Rapport hijackthis suite à MAJ NVIDIA
Ysteria14
-
lilidurhone Messages postés 43355 Date d'inscription Statut Contributeur sécurité Dernière intervention -
lilidurhone Messages postés 43355 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
j'ai récemment eu un problème, mes pilotes NVIDIA se sont mis à jours, et depuis
j'ai sans cesse des fenêtres avast me disant qu'il a bloqué un URL malveillant(url non communiqué) depuis svchost.exe, et me bloquant internet pendant quelques secondes :/
Rapport :
Merci de votre aide :)
j'ai récemment eu un problème, mes pilotes NVIDIA se sont mis à jours, et depuis
j'ai sans cesse des fenêtres avast me disant qu'il a bloqué un URL malveillant(url non communiqué) depuis svchost.exe, et me bloquant internet pendant quelques secondes :/
Rapport :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:10:00, on 01/07/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\Users\ordi\AppData\Local\Temp\svchost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe
C:\Users\ordi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ordi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ordi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 190.110.86.102:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-4124403300-314764767-1734781980-1008\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4124403300-314764767-1734781980-1008\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Système')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll,C:\Windows\SysWOW64\nvinit.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: DCDhcpService - Atheros Communication Inc. - C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: WebCake Desktop Updater - WebCake LLC - C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
--
End of file - 23780 bytes
Merci de votre aide :)
A voir également:
- Rapport hijackthis suite à MAJ NVIDIA
- Hijackthis - Télécharger - Antivirus & Antimalwares
- È maj - Guide
- Maj chrome - Accueil - Applications & Logiciels
- Maj windows 10 - Accueil - Mise à jour
- Min to maj - Guide
27 réponses
Ysteria
Commences déjà par désinstaller spybot il est obsolète
Ensuite patientes sagement qu'un contributeur sécurité te prenne en charge car il y a des choses pas très bonnes comme la présence d'un proxy et des logiciels potentiellement indésirable
Commences déjà par désinstaller spybot il est obsolète
Ensuite patientes sagement qu'un contributeur sécurité te prenne en charge car il y a des choses pas très bonnes comme la présence d'un proxy et des logiciels potentiellement indésirable
Je pensais la même chose au sujet de Spybot merci.
Je préfère utiliser l'ancien Spybot.
Et je sais bien qu'il y'a un proxy, j'ai l'impression qu'un logiciel redirige toute mes pages sur un proxy distant afin de récupérer mes données privées.
Je préfère utiliser l'ancien Spybot.
Et je sais bien qu'il y'a un proxy, j'ai l'impression qu'un logiciel redirige toute mes pages sur un proxy distant afin de récupérer mes données privées.
Hello hysteria
Quand tu reviendras peux tu faire ceci
* Télécharge sur le bureau https://www.luanagames.com/index.fr.html
* Quitte tous tes programmes en cours.
* Sous Vista/Seven et windows 8 , clique droit -> lancer en tant qu'administrateur
* Sinon lance simplement RogueKiller.exe
* Patiente pendant le pre-scan, puis clique sur le bouton Scan
* Un rapport RKreport.txt a du se créer sur le bureau, poste-le.
Note : Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois.
Quand tu reviendras peux tu faire ceci
* Télécharge sur le bureau https://www.luanagames.com/index.fr.html
* Quitte tous tes programmes en cours.
* Sous Vista/Seven et windows 8 , clique droit -> lancer en tant qu'administrateur
* Sinon lance simplement RogueKiller.exe
* Patiente pendant le pre-scan, puis clique sur le bouton Scan
* Un rapport RKreport.txt a du se créer sur le bureau, poste-le.
Note : Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
J'ai arrêter me programme svchost.Exe, je l'ai également enlevé du démarrage. Plus d'alertes Avast, niquel, le scan de rapport Hijackthis ne m'indique plus d'anomalies, sa a l'air d'être bon.
Merci de ton aide lilidurhone :)
Merci de ton aide lilidurhone :)
RogueKiller V8.6.2 [Jul 2 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : hxxp://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : ordi [Droits d'admin]
Mode : Recherche -- Date : 07/03/2013 13:02:58
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 83 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF5381 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF2034 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF6279 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF4225 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF1281 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF9684 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF5326 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF190 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF9180 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF6499 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF9398 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\ordi\AppData\Roaming\WebCake\WebCakeDesktop.exe_old" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF7636 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\ordi\AppData\Roaming\WebCake\WebCakeDesktop.exe" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF1388 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\ordi\AppData\Roaming\WebCake\dat\Desktop.OS.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF6948 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF9761 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF1537 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF8952 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF6881 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF6429 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF1382 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF5882 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF8193 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF4502 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF4417 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\ordi\AppData\Roaming\WebCake\WebCakeDesktop.exe" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : SpybotDeletingF7266 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\ordi\AppData\Roaming\WebCake\dat\Desktop.OS.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF5381 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF2034 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF6279 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF4225 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF1281 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF9684 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF5326 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF190 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF9180 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF6499 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF9398 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\ordi\AppData\Roaming\WebCake\WebCakeDesktop.exe_old" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF7636 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\ordi\AppData\Roaming\WebCake\WebCakeDesktop.exe" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF1388 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\ordi\AppData\Roaming\WebCake\dat\Desktop.OS.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF6948 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF9761 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF1537 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF8952 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF6881 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF6429 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF1382 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF5882 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF8193 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF4502 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF4417 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\ordi\AppData\Roaming\WebCake\WebCakeDesktop.exe" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4124403300-314764767-1734781980-1001\[...]\RunOnce : SpybotDeletingF7266 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\ordi\AppData\Roaming\WebCake\dat\Desktop.OS.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE5032 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE6001 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE2493 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE6763 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE9899 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE3287 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE1659 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE3254 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE9005 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE7809 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE104 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\ordi\AppData\Roaming\WebCake\WebCakeDesktop.exe_old" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE2186 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\ordi\AppData\Roaming\WebCake\WebCakeDesktop.exe" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE1640 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\ordi\AppData\Roaming\WebCake\dat\Desktop.OS.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE5748 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE6887 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE9202 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE2506 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE6921 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE3627 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE7799 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE4181 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE4204 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE4999 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE5952 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\ordi\AppData\Roaming\WebCake\WebCakeDesktop.exe" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : SpybotDeletingE8865 ("C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\ordi\AppData\Roaming\WebCake\dat\Desktop.OS.dll" [x][x]) -> TROUVÉ
[SHELL][SUSP PATH] HKCU\[...]\Winlogon : shell (explorer.exe ,C:\Users\ordi\AppData\Local\Temp\Speed Connect 3.0.1.exe [x][x][x][x]) -> TROUVÉ
[SHELL][SUSP PATH] HKUS\[...]\Winlogon : shell (explorer.exe ,C:\Users\ordi\AppData\Local\Temp\Speed Connect 3.0.1.exe [x][x][x][x]) -> TROUVÉ
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ SECU] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> TROUVÉ
[HJ SECU] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : Mal.Hosts ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.facebook.com.img335.tk --> Potentially malicious!
127.0.0.1 free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 www.free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 www.google.dospop.com --> Potentially malicious!
127.0.0.1 www.mp3winmx.com --> Potentially malicious!
127.0.0.1 mp3winmx.com --> Potentially malicious!
127.0.0.1 winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 www.winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 www.winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 winmxfrance.com --> Potentially malicious!
127.0.0.1 www.winmxfrance.com --> Potentially malicious!
127.0.0.1 winmx-freebie.com --> Potentially malicious!
127.0.0.1 www.winmx-freebie.com --> Potentially malicious!
127.0.0.1 winmx-music-download.com --> Potentially malicious!
127.0.0.1 www.winmx-music-download.com --> Potentially malicious!
127.0.0.1 www.winmx-usa.com --> Potentially malicious!
127.0.0.1 winmx-usa.com --> Potentially malicious!
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050A7E380 +++++
--- User ---
[MBR] c16e9c51c7dea329ccd7105955386651
[BSP] 19b83bcb073dcbe26adbc71b00604f9d : Linux MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15872 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32507904 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32712704 | Size: 355341 Mo
3 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 760453118 | Size: 105624 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_S_07032013_130258.txt >>
Bonsoir Guillaume5188, tu me conseilles de désinstaller Spybot par rapport aux lignes présentes dans le rapport ?
Hello
Merci Guillaume ;)
Hysteria
Une fois que tu auras désinstaller spybot tu pourras passer à la suppression avec Roguekiller
Merci Guillaume ;)
Hysteria
Une fois que tu auras désinstaller spybot tu pourras passer à la suppression avec Roguekiller
Guillaume
Tu as raison c est trop tôt je vais me rendormir ;)
Hysteria
ça te dérange pas qu'on continue un peu plus tard?
Tu as raison c est trop tôt je vais me rendormir ;)
Hysteria
ça te dérange pas qu'on continue un peu plus tard?
RogueKiller V8.6.2 [Jul 2 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : hxxp://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : ordi [Droits d'admin]
Mode : Recherche -- Date : 07/04/2013 19:49:00
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 9 ¤¤¤
[SHELL][SUSP PATH] HKCU\[...]\Winlogon : shell (explorer.exe ,C:\Users\ordi\AppData\Local\Temp\Speed Connect 3.0.1.exe [x][x][x][x]) -> TROUVÉ
[SHELL][SUSP PATH] HKUS\[...]\Winlogon : shell (explorer.exe ,C:\Users\ordi\AppData\Local\Temp\Speed Connect 3.0.1.exe [x][x][x][x]) -> TROUVÉ
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (95.31.18.119:3128) -> TROUVÉ
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ SECU] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> TROUVÉ
[HJ SECU] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : Mal.Hosts ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.facebook.com.img335.tk --> Potentially malicious!
127.0.0.1 free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 www.free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 www.google.dospop.com --> Potentially malicious!
127.0.0.1 www.mp3winmx.com --> Potentially malicious!
127.0.0.1 mp3winmx.com --> Potentially malicious!
127.0.0.1 winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 www.winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 www.winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 winmxfrance.com --> Potentially malicious!
127.0.0.1 www.winmxfrance.com --> Potentially malicious!
127.0.0.1 winmx-freebie.com --> Potentially malicious!
127.0.0.1 www.winmx-freebie.com --> Potentially malicious!
127.0.0.1 winmx-music-download.com --> Potentially malicious!
127.0.0.1 www.winmx-music-download.com --> Potentially malicious!
127.0.0.1 www.winmx-usa.com --> Potentially malicious!
127.0.0.1 winmx-usa.com --> Potentially malicious!
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050A7E380 +++++
--- User ---
[MBR] c16e9c51c7dea329ccd7105955386651
[BSP] 19b83bcb073dcbe26adbc71b00604f9d : Linux MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15872 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32507904 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32712704 | Size: 355341 Mo
3 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 760453118 | Size: 105624 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_S_07042013_194900.txt >>
Hello Hysteria
On continue
* Quitte tous tes programmes en cours
* Sous Vista/Seven , clique droit -> lancer en tant qu'administrateur
* Sinon lance simplement RogueKiller.exe
* Patiente pendant le pre-scan, clique sur Scan
* Vérifie que tous les éléments sont cochés puis clique sur Suppression
* Poste le rapport RKreport.txt présent sur le bureau.
On continue
* Quitte tous tes programmes en cours
* Sous Vista/Seven , clique droit -> lancer en tant qu'administrateur
* Sinon lance simplement RogueKiller.exe
* Patiente pendant le pre-scan, clique sur Scan
* Vérifie que tous les éléments sont cochés puis clique sur Suppression
* Poste le rapport RKreport.txt présent sur le bureau.
RogueKiller V8.6.2 [Jul 2 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : hxxp://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : ordi [Droits d'admin]
Mode : Suppression -- Date : 07/04/2013 19:56:05
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 9 ¤¤¤
[SHELL][SUSP PATH] HKCU\[...]\Winlogon : shell (explorer.exe ,C:\Users\ordi\AppData\Local\Temp\Speed Connect 3.0.1.exe [x][x][x][x]) -> SUPPRIMÉ
[SHELL][SUSP PATH] HKUS\[...]\Winlogon : shell (explorer.exe ,C:\Users\ordi\AppData\Local\Temp\Speed Connect 3.0.1.exe [x][x][x][x]) -> [0x2] Le fichier spécifié est introuvable.
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (95.31.18.119:3128) -> NON SUPPRIMÉ, UTILISER PROXY RAZ
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> REMPLACÉ (1)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REMPLACÉ (1)
[HJ SECU] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REMPLACÉ (0)
[HJ SECU] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : Mal.Hosts ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.facebook.com.img335.tk --> Potentially malicious!
127.0.0.1 free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 www.free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 www.google.dospop.com --> Potentially malicious!
127.0.0.1 www.mp3winmx.com --> Potentially malicious!
127.0.0.1 mp3winmx.com --> Potentially malicious!
127.0.0.1 winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 www.winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 www.winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 winmxfrance.com --> Potentially malicious!
127.0.0.1 www.winmxfrance.com --> Potentially malicious!
127.0.0.1 winmx-freebie.com --> Potentially malicious!
127.0.0.1 www.winmx-freebie.com --> Potentially malicious!
127.0.0.1 winmx-music-download.com --> Potentially malicious!
127.0.0.1 www.winmx-music-download.com --> Potentially malicious!
127.0.0.1 www.winmx-usa.com --> Potentially malicious!
127.0.0.1 winmx-usa.com --> Potentially malicious!
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050A7E380 +++++
--- User ---
[MBR] c16e9c51c7dea329ccd7105955386651
[BSP] 19b83bcb073dcbe26adbc71b00604f9d : Linux MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15872 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32507904 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32712704 | Size: 355341 Mo
3 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 760453118 | Size: 105624 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_D_07042013_195605.txt >>
RKreport[0]_S_07042013_194900.txt;RKreport[0]_S_07042013_195504.txt
Hello Ysteria
On continue
Toujours avec Roguekiller
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (95.31.18.119:3128) -> NON SUPPRIMÉ, UTILISER PROXY RAZ
Donc utilise la case Proxy RAZ
Poste le rapport que tu auras obtenu
Ensuite toujours avec Roguekiller
Utilise HOST RAZ
J'attends donc les deux rapports de suppression avec Roguekiller
=>PROXY RAZ
=>HOST RAZ
On continue
Toujours avec Roguekiller
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (95.31.18.119:3128) -> NON SUPPRIMÉ, UTILISER PROXY RAZ
Donc utilise la case Proxy RAZ
Poste le rapport que tu auras obtenu
Ensuite toujours avec Roguekiller
Utilise HOST RAZ
J'attends donc les deux rapports de suppression avec Roguekiller
=>PROXY RAZ
=>HOST RAZ
RogueKiller V8.6.2 [Jul 2 2013] par Tigzy mail : tigzyRK<at>gmail<dot>com Remontees : hxxp://www.adlice.com/forum/ Site Web : http://www.sur-la-toile.com/RogueKiller/ Blog : http://tigzyrk.blogspot.com/ Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Demarrage : Mode normal Utilisateur : ordi [Droits d'admin] Mode : Proxy RAZ -- Date : 07/04/2013 20:13:21 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 1 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (95.31.18.119:3128) -> SUPPRIMÉ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤ ¤¤¤ Ruches Externes: ¤¤¤ ¤¤¤ Infection : Mal.Hosts ¤¤¤ Termine : << RKreport[0]_PR_07042013_201321.txt >> RKreport[0]_D_07042013_195605.txt;RKreport[0]_S_07042013_194900.txt;RKreport[0]_S_07042013_195504.txt RKreport[0]_S_07042013_201315.txt