dreamelf
-
Compteur de contenus
11 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par dreamelf
-
[Résolu] Rapport HijackThis
dreamelf a répondu à un(e) sujet de dreamelf dans Analyses et éradication malwares
# DelFix v8.8 - Rapport créé le 08/04/2012 à 22:02:51 # Mis à jour le 12/02/12 par Xplode # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits) # Nom d'utilisateur : Norbert - NORBERT-PC (Administrateur) # Exécuté depuis : C:\Users\Norbert\Desktop\delfix.exe # Option [suppression] ~~~~~~ Dossiers(s) ~~~~~~ Supprimé : C:\USBFix Supprimé : C:\ZHP Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP Supprimé : C:\Program Files (x86)\ZHPDiag ~~~~~~ Fichier(s) ~~~~~~ Supprimé : C:\AdwCleaner[R1].txt Supprimé : C:\AdwCleaner[R2].txt Supprimé : C:\AdwCleaner[R3].txt Supprimé : C:\AdwCleaner[s1].txt Supprimé : C:\AdwCleaner[s2].txt Supprimé : C:\ComboFix.txt Supprimé : C:\PhysicalDisk0_MBR.bin Supprimé : C:\UsbFix_Upload_Me_NORBERT-PC.zip Supprimé : C:\Users\Norbert\Desktop\adwcleaner.exe Supprimé : C:\Users\Norbert\Desktop\esetsmartinstaller_enu.exe Supprimé : C:\Users\Norbert\Desktop\UsbFix.exe Supprimé : C:\Users\Norbert\Desktop\ZHPDiag.txt Supprimé : C:\Users\Norbert\Desktop\ZHPDiag2.exe Supprimé : C:\Users\Norbert\Downloads\hijackthis_telechargement_01net.exe Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk Supprimé : C:\Users\Public\Desktop\MBRCheck.lnk ~~~~~~ Registre ~~~~~~ Clé Supprimée : HKLM\SOFTWARE\AdwCleaner Clé Supprimée : HKLM\SOFTWARE\Swearware Clé Supprimée : HKLM\SOFTWARE\TrendMicro\Hijackthis Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1 Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe ~~~~~~ Autres ~~~~~~ -> Prefetch Vidé ************************* DelFix[s1].txt - [1788 octets] - [08/04/2012 22:02:51] ########## EOF - C:\DelFix[s1].txt - [1912 octets] ########## -
[Résolu] Rapport HijackThis
dreamelf a répondu à un(e) sujet de dreamelf dans Analyses et éradication malwares
Bon, après rapport du deuxième scan de MBAM, il a trouvé 9 fichiers infectés et il les a éliminés, le problème d'accents est réglé ^^ Je dois quand même faire l'analyse avec l'autre ou pas ? -
[Résolu] Rapport HijackThis
dreamelf a répondu à un(e) sujet de dreamelf dans Analyses et éradication malwares
Comment on lance Windows 7 en mode sans échec ? -
[Résolu] Rapport HijackThis
dreamelf a répondu à un(e) sujet de dreamelf dans Analyses et éradication malwares
C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application C:\Program Files (x86)\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application C:\Program Files (x86)\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application C:\Program Files (x86)\Uniblue\RegistryBooster\rb_ubm.exe Win32/RegistryBooster application C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\{Binda}.exe a variant of MSIL/Injector.YE trojan C:\Users\Norbert\Documents\FFOutput\SxCity2.0\Install_SexyCity_2.0.0.exe a variant of MSIL/Injector.VB trojan C:\Users\Norbert\Documents\Jeux\NFS\rld-nshp.iso a variant of Win32/Packed.VMProtect.AAD trojan Operating memory a variant of Win32/Fynloski.AA trojan Pour info sexycity est un genre de jeu de plateau coquin, on aime bien s'amuser avec ma copine ^^ Et sisi, j'ai répondu, c'était un scan complet pour MBAM et il n'a rien trouvé... Du coup j'en relance un ! Merci pour tout en tout cas -
[Résolu] Rapport HijackThis
dreamelf a répondu à un(e) sujet de dreamelf dans Analyses et éradication malwares
Ben écoute le problème est toujours là mais j'espère que ça va s'arranger ^^ Par contre l'analyse est bloquée sur 99% depuis une heure, c'est normal ? Je comprends pas en plus, je fais super gaffe à ce que je mets dessus... -
[Résolu] Rapport HijackThis
dreamelf a répondu à un(e) sujet de dreamelf dans Analyses et éradication malwares
scan en cours. Une idée de ce que c'est avec tous les tests déjà faits ? Je commence à m'inquiéter :/ -
[Résolu] Rapport HijackThis
dreamelf a répondu à un(e) sujet de dreamelf dans Analyses et éradication malwares
############################## | UsbFix V 7.087 | [suppression] Utilisateur: Norbert (Administrateur) # NORBERT-PC Mis à jour le 05/04/2012 par El Desaparecido Lancé à 17:14:14 | 08/04/2012 Site Web: http://eldesaparecido.com Fichier suspect ? : http://eldesaparecido.com/upload.html Contact: contact@eldesaparecido.com PC: ASUSTeK Computer Inc. (K53SC) (x64-based PC) # Notebook CPU: Intel® Core i5-2430M CPU @ 2.40GHz (2401) RAM -> [ Total : 4007 | Free : 1740 ] BIOS: BIOS Date: 09/26/11 14:09:47 Ver: 04.06.03 BOOT: Normal boot OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [ Enabled ] WU: Windows Update Service [ Enabled ] AV: avast! Antivirus [ Enabled | Updated ] FW: Windows FireWall Service [ Enabled ] C:\ (%systemdrive%) -> Disque fixe # 259 Go (85 Go libre(s) - 33%) [OS] # NTFS D:\ -> Disque fixe # 312 Go (261 Go libre(s) - 84%) [DATA] # NTFS E:\ -> CD-ROM ################## | Processus Actif | C:\Windows\system32\csrss.exe (496) C:\Windows\system32\wininit.exe (568) C:\Windows\system32\csrss.exe (592) C:\Windows\system32\services.exe (636) C:\Windows\system32\lsass.exe (652) C:\Windows\system32\lsm.exe (660) C:\Windows\system32\svchost.exe (764) C:\Windows\system32\winlogon.exe (824) C:\Windows\system32\svchost.exe (896) C:\Windows\System32\svchost.exe (1000) C:\Windows\System32\svchost.exe (120) C:\Windows\system32\svchost.exe (508) C:\Windows\system32\svchost.exe (500) C:\Windows\system32\svchost.exe (1124) C:\Windows\system32\FBAgent.exe (1216) C:\Windows\system32\WLANExt.exe (1224) C:\Windows\system32\conhost.exe (1232) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (1260) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (1360) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1404) C:\Windows\System32\spoolsv.exe (1500) C:\Windows\system32\svchost.exe (1760) C:\Windows\system32\taskhost.exe (1952) C:\Windows\system32\Dwm.exe (2016) C:\Windows\Explorer.EXE (2044) C:\Windows\system32\taskeng.exe (2100) C:\Windows\system32\taskeng.exe (2156) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (2204) C:\Windows\SysWOW64\ACEngSvr.exe (2456) C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe (2520) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (2552) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (2572) C:\Program Files\P4G\BatteryLife.exe (2608) C:\Windows\AsScrPro.exe (2636) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (2644) C:\Windows\System32\igfxtray.exe (2656) C:\Windows\System32\hkcmd.exe (2764) C:\Windows\System32\igfxpers.exe (2804) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (2860) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (2892) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (3032) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (2724) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (3100) C:\Program Files\Intel\TurboBoost\TurboBoost.exe (3124) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (3140) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (3340) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (3484) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (3664) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3760) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (3980) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (3992) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (3120) C:\Windows\system32\svchost.exe (3720) C:\Windows\system32\wbem\unsecapp.exe (4424) C:\Windows\system32\wbem\unsecapp.exe (4448) C:\Windows\system32\wbem\wmiprvse.exe (4652) C:\Program Files\AVAST Software\Avast\AvastUI.exe (4484) C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.exe (2324) C:\Windows\system32\svchost.exe (3004) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (4136) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (184) C:\Windows\System32\svchost.exe (4164) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (4264) C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe (5596) C:\Windows\system32\SearchIndexer.exe (4804) C:\Program Files\Windows Media Player\wmpnetwk.exe (6248) C:\Program Files\Windows Media Player\wmprph.exe (7140) C:\Windows\system32\taskhost.exe (6764) C:\Program Files (x86)\uTorrent\uTorrent.exe (6364) C:\Program Files (x86)\Windows Media Player\wmplayer.exe (5800) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (7276) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (3796) C:\Users\Norbert\AppData\Roaming\Microsoft\winlogon.exe (6040) C:\Windows\sysWOW64\wbem\wmiprvse.exe (2500) C:\UsbFix\Go.exe (6208) C:\Windows\system32\wbem\wmiprvse.exe (6176) ################## | Processus Stoppés | Stoppé! C:\Windows\system32\FBAgent.exe (1216) Stoppé! C:\Windows\system32\WLANExt.exe (1224) Stoppé! C:\Windows\system32\conhost.exe (1232) Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (1260) Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (1360) Stoppé! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1404) Stoppé! C:\Windows\System32\spoolsv.exe (1500) Stoppé! C:\Windows\system32\taskhost.exe (1952) Stoppé! C:\Windows\Explorer.EXE (2044) Stoppé! C:\Windows\system32\taskeng.exe (2100) Stoppé! C:\Windows\system32\taskeng.exe (2156) Stoppé! C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (2204) Stoppé! C:\Windows\SysWOW64\ACEngSvr.exe (2456) Stoppé! C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe (2520) Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (2552) Stoppé! C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (2572) Stoppé! C:\Program Files\P4G\BatteryLife.exe (2608) Stoppé! C:\Windows\AsScrPro.exe (2636) Stoppé! C:\Program Files\Intel\WiFi\bin\EvtEng.exe (2644) Stoppé! C:\Windows\System32\igfxtray.exe (2656) Stoppé! C:\Windows\System32\hkcmd.exe (2764) Stoppé! C:\Windows\System32\igfxpers.exe (2804) Stoppé! C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (2860) Stoppé! C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (2892) Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (3032) Stoppé! C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (2724) Stoppé! C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (3100) Stoppé! C:\Program Files\Intel\TurboBoost\TurboBoost.exe (3124) Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (3140) Stoppé! C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (3340) Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (3484) Stoppé! C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (3664) Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3760) Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (3980) Stoppé! C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (3992) Stoppé! C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (3120) Stoppé! C:\Program Files\AVAST Software\Avast\AvastUI.exe (4484) Stoppé! C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.exe (2324) Stoppé! C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (4136) Stoppé! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (184) Stoppé! C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (4264) Stoppé! C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe (5596) Stoppé! C:\Windows\system32\SearchIndexer.exe (4804) Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (6248) Stoppé! C:\Program Files\Windows Media Player\wmprph.exe (7140) Stoppé! C:\Windows\system32\taskhost.exe (6764) Stoppé! C:\Program Files (x86)\uTorrent\uTorrent.exe (6364) Stoppé! C:\Program Files (x86)\Windows Media Player\wmplayer.exe (5800) Stoppé! C:\Program Files (x86)\Mozilla Firefox\firefox.exe (7276) Stoppé! C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (3796) Stoppé! C:\Users\Norbert\AppData\Roaming\Microsoft\winlogon.exe (6040) ################## | Éléments infectieux | Supprimé! C:\Users\Norbert\AppData\Roaming\7XG3HF6PIO.exe Supprimé! C:\Users\Norbert\AppData\Roaming\JCYK3GUGVO.exe Supprimé! C:\Users\Norbert\AppData\Local\Temp\88913.exe Supprimé! D:\$RECYCLE.BIN\S-1-5-20 Supprimé! D:\$RECYCLE.BIN\S-1-5-21-3878662279-83073529-246682085-1001 (!) Fichiers temporaires supprimés. ################## | Registre | Supprimé! HKCU\Software\VB and VBA Program Settings\INSTALL Supprimé! HKCU\Software\VB and VBA Program Settings\SrvID Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MsUpdate ################## | Mountpoints2 | ################## | Listing | [08/04/2012 - 17:16:03 | SHD ] C:\$RECYCLE.BIN [07/04/2012 - 11:05:58 | N | 1310] C:\AdwCleaner[R1].txt [07/04/2012 - 11:06:55 | N | 1370] C:\AdwCleaner[R2].txt [07/04/2012 - 11:14:47 | N | 1147] C:\AdwCleaner[R3].txt [07/04/2012 - 11:07:14 | N | 1316] C:\AdwCleaner[s1].txt [07/04/2012 - 11:15:01 | N | 306] C:\AdwCleaner[s2].txt [06/12/2011 - 05:07:16 | D ] C:\ASUS.DAT [05/04/2012 - 09:15:42 | D ] C:\AsusVibeData [29/07/2009 - 08:03:34 | D ] C:\Boot [14/07/2009 - 03:38:58 | RASH | 383562] C:\bootmgr [29/07/2009 - 08:03:37 | N | 8192] C:\BOOTSECT.BAK [16/01/2012 - 03:35:41 | D ] C:\bwinPoker [22/03/2012 - 04:16:36 | D ] C:\CamersoftOutput [08/04/2012 - 06:42:51 | N | 25411] C:\ComboFix.txt [08/04/2012 - 02:20:23 | D ] C:\Config.Msi [18/09/2011 - 03:41:52 | N | 14180] C:\devlist.txt [14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings [18/09/2011 - 03:29:06 | D ] C:\eSupport [17/09/2011 - 12:41:53 | N | 9] C:\Finish.log [07/04/2012 - 11:08:10 | ASH | 3150995456] C:\hiberfil.sys [18/09/2011 - 03:13:05 | D ] C:\Intel [26/09/2011 - 15:16:50 | N | 2621440] C:\K53SC.BIN [17/06/2011 - 10:21:06 | N | 2621440] C:\K53SJ.BIN [31/05/2011 - 04:26:54 | N | 19] C:\K53SJ_K53SV_K53SC_WIN7.120 [17/06/2011 - 09:20:18 | N | 2621440] C:\K53SV.BIN [06/12/2011 - 03:44:18 | D ] C:\Ntreev USA [07/04/2012 - 11:08:13 | ASH | 6300893184] C:\pagefile.sys [17/09/2011 - 13:43:51 | N | 303] C:\Pass.txt [14/07/2009 - 05:20:08 | D ] C:\PerfLogs [07/04/2012 - 17:39:10 | N | 512] C:\PhysicalDisk0_MBR.bin [26/01/2012 - 04:37:33 | D ] C:\Program Files [08/04/2012 - 02:17:50 | D ] C:\Program Files (x86) [08/04/2012 - 06:39:10 | D ] C:\ProgramData [08/04/2012 - 06:42:53 | D ] C:\Qoobox [06/12/2011 - 05:03:38 | D ] C:\Recovery [30/03/2011 - 09:12:29 | N | 19] C:\RECOVERY.DAT [18/09/2011 - 03:17:18 | N | 2328] C:\RHDSetup.log [18/09/2011 - 03:26:46 | N | 168] C:\setup.log [18/09/2011 - 03:28:59 | N | 380] C:\setuplogfile.log [08/04/2012 - 03:32:09 | SHD ] C:\System Volume Information [08/04/2012 - 17:16:03 | D ] C:\UsbFix [08/04/2012 - 17:14:20 | A | 11571] C:\UsbFix.txt [06/12/2011 - 05:05:20 | D ] C:\Users [18/09/2011 - 03:19:29 | N | 209] C:\usetup.iss [08/04/2012 - 06:42:53 | D ] C:\Windows [07/04/2012 - 17:47:51 | D ] C:\ZHP [08/04/2012 - 17:16:03 | D ] D:\$RECYCLE.BIN [07/04/2012 - 06:30:02 | D ] D:\Animes [05/04/2012 - 20:21:43 | D ] D:\Films [26/12/2011 - 00:11:29 | D ] D:\msdownld.tmp [06/12/2011 - 14:02:46 | SHD ] D:\System Volume Information [30/03/2012 - 04:40:44 | D ] D:\Séries ################## | Vaccin | C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) ################## | Upload | Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_NORBERT-PC.zip http://eldesaparecido.com/upload.php Merci de votre contribution. ################## | E.O.F | -
[Résolu] Rapport HijackThis
dreamelf a répondu à un(e) sujet de dreamelf dans Analyses et éradication malwares
je n'ai fait que poster le rapport de blocage d'Avast qui est apparu plusieurs fois, loin de moi l'idée de répandre un cheval de troie ! Est-il possible que le problème vienne de là ? Sinon effectiement Malware a effectué une analyse complète asns rien trouver... Ci-joints les rapports d'USBFix et de ComboFix. Merci à vous ############################## | UsbFix V 7.087 | [Recherche] Utilisateur: Norbert (Administrateur) # NORBERT-PC Mis à jour le 05/04/2012 par El Desaparecido Lancé à 06:48:31 | 08/04/2012 Site Web: http://eldesaparecido.com Fichier suspect ? : http://eldesaparecido.com/upload.html Contact: contact@eldesaparecido.com PC: ASUSTeK Computer Inc. (K53SC) (x64-based PC) # Notebook CPU: Intel® Core i5-2430M CPU @ 2.40GHz (2401) RAM -> [ Total : 4007 | Free : 1864 ] BIOS: BIOS Date: 09/26/11 14:09:47 Ver: 04.06.03 BOOT: Normal boot OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [ Enabled ] WU: Windows Update Service [ Enabled ] AV: avast! Antivirus [ (!) Disabled | Updated ] FW: Windows FireWall Service [ Enabled ] C:\ (%systemdrive%) -> Disque fixe # 259 Go (86 Go libre(s) - 33%) [OS] # NTFS D:\ -> Disque fixe # 312 Go (261 Go libre(s) - 84%) [DATA] # NTFS E:\ -> CD-ROM ################## | Processus Actif | C:\Windows\system32\csrss.exe (496) C:\Windows\system32\wininit.exe (568) C:\Windows\system32\csrss.exe (592) C:\Windows\system32\services.exe (636) C:\Windows\system32\lsass.exe (652) C:\Windows\system32\lsm.exe (660) C:\Windows\system32\svchost.exe (764) C:\Windows\system32\winlogon.exe (824) C:\Windows\system32\svchost.exe (896) C:\Windows\System32\svchost.exe (1000) C:\Windows\System32\svchost.exe (120) C:\Windows\system32\svchost.exe (508) C:\Windows\system32\svchost.exe (500) C:\Windows\system32\svchost.exe (1124) C:\Windows\system32\FBAgent.exe (1216) C:\Windows\system32\WLANExt.exe (1224) C:\Windows\system32\conhost.exe (1232) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (1260) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (1360) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1404) C:\Windows\System32\spoolsv.exe (1500) C:\Windows\system32\svchost.exe (1760) C:\Windows\system32\taskhost.exe (1952) C:\Windows\system32\Dwm.exe (2016) C:\Windows\Explorer.EXE (2044) C:\Windows\system32\taskeng.exe (2100) C:\Windows\system32\taskeng.exe (2156) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (2204) C:\Windows\SysWOW64\ACEngSvr.exe (2456) C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe (2520) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (2552) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (2572) C:\Program Files\P4G\BatteryLife.exe (2608) C:\Windows\AsScrPro.exe (2636) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (2644) C:\Windows\System32\igfxtray.exe (2656) C:\Windows\System32\hkcmd.exe (2764) C:\Windows\System32\igfxpers.exe (2804) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (2860) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (2892) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (3032) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (2724) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (3100) C:\Program Files\Intel\TurboBoost\TurboBoost.exe (3124) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (3140) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (3340) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (3484) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (3664) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3760) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (3980) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (3992) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (3120) C:\Windows\system32\svchost.exe (3720) C:\Windows\system32\wbem\unsecapp.exe (4424) C:\Windows\system32\wbem\unsecapp.exe (4448) C:\Windows\system32\wbem\wmiprvse.exe (4652) C:\Program Files\AVAST Software\Avast\AvastUI.exe (4484) C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.exe (2324) C:\Windows\system32\svchost.exe (3004) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (4136) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (184) C:\Windows\System32\svchost.exe (4164) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (4264) C:\Windows\sysWOW64\wbem\wmiprvse.exe (2200) C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe (5596) C:\Windows\system32\SearchIndexer.exe (4804) C:\Program Files\Windows Media Player\wmpnetwk.exe (6248) C:\Program Files\Windows Media Player\wmprph.exe (7140) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (7328) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (7804) C:\Windows\system32\SearchProtocolHost.exe (5484) C:\Windows\system32\SearchFilterHost.exe (7124) C:\UsbFix\Go.exe (1212) C:\Windows\system32\wbem\wmiprvse.exe (4744) ################## | Éléments infectieux | Présent! C:\Users\Norbert\AppData\Roaming\7XG3HF6PIO.exe Présent! C:\Users\Norbert\AppData\Roaming\JCYK3GUGVO.exe ################## | Registre | Présent! HKCU\Software\VB and VBA Program Settings\INSTALL Présent! HKCU\Software\VB and VBA Program Settings\SrvID Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives ################## | Mountpoints2 | ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné! ################## | E.O.F | ComboFix 12-04-07.03 - Norbert 08/04/2012 6:34.1.4 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4007.2157 [GMT 2:00] Lancé depuis: c:\users\Norbert\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe c:\programdata\Roaming c:\windows\AsDebug.log c:\windows\msxml4-KB954430-enu.LOG c:\windows\msxml4-KB973688-enu.LOG . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-03-08 au 2012-04-08 )))))))))))))))))))))))))))))))))))) . . 2012-04-08 04:39 . 2012-04-08 04:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-08 04:39 . 2012-04-08 04:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-04-08 00:17 . 2012-04-08 00:17 -------- d-----w- c:\program files (x86)\Gameforge 2012-04-07 15:39 . 2012-04-07 15:39 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2012-04-07 15:37 . 2012-04-07 15:47 -------- d-----w- C:\ZHP 2012-04-07 15:32 . 2012-04-07 15:39 -------- d-----w- c:\program files (x86)\ZHPDiag 2012-04-07 09:23 . 2012-04-07 09:23 -------- d-----w- c:\users\Norbert\AppData\Roaming\GlarySoft 2012-04-07 09:21 . 2012-04-07 09:21 -------- d-----w- c:\program files (x86)\Glary Utilities 2012-04-07 09:21 . 2012-04-07 09:21 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} 2012-04-06 23:47 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCA6E1CF-DD5F-4337-92D3-C785C2504E31}\mpengine.dll 2012-04-05 16:27 . 2012-04-05 16:27 -------- d-----w- c:\program files (x86)\SexGamesBox 2012-04-05 16:27 . 2012-04-05 09:55 622592 ----a-w- c:\users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\{Binda}.exe 2012-04-05 15:20 . 2012-04-05 15:20 8767136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-05 14:37 . 2012-04-05 15:20 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-05 07:13 . 2012-04-05 07:13 -------- d--h--w- c:\programdata\.syncID 2012-04-05 07:12 . 2012-04-05 07:12 -------- d--h--w- c:\programdata\.Syncables 2012-04-02 17:36 . 2012-04-02 17:36 20192 ----a-w- c:\windows\system32\btinstall.dll 2012-04-02 17:36 . 2012-04-02 17:36 43616 ----a-w- c:\windows\system32\drivers\btcusb.sys 2012-04-02 03:49 . 2012-04-02 03:49 -------- d-----w- c:\programdata\Bouygues Telecom 2012-03-31 04:59 . 2012-03-31 04:59 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-03-31 04:58 . 2012-03-31 04:58 -------- d-----w- c:\program files (x86)\Datel 2012-03-28 15:28 . 2012-03-28 15:28 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-03-28 15:27 . 2012-03-28 15:27 74344 ----a-w- c:\windows\system32\RtNicProp64.dll 2012-03-28 15:27 . 2012-03-28 15:27 676968 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2012-03-28 15:27 . 2012-03-28 15:27 107624 ----a-w- c:\windows\system32\RTNUninst64.dll 2012-03-27 21:17 . 2012-03-27 21:17 -------- d-----w- c:\users\Norbert\AppData\Roaming\Unity 2012-03-27 19:03 . 2012-03-27 19:03 -------- d-----w- c:\users\Norbert\AppData\Local\Unity 2012-03-22 02:16 . 2012-03-22 02:16 -------- d-----w- C:\CamersoftOutput 2012-03-22 02:16 . 2012-03-22 02:16 -------- d-----w- c:\program files (x86)\Camersoft 2012-03-22 02:12 . 2012-03-22 02:13 -------- d-----w- c:\program files (x86)\VirtualCamera 2012-03-22 02:02 . 2012-04-02 03:48 -------- d-----w- c:\users\Norbert\AppData\Roaming\ManyCam 2012-03-22 02:01 . 2012-04-05 14:29 -------- d-----w- c:\program files (x86)\ManyCam 2012-03-22 01:57 . 2004-03-08 22:00 132880 ----a-w- c:\windows\SysWow64\MSINET.OCX 2012-03-22 01:57 . 2012-03-22 01:57 -------- d-----w- c:\program files (x86)\Fake Webcam 7.1 2012-03-22 01:54 . 2004-03-08 23:00 152848 ----a-w- c:\windows\SysWow64\COMDLG32.OCX 2012-03-22 01:54 . 2012-03-22 02:12 -------- d-----w- c:\program files (x86)\Fake Webcam 2012-03-19 04:45 . 2012-03-19 04:45 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-19 04:45 . 2012-03-19 04:45 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-03-14 16:40 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 16:40 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-14 16:40 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-14 11:22 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 11:22 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 11:22 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 11:21 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 11:21 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 11:21 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 11:21 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-14 11:21 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 11:21 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 11:21 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 03:45 . 2012-03-14 17:35 -------- d-----w- c:\users\Norbert\AppData\Roaming\Tropico 3 2012-03-14 02:21 . 2012-03-14 02:21 -------- d-----w- c:\programdata\ASUS 2012-03-14 02:14 . 2012-03-14 02:15 -------- d-----w- c:\users\Norbert\AppData\Roaming\Download Manager 2012-03-14 02:12 . 2012-03-14 02:12 -------- d-----w- c:\users\Norbert\AppData\Local\ASUS 2012-03-13 19:59 . 2012-03-13 19:59 -------- d-----w- c:\users\Norbert\AppData\Local\Bouygues Telecom 2012-03-13 19:56 . 2010-06-24 13:28 119680 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys 2012-03-13 19:56 . 2010-06-24 13:28 119680 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys 2012-03-13 19:56 . 2010-06-24 13:28 119680 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys 2012-03-13 19:56 . 2010-06-24 13:28 11776 ----a-w- c:\windows\system32\drivers\massfilter.sys 2012-03-13 19:56 . 2010-06-24 13:28 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys 2012-03-13 19:56 . 2010-06-24 13:28 132608 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2012-03-13 19:56 . 2010-06-24 13:28 116992 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2012-03-13 19:56 . 2010-06-24 13:28 113792 ----a-w- c:\windows\system32\drivers\ewusbdev.sys 2012-03-13 19:56 . 2010-04-07 10:46 119680 ----a-w- c:\windows\system32\drivers\jrdusbser.sys 2012-03-13 19:55 . 2012-04-02 03:49 -------- d-----w- c:\program files (x86)\Common Files\PctelEapPeer Authentication 2012-03-13 19:55 . 2012-03-13 19:55 -------- d-----w- c:\program files (x86)\Bouygues Telecom 2012-03-13 17:17 . 2012-03-13 17:17 -------- d-----w- c:\program files (x86)\Kalypso 2012-03-12 15:38 . 2012-03-12 15:38 -------- d-----w- c:\windows\SysWow64\Adobe 2012-03-10 01:54 . 2012-03-16 16:15 -------- d-----w- c:\users\Norbert\AppData\Local\dxhr 2012-03-10 01:54 . 2012-03-10 01:54 -------- d-----w- c:\users\Norbert\AppData\Local\28050 2012-03-09 22:37 . 2012-04-07 09:09 -------- d-----w- c:\program files (x86)\Steam 2012-03-09 21:42 . 2012-03-09 21:42 -------- d-----w- c:\program files (x86)\Firaxis Games . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-05 15:20 . 2011-12-05 21:38 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-05 14:33 . 2011-12-06 03:05 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-03-28 15:29 . 2011-09-18 01:13 241984 ----a-w- c:\windows\system32\nvinitx.dll 2012-03-28 15:29 . 2011-09-18 01:13 203072 ----a-w- c:\windows\SysWow64\nvinit.dll 2012-03-28 15:29 . 2011-09-18 01:13 2808128 ----a-w- c:\windows\system32\nvapi64.dll 2012-03-07 03:58 . 2012-03-07 03:58 1533248 ----a-w- c:\windows\system32\nvdispco64.dll 2012-03-07 03:58 . 2012-03-07 03:58 1454400 ----a-w- c:\windows\system32\nvgenco64.dll 2012-03-07 00:15 . 2011-12-05 21:21 41184 ----a-w- c:\windows\avastSS.scr 2012-03-07 00:15 . 2011-12-12 08:32 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-03-07 00:15 . 2011-12-12 08:32 258520 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-07 00:04 . 2011-12-12 08:32 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-07 00:04 . 2011-12-12 08:32 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-03-07 00:02 . 2012-02-25 16:50 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-03-07 00:01 . 2011-12-12 08:32 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-03-07 00:01 . 2011-12-12 08:32 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-03-07 00:01 . 2011-12-12 08:32 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-02-23 08:18 . 2011-12-05 21:28 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-22 10:34 . 2012-02-22 10:34 28160 ----a-w- c:\windows\system32\drivers\mcaudrv_x64.sys 2012-01-17 17:43 . 2012-01-17 17:43 348160 ----a-w- c:\windows\msvcr71.dll 2012-01-17 17:43 . 2012-01-17 17:43 434252 ----a-w- c:\windows\MSVCRTD.DLL 2012-01-11 06:11 . 2012-01-11 06:11 34304 ----a-w- c:\windows\system32\drivers\mcvidrv_x64.sys . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472] "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "ROCCAT Pyra Mouse"="c:\program files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.EXE" [2010-09-07 532480] . c:\users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ {Binda}.exe [2012-4-5 622592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 549040] FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-9-18 12862] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Reader\Ereg\Ereg.ini" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600] R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-21 16640] R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664] R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys [x] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2011-11-25 427640] R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [x] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x] R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver; [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-10 2009704] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Contenu du dossier 'Tâches planifiées' . 2012-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 15:20] . 2012-04-07 c:\windows\Tasks\DriverScanner.job - c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-03-07 13:41] . 2012-04-07 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2012-04-07 21:31] . 2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33] . 2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33] . 2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3878662279-83073529-246682085-1001Core.job - c:\users\Norbert\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-15 14:00] . 2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3878662279-83073529-246682085-1001UA.job - c:\users\Norbert\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-15 14:00] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.facebook.fr/ mStart Page = hxxp://asus.msn.com TCP: DhcpNameServer = 212.27.40.240 212.27.40.241 FF - ProfilePath - c:\users\Norbert\AppData\Roaming\Mozilla\Firefox\Profiles\4mea26iy.default\ FF - prefs.js: network.proxy.type - 4 . - - - - ORPHELINS SUPPRIMES - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-HijackThis - c:\users\Norbert\AppData\Local\Temp\01net\HijackThis.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2012-04-08 06:42:51 ComboFix-quarantined-files.txt 2012-04-08 04:42 . Avant-CF: 92 196 335 616 octets libres Après-CF: 92 213 223 424 octets libres . - - End Of File - - F2FE9483632C710D4F949FAE60DCEA53 -
[Résolu] Rapport HijackThis
dreamelf a répondu à un(e) sujet de dreamelf dans Analyses et éradication malwares
Alors désolé mais je n'ai pas réussi à faire cette manoeuvre. Par contre Avast m'a bloqué ça : Détails des infections isass.exe processus: C:\Windows\Microsoft.NET\Framework\v2.0.... infection: MSIL:Downloader-CM [Trj] -
[Résolu] Rapport HijackThis
dreamelf a répondu à un(e) sujet de dreamelf dans Analyses et éradication malwares
Lien CJoint.com 3Dhr0oKfnmy -
Edit : problème résolu, merci à Apollo ^^ Bonjour à vous ! Depuis deux jours j'ai des soucis avec mon clavier, il ne veut plus taper les accents circonflexes ou alors les double mais pas au-dessus de la lettre sur laquelle je veux le faire apparaitre. Après consultation de quelques forums, j'ai craint pour Bugbear ou Badtrans mais après avoir fait fonctionner Spybot, Malwarebytes, Avast (en scan minutieux et les trois logiciels mis à jour juste avant), après avoir passé les utilitaires spécialisés pour les deux virus, toujours rien. J'ai donc lancé HijackThis mais je ne sais pas analyser le rapport. Pourriez-vous m'éclairer et éventuellement me dire comment me débarasser de ce problème svp ? J'avais déjà remarqué (mais ce depuis l'acquisition de l'ordinateur en décembre dernier)que dès que j'ouvre World Of Warcraft je suis obligé de passer mon clavier en qwerty, je ne sais pas si celà a un rapport. Merci d'avance... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:29:53, on 07/04/2012 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Windows\AsScrPro.exe C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Winamp\winamp.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Norbert\Downloads\hijackthis_telechargement_01net.exe C:\Users\Norbert\AppData\Local\Temp\01net\HiJackThis.exe C:\Users\Norbert\Downloads\AntiBugBear.exe C:\Users\Norbert\Downloads\FixBadtr.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Asus | MSN R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Navigateur incompatible | Facebook R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Asus | MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S O4 - HKLM\..\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [ROCCAT Pyra Mouse] "C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.EXE" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [Kujytuo] "C:\Users\Norbert\AppData\Roaming\kujytuo.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-3878662279-83073529-246682085-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3878662279-83073529-246682085-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: {Binda}.exe O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe O4 - Global Startup: FancyStart daemon.lnk = ? O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\x64\maconfservice.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: Intel® Turbo Boost Technology Monitor (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11319 bytes