimé avec succès. C:\Users\coco\AppData\Local\Xenocode\Sandbox\Stub\1.0.0.0\2010.11.28T01.47\Virtual\STUBEXE\8.0.1112\@PROFILE@\Downloads\boudbid_BOT_product.exe (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès. C:\Users\coco\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1aa8a1e-204db27c (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès. C:\Users\coco\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\1a77c1ed-7ffe83f6 (Trojan.Downloader) -> Mis en quarantaine et supprimé avec succès. C:\Users\coco\AppData\Roaming\Evmela\biegs.exe (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès. C:\Users\coco\Desktop\RK_Quarantine\biegs.exe.vir (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès. (fin)
  6. Bonsoir, Je pense avoir été infecté par un virus de type bugbear. Ma touche ^^ renvois toujours deux réponses. Merci =). Voici ce que me donne hijackthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:47:35, on 05/02/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16912) Boot mode: Normal Running processes: C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Users\coco\AppData\Local\Akamai\netsession_win.exe C:\Users\coco\AppData\Roaming\Evmela\biegs.exe C:\Users\coco\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe C:\Program Files (x86)\Orange\Connexion Internet Orange\Launcher\Launcher.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files (x86)\Orange\Connexion Internet Orange\systray\systrayapp.exe C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\OraConfigRecover.exe C:\program files (x86)\avira\antivir desktop\avcenter.exe C:\Program Files (x86)\Steam\Steam.exe C:\Windows\system32\taskmgr.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files (x86)\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll R3 - URLSearchHook: (no name) - {ef79f67a-6ad7-4715-a0f8-932fca442023} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\WINDOW~2\Datamngr\ToolBar\searchqudtx.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\WINDOW~2\Datamngr\ToolBar\searchqudtx.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [ORAHSSSessionManager] "C:\Program Files (x86)\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DATAMNGR] C:\Program Files (x86)\WINDOW~2\Datamngr\DATAMN~1.EXE O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\coco\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [{E8B9155B-E45B-AD7F-6A2F-F2FE7C50D1E3}] C:\Users\coco\AppData\Roaming\Evmela\biegs.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU') O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'ℑ au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Envoyer à Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Envoyer au périphérique &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O20 - AppInit_DLLs: C:\Program Files (x86)\WINDOW~2\Datamngr\datamngr.dll C:\Program Files (x86)\WINDOW~2\Datamngr\IEBHO.dll O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Akamai NetSession Interface (Akamai) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira Planificateur (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Protection temps réel (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Superfetch (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: WireHelpSvc - Unknown owner - C:\Program Files\Common Files\WireHelpSvc.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 25744 bytes
×
×
  • Créer...