Aller au contenu
Jim Dolorian

Suspicion d'infection par un virus type Bugbear

Messages recommandés

Bonsoir,

Je pense avoir été infecté par un virus de type bugbear.

Ma touche ^^ renvois toujours deux réponses.

 

Merci =).

 

Voici ce que me donne hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:47:35, on 05/02/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16912)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Users\coco\AppData\Local\Akamai\netsession_win.exe

C:\Users\coco\AppData\Roaming\Evmela\biegs.exe

C:\Users\coco\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe

C:\Program Files (x86)\Orange\Connexion Internet Orange\Launcher\Launcher.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Program Files (x86)\Orange\Connexion Internet Orange\systray\systrayapp.exe

C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe

C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe

C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\OraConfigRecover.exe

C:\program files (x86)\avira\antivir desktop\avcenter.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files (x86)\Orange\Connexion Internet Orange\SearchURLHook\SearchPageURL.dll

R3 - URLSearchHook: (no name) - {ef79f67a-6ad7-4715-a0f8-932fca442023} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\WINDOW~2\Datamngr\ToolBar\searchqudtx.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\WINDOW~2\Datamngr\ToolBar\searchqudtx.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [ORAHSSSessionManager] "C:\Program Files (x86)\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [DATAMNGR] C:\Program Files (x86)\WINDOW~2\Datamngr\DATAMN~1.EXE

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\coco\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [{E8B9155B-E45B-AD7F-6A2F-F2FE7C50D1E3}] C:\Users\coco\AppData\Roaming\Evmela\biegs.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Envoyer l'ℑ au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Envoyer à Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Envoyer au périphérique &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O20 - AppInit_DLLs: C:\Program Files (x86)\WINDOW~2\Datamngr\datamngr.dll C:\Program Files (x86)\WINDOW~2\Datamngr\IEBHO.dll

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Akamai NetSession Interface (Akamai) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira Planificateur (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Protection temps réel (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe

O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Superfetch (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: WireHelpSvc - Unknown owner - C:\Program Files\Common Files\WireHelpSvc.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

 

--

End of file - 25744 bytes

Partager ce message


Lien à poster
Partager sur d’autres sites

Bonjour,

 

 

Télécharger Usb Fix , sur le bureau

 

Installez le avec les paramètres par défault

Vous devez désactiver la protection en temps réel de votre Antivirus qui peut considérer certains composants de ce logiciel comme néfastes.

Pour cela, faites un clic droit sur l'icône de l'antivirus en bas à droite à côté de l'horloge puis Disable Guard ou Shield ou Résident...

Brancher les périphériques externes (clé USB, disque dur externe, etc...) sans les ouvrir

Si vous êtes sous Vista:Désactiver L'UAC ,avant utilisation.

 

Faire un Clic-droit sur le raccourci Usbfix sur le bureau et choisir "Exécuter en tant qu'administrateur".

 

Lancer l' option 1(Recherche)

le rapport UsbFix.txt est sauvegardé à la racine du disque .

Faites en un copier/coller dans le bloc notes pour le poster.

 

Ensuite,

Lancer l'option 2(Suppression)

Le bureau disparait et le pc redémarre

Patientez le temps du scan.

le rapport UsbFix.txt est sauvegardé à la racine du disque

Faites en un copier/coller dans le bloc notes pour le poster.

Pour les rapports qui sont courts (ex. Malwarebytes, AD-R, USBFix, etc.), copiez/collez sur votre sujet

 

Vaccination

Pour vous éviter une infection ultérieure:

Lancer l' Option 3 (vaccination)

 

 

Pour Désinstaller UsbFix (après la désinfection)

Double clic sur le raccourci sur le bureau

Lancer l' option 5 ( Désinstaller ) ....

 

 

Télécharger RogueKiller (by tigzy) sur le bureau

 

Quitter tous les programmes

Lancer RogueKiller.exe.

Patienter le temps du Prescan ...

Cliquer sur Scan.

Cliquer sur Rapport et copier/coller le contenu

 

Nettoyage

 

Dans l'onglet "Registre", décocher les lignes suivantes:

(Lignes à décocher, si nécéssaire)

Cliquer sur Suppression. Cliquer sur r Rapport et copier/coller le contenu

Cliquer sur Host RAZ. Cliquer sur Rapport et copier/coller le contenu

Cliquer sur Proxy RAZ. Cliquer sur Rapport [/b]et copier/coller le contenu

Cliquer sur DNS RAZ. Cliquer sur Rapport[/b]etcopier/coller le contenu

Cliquer sur Racc. RAZ. Cliquer sur Rapport[/b] et copier coller le contenu du notepad

Dans l'onglet Driver, réparer les index SSDT suivants en faisant un clic droit sur leur ligne => Restaurer SSDT

(Liste des indexes)

 

Note. Le boutton Suppression ne sera pas accessible dans que le scan n'a pas été fait

C'est important car vous pouvez demander de décocher les éventuels faux positifs visible dans le scan.

 

Téléchargez MBAM

ICI

ou LA

Avant de lancer Mbam

Vous devez d'abord désactiver vos protections mais vous ne savez pas comment faire

Cliquer ici

Branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Exécuter avec droits d'administrateur.

Sous Vista , désactiver l'Uac

 

Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update et Launch soient cochées

MBAM démarrera automatiquement et enverra un message demandant de mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

mbam.jpg

Si le pare-feu demande l'autorisation de connecter MBAM, acceptez.

Une fois la mise à jour terminée, allez dans l'onglet Recherche.

Sélectionnez "Exécuter un examen complet"

Cliquez sur "Rechercher"

.L' analyse prendra un certain temps, soyez patient !

A la fin , un message affichera :

L'examen s'est terminé normalement.

Et un fichier Mbam.log apparaitra

 

 

 

Nettoyage

Relancez Mbam(Malewares'Bytes)

Sélectionnez "Exécuter un examen complet"

Cliquez sur "Rechercher"

L' analyse prendra un certain temps, soyez patient !

A la fin , un message affichera :

L'examen s'est terminé normalement.

Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

Copiez-collez ce rapport dans la prochaine réponse.

Partager ce message


Lien à poster
Partager sur d’autres sites

Merci pour votre réponse rapide.

 

Je voudrais ajouter que mon pare feu ne fonctionne pas.

 

Voila ce que donne UsbFix:

 

############################## | UsbFix V 7.081 | [Recherche]

 

Utilisateur: coco (Administrateur) # COCO-PC

Mis à jour le 05/02/2012 par El Desaparecido

Lancé à 11:47:06 | 06/02/2012

 

Site Web: http://eldesaparecido.com

Fichier suspect ? : http://eldesaparecido.com/upload.html

Contact: contact@eldesaparecido.com

 

PC: MEDION (X781x) (x64-based PC) # Notebook

CPU: Intel® Core i3 CPU M 330 @ 2.13GHz (2133)

RAM -> [ Total : 4014 | Free : 2285 ]

BIOS: BIOS Date: 10/22/09 17:13:05 Ver: 08.00.10

BOOT: Normal boot

 

OS: Microsoft Windows 7 Professionnel (6.1.7600 64-Bit) #

WB: Windows Internet Explorer 9.0.8112.16421

 

SC: Security Center Service [ (!) Disabled ]

WU: Windows Update Service [ Enabled ]

AV: Avira Desktop [ Enabled | Updated ]

FW: Windows FireWall Service [ (!) Disabled ]

 

C:\ (%systemdrive%) -> Disque fixe # 435 Go (76 Go libre(s) - 18%) [boot] # NTFS

D:\ -> Disque fixe # 30 Go (22 Go libre(s) - 74%) [Recover] # NTFS

E:\ -> CD-ROM

F:\ -> CD-ROM

 

################## | Processus Actif |

 

C:\Windows\system32\csrss.exe (480)

C:\Windows\system32\wininit.exe (540)

C:\Windows\system32\csrss.exe (560)

C:\Windows\system32\services.exe (604)

C:\Windows\system32\lsass.exe (620)

C:\Windows\system32\lsm.exe (628)

C:\Windows\system32\winlogon.exe (708)

C:\Windows\system32\svchost.exe (776)

C:\Windows\system32\svchost.exe (864)

C:\Windows\system32\atiesrxx.exe (928)

C:\Windows\System32\svchost.exe (1004)

C:\Windows\System32\svchost.exe (368)

C:\Windows\system32\svchost.exe (380)

C:\Windows\system32\svchost.exe (1128)

C:\Windows\system32\svchost.exe (1240)

C:\Windows\system32\atieclxx.exe (1408)

C:\Windows\System32\spoolsv.exe (1536)

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (1564)

C:\Windows\SysWOW64\svchost.exe (1740)

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (1760)

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1780)

C:\Program Files\Bonjour\mDNSResponder.exe (1848)

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1880)

C:\Windows\System32\svchost.exe (1912)

C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (1956)

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (1992)

c:\xampp\mysql\bin\mysqld.exe (2016)

C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (2044)

C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe (1188)

C:\Windows\SysWOW64\PnkBstrA.exe (1324)

C:\Windows\system32\svchost.exe (552)

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (1176)

C:\Program Files\Common Files\WireHelpSvc.exe (2096)

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2124)

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (2152)

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2300)

C:\Windows\system32\taskhost.exe (2540)

C:\Windows\system32\Dwm.exe (2720)

C:\Windows\Explorer.EXE (2768)

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (1356)

C:\Windows\system32\conhost.exe (1352)

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2388)

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (2424)

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (2420)

C:\Users\coco\AppData\Local\Akamai\netsession_win.exe (2408)

C:\Users\coco\AppData\Roaming\Evmela\biegs.exe (2856)

C:\Users\coco\AppData\Local\Akamai\netsession_win.exe (2460)

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (3284)

C:\Windows\system32\SearchIndexer.exe (3304)

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3328)

C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (3340)

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (3356)

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (3528)

C:\Program Files (x86)\Orange\Connexion Internet Orange\Launcher\Launcher.exe (3564)

C:\Windows\system32\svchost.exe (3928)

C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe (4024)

C:\Windows\System32\svchost.exe (3948)

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (4124)

C:\Program Files\Windows Media Player\wmpnetwk.exe (4144)

C:\Program Files (x86)\Orange\Connexion Internet Orange\systray\systrayapp.exe (4276)

C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe (4284)

C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe (4476)

C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\OraConfigRecover.exe (4576)

C:\Windows\system32\wbem\wmiprvse.exe (4696)

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (4932)

C:\Program Files (x86)\Mozilla Firefox\firefox.exe (2500)

C:\Windows\system32\wuauclt.exe (4768)

C:\Windows\servicing\TrustedInstaller.exe (2836)

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4172)

C:\Windows\system32\taskmgr.exe (4016)

C:\Windows\system32\SearchProtocolHost.exe (4316)

C:\Windows\system32\SearchFilterHost.exe (3176)

C:\UsbFix\Go.exe (4664)

C:\Windows\system32\wbem\wmiprvse.exe (2992)

 

################## | Éléments infectieux |

 

Présent! C:\Users\coco\AppData\Local\Temp\10-8_mobility_vista_win7_64_dd_ccc.exe

Présent! C:\Users\coco\AppData\Local\Temp\11-9_mobility_vista_win7_64_dd_ccc_ocl.exe

Présent! C:\Users\coco\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe

 

################## | Registre |

 

Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoResolveSearch

 

################## | Mountpoints2 |

 

HKCU\.\.\.\.\Explorer\MountPoints2\{58bbde01-ba4c-11df-9674-4061861ea256}

Shell\AutoRun\Command = F:\LaunchU3.exe -a

 

 

 

################## | Vaccin |

 

(!) Cet ordinateur n'est pas vacciné!

 

################## | E.O.F |

 

 

 

 

############################# | UsbFix V 7.081 | [suppression]

 

Utilisateur: coco (Administrateur) # COCO-PC

Mis à jour le 05/02/2012 par El Desaparecido

Lancé à 12:02:08 | 06/02/2012

 

Site Web: http://eldesaparecido.com

Fichier suspect ? : http://eldesaparecido.com/upload.html

Contact: contact@eldesaparecido.com

 

PC: MEDION (X781x) (x64-based PC) # Notebook

CPU: Intel® Core i3 CPU M 330 @ 2.13GHz (2133)

RAM -> [ Total : 4014 | Free : 2113 ]

BIOS: BIOS Date: 10/22/09 17:13:05 Ver: 08.00.10

BOOT: Normal boot

 

OS: Microsoft Windows 7 Professionnel (6.1.7600 64-Bit) #

WB: Windows Internet Explorer 9.0.8112.16421

 

SC: Security Center Service [ (!) Disabled ]

WU: Windows Update Service [ Enabled ]

AV: Avira Desktop [ Enabled | Updated ]

FW: Windows FireWall Service [ (!) Disabled ]

 

C:\ (%systemdrive%) -> Disque fixe # 435 Go (76 Go libre(s) - 17%) [boot] # NTFS

D:\ -> Disque fixe # 30 Go (22 Go libre(s) - 74%) [Recover] # NTFS

E:\ -> CD-ROM

F:\ -> CD-ROM

 

################## | Processus Actif |

 

C:\Windows\system32\csrss.exe (480)

C:\Windows\system32\wininit.exe (540)

C:\Windows\system32\csrss.exe (560)

C:\Windows\system32\services.exe (604)

C:\Windows\system32\lsass.exe (620)

C:\Windows\system32\lsm.exe (628)

C:\Windows\system32\winlogon.exe (708)

C:\Windows\system32\svchost.exe (776)

C:\Windows\system32\svchost.exe (864)

C:\Windows\system32\atiesrxx.exe (928)

C:\Windows\System32\svchost.exe (1004)

C:\Windows\System32\svchost.exe (368)

C:\Windows\system32\svchost.exe (380)

C:\Windows\system32\svchost.exe (1128)

C:\Windows\system32\svchost.exe (1240)

C:\Windows\system32\atieclxx.exe (1408)

C:\Windows\System32\spoolsv.exe (1536)

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (1564)

C:\Windows\SysWOW64\svchost.exe (1740)

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (1760)

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1780)

C:\Program Files\Bonjour\mDNSResponder.exe (1848)

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1880)

C:\Windows\System32\svchost.exe (1912)

C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (1956)

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (1992)

c:\xampp\mysql\bin\mysqld.exe (2016)

C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (2044)

C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe (1188)

C:\Windows\SysWOW64\PnkBstrA.exe (1324)

C:\Windows\system32\svchost.exe (552)

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (1176)

C:\Program Files\Common Files\WireHelpSvc.exe (2096)

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2124)

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (2152)

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2300)

C:\Windows\system32\taskhost.exe (2540)

C:\Windows\system32\Dwm.exe (2720)

C:\Windows\Explorer.EXE (2768)

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (1356)

C:\Windows\system32\conhost.exe (1352)

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2388)

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (2424)

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (2420)

C:\Users\coco\AppData\Local\Akamai\netsession_win.exe (2408)

C:\Users\coco\AppData\Roaming\Evmela\biegs.exe (2856)

C:\Users\coco\AppData\Local\Akamai\netsession_win.exe (2460)

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (3284)

C:\Windows\system32\SearchIndexer.exe (3304)

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3328)

C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (3340)

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (3356)

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (3528)

C:\Program Files (x86)\Orange\Connexion Internet Orange\Launcher\Launcher.exe (3564)

C:\Windows\system32\svchost.exe (3928)

C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe (4024)

C:\Windows\System32\svchost.exe (3948)

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (4124)

C:\Program Files\Windows Media Player\wmpnetwk.exe (4144)

C:\Program Files (x86)\Orange\Connexion Internet Orange\systray\systrayapp.exe (4276)

C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe (4284)

C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe (4476)

C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\OraConfigRecover.exe (4576)

C:\Windows\system32\wbem\wmiprvse.exe (4696)

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (4932)

C:\Program Files (x86)\Mozilla Firefox\firefox.exe (2500)

C:\Windows\system32\wuauclt.exe (4768)

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4172)

C:\Windows\system32\taskmgr.exe (4016)

C:\Windows\system32\wbem\wmiprvse.exe (2992)

C:\Windows\system32\taskhost.exe (4264)

C:\Windows\SysWOW64\NOTEPAD.EXE (2976)

C:\UsbFix\Go.exe (896)

 

################## | Processus Stoppés |

 

Stoppé! C:\Windows\system32\atiesrxx.exe (928)

Stoppé! C:\Windows\system32\atieclxx.exe (1408)

Stoppé! C:\Windows\System32\spoolsv.exe (1536)

Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (1564)

Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (1760)

Stoppé! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1780)

Stoppé! C:\Program Files\Bonjour\mDNSResponder.exe (1848)

Stoppé! C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1880)

Stoppé! C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (1956)

Stoppé! C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (1992)

Stoppé! c:\xampp\mysql\bin\mysqld.exe (2016)

Stoppé! C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (2044)

Stoppé! C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe (1188)

Stoppé! C:\Windows\SysWOW64\PnkBstrA.exe (1324)

Stoppé! C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (1176)

Stoppé! C:\Program Files\Common Files\WireHelpSvc.exe (2096)

Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2124)

Stoppé! C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (2152)

Stoppé! C:\Windows\system32\taskhost.exe (2540)

Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (1356)

Stoppé! C:\Windows\system32\conhost.exe (1352)

Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2388)

Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (2424)

Stoppé! C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (2420)

Stoppé! C:\Users\coco\AppData\Local\Akamai\netsession_win.exe (2408)

Stoppé! C:\Users\coco\AppData\Roaming\Evmela\biegs.exe (2856)

Stoppé! C:\Users\coco\AppData\Local\Akamai\netsession_win.exe (2460)

Stoppé! C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (3284)

Stoppé! C:\Windows\system32\SearchIndexer.exe (3304)

Stoppé! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3328)

Stoppé! C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (3340)

Stoppé! C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (3356)

Stoppé! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (3528)

Stoppé! C:\Program Files (x86)\Orange\Connexion Internet Orange\Launcher\Launcher.exe (3564)

Stoppé! C:\Program Files (x86)\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe (4024)

Stoppé! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (4124)

Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (4144)

Stoppé! C:\Program Files (x86)\Orange\Connexion Internet Orange\systray\systrayapp.exe (4276)

Stoppé! C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\connectivitymanager.exe (4284)

Stoppé! C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\CoreCom.exe (4476)

Stoppé! C:\Program Files (x86)\Orange\Connexion Internet Orange\connectivity\CoreCom\OraConfigRecover.exe (4576)

Stoppé! C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (4932)

Stoppé! C:\Program Files (x86)\Mozilla Firefox\firefox.exe (2500)

Stoppé! C:\Windows\system32\wuauclt.exe (4768)

Stoppé! C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4172)

Stoppé! C:\Windows\system32\taskmgr.exe (4016)

Stoppé! C:\Windows\system32\taskhost.exe (4264)

 

################## | Éléments infectieux |

 

Supprimé! C:\Users\coco\AppData\Local\Temp\10-8_mobility_vista_win7_64_dd_ccc.exe

Supprimé! C:\Users\coco\AppData\Local\Temp\11-9_mobility_vista_win7_64_dd_ccc_ocl.exe

Supprimé! C:\Users\coco\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe

Supprimé! C:\$RECYCLE.BIN\S-1-5-20

Supprimé! C:\$RECYCLE.BIN\S-1-5-21-2785893074-595747820-1594240593-1000

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-1292132930-1676903531-2991972072-1000

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-1519444400-1794461273-710662950-500

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-2149421345-3150679066-3066144613-500

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-2182524660-674847601-3640508224-500

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-2785893074-595747820-1594240593-1000

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-3122571555-3205367151-3062972803-1000

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-4057543656-1902096578-4069866551-500

Supprimé! D:\$RECYCLE.BIN\S-1-5-21-900403819-932455162-659764423-1000

 

(!) Fichiers temporaires supprimés.

 

################## | Registre |

 

Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoResolveSearch

 

################## | Mountpoints2 |

 

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{58bbde01-ba4c-11df-9674-4061861ea256}

 

################## | Listing |

 

[06/02/2012 - 12:03:42 | SHD ] C:\$Recycle.Bin

[15/04/2011 - 17:26:26 | D ] C:\56e05bdfcb686d0270fdecb448410c

[16/09/2011 - 16:39:37 | D ] C:\770a90d92908eec2e112814fd8e1e050

[12/04/2011 - 10:17:26 | N | 0] C:\AdobeDebug.txt

[06/06/2011 - 11:23:27 | D ] C:\AMD

[26/08/2010 - 18:58:58 | D ] C:\ATI

[10/06/2009 - 22:42:20 | N | 24] C:\autoexec.bat

[10/06/2009 - 22:42:20 | N | 10] C:\config.sys

[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings

[28/12/2011 - 11:50:54 | D ] C:\Down

[12/10/2010 - 22:20:29 | D ] C:\e45d6c3994caa493a08cd34f21

[07/11/2007 - 07:00:40 | N | 17734] C:\eula.1028.txt

[07/11/2007 - 07:00:40 | N | 17734] C:\eula.1031.txt

[07/11/2007 - 07:00:40 | N | 10134] C:\eula.1033.txt

[07/11/2007 - 07:00:40 | N | 17734] C:\eula.1036.txt

[07/11/2007 - 07:00:40 | N | 17734] C:\eula.1040.txt

[07/11/2007 - 07:00:40 | N | 118] C:\eula.1041.txt

[07/11/2007 - 07:00:40 | N | 17734] C:\eula.1042.txt

[07/11/2007 - 07:00:40 | N | 17734] C:\eula.2052.txt

[07/11/2007 - 07:00:40 | N | 17734] C:\eula.3082.txt

[23/04/2011 - 08:48:48 | D ] C:\found.000

[07/11/2007 - 07:00:40 | N | 1110] C:\globdata.ini

[06/02/2012 - 11:37:56 | ASH | 3156795392] C:\hiberfil.sys

[07/11/2007 - 07:44:20 | N | 855040] C:\install.exe

[07/11/2007 - 07:00:40 | N | 843] C:\install.ini

[07/11/2007 - 07:44:20 | N | 75280] C:\install.res.1028.dll

[07/11/2007 - 07:44:20 | N | 95248] C:\install.res.1031.dll

[07/11/2007 - 07:44:20 | N | 90128] C:\install.res.1033.dll

[07/11/2007 - 07:44:20 | N | 96272] C:\install.res.1036.dll

[07/11/2007 - 07:44:20 | N | 94224] C:\install.res.1040.dll

[07/11/2007 - 07:44:20 | N | 80400] C:\install.res.1041.dll

[07/11/2007 - 07:44:20 | N | 78864] C:\install.res.1042.dll

[07/11/2007 - 07:44:20 | N | 74768] C:\install.res.2052.dll

[07/11/2007 - 07:44:20 | N | 95248] C:\install.res.3082.dll

[30/03/2010 - 16:45:38 | D ] C:\Intel

[31/03/2010 - 13:12:12 | N | 0] C:\IO.SYS

[31/03/2010 - 13:12:12 | N | 0] C:\MSDOS.SYS

[31/03/2010 - 08:38:51 | RHD ] C:\MSOCache

[06/02/2012 - 11:37:57 | ASH | 4209061888] C:\pagefile.sys

[28/12/2011 - 11:50:38 | D ] C:\Perfect World Entertainment

[14/07/2009 - 04:20:08 | D ] C:\PerfLogs

[05/02/2012 - 23:17:54 | D ] C:\Program Files

[06/02/2012 - 11:34:12 | D ] C:\Program Files (x86)

[05/02/2012 - 20:58:11 | HD ] C:\ProgramData

[26/08/2010 - 18:41:33 | SHD ] C:\Recovery

[28/10/2010 - 12:40:31 | D ] C:\Riot Games

[04/10/2011 - 16:15:31 | N | 81686] C:\shared.log

[05/02/2012 - 21:53:35 | SHD ] C:\System Volume Information

[06/02/2012 - 12:03:43 | D ] C:\UsbFix

[06/02/2012 - 12:02:33 | A | 12662] C:\UsbFix.txt

[26/08/2010 - 18:44:15 | D ] C:\Users

[07/11/2007 - 07:00:40 | N | 5686] C:\vcredist.bmp

[07/11/2007 - 07:09:22 | N | 1442522] C:\VC_RED.cab

[07/11/2007 - 07:12:28 | N | 232960] C:\VC_RED.MSI

[06/02/2012 - 11:32:56 | D ] C:\Windows

[15/02/2011 - 20:43:33 | D ] C:\xampp

[06/02/2012 - 12:03:43 | SHD ] D:\$RECYCLE.BIN

[30/03/2010 - 16:43:15 | D ] D:\DRIVER

[26/04/2010 - 12:29:57 | D ] D:\RECOVER

[26/04/2010 - 10:09:50 | N | 95] D:\SWCONF.dat

[26/02/2010 - 13:45:03 | SHD ] D:\System Volume Information

[26/02/2010 - 16:47:55 | D ] D:\TOOLS

 

################## | Vaccin |

 

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

 

################## | Upload |

 

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_COCO-PC.zip

http://eldesaparecido.com/upload.html

Merci de votre contribution.

 

################## | E.O.F |

 

Rogue Killer :

 

RogueKiller V7.0.3 [06/02/2012] par Tigzy

mail: tigzyRK<at>gmail<dot>com

Remontees: [RogueKiller] Remontées (1/45)

Blog: tigzy-RK

 

Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version

Demarrage : Mode normal

Utilisateur: coco [Droits d'admin]

Mode: Recherche -- Date : 06/02/2012 12:07:49

 

¤¤¤ Processus malicieux: 0 ¤¤¤

 

¤¤¤ Entrees de registre: 10 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : {E8B9155B-E45B-AD7F-6A2F-F2FE7C50D1E3} (C:\Users\coco\AppData\Roaming\Evmela\biegs.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-2785893074-595747820-1594240593-1000[...]\Run : {E8B9155B-E45B-AD7F-6A2F-F2FE7C50D1E3} (C:\Users\coco\AppData\Roaming\Evmela\biegs.exe) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

 

¤¤¤ Driver: [NON CHARGE] ¤¤¤

 

¤¤¤ Infection : ¤¤¤

 

¤¤¤ Fichier HOSTS: ¤¤¤

127.0.0.1 localhost

127.0.0.1 genuine.microsoft.com

127.0.0.1 mpa.one.microsoft.com

127.0.0.1 sa.windows.com

127.0.0.1 se.windows.com

127.0.0.1 ie.search.msn.com

127.0.0.1 wustat.windows.com

127.0.0.1 wutrack.windows.com

127.0.0.1 catalog.microsoft.com

127.0.0.1 sls.microsoft.com

127.0.0.1 spynet2.microsoft.com

127.0.0.1 spynettest.microsoft.com

127.0.0.1 activation.guitar-pro.com

 

 

¤¤¤ MBR Verif: ¤¤¤

 

+++++ PhysicalDrive0: ST9500325AS +++++

--- User ---

[MBR] dbc9d427d53fbb122228d5942fe4ff49

[bSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 445091 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 911753216 | Size: 30720 Mo

3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 974667776 | Size: 1027 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Termine : << RKreport[1].txt >>

RKreport[1].txt

 

 

 

 

 

 

 

^RogueKiller V7.0.3 [06/02/2012] par Tigzy

mail: tigzyRK<at>gmail<dot>com

Remontees: [RogueKiller] Remontées (1/45)

Blog: tigzy-RK

 

Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version

Demarrage : Mode normal

Utilisateur: coco [Droits d'admin]

Mode: Suppression -- Date : 06/02/2012 12:10:11

 

¤¤¤ Processus malicieux: 0 ¤¤¤

 

¤¤¤ Entrees de registre: 9 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : {E8B9155B-E45B-AD7F-6A2F-F2FE7C50D1E3} (C:\Users\coco\AppData\Roaming\Evmela\biegs.exe) -> DELETED

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

 

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

 

¤¤¤ Driver: [NON CHARGE] ¤¤¤

 

¤¤¤ Infection : ¤¤¤

 

¤¤¤ Fichier HOSTS: ¤¤¤

127.0.0.1 localhost

127.0.0.1 genuine.microsoft.com

127.0.0.1 mpa.one.microsoft.com

127.0.0.1 sa.windows.com

127.0.0.1 se.windows.com

127.0.0.1 ie.search.msn.com

127.0.0.1 wustat.windows.com

127.0.0.1 wutrack.windows.com

127.0.0.1 catalog.microsoft.com

127.0.0.1 sls.microsoft.com

127.0.0.1 spynet2.microsoft.com

127.0.0.1 spynettest.microsoft.com

127.0.0.1 activation.guitar-pro.com

 

 

¤¤¤ MBR Verif: ¤¤¤

 

+++++ PhysicalDrive0: ST9500325AS +++++

--- User ---

[MBR] dbc9d427d53fbb122228d5942fe4ff49

[bSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 445091 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 911753216 | Size: 30720 Mo

3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 974667776 | Size: 1027 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Termine : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

 

RogueKiller V7.0.3 [06/02/2012] par Tigzy

mail: tigzyRK<at>gmail<dot>com

Remontees: [RogueKiller] Remontées (1/45)

Blog: tigzy-RK

 

Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version

Demarrage : Mode normal

Utilisateur: coco [Droits d'admin]

Mode: Proxy RAZ -- Date : 06/02/2012 12:10:42

 

¤¤¤ Processus malicieux: 0 ¤¤¤

 

¤¤¤ Driver: [NON CHARGE] ¤¤¤

 

¤¤¤ Entrees de registre: 0 ¤¤¤

 

Termine : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

 

 

RogueKiller V7.0.3 [06/02/2012] par Tigzy

mail: tigzyRK<at>gmail<dot>com

Remontees: [RogueKiller] Remontées (1/45)

Blog: tigzy-RK

 

Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version

Demarrage : Mode normal

Utilisateur: coco [Droits d'admin]

Mode: DNS RAZ -- Date : 06/02/2012 12:11:05

 

¤¤¤ Processus malicieux: 0 ¤¤¤

 

¤¤¤ Driver: [NON CHARGE] ¤¤¤

 

¤¤¤ Entrees de registre: 0 ¤¤¤

 

Termine : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

 

RogueKiller V7.0.3 [06/02/2012] par Tigzy

mail: tigzyRK<at>gmail<dot>com

Remontees: [RogueKiller] Remontées (1/45)

Blog: tigzy-RK

 

Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version

Demarrage : Mode normal

Utilisateur: coco [Droits d'admin]

Mode: Raccourcis RAZ -- Date : 06/02/2012 12:17:13

 

¤¤¤ Processus malicieux: 0 ¤¤¤

 

¤¤¤ Driver: [NON CHARGE] ¤¤¤

 

¤¤¤ Attributs de fichiers restaures: ¤¤¤

Bureau: Success 3 / Fail 0

Lancement rapide: Success 1 / Fail 0

Programmes: Success 14 / Fail 0

Menu demarrer: Success 1 / Fail 0

Dossier utilisateur: Success 64 / Fail 0

Mes documents: Success 1 / Fail 0

Mes favoris: Success 0 / Fail 0

Mes images: Success 0 / Fail 0

Ma musique: Success 2 / Fail 0

Mes videos: Success 0 / Fail 0

Disques locaux: Success 59 / Fail 0

Sauvegarde: [NOT FOUND]

 

Lecteurs:

[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored

[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored

[E:] \Device\CdRom0 -- 0x5 --> Skipped

[F:] \Device\CdRom1 -- 0x5 --> Skipped

 

¤¤¤ Infection : ¤¤¤

 

Termine : << RKreport[5].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

 

 

 

 

 

 

Malwarebytes Anti-Malware (Essai) 1.60.1.1000

www.malwarebytes.org

 

Version de la base de données: v2012.02.06.01

 

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

coco :: COCO-PC [administrateur]

 

Protection: Activé

 

06/02/2012 12:25:06

mbam-log-2012-02-06 (12-25-06).txt

 

Type d'examen: Examen complet

Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM

Options d'examen désactivées: P2P

Elément(s) analysé(s): 653504

Temps écoulé: 3 heure(s), 11 minute(s), 19 seconde(s)

 

Processus mémoire détecté(s): 0

(Aucun élément nuisible détecté)

 

Module(s) mémoire détecté(s): 0

(Aucun élément nuisible détecté)

 

Clé(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre détecté(s): 1

HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Mauvais: ("regedit.exe" "%1") Bon: (regedit.exe "%1") -> Mis en quarantaine et réparé avec succès

 

Dossier(s) détecté(s): 0

(Aucun élément nuisible détecté)

 

Fichier(s) détecté(s): 8

C:\ProgramData\VhhxBEvUjcMtwRtxMW\VhhxBEvUjcMtwRtxMW\1.0.1.0\cpQkbSfpZY.exe (Trojan.MSIL.Gen) -> Mis en quarantaine et supprimé avec succès.

C:\ProgramData\VhhxBEvUjcMtwRtxMW\VhhxBEvUjcMtwRtxMW\1.0.1.0\QMBVLCQaJJ.exe (Trojan.MSIL.Gen) -> Mis en quarantaine et supprimé avec succès.

C:\Users\coco\AppData\Local\Temp\tmp5032ce99\crnosok.exe (Trojan.Downloader) -> Mis en quarantaine et supprimé avec succès.

C:\Users\coco\AppData\Local\Xenocode\Sandbox\Stub\1.0.0.0\2010.11.28T01.47\Virtual\STUBEXE\8.0.1112\@PROFILE@\Downloads\boudbid_BOT_product.exe (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès.

C:\Users\coco\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1aa8a1e-204db27c (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès.

C:\Users\coco\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\1a77c1ed-7ffe83f6 (Trojan.Downloader) -> Mis en quarantaine et supprimé avec succès.

C:\Users\coco\AppData\Roaming\Evmela\biegs.exe (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès.

C:\Users\coco\Desktop\RK_Quarantine\biegs.exe.vir (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès.

 

(fin)

Modifié par Jim Dolorian

Partager ce message


Lien à poster
Partager sur d’autres sites
Je voudrais ajouter que mon pare feu ne fonctionne pas.

 

Désinstallez/réinstallez ou remplacez le.

 

Hijackthis ne vaut plus guère!

 

Lancez cet outil de diagnostic:

Téléchargez ZhpDiag de Coolman

Double-cliquer sur ZHPDiag.exe pour installer l'outil

Sur le bureau ,il y aura 3 icônes

zhp0710.png

 

Sous XP, double clic sur l'icône ZhpDiag

Sous Vista/7, faire un clic droit et Exécuter en tant qu'administrateur

ZHPDiag.jpg

Cliquez sur le tournevis et choisissez Tous

En cas de blocage, sur O80 par exemple, cliquez sur le tournevis pour le décocher

 

Clic sur la Loupe pour lancer le scan

Postez le rapport ZhpDiag.txt qui apparait sur le bureau

Comment poster les rapports

Vous copiez/collez tout ou partie des rapports dans un ou plusieurs messages.

Autre solution:

Aller sur le site :Ci-Jointicne2cjoint.png

Appuyez sur Parcourir et chercher les rapports sur le disque,

Ensuite appuyez sur Créer le lien CJoint,

>> dans la page suivante --> ,,

une adresse http//.. sera créée

Copier /coller cette adresse dans votre prochain message.

 

Partager ce message


Lien à poster
Partager sur d’autres sites

Vous devez trouver sur le bureau ou ,sinon, dans le dossier où vous avez installé Zhpdiag ces 3 icônes .

zhp0710.png

Cliquer sur l'icône Zhpfix

Sous Vista/7 clic-droit, "Exécuter En tant qu'Administrateur

Copiez/Collez les lignes vertes dans le cadre ci dessous:

pour cela;

Clic gauche maintenu enfoncé, Balayer l'ensemble du texte à copier avec la souris pour le mettre en surbrillance ,de gauche à droite et de haut en bas

Ctrl+c mettre le tout en mémoire

Ctrl+v pour inscrire le texte dans le Document

Vous ne verrez rien avant d'avoir Cliqué sur le H- PanelHelper.jpg

 

PROCESSUS MALWARE (Rootkit, trojan, ver, spyware, adware,...)

[MD5.D9C37A72B871BCB0844AF097070FCF1E] - (.Bandoo Media, inc - Data Manager.) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe [1599888] [PID.2960] => Infection BT (Adware.Bandoo)

M2 - MFEP: prefs.js [coco - bg7ax0xp.default\{99079a25-328f-4bd4-be04-00955acaa0a7}] [] Searchqu Toolbar v4.3.1.00 (.Visicom Media Inc..) => Infection PUP (Adware.Bandoo)

R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0 => Infection Rogue (Possible)

O2 - BHO: Searchqu Toolbar [64Bits] - {99079a25-328f-4bd4-be04-00955acaa0a7} . (.Pas de propriétaire - dtx Dynamic Link Library.) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll => Infection BT (Adware.Bandoo)

O4 - HKLM\..\Wow6432Node\Run: [DATAMNGR] . (.Bandoo Media, inc - Data Manager.) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe => Infection BT (Adware.Bandoo)

O20 - AppInit_DLLs: . (.Bandoo Media, inc - Data Manager.) - C:\Program Files (x86)\WINDOW~2\Datamngr\x64\datamngr.dll => Infection BT (Adware.Bandoo)

O42 - Logiciel: Windows Searchqu Toolbar - (.Bandoo Media Inc.) [HKLM] -- Searchqu 0 MediaBar => Infection BT (Adware.Bandoo)

[HKCU\Software\AppDataLow\Software\searchqutoolbar] => Infection PUP (Adware.Bandoo)

[HKCU\Software\DataMngr] => Infection PUP (PUP.BearShare)

[HKLM\Software\DataMngr] => Infection PUP (PUP.BearShare)

[HKLM\Software\SearchquMediabarTb] => Infection PUP (Adware.Bandoo)

O43 - CFD: 25/09/2011 - 13:51:12 - [14,161] ----D- C:\Program Files (x86)\Windows Searchqu Toolbar => Infection BT (Adware.Bandoo)

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "http://www.searchqu.com//web?src=ffb&appid=0&systemid=410&sr=0&q="); => Infection BT (Adware.Bandoo)

O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} [DefaultScope] - (Web Search) - http://www.searchqu.com => Infection BT (Adware.Bandoo)

O87 - FAEL: "{8FA1DCC0-DDF8-490A-A93D-A12F81D6F1A6}" | In - Private - P6 - TRUE | .(.Visicom Media Inc. - DTX broker.) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe => Infection BT (Adware.Bandoo)

O87 - FAEL: "{E817560F-2EFF-43A9-8115-A7DC598CD13D}" | In - Private - P17 - TRUE | .(.Visicom Media Inc. - DTX broker.) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe => Infection BT (Adware.Bandoo)

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] => Infection BT (Adware.Bandoo)

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] => Infection BT (Adware.Bandoo)

[HKLM\Software\WOW6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] => Infection BT (Adware.Bandoo)

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] => Infection BT (Adware.Bandoo)

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] => Infection BT (Adware.Bandoo)

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}] => Infection BT (Adware.Bandoo)

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}] => Infection BT (Adware.Bandoo)

[HKLM\Software\WOW6432Node\DataMngr] => Infection PUP (PUP.BearShare)

[HKLM\Software\WOW6432Node\SearchquMediabarTb] => Infection PUP (Adware.Bandoo)

[HKLM\Software\Wow6432Node\mIRC\OpenCandy] => Infection PUP (Adware.OpenCandy)

C:\Users\coco\AppData\LocalLow\searchquband => Infection BT

C:\Users\coco\AppData\LocalLow\searchqutoolbar => Infection PUP (Adware.Bandoo)

C:\Users\coco\AppData\Local\Temp\OpenCandy => Infection PUP (Adware.OpenCandy)

C:\Program Files (x86)\Windows Searchqu Toolbar => Infection BT (Adware.Bandoo)

C:\Users\coco\AppData\Roaming\Mozilla\Firefox\Profiles\bg7ax0xp.default\searchqutoolbar => Infection PUP (Adware.Bandoo)

 

PROCESSUS SUPERFLU DU SYSTEME

O4 - HKCU\..\Run: [PlayNC Launcher] Clé orpheline => Orphean Key not necessary

O4 - HKUS\S-1-5-21-2785893074-595747820-1594240593-1000\..\Run: [PlayNC Launcher] Clé orpheline => Orphean Key not necessary

[MD5.00000000000000000000000000000000] [APT] [{1E4647DA-D343-4479-807E-30554BD966FC}] (...) -- C:\Program Files (x86)\KillingFloor\KillingFloor\KF_revLoader.exe (.not file.) => Fichier absent

[MD5.00000000000000000000000000000000] [APT] [{723D3D40-3DA7-4FBD-8812-5BD6E81BA15E}] (...) -- C:\Program Files (x86)\Black Isle\BGII - SoA\baldur.exe (.not file.) => Fichier absent

O43 - CFD: 11/04/2011 - 17:31:44 - [0,002] ----D- C:\ProgramData\regid.1986-12.com.adobe

O43 - CFD: 05/09/2011 - 11:26:14 - [0] ----D- C:\Users\coco\AppData\Local\28050 => Empty Folder not necessary

O43 - CFD: 19/01/2012 - 11:35:08 - [0] ----D- C:\Users\coco\AppData\Local\SCE => Empty Folder not necessary

O43 - CFD: 28/03/2011 - 11:02:50 - [0] ----D- C:\Users\coco\AppData\Local\Wings of Prey => Empty Folder not necessary

O43 - CFD: 16/04/2011 - 08:39:46 - [0] ----D- C:\Users\coco\AppData\Local\{67109EBE-A773-4AF9-A0A8-51FFB24F61D1} => Empty Folder not necessary

O43 - CFD: 10/04/2011 - 17:34:56 - [0] ----D- C:\Users\coco\AppData\Local\{82A7E5EC-A213-4B75-BD2F-69D6402D8990} => Empty Folder not necessary

O43 - CFD: 11/04/2011 - 11:41:40 - [0] ----D- C:\Users\coco\AppData\Local\{86703F31-F03E-4945-82F6-815906036ABE} => Empty Folder not necessary

O43 - CFD: 01/04/2011 - 20:57:20 - [0] ----D- C:\Users\coco\AppData\Local\{E02C1177-E75E-48D3-89DE-648FBE2A0741} => Empty Folder not necessary

O53 - SMSR:HKLM\...\startupreg\HFALoader [Key] . (...) -- C:\Program Files (x86)\Hamster Soft\Free Zip Archiver\Hamster.Archiver.UI.exe (.not file.) => Fichier absent

C:\Users\coco\AppData\Roaming\BitTorrent\Atomix Virtual DJ Pro V6.1.1 Full cracked by Belin (les crackers).rar.torrent => Crack, KeyGen, Keymaker - Possible Malware

C:\Users\coco\Desktop\dl\alt.binaries.nl\ToonTrack EZ Drummer VSTi RTAS v1 2 1 x86 x64 UPDATE Incl Keygen-AiR.rar => Crack, KeyGen, Keymaker - Possible Malware

C:\Users\coco\AppData\Roaming\BitTorrent\Atomix Virtual DJ Pro V6.1.1 Full cracked by Belin (les crackers).rar.torrent => Crack, KeyGen, Keymaker - Possible Malware

C:\Users\coco\Desktop\dl\alt.binaries.nl\ToonTrack EZ Drummer VSTi RTAS v1 2 1 x86 x64 UPDATE Incl Keygen-AiR.rar => Crack, KeyGen, Keymaker - Possible Malware

O87 - FAEL: "{26743AB3-78D6-4679-93B3-190105E091D9}" |In - Public - P6 - TRUE | .(...) -- C:\Users\coco\AppData\Local\Temp\Blizzard Installer Bootstrap - 0005b99e\Installer.exe (.not file.) => Fichier absent

O87 - FAEL: "{28266D91-3DFD-452A-8E98-E7AA37F39141}" |In - Public - P17 - TRUE | .(...) -- C:\Users\coco\AppData\Local\Temp\Blizzard Installer Bootstrap - 0005b99e\Installer.exe (.not file.) => Fichier absent

O87 - FAEL: "TCP Query User{8997DF1B-9D06-49FE-9C82-9BED6B66FEA6}C:\program files (x86)\pfportchecker\pfportchecker.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\pfportchecker\pfportchecker.exe (.not file.) => Fichier absent

O87 - FAEL: "UDP Query User{C50B2B4A-7629-42E3-8949-F0EDBCAF8F02}C:\program files (x86)\pfportchecker\pfportchecker.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\pfportchecker\pfportchecker.exe (.not file.) => Fichier absent

O87 - FAEL: "TCP Query User{0CE59A07-7E10-4A69-BDAB-BA15DE739158}C:\program files (x86)\ggpo\ggpo.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\ggpo\ggpo.exe (.not file.) => Fichier absent

O87 - FAEL: "UDP Query User{E40513CD-5AFA-47AD-B5B0-46B84C91D069}C:\program files (x86)\ggpo\ggpo.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\ggpo\ggpo.exe (.not file.) => Fichier absent

O87 - FAEL: "TCP Query User{7B9A2F0A-17E9-49CD-BDD1-F7B22C86C5A2}C:\program files (x86)\ggpo\ggpofba.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\ggpo\ggpofba.exe (.not file.) => Fichier absent

O87 - FAEL: "UDP Query User{21840081-B474-4F46-91BB-38B97524B11C}C:\program files (x86)\ggpo\ggpofba.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\ggpo\ggpofba.exe (.not file.) => Fichier absent

O87 - FAEL: "{526749AE-B1CA-4010-A504-652D6631996F}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Gaijin\Wings of Prey\launcher.exe (.not file.) => Fichier absent

O87 - FAEL: "{CC6F1833-CE19-4D65-8207-C7D67CFA2396}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Gaijin\Wings of Prey\launcher.exe (.not file.) => Fichier absent

O87 - FAEL: "{5F012ED9-D2C7-4118-890B-A7A58FCDAEA4}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Gaijin\Wings of Prey\aces.exe (.not file.) => Fichier absent

O87 - FAEL: "{77CBF78F-4268-43D5-A558-D0D527D0C13A}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Gaijin\Wings of Prey\aces.exe (.not file.) => Fichier absent

O87 - FAEL: "{72A4FA47-8CE3-46AC-912B-F72C8B2B11B8}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Gaijin\Wings of Prey\yuPlay\yuPlay.exe (.not file.) => Fichier absent

O87 - FAEL: "{F33D8E96-7E44-4A76-B400-B2CB836C6A01}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Gaijin\Wings of Prey\yuPlay\yuPlay.exe (.not file.) => Fichier absent

O87 - FAEL: "{CC021135-920E-4663-8E10-5A53619C6719}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe (.not file.) => Fichier absent

O87 - FAEL: "{54715B7C-2D7A-4C5B-B00B-2F11C0C90788}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe (.not file.) => Fichier absent

O87 - FAEL: "{0CCA43BD-C5F8-47C4-9E3F-1BBF06820BEA}" |In - Private - P6 - TRUE | .(...) -- C:\AeriaGames\EdenEternal-FR\Launcher.exe (.not file.) => Fichier absent

O87 - FAEL: "{748EDFF2-6A0C-42F1-97BF-451060E276C5}" |In - Private - P17 - TRUE | .(...) -- C:\AeriaGames\EdenEternal-FR\Launcher.exe (.not file.) => Fichier absent

O87 - FAEL: "{B89B3AAA-AF59-4EC2-B2A8-9BE73E1BFD01}" |In - Private - P6 - TRUE | .(...) -- C:\AeriaGames\EdenEternal-FR\_Launcher.exe (.not file.) => Fichier absent

O87 - FAEL: "{BA496C46-1F71-4E6F-8479-CAA02980D30E}" |In - Private - P17 - TRUE | .(...) -- C:\AeriaGames\EdenEternal-FR\_Launcher.exe (.not file.) => Fichier absent

 

TOOLBAR INUTILE (Navigateur internet)

M2 - MFEP: prefs.js [coco - bg7ax0xp.default\{ef79f67a-6ad7-4715-a0f8-932fca442023}] [] BittorrentBar_FR Community Toolbar v3.9.0.3 (.Conduit Ltd..) => Toolbar.Conduit

R3 - URLSearchHook: (no name) [64Bits] - {ef79f67a-6ad7-4715-a0f8-932fca442023} . (...) (No version) -- (.not file.) => Toolbar.Conduit

O43 - CFD: 28/09/2010 - 15:44:46 - [0,004] ----D- C:\Users\coco\AppData\Roaming\teamspeak2 => Toolbar.Conduit

O43 - CFD: 04/02/2012 - 20:46:02 - [0] ----D- C:\Users\coco\AppData\Local\Conduit => Toolbar.Conduit

O43 - CFD: 04/02/2012 - 17:18:58 - [0,609] ----D- C:\Program Files (x86)\Conduit => Toolbar.Conduit

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852..clientLogIsEnabled", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); => Toolbar.Conduit

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); => Toolbar.Conduit

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx"); => Toolbar.Conduit

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.AppTrackingLastCheckTime", "Mon Feb 06 2012 12:05:35 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.BrowserCompStateIsOpen_129642290922900978", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.CTID", "CT2849852"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.CurrentServerDate", "6-2-2012"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.DSInstall", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.DialogsAlignMode", "LTR"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.DialogsGetterLastCheckTime", "Sat Feb 04 2012 17:19:03 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.DownloadReferralCookieData", ""); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.EMailNotifierPollDate", "Sat Feb 04 2012 17:49:05 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.EnableClickToSearchBox", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.EnableSearchHistory", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.EnableSearchSuggest", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.FeedLastCount129349795937781608", 180); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.FeedPollDate129313974171006416", "Sat Feb 04 2012 20:44:20 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.FeedPollDate129313975698350231", "Sat Feb 04 2012 20:44:20 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.FeedPollDate129313976370850190", "Sat Feb 04 2012 20:44:20 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.FeedPollDate129313976648818968", "Sat Feb 04 2012 20:44:20 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.FeedPollDate129313977444757117", "Sat Feb 04 2012 20:44:20 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.FeedPollDate129313980389131455", "Sat Feb 04 2012 20:44:20 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.FeedPollDate129313980655381977", "Sat Feb 04 2012 20:44:20 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.FeedPollDate129313980886163259", "Sat Feb 04 2012 20:44:20 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.FeedPollDate129313981234756535", "Sat Feb 04 2012 20:44:21 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.FeedPollDate129313983226631720", "Sat Feb 04 2012 20:44:21 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.FeedPollDate129313983607725691", "Sat Feb 04 2012 20:44:21 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.FeedTTL129313974171006416", 10); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.FeedTTL129313977444757117", 15); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.FeedTTL129313980655381977", 5); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.FeedTTL129313981234756535", 5); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.FirstServerDate", "4-2-2012"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.FirstTime", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.FirstTimeFF3", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.FixPageNotFoundErrors", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.GroupingServerCheckInterval", 1440); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.GroupingServiceUrl", "http://grouping.services.conduit.com/"); => Toolbar.Conduit

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.HPInstall", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.HasUserGlobalKeys", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.HomePageProtectorEnabled", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.Initialize", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.InitializeCommonPrefs", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.InstallationAndCookieDataSentCount", 3); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.InstallationId", "ConduitXPEIntegration"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.InstallationType", "ConduitXPEIntegration"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.InstalledDate", "Sat Feb 04 2012 17:19:03 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.IsAlertDBUpdated", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.IsGrouping", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.IsInitSetupIni", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.IsMulticommunity", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.IsOpenThankYouPage", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.IsOpenUninstallPage", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.LanguagePackLastCheckTime", "Mon Feb 06 2012 19:01:26 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.LanguagePackReloadIntervalMM", 1440); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.LastLogin_3.9.0.3", "Mon Feb 06 2012 16:05:25 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.LatestVersion", "3.9.0.3"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.Locale", "fr"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.MCDetectTooltipHeight", "83"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.MCDetectTooltipShow", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.MCDetectTooltipWidth", "295"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.MyStuffEnabledAtInstallation", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.OriginalFirstVersion", "3.9.0.3"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.SHRINK_TOOLBAR", 1); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.SearchBackToDefaultEngine", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.SearchCaption", "BittorrentBar_FR Customized Web Search"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.SearchEngineBeforeUnload", "Google"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.SearchFromAddressBarIsInit", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=2&q="); => Toolbar.Conduit

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.SearchInNewTabEnabled", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.SearchInNewTabIntervalMM", 1440); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.SearchInNewTabLastCheckTime", "Mon Feb 06 2012 19:01:25 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); => Toolbar.Conduit

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.SearchInNewTabUserEnabled", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.SearchProtectorEnabled", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.SearchProtectorToolbarDisabled", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.SendProtectorDataViaLogin", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.ServiceMapLastCheckTime", "Mon Feb 06 2012 19:01:25 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.SettingsLastCheckTime", "Mon Feb 06 2012 16:16:13 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.SettingsLastUpdate", "1326994324"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2849852&SearchSource=13"); => Toolbar.Conduit

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.ThirdPartyComponentsInterval", 504); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.ThirdPartyComponentsLastCheck", "Sat Feb 04 2012 17:19:02 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.ThirdPartyComponentsLastUpdate", "1255344667"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.ToolbarShrinkedFromSetup", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.TrusteLinkUrl", "http://trust.conduit.com/CT2849852"); => Toolbar.Conduit

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit- => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.UserID", "UN71520763480499428"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.ValidationData_Search", 1); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.ValidationData_Toolbar", 0); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.WeatherNetwork", ""); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.WeatherPollDate", "Sat Feb 04 2012 17:49:05 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.WeatherUnit", "C"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.alertChannelId", "1241893"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.approveUntrustedApps", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.autoDisableScopes", -1); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.backendstorage.cbfirsttime", "5361742046656220303420323031322031373A31393A313620474D542B30313030"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.components.1000034", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.components.1000234", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.components.129349795936062815", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.components.129349795936375318", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.components.129349795937781608", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.components.129349795937937859", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.components.129349795937937860", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.components.129431554657187564", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.components.129642290922900978", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\": => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.homepageProtectorEnableByLogin", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.initDone", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.isAppTrackingManagerOn", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.isSearchProtectorNotifyChanges", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.myStuffEnabled", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.myStuffPublihserMinWidth", 400); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29 => Toolbar.Conduit

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx? => Toolbar.Conduit

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.searchProtectorDialogDelayInSec", 10); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.searchProtectorEnableByLogin", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.testingCtid", ""); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.toolbarAppMetaDataLastCheckTime", "Mon Feb 06 2012 19:01:27 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.toolbarContextMenuLastCheckTime", "Sat Feb 04 2012 17:19:05 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.usageEnabled", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CT2849852.usagesFlag", 2); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2849852/CT2849852", => Toolbar.Conduit

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849852", "\"1319755492\""); => Toolbar.Conduit

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=fr", "kLE3EoupXhh+ => Toolbar.Conduit

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"80ee9485875dcc1:0\"")[...] => Toolbar.Conduit

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849852", => Toolbar.Conduit

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\coco\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\bg7ax0xp.defa[...] => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.ToolbarsList", "CT2849852"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.ToolbarsList2", "CT2849852"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.ToolbarsList4", "CT2849852"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Feb 04 2012 17:19:05 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.globalUserId", "82efcb7a-df12-464d-84a3-bf9369df4759"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Feb 06 2012 03:20:44 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Feb 06 2012 12:05:34 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com"); => Toolbar.Conduit

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.notifications.locale", "en"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Feb 06 2012 19:01:25 GMT+0100"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com"); => Toolbar.Conduit

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.notifications.showTrayIcon", false); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.notifications.userId", "6c8898dd-1e03-4fa9-bdb3-64a6d35495e1"); => Toolbar.Agent

O69 - SBI: prefs.js [coco - bg7ax0xp.default] user_pref("CommunityToolbar.originalSearchEngine", "Google"); => Toolbar.Agent

O69 - SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (BittorrentBar_FR Customized Web Search) - http://search.conduit.com => Toolbar.Conduit

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}] => Toolbar.Agent

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] => Toolbar.Conduit

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] => Toolbar.Conduit

[HKLM\Software\Classes\Toolbar.CT2849852] => Toolbar.Agent

[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} => Toolbar.Ask

C:\Users\coco\AppData\Local\Conduit => Toolbar.Conduit

C:\Users\coco\AppData\LocalLow\Conduit => Toolbar.Conduit

C:\Program Files (x86)\Conduit => Toolbar.Conduit

 

 

EmptyFlash

EmptyTemp

FirewallRaz

110926125340285987.jpg

 

 

Cliquer sur "OK", ce qui fait apparaître un carré à gauche de chaque ligne.

110515101159971677.jpg

Cliquer sur "Tous" puis sur "Nettoyer" .

Redémarrer pour achever le nettoyage.

Un rapport apparait:

Capture1Rapport.JPG

Si le rapport n'apparait pas,cliquer surPanelRapport.jpg

Copier-coller le rapport de suppression dans la prochaine réponse.

Partager ce message


Lien à poster
Partager sur d’autres sites

Je n'arrive pas à réparer mon pare feu, si vous pouviez m'éclairer =).

Merci d'avance.

 

Rapport de ZHPFix 1.12.3380 par Nicolas Coolman, Update du 05/02/2011

Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-07-02-2012-11-08-37.txt

Run by coco at 07/02/2012 11:08:37

Windows 7 Business Edition, 64-bit (Build 7600)

Web site : ZHPFix Fix de rapport

Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com

 

========== Logiciel(s) ==========

ABSENT Software Key: Searchqu 0 MediaBar

 

========== Processus mémoire ==========

SUPPRIME Memory Process: C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe

 

========== Clé(s) du Registre ==========

ABSENT Key: CLSID BHO: {99079a25-328f-4bd4-be04-00955acaa0a7}

SUPPRIME Key: HKCU\Software\AppDataLow\Software\searchqutoolbar

SUPPRIME Key: HKCU\Software\DataMngr

ABSENT Key: HKLM\Software\DataMngr

ABSENT Key: HKLM\Software\SearchquMediabarTb

SUPPRIME Key: SearchScopes :{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

SUPPRIME Key: HKLM\Software\WOW6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

SUPPRIME Key: HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

SUPPRIME Key: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

SUPPRIME Key: HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

SUPPRIME Key: HKLM\Software\WOW6432Node\DataMngr

SUPPRIME Key: HKLM\Software\WOW6432Node\SearchquMediabarTb

SUPPRIME Key: HKLM\Software\Wow6432Node\mIRC\OpenCandy

SUPPRIME Key**: StartupReg: HFALoader

SUPPRIME Key: SearchScopes :{afdbddaa-5d3f-42ee-b79c-185a7020515b}

SUPPRIME Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

SUPPRIME Key: HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

SUPPRIME Key: HKLM\Software\Classes\Toolbar.CT2849852

 

========== Valeur(s) du Registre ==========

SUPPRIME RunValue: DATAMNGR

SUPPRIME {8FA1DCC0-DDF8-490A-A93D-A12F81D6F1A6}

SUPPRIME {E817560F-2EFF-43A9-8115-A7DC598CD13D}

SUPPRIME RunValue: PlayNC Launcher

ABSENT RunValue: PlayNC Launcher

SUPPRIME {26743AB3-78D6-4679-93B3-190105E091D9}

SUPPRIME {28266D91-3DFD-452A-8E98-E7AA37F39141}

SUPPRIME TCP Query User{8997DF1B-9D06-49FE-9C82-9BED6B66FEA6}C:/program files (x86)/pfportchecker/pfportchecker.exe

SUPPRIME UDP Query User{C50B2B4A-7629-42E3-8949-F0EDBCAF8F02}C:/program files (x86)/pfportchecker/pfportchecker.exe

SUPPRIME TCP Query User{0CE59A07-7E10-4A69-BDAB-BA15DE739158}C:/program files (x86)/ggpo/ggpo.exe

SUPPRIME UDP Query User{E40513CD-5AFA-47AD-B5B0-46B84C91D069}C:/program files (x86)/ggpo/ggpo.exe

SUPPRIME TCP Query User{7B9A2F0A-17E9-49CD-BDD1-F7B22C86C5A2}C:/program files (x86)/ggpo/ggpofba.exe

SUPPRIME UDP Query User{21840081-B474-4F46-91BB-38B97524B11C}C:/program files (x86)/ggpo/ggpofba.exe

SUPPRIME {526749AE-B1CA-4010-A504-652D6631996F}

SUPPRIME {CC6F1833-CE19-4D65-8207-C7D67CFA2396}

SUPPRIME {5F012ED9-D2C7-4118-890B-A7A58FCDAEA4}

SUPPRIME {77CBF78F-4268-43D5-A558-D0D527D0C13A}

SUPPRIME {72A4FA47-8CE3-46AC-912B-F72C8B2B11B8}

SUPPRIME {F33D8E96-7E44-4A76-B400-B2CB836C6A01}

SUPPRIME {CC021135-920E-4663-8E10-5A53619C6719}

SUPPRIME {54715B7C-2D7A-4C5B-B00B-2F11C0C90788}

SUPPRIME {0CCA43BD-C5F8-47C4-9E3F-1BBF06820BEA}

SUPPRIME {748EDFF2-6A0C-42F1-97BF-451060E276C5}

SUPPRIME {B89B3AAA-AF59-4EC2-B2A8-9BE73E1BFD01}

SUPPRIME {BA496C46-1F71-4E6F-8479-CAA02980D30E}

SUPPRIME URLSearchHook: {ef79f67a-6ad7-4715-a0f8-932fca442023}

SUPPRIME [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440}

ABSENT Valeur Domain Profile: FirewallRaz :

SUPPRIME FirewallRaz (Public) : {1C928716-8F8B-43AD-9065-D78C2783E972}

SUPPRIME FirewallRaz (Public) : {987CA77C-7C2B-4AA6-824E-9FD3A5F3BDF1}

SUPPRIME FirewallRaz (Public) : {20A29E43-1A06-4EF9-9A78-A588BE08F99C}

SUPPRIME FirewallRaz (Public) : {E87C670B-964E-469E-A879-84BC0D2B4EC3}

SUPPRIME FirewallRaz (Public) : {5136ACA6-1E24-43AE-93B2-86C849BA730D}

SUPPRIME FirewallRaz (Public) : {68DBD15E-CB23-4F34-9E38-AD04B9C1888F}

SUPPRIME FirewallRaz (Public) : TCP Query User{7AC91213-8DC6-4CB0-9D2E-704C26FBB16E}C:\program files (x86)\codemasters\le seigneur des anneaux online\lotroclient.exe

SUPPRIME FirewallRaz (Public) : UDP Query User{90923DE5-3B9A-4367-8726-6C9296AD34C1}C:\program files (x86)\codemasters\le seigneur des anneaux online\lotroclient.exe

SUPPRIME FirewallRaz (Public) : TCP Query User{93A15E66-11B1-4D7F-A2D3-E276FCF888C2}C:\program files (x86)\steam\steamapps\lolo93210\team fortress 2\hl2.exe

SUPPRIME FirewallRaz (Public) : UDP Query User{33F7A941-C1D2-4A6C-BE7E-BBCA2C7C7773}C:\program files (x86)\steam\steamapps\lolo93210\team fortress 2\hl2.exe

SUPPRIME FirewallRaz (Public) : {6ECA74A7-9B94-4954-BC5C-E863E49F97DB}

SUPPRIME FirewallRaz (Public) : {B8806353-4657-4D58-94E3-A3873253E86F}

SUPPRIME FirewallRaz (Public) : {F7C56CB2-2C9B-4507-999D-CE74A4E98905}

SUPPRIME FirewallRaz (Public) : {47D6E58A-656C-4223-AF88-4E0B710E7386}

SUPPRIME FirewallRaz (Public) : {22B4EB22-86BD-424D-AEC4-C13AA50881CA}

SUPPRIME FirewallRaz (Public) : {5B31CF58-EAF0-4105-9A94-73A12503617E}

SUPPRIME FirewallRaz (Public) : {2562EC86-291D-432C-BF50-BC7F743F317E}

SUPPRIME FirewallRaz (Public) : {A38B9824-F407-4EA5-9FA0-BFFABF9866A9}

SUPPRIME FirewallRaz (Public) : {5FAC6D93-0E54-4354-82DE-AFD1ADED94D3}

SUPPRIME FirewallRaz (Public) : {F2687314-4975-449A-9186-38CBAD37383E}

SUPPRIME FirewallRaz (Public) : {5846D058-D8D5-4973-94D3-4CE3C613AA51}

SUPPRIME FirewallRaz (Public) : {C3A74DB3-E479-43B4-94FE-BFF4CBBB7694}

SUPPRIME FirewallRaz (Public) : {D5B14652-BFFD-48BE-BCCA-8EB988B6BD39}

SUPPRIME FirewallRaz (Public) : {A735FB24-5168-4027-9DF3-656F635C44E9}

SUPPRIME FirewallRaz (Public) : {A1DC2671-D368-49A2-A6C5-C9AD4F011FEA}

SUPPRIME FirewallRaz (Public) : {A4FF640A-8A76-47A2-B097-C8E977CED7BC}

SUPPRIME FirewallRaz (Public) : TCP Query User{19304792-0E4B-491D-8F8F-318261B41411}C:\program files (x86)\rockstar games\eflc\eflc.exe

SUPPRIME FirewallRaz (Public) : UDP Query User{50B5A93D-B1D6-41C3-AEF5-0AD16CF8C579}C:\program files (x86)\rockstar games\eflc\eflc.exe

SUPPRIME FirewallRaz (Public) : {FB791286-FDB8-4591-A9DB-F223605B09D1}

SUPPRIME FirewallRaz (Public) : {480774C1-0E5E-4784-8218-CB4E157EF94D}

SUPPRIME FirewallRaz (Public) : {425FA5F2-50F6-47D0-A28C-E7248395D083}

SUPPRIME FirewallRaz (Public) : {E6D4519C-D7D3-4E2B-ADB5-C9277BFA8592}

SUPPRIME FirewallRaz (Public) : TCP Query User{1C859A4B-02C8-47C9-851E-09EFE45FF9DF}C:\program files (x86)\ccp\eve\bin\exefile.exe

SUPPRIME FirewallRaz (Public) : UDP Query User{EFB01331-38C5-4240-8FAA-DF268BCF49EF}C:\program files (x86)\ccp\eve\bin\exefile.exe

SUPPRIME FirewallRaz (Public) : {D7C0BDF6-7F38-477C-B0C4-C52D56C2F063}

SUPPRIME FirewallRaz (Public) : {58C3C950-200E-43D9-AADA-DDCF88747BDF}

SUPPRIME FirewallRaz (Public) : TCP Query User{1F63F11F-47D1-4DC8-B9E4-BD01D6CD66A1}C:\program files (x86)\steam\steamapps\snake61100\team fortress 2\hl2.exe

SUPPRIME FirewallRaz (Public) : UDP Query User{32B0C0C8-14A7-46F4-AF41-93E11F6A3EAE}C:\program files (x86)\steam\steamapps\snake61100\team fortress 2\hl2.exe

SUPPRIME FirewallRaz (Public) : TCP Query User{58F4E3DD-70A7-47D2-8F8A-22ADCBC0BBEA}C:\program files (x86)\microsoft games\age of mythology\aomx.exe

SUPPRIME FirewallRaz (Public) : UDP Query User{3FC2F0F5-44CF-408C-9462-F3D734D71406}C:\program files (x86)\microsoft games\age of mythology\aomx.exe

SUPPRIME FirewallRaz (Public) : {573BF040-C7CE-473C-84BF-6C13A37DF2F0}

SUPPRIME FirewallRaz (Public) : {D1577C7F-B833-4BE8-B1A3-15AABA924411}

SUPPRIME FirewallRaz (Public) : {620343F3-6FDF-46E4-B14E-12D0EDB96296}

SUPPRIME FirewallRaz (Public) : {6DFCA9BF-711F-4E37-809F-F072870BE47B}

SUPPRIME FirewallRaz (Private) : TCP Query User{ED687A51-2287-4673-A845-87401D86C7BC}C:\program files (x86)\steam\steamapps\snake61100\team fortress 2\hl2.exe

SUPPRIME FirewallRaz (Private) : UDP Query User{D88A4FA1-FF55-40A1-87AE-A4A809DDC639}C:\program files (x86)\steam\steamapps\snake61100\team fortress 2\hl2.exe

SUPPRIME FirewallRaz (Private) : {1E76B06F-9D62-4D27-BFA6-D829856EE7A1}

SUPPRIME FirewallRaz (Private) : {BBE5DC86-70D3-4F0B-8DCD-FAE0BC41AC35}

SUPPRIME FirewallRaz (Public) : {6C52E874-2858-42A8-BC0F-43477CABAB8C}

SUPPRIME FirewallRaz (Public) : {6D4041F7-4D8C-4182-93A7-A204CA105E6B}

SUPPRIME FirewallRaz (Private) : TCP Query User{200EAFF4-A01D-44E8-8696-8C7C45854A6C}C:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe

SUPPRIME FirewallRaz (Private) : UDP Query User{8F61A800-447D-49AE-B8AC-888FE5AA0C36}C:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe

SUPPRIME FirewallRaz (Private) : TCP Query User{17B18639-EA13-4821-97A8-684596FB534E}C:\program files (x86)\heroes of newerth\hon.exe

SUPPRIME FirewallRaz (Private) : UDP Query User{9B089CCD-AD1B-4DB5-9BAA-B550F1AC554E}C:\program files (x86)\heroes of newerth\hon.exe

SUPPRIME FirewallRaz (Private) : {254B8D6C-4BF1-400F-9BC3-18573FEE3601}

SUPPRIME FirewallRaz (Private) : {58E70633-B791-4384-9B0B-78F136447613}

SUPPRIME FirewallRaz (Private) : {F4FC83D8-698A-42B4-A683-B8F04A7958D9}

SUPPRIME FirewallRaz (Private) : {B6FC722B-1A75-4C84-BAD9-7E0ACD1F3150}

SUPPRIME FirewallRaz (Private) : {11864493-191A-4ADD-A75E-352C5E1F121B}

SUPPRIME FirewallRaz (Private) : {B8583DE3-C594-49C5-A559-F212F7985A7C}

SUPPRIME FirewallRaz (Private) : {9093AA75-60BD-491C-9A9F-EEB87FD386A2}

SUPPRIME FirewallRaz (Private) : {566B84B6-310E-4259-B657-DD4C8FFC68FF}

SUPPRIME FirewallRaz (Public) : {08E06791-868C-47FB-9C12-AF852BA20848}

SUPPRIME FirewallRaz (Public) : {78BE96D0-1D61-47AB-BCA8-80F6490FFE2A}

SUPPRIME FirewallRaz (Public) : {8CFF8895-28FE-4D41-B4E3-C0267E77AB98}

SUPPRIME FirewallRaz (Public) : {B22D1A91-FD9B-4DCA-B2CA-AED9B9E5344D}

SUPPRIME FirewallRaz (Public) : {F0EAFC47-9BB9-4792-AB55-D54D479AB7CF}

SUPPRIME FirewallRaz (Public) : {5CE0ECE1-6EC5-4FDA-8F5E-1091FB9465E4}

 

========== Elément(s) de donnée du Registre ==========

SUPPRIME PhishingFilter Value: Enabled = 0

SUPPRIME AppInit: ta Manager.) - C:\Program Files (x86)\WINDOW~2\Datamngr\x64\datamngr.dll

 

========== Préférences navigateur ==========

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "http://www.searchqu.com//web?src=ffb&appid=0&systemid=410&sr=0&q=");

SUPPRIME Mozilla Pref: user_pref("CT2849852..clientLogIsEnabled", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");

SUPPRIME Mozilla Pref: user_pref("CT2849852..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");

SUPPRIME Mozilla Pref: user_pref("CT2849852.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");

SUPPRIME Mozilla Pref: user_pref("CT2849852.AppTrackingLastCheckTime", "Mon Feb 06 2012 12:05:35 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.BrowserCompStateIsOpen_129642290922900978", true);

SUPPRIME Mozilla Pref: user_pref("CT2849852.CTID", "CT2849852");

ABSENT Mozilla Pref: user_pref("CT2849852.CurrentServerDate", "6-2-2012");

SUPPRIME Mozilla Pref: user_pref("CT2849852.DSInstall", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.DialogsAlignMode", "LTR");

SUPPRIME Mozilla Pref: user_pref("CT2849852.DialogsGetterLastCheckTime", "Sat Feb 04 2012 17:19:03 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.DownloadReferralCookieData", "");

SUPPRIME Mozilla Pref: user_pref("CT2849852.EMailNotifierPollDate", "Sat Feb 04 2012 17:49:05 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.EnableClickToSearchBox", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.EnableSearchHistory", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.EnableSearchSuggest", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedLastCount129349795937781608", 180);

SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313974171006416", "Sat Feb 04 2012 20:44:20 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313975698350231", "Sat Feb 04 2012 20:44:20 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313976370850190", "Sat Feb 04 2012 20:44:20 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313976648818968", "Sat Feb 04 2012 20:44:20 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313977444757117", "Sat Feb 04 2012 20:44:20 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313980389131455", "Sat Feb 04 2012 20:44:20 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313980655381977", "Sat Feb 04 2012 20:44:20 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313980886163259", "Sat Feb 04 2012 20:44:20 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313981234756535", "Sat Feb 04 2012 20:44:21 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313983226631720", "Sat Feb 04 2012 20:44:21 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedPollDate129313983607725691", "Sat Feb 04 2012 20:44:21 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedTTL129313974171006416", 10);

SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedTTL129313977444757117", 15);

SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedTTL129313980655381977", 5);

SUPPRIME Mozilla Pref: user_pref("CT2849852.FeedTTL129313981234756535", 5);

SUPPRIME Mozilla Pref: user_pref("CT2849852.FirstServerDate", "4-2-2012");

SUPPRIME Mozilla Pref: user_pref("CT2849852.FirstTime", true);

SUPPRIME Mozilla Pref: user_pref("CT2849852.FirstTimeFF3", true);

SUPPRIME Mozilla Pref: user_pref("CT2849852.FixPageNotFoundErrors", true);

SUPPRIME Mozilla Pref: user_pref("CT2849852.GroupingServerCheckInterval", 1440);

SUPPRIME Mozilla Pref: user_pref("CT2849852.GroupingServiceUrl", "http://grouping.services.conduit.com/");

SUPPRIME Mozilla Pref: user_pref("CT2849852.HPInstall", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.HasUserGlobalKeys", true);

SUPPRIME Mozilla Pref: user_pref("CT2849852.HomePageProtectorEnabled", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.Initialize", true);

SUPPRIME Mozilla Pref: user_pref("CT2849852.InitializeCommonPrefs", true);

SUPPRIME Mozilla Pref: user_pref("CT2849852.InstallationAndCookieDataSentCount", 3);

SUPPRIME Mozilla Pref: user_pref("CT2849852.InstallationId", "ConduitXPEIntegration");

SUPPRIME Mozilla Pref: user_pref("CT2849852.InstallationType", "ConduitXPEIntegration");

SUPPRIME Mozilla Pref: user_pref("CT2849852.InstalledDate", "Sat Feb 04 2012 17:19:03 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.IsAlertDBUpdated", true);

SUPPRIME Mozilla Pref: user_pref("CT2849852.IsGrouping", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.IsInitSetupIni", true);

SUPPRIME Mozilla Pref: user_pref("CT2849852.IsMulticommunity", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.IsOpenThankYouPage", true);

SUPPRIME Mozilla Pref: user_pref("CT2849852.IsOpenUninstallPage", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.LanguagePackLastCheckTime", "Mon Feb 06 2012 19:01:26 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.LanguagePackReloadIntervalMM", 1440);

SUPPRIME Mozilla Pref: user_pref("CT2849852.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");

ABSENT Mozilla Pref: user_pref("CT2849852.LastLogin_3.9.0.3", "Mon Feb 06 2012 16:05:25 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.LatestVersion", "3.9.0.3");

SUPPRIME Mozilla Pref: user_pref("CT2849852.Locale", "fr");

SUPPRIME Mozilla Pref: user_pref("CT2849852.MCDetectTooltipHeight", "83");

SUPPRIME Mozilla Pref: user_pref("CT2849852.MCDetectTooltipShow", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

SUPPRIME Mozilla Pref: user_pref("CT2849852.MCDetectTooltipWidth", "295");

SUPPRIME Mozilla Pref: user_pref("CT2849852.MyStuffEnabledAtInstallation", true);

SUPPRIME Mozilla Pref: user_pref("CT2849852.OriginalFirstVersion", "3.9.0.3");

SUPPRIME Mozilla Pref: user_pref("CT2849852.SHRINK_TOOLBAR", 1);

SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchBackToDefaultEngine", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchCaption", "BittorrentBar_FR Customized Web Search");

SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchEngineBeforeUnload", "Google");

SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchFromAddressBarIsInit", true);

SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=2&q=");

SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchInNewTabEnabled", true);

SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchInNewTabIntervalMM", 1440);

SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchInNewTabLastCheckTime", "Mon Feb 06 2012 19:01:25 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");

SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchInNewTabUserEnabled", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchProtectorEnabled", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.SearchProtectorToolbarDisabled", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.SendProtectorDataViaLogin", true);

SUPPRIME Mozilla Pref: user_pref("CT2849852.ServiceMapLastCheckTime", "Mon Feb 06 2012 19:01:25 GMT+0100");

ABSENT Mozilla Pref: user_pref("CT2849852.SettingsLastCheckTime", "Mon Feb 06 2012 16:16:13 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.SettingsLastUpdate", "1326994324");

SUPPRIME Mozilla Pref: user_pref("CT2849852.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2849852&SearchSource=13");

SUPPRIME Mozilla Pref: user_pref("CT2849852.ThirdPartyComponentsInterval", 504);

SUPPRIME Mozilla Pref: user_pref("CT2849852.ThirdPartyComponentsLastCheck", "Sat Feb 04 2012 17:19:02 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.ThirdPartyComponentsLastUpdate", "1255344667");

SUPPRIME Mozilla Pref: user_pref("CT2849852.ToolbarShrinkedFromSetup", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.TrusteLinkUrl", "http://trust.conduit.com/CT2849852");

SUPPRIME Mozilla Pref: user_pref("CT2849852.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-

SUPPRIME Mozilla Pref: user_pref("CT2849852.UserID", "UN71520763480499428");

SUPPRIME Mozilla Pref: user_pref("CT2849852.ValidationData_Search", 1);

SUPPRIME Mozilla Pref: user_pref("CT2849852.ValidationData_Toolbar", 0);

SUPPRIME Mozilla Pref: user_pref("CT2849852.WeatherNetwork", "");

SUPPRIME Mozilla Pref: user_pref("CT2849852.WeatherPollDate", "Sat Feb 04 2012 17:49:05 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.WeatherUnit", "C");

SUPPRIME Mozilla Pref: user_pref("CT2849852.alertChannelId", "1241893");

SUPPRIME Mozilla Pref: user_pref("CT2849852.approveUntrustedApps", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.autoDisableScopes", -1);

SUPPRIME Mozilla Pref: user_pref("CT2849852.backendstorage.cbfirsttime", "5361742046656220303420323031322031373A31393A313620474D542B30313030");

SUPPRIME Mozilla Pref: user_pref("CT2849852.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");

SUPPRIME Mozilla Pref: user_pref("CT2849852.components.1000034", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.components.1000234", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129349795936062815", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129349795936375318", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129349795937781608", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129349795937937859", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129349795937937860", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129431554657187564", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.components.129642290922900978", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":

SUPPRIME Mozilla Pref: user_pref("CT2849852.homepageProtectorEnableByLogin", true);

SUPPRIME Mozilla Pref: user_pref("CT2849852.initDone", true);

SUPPRIME Mozilla Pref: user_pref("CT2849852.isAppTrackingManagerOn", true);

SUPPRIME Mozilla Pref: user_pref("CT2849852.isSearchProtectorNotifyChanges", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.myStuffEnabled", true);

SUPPRIME Mozilla Pref: user_pref("CT2849852.myStuffPublihserMinWidth", 400);

SUPPRIME Mozilla Pref: user_pref("CT2849852.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29

SUPPRIME Mozilla Pref: user_pref("CT2849852.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?

SUPPRIME Mozilla Pref: user_pref("CT2849852.searchProtectorDialogDelayInSec", 10);

SUPPRIME Mozilla Pref: user_pref("CT2849852.searchProtectorEnableByLogin", true);

SUPPRIME Mozilla Pref: user_pref("CT2849852.testingCtid", "");

SUPPRIME Mozilla Pref: user_pref("CT2849852.toolbarAppMetaDataLastCheckTime", "Mon Feb 06 2012 19:01:27 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.toolbarContextMenuLastCheckTime", "Sat Feb 04 2012 17:19:05 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CT2849852.usageEnabled", false);

SUPPRIME Mozilla Pref: user_pref("CT2849852.usagesFlag", 2);

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2849852/CT2849852",

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849852", "\"1319755492\"");

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=fr", "kLE3EoupXhh+

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"80ee9485875dcc1:0\"")[...]

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849852",

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\coco\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\bg7ax0xp.defa[...]

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ToolbarsList", "CT2849852");

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ToolbarsList2", "CT2849852");

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.ToolbarsList4", "CT2849852");

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Feb 04 2012 17:19:05 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.globalUserId", "82efcb7a-df12-464d-84a3-bf9369df4759");

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Feb 06 2012 03:20:44 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Feb 06 2012 12:05:34 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.locale", "en");

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Feb 06 2012 19:01:25 GMT+0100");

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.showTrayIcon", false);

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.notifications.userId", "6c8898dd-1e03-4fa9-bdb3-64a6d35495e1");

SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.originalSearchEngine", "Google");

 

========== Dossier(s) ==========

SUPPRIME Folder: C:\Users\coco\AppData\Roaming\Mozilla\Firefox\Profiles\bg7ax0xp.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

SUPPRIME Folder: C:\Program Files (x86)\Windows Searchqu Toolbar

SUPPRIME Folder: c:\users\coco\appdata\locallow\searchquband

SUPPRIME Folder: c:\users\coco\appdata\locallow\searchqutoolbar

SUPPRIME Folder: c:\users\coco\appdata\local\temp\opencandy

SUPPRIME Folder: c:\users\coco\appdata\roaming\mozilla\firefox\profiles\bg7ax0xp.default\searchqutoolbar

SUPPRIME Folder: C:\ProgramData\regid.1986-12.com.adobe

SUPPRIME Folder: C:\Users\coco\AppData\Local\28050

SUPPRIME Folder: C:\Users\coco\AppData\Local\SCE

SUPPRIME Folder: C:\Users\coco\AppData\Local\Wings of Prey

SUPPRIME Folder: C:\Users\coco\AppData\Local\{67109EBE-A773-4AF9-A0A8-51FFB24F61D1}

SUPPRIME Folder: C:\Users\coco\AppData\Local\{82A7E5EC-A213-4B75-BD2F-69D6402D8990}

SUPPRIME Folder: C:\Users\coco\AppData\Local\{86703F31-F03E-4945-82F6-815906036ABE}

SUPPRIME Folder: C:\Users\coco\AppData\Local\{E02C1177-E75E-48D3-89DE-648FBE2A0741}

SUPPRIME Folder: C:\Users\coco\AppData\Roaming\Mozilla\Firefox\Profiles\bg7ax0xp.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}

SUPPRIME Folder: C:\Users\coco\AppData\Roaming\teamspeak2

SUPPRIME Folder: C:\Users\coco\AppData\Local\Conduit

SUPPRIME Folder: C:\Program Files (x86)\Conduit

SUPPRIME Folder: c:\users\coco\appdata\locallow\conduit

SUPPRIME Flash Cookies: 19

SUPPRIME Temporaires Windows: : 278

 

========== Fichier(s) ==========

SUPPRIME File***: c:\program files (x86)\windows searchqu toolbar\datamngr\datamngrui.exe

SUPPRIME File: c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\searchqudtx.dll

ABSENT File: c:\program files (x86)\windows searchqu toolbar\datamngr\datamngrui.exe

ABSENT Folder/File: c:\program files (x86)\windows searchqu toolbar

SUPPRIME File: C:\Users\coco\AppData\Roaming\BitTorrent\Atomix Virtual DJ Pro V6.1.1 Full cracked by Belin (les crackers).rar.torrent

SUPPRIME File: C:\Users\coco\Desktop\dl\alt.binaries.nl\ToonTrack EZ Drummer VSTi RTAS v1 2 1 x86 x64 UPDATE Incl Keygen-AiR.rar

SUPPRIME File***: c:\users\coco\desktop\dl\alt.binaries.nl\toontrack ez drummer vsti rtas v1 2 1 x86 x64 update incl keygen-air.rar

ABSENT Folder/File: c:\users\coco\appdata\local\conduit

SUPPRIME Flash Cookies: 6

SUPPRIME Temporaires Windows: : 1338

 

========== Tache planifiée ==========

SUPPRIME Task: {1E4647DA-D343-4479-807E-30554BD966FC}

SUPPRIME Task: {723D3D40-3DA7-4FBD-8812-5BD6E81BA15E}

 

========== Autre ==========

NON TRAITE PROCESSUS MALWARE (Rootkit, trojan, ver, spyware, adware,...)

NON TRAITE PROCESSUS SUPERFLU DU SYSTEME

NON TRAITE TOOLBAR INUTILE (Navigateur internet)

 

 

========== Récapitulatif ==========

1 : Processus mémoire

22 : Clé(s) du Registre

96 : Valeur(s) du Registre

2 : Elément(s) de donnée du Registre

21 : Dossier(s)

10 : Fichier(s)

1 : Logiciel(s)

154 : Préférences navigateur

2 : Tache planifiée

3 : Autre

 

 

End of clean in 01mn 03s

 

========== Chemin de fichier rapport ==========

C:\ZHP\ZHPFix[R1].txt - 07/02/2012 11:08:37 [28417]

Modifié par Jim Dolorian

Partager ce message


Lien à poster
Partager sur d’autres sites
Je n'arrive pas à réparer mon pare feu, si vous pouviez m'éclairer =).

 

Je ne sais pas lequel vous utilisez.

Avez vous essayé de le désinstaller/réinstaller après le nettoyage ci dessus.?

Avez vous essayé d'en changer ?

 

Si besoin, recherchez une aide plus efficace sur le forum Software de ce site.

Partager ce message


Lien à poster
Partager sur d’autres sites

j'utilise le pare feu windows mais je ne sait pas du tout comment le désinstaller, pourtant j'ai cherché..

Quand je tente de le lancer il me répond : le pare-feu ne peut pas modifier certains de vos paramètres : code d'erreur 0x80070424

 

Mon pc est donc nettoyé ?

 

Merci pour ce temps que vous prenez pour aider, vraiment.

Partager ce message


Lien à poster
Partager sur d’autres sites

Les manipulations concernant le parefeu doivent se faire avec des droits administrateur

 

Configurer le parefeu de Seven

 

Désactiver le parefeu de windows 7

 

Windows n'a pas pu démarrer le Pare-feu windows sur Ordinateur local

Ouvrez une invite de commandes en tant qu'administrateur,

Démarrer->Tous les programmes->Accessoires->Invite de commandes

Clic droit->Exécuter en tant qu'Administrateur

 

Tapez successivement et validez:

%systemdrive%

cd %systemroot%\system32\config

ren TxR TxR.old

 

Si vous rencontrez un message "Accès refusé", verifiez la présence de la mention "Administrateur" dans le titre de la fenêtre de commandes. Le cas échéant reéssayez en mode sans echec ou encore depuis un LiveCD.

 

Redémarrez

le parefeu devrait redémarrer

 

Sinon, autres pistes:

 

[RESOLU] [W7] Impossible de redémarrer le service pare-feu - Forum PC INpact

 

http://support.microsoft.com/kb/2271812/fr

Partager ce message


Lien à poster
Partager sur d’autres sites

Créer un compte ou se connecter pour commenter

Vous devez être membre afin de pouvoir déposer un commentaire

Créer un compte

Créez un compte sur notre communauté. C’est facile !

Créer un nouveau compte

Se connecter

Vous avez déjà un compte ? Connectez-vous ici.

Connectez-vous maintenant

×