frankl1

Membres

Afficher le profil Afficher son activité

Compteur de contenus
14
Inscription
le 5 mars 2013
Dernière visite
le 6 mars 2013

frankl1's Achievements

Junior Member (3/12)

Réputation sur la communauté

Trojan:MSIL/Pitit.A

frankl1 a répondu à un(e) sujet de frankl1 dans Analyses et éradication malwares

Oui cela faisait plus de 2 ans que je n'avais pas eu de soucis avec les virus, je considère windows 7 comme un bon OS, mais il n'est pas infaillible non plus. Enfin je vais pouvoir continuer à travailler sans crainte =) Merci Je vais me renseigner sur DrWeb, même si jusqu'à maintenant MSE me suffisait je me suis rendu compte qu'il reste laxiste. Ca faisait 4 mois qu'il m'affichait un message d'alerte concernant RES.exe à chaque démarrage sans proposer de solution malgré l'envoi de l'info au support...
- le 5 mars 2013
- 23 réponses
Trojan:MSIL/Pitit.A

frankl1 a répondu à un(e) sujet de frankl1 dans Analyses et éradication malwares

Merci pour tout ces bons conseils Apollo, Je suis en train de telecharger Kaspersky removal, si il est mieux je serai plus rassuré. Je poste le rapport dès qu'il sera sorti. Et effectivement, MSE ne détecte plus les infections dans les dossiers initiaux =)
- le 5 mars 2013
- 23 réponses
Trojan:MSIL/Pitit.A

frankl1 a répondu à un(e) sujet de frankl1 dans Analyses et éradication malwares

Voici le rapport MBAM: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Version de la base de données: v2013.03.05.12 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 FRaNKL1N :: FRANKL1N-PC [administrateur] 05/03/2013 20:08:40 mbam-log-2013-03-05 (20-08-40).txt Type d'examen: Examen complet (C:\|F:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 407319 Temps écoulé: 22 minute(s), 6 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 5 C:\Qoobox\Quarantine\C\Users\FRaNKL1N\AppData\Roaming\RES.exe.vir (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès. C:\UsbFix\Quarantine\C\Users\FRaNKL1N\AppData\Roaming\RES.exe.vir (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès. C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\seabugger 1.1 fix.exe (Trojan.Injector) -> Mis en quarantaine et supprimé avec succès. C:\Users\FRaNKL1N\Downloads\Corel Paint Shop Pro X3\Keygen\CPSPP.X3_Keygen.exe (Trojan.Dropper.PGen) -> Mis en quarantaine et supprimé avec succès. C:\Users\FRaNKL1N\Downloads\AutoCAd2012 x86\x-force_2012_x32.exe (PUP.RiskwareTool.CK) -> Mis en quarantaine et supprimé avec succès. (fin)
- le 5 mars 2013
- 23 réponses
Trojan:MSIL/Pitit.A

frankl1 a répondu à un(e) sujet de frankl1 dans Analyses et éradication malwares

Ah désolé, je viens de me rendre compte que j'aurai pas du le copier ce rapport... Je commence à avoir du mal à suivre MBAM continue de tourner et à déjà détecté 5 éléments infectés juste sur c: =/ Et je viens de me rendre compte aussi que MBAM lance une analyse sur les lecteurs C:/F:/ et I:, mais je n'ai pas de lecteur I:, est ce que c'est normal?
- le 5 mars 2013
- 23 réponses
Trojan:MSIL/Pitit.A

frankl1 a répondu à un(e) sujet de frankl1 dans Analyses et éradication malwares

Voici le prmier rapport celui de SFT celui de MBAM vient à la suite mais ça a l'air de prendre plus de temps: Rapport de SFT (Pierre13) du Mardi 05 Mars 2013 à 20:04:31 Mis à jour le 02/03/2013 Version: 1.0.0.61 Outil lancé en Mode normal et En tant qu'administrateur Windows 7 Édition Intégrale Service Pack 1 (6.1.7601) (32 bits) Tool start in C:\Users\FRaNKL1N\Desktop 223 éléments supprimés => 1.99 Mo libérés. (3 s) C:\Users\FRaNKL1N\AppData\LocalLow\Adobe\Acrobat\10.0\ReaderMessages C:\Users\FRaNKL1N\AppData\LocalLow\Adobe\Acrobat\10.0\assets\assets-121017195955Z-40784 C:\Users\FRaNKL1N\AppData\LocalLow\Adobe\Acrobat\10.0\Synchronizer\metadata\Synchronizer100 C:\Users\FRaNKL1N\AppData\LocalLow\Adobe\Acrobat\10.0\Synchronizer\resources\resource-17 C:\Users\FRaNKL1N\AppData\LocalLow\Adobe\Acrobat\10.0\Synchronizer\resources\resource-18 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\130ADF60D1B7B3CF82CC6CA82D961601_230785F623B7404C6CB4F083E51C255A C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\130ADF60D1B7B3CF82CC6CA82D961601_3B18283AB62553F3E44A5167DD6F24F9 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\130ADF60D1B7B3CF82CC6CA82D961601_AAC3A9644C1DDD708B5D44187DAD1D3B C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1DAF2884EC4DFA96BA4A58D4DBC9C406 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40EB206A466C1F1175CCB23E825B3250 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4309200C3DBAD0F6F0DFACE9165FD092 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_7FD47ADBA091423B24C75A442397FD94 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_DF7139DD72A4FD7006E7247A8DBEB19A C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AA3321A15A787985201D7A6820782F0_35BFA9D40D21E81B408449EB9D85CCA4 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_1AA90551471CB0664C3DD6C6A894EFF8 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_36E3207A43A87A281983E8D0B4D7BCDF C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_B00A1AB5A36E921BCCB421198571D8D4 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A1377F7115F1F126A15360369B165211 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B8CC409ACDBF2A2FE04C56F2875B1FD6 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D725F3459E2275E9EA5871B92AD896D0 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2EF7F0FB7284B9ACFD4F65D02218479 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F063BF7EF604434CBE00FF198F0D9B10 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB788E090BC1F3AA2FBC9E8FB2859601 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\130ADF60D1B7B3CF82CC6CA82D961601_230785F623B7404C6CB4F083E51C255A C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\130ADF60D1B7B3CF82CC6CA82D961601_3B18283AB62553F3E44A5167DD6F24F9 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\130ADF60D1B7B3CF82CC6CA82D961601_AAC3A9644C1DDD708B5D44187DAD1D3B C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1DAF2884EC4DFA96BA4A58D4DBC9C406 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40EB206A466C1F1175CCB23E825B3250 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4309200C3DBAD0F6F0DFACE9165FD092 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_7FD47ADBA091423B24C75A442397FD94 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_DF7139DD72A4FD7006E7247A8DBEB19A C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AA3321A15A787985201D7A6820782F0_35BFA9D40D21E81B408449EB9D85CCA4 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_1AA90551471CB0664C3DD6C6A894EFF8 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_36E3207A43A87A281983E8D0B4D7BCDF C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_B00A1AB5A36E921BCCB421198571D8D4 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A1377F7115F1F126A15360369B165211 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B8CC409ACDBF2A2FE04C56F2875B1FD6 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D725F3459E2275E9EA5871B92AD896D0 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2EF7F0FB7284B9ACFD4F65D02218479 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F063BF7EF604434CBE00FF198F0D9B10 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB788E090BC1F3AA2FBC9E8FB2859601 C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat C:\Users\FRaNKL1N\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico C:\Users\FRaNKL1N\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl C:\Users\FRaNKL1N\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\!!! European homemade stolen pics.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\[ www.Torrenting.com ] - Invasion.OF.The.Bee.Girls.1973.A.VERY.LATE.PROPER.DVDRip.XviD-FiCO.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\_iu_.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\0105.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\1 Plan Feu Les Etr'Anges (2).lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\1 Plan Feu Les EtrAnges.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\1 Plan Feu Les Etr'Anges.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\12 - American Dreamers (feat. Johnny Depp).lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\194_1000.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\233_1000.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\262_1000.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\559_1000.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\566_1000.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\796_1000.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\975_1000.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\ADAK13PCE32.part01.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\AdwCleaner[s1].lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Affichage.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Amy M.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Audio.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\AutoCAD Sheet Sets.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Autour de ma pierre (2).lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Autour de ma pierre.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\avals 1.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Bobi R.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\bot_scintille_v_2.2.scar.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CirkOblik.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Color lookup table.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Comme une goutte (2).lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Comme une goutte.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\de la culture....lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Document.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\European_homemade_stolen_pics.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\evals.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\ff5de8d51f69a28da777c3e82364ea5a96e5afac.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\fico-bgirls.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\FRaNKL1N.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\French Wife Stolen Pics.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\generate_custom_client.rb.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Glitter Bot 1.3.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Hot Teen Private Pics Stolen From Digital Cam.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\iMON_8_04_0629(1).lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\iMON_8_04_0629(2).lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Incoming.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\JRT.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\la lettre final.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\La LeTTRe FiNaLe.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\le_phenix_equipements_v1.4.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Les etranges (2).lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Les ETRANGES.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Les Êtr'Anges.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\lighting_fixtures.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Matériel et audio.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\melquiot.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Mes images.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\New Sheet Set (1).lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\NEW.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Nouveau document texte.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\outlaws.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\piste 1.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Plan Feu.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\pop-bregovic-in-the-deathcar.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\product key.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Program source code.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\renaud live bercy 1982.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Réseau et Internet.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Seafight custom client - v0.96_28.02.2013.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Seafight custom client - v0.97_01.03.2013.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Seafight fid1.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\seafightbots (2).lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\seafightbots.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Seduce.Me.v1.02-OUTLAWS.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Seduce.Me.v1.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\SetupInformation.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Stolen Ex Girlfriends dirty sex pics.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Stolen Nude Pics.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Symbols.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Système et sécurité.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Téléchargements.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\the.rocky.horror.picture.show.(1975).fre.1cd.(3891529).lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\The.Rocky.Horror.Picture.Show.1975.BluRay.480p.H264.srt.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Valhalla.Rising.2009.1080p.BluRay.x264.anoXmous.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\ventdhaleine.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Vera09.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\ZHPDiag.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\Zone 51-Nevada USA-Quand les MIG livraient leur secrets-Documentaire ARTE-27-Mai-2009.lnk C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1ac69134ea4cc3e8.automaticDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\290532160612e071.automaticDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\2b88af31b31e51e0.automaticDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\3193bc67be0f8892.automaticDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\7e4dca80246863e3.automaticDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\82e4bef19f34d53d.automaticDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\918e0ecb43d17e23.automaticDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\9fda41b86ddcf1db.automaticDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\a34c121e5143179.automaticDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\afc415110c888943.automaticDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\ee462c3b81abb6f6.automaticDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1NOPES3J4KFNURHYB81N.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1TNP6KRWM2OJUYPSDQTX.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4T2YWLVDNCMZ0NMQ8BGQ.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5537aa5bfa2c246c.customDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\57GEOBOQZM6IJJCOSBT0.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5afe4de1b92fc382.customDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6b8904e2b6864f0f.customDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6Q42WVX6WRTZJQSS6TXK.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6XF1FWE58GNIV0CV6VRI.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\83b03b46dcd30a0e.customDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\89OC7SNSPQ5WI4Q6T0WY.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8IZUFSFUGDRMFYIQGSYT.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9821aa5a1b3e530e.customDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9DNIT8C11JD1DE9IERQF.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9O7U99PH97X0I2H5Y3A7.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9ZB3XL1Y8JY6I6BDR07K.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ed7a5cc3cca8d52a.customDestinations-ms C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\EQ7E0I28PU0R15O0ZYHG.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\EQI3FAWUIIOBUKQ0SXYF.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\EQYOWYI4B1XBYS9QTZ3O.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\FD73YEXLSSFJTVRLIPQF.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\FO8XCE4CHOF2M86PZW5L.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\G1OJ0JTT3A2WA5DYS0HS.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\HLQ20C8V24AO4I6J1IR1.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\I3AEBY8X149TVJHWDX8I.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\IQACJ3G5Y1Q1X46J94FZ.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KBK3G6SCRNE55XX4WBDL.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\LS0ZBG3H0I7GSAS7RIVQ.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\O32SI40C8DYBR2KOIWUZ.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\O8U0E3V2F48PX2ITLW3Q.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OPJE7TJ1SI8Q2J3R6Y4F.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SAI72T3AQ0HAK6ZS39C1.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SLQ4A6DHOYIZ98Y2UKR1.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\T3IN3E4E8AER8NFQZEKQ.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UY7BCXL4DBARN5KZ8L9J.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\W5BGU8USQLN31MKDUEJS.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\W688WP6X27KOSF6DZCGV.temp C:\Users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\Z629FPT2ET82EMOW480A.temp C:\Users\FRaNKL1N\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini C:\Users\FRaNKL1N\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini C:\Users\FRaNKL1N\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LY9GTFTD\desktop.ini C:\Users\FRaNKL1N\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LY9GTFTD\VersionSFT[1].txt C:\Users\FRaNKL1N\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini C:\Users\FRaNKL1N\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini C:\Users\FRaNKL1N\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat C:\Windows\Prefetch\AgAppLaunch.db C:\Windows\Prefetch\AgGlFaultHistory.db C:\Windows\Prefetch\AgGlFgAppHistory.db C:\Windows\Prefetch\AgGlGlobalHistory.db C:\Windows\Prefetch\AgRobust.db C:\Windows\Prefetch\PfSvPerfStats.bin C:\Windows\Prefetch\ReadyBoot\Trace3.fx C:\Windows\Prefetch\ReadyBoot\Trace4.fx C:\Windows\Prefetch\ReadyBoot\Trace5.fx C:\Windows\Prefetch\ReadyBoot\Trace6.fx C:\Windows\Prefetch\ReadyBoot\Trace7.fx Corbeille vidée. Fin du rapport.
- le 5 mars 2013
- 23 réponses
Trojan:MSIL/Pitit.A

frankl1 a répondu à un(e) sujet de frankl1 dans Analyses et éradication malwares

Bon, tout s'est bien passé =) Voici le rapport ComboFix: ComboFix 13-03-05.01 - FRaNKL1N 05/03/2013 19:51:04.1.3 - x86 Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.3198.2221 [GMT 1:00] Lancé depuis: c:\users\FRaNKL1N\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data c:\data\jce06_SP.pp c:\users\FRaNKL1N\AppData\Roaming\app c:\users\FRaNKL1N\AppData\Roaming\app\Jerakine_lang.dat c:\users\FRaNKL1N\AppData\Roaming\app\Jerakine_lang_vesrion.dat c:\users\FRaNKL1N\AppData\Roaming\dclogs c:\users\FRaNKL1N\AppData\Roaming\RES.exe c:\users\FRaNKL1N\AppData\Roaming\seabugger.exe c:\windows\apppatch\AppLoc.exe c:\windows\apppatch\AppLocA.exe c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\apppatch\unins000.dat c:\windows\apppatch\unins000.exe c:\windows\system32\CddbCdda.dll c:\windows\XSxS . . ((((((((((((((((((((((((((((( Fichiers créés du 2013-02-05 au 2013-03-05 )))))))))))))))))))))))))))))))))))) . . 2013-03-05 18:54 . 2013-03-05 18:54 -------- d-----w- c:\users\FRaNKL1N\AppData\Local\temp 2013-03-05 18:54 . 2013-03-05 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-05 18:33 . 2013-03-05 18:33 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{337A8F5B-1FA5-4D86-9BB5-B2A4E96B04D4}\offreg.dll 2013-03-05 18:09 . 2013-03-05 18:13 -------- d-----w- C:\UsbFix 2013-03-05 17:22 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{337A8F5B-1FA5-4D86-9BB5-B2A4E96B04D4}\mpengine.dll 2013-03-05 17:20 . 2013-03-05 17:20 512 ------w- C:\PhysicalDisk0_MBR.bin 2013-03-05 17:16 . 2013-03-05 17:42 -------- d-----w- C:\ZHP 2013-03-05 17:16 . 2013-03-05 17:20 -------- d-----w- c:\program files\ZHPDiag 2013-03-05 17:01 . 2013-03-05 17:01 -------- d-----w- c:\windows\ERUNT 2013-03-05 17:01 . 2013-03-05 17:01 -------- d-----w- C:\JRT 2013-03-05 16:14 . 2013-03-05 16:14 388096 ----a-r- c:\users\FRaNKL1N\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-03-05 16:14 . 2013-03-05 16:14 -------- d-----w- c:\program files\Trend Micro 2013-03-04 16:27 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-02-18 00:02 . 2013-02-18 00:02 -------- d-----w- c:\program files\GamesCenter 2013-02-18 00:01 . 2013-02-27 21:20 -------- d-----w- c:\users\FRaNKL1N\AppData\Local\SCAR Divi 2013-02-18 00:01 . 2013-02-18 00:01 -------- d-----w- c:\program files\SCAR Divi 2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll 2013-02-15 16:57 . 2012-12-26 04:49 760320 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-15 16:57 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll 2013-02-09 01:48 . 2013-02-09 01:48 -------- d-----w- c:\programdata\ATI 2013-02-09 01:48 . 2013-02-09 01:48 -------- d-----w- c:\program files\AMD AVT 2013-02-09 01:48 . 2013-02-09 01:48 -------- d-----w- c:\program files\AMD APP . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-27 18:56 . 2012-09-08 20:53 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-27 18:56 . 2011-12-08 01:21 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-30 10:53 . 2011-12-08 00:03 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-20 21:08 . 2013-01-20 21:08 49152 ----a-r- c:\users\FRaNKL1N\AppData\Roaming\Microsoft\Installer\{C109AF5B-69D0-4C93-B360-F28D9FAB6084}\NewShortcut1_C109AF5B69D04C93B360F28D9FAB6084.exe 2013-01-20 21:04 . 2013-01-18 18:23 49152 ----a-r- c:\users\FRaNKL1N\AppData\Roaming\Microsoft\Installer\{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}\NewShortcut1_502499DC2EDB45A28F7C83E6E5DE067E.exe 2013-01-20 14:59 . 2013-01-20 14:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 14:59 . 2011-04-27 14:25 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-01-18 19:11 . 2013-01-18 19:11 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-12-19 20:50 . 2012-12-19 20:50 5630200 ----a-w- c:\windows\system32\atiumdag.dll 2012-12-19 20:47 . 2012-12-19 20:47 9647104 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-12-19 20:22 . 2012-12-19 20:22 58880 ----a-w- c:\windows\system32\coinst_9.012.dll 2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\system32\aticalrt.dll 2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\system32\aticalcl.dll 2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\system32\aticaldd.dll 2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\system32\atioglxx.dll 2012-12-19 20:09 . 2012-02-15 03:18 960512 ----a-w- c:\windows\system32\aticfx32.dll 2012-12-19 20:06 . 2012-02-15 03:07 6681088 ----a-w- c:\windows\system32\atidxx32.dll 2012-12-19 19:57 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll 2012-12-19 19:56 . 2012-12-19 19:56 482304 ----a-w- c:\windows\system32\atieclxx.exe 2012-12-19 19:55 . 2012-12-19 19:55 219136 ----a-w- c:\windows\system32\atiesrxx.exe 2012-12-19 19:54 . 2012-12-19 19:54 163840 ----a-w- c:\windows\system32\atitmmxx.dll 2012-12-19 19:54 . 2012-12-19 19:54 20992 ----a-w- c:\windows\system32\atimuixx.dll 2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2012-12-19 19:44 . 2012-12-19 19:44 4162048 ----a-w- c:\windows\system32\atiumdva.dll 2012-12-19 19:34 . 2012-12-19 19:34 78336 ----a-w- c:\windows\system32\amdave32.dll 2012-12-19 19:34 . 2012-12-19 19:34 71168 ----a-w- c:\windows\system32\atisamu32.dll 2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\system32\atimpc32.dll 2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\system32\amdpcom32.dll 2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\system32\atiadlxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\system32\atigktxx.dll 2012-12-19 19:32 . 2012-12-19 19:32 442368 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-12-19 19:31 . 2012-02-15 02:12 109568 ----a-w- c:\windows\system32\atiuxpag.dll 2012-12-19 19:30 . 2012-12-19 19:30 83968 ----a-w- c:\windows\system32\atiu9pag.dll 2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-12-19 14:45 . 2012-12-19 14:45 180224 ----a-w- c:\windows\system32\clinfo.exe 2012-12-19 14:44 . 2012-12-19 14:44 65536 ----a-w- c:\windows\system32\OpenVideo.dll 2012-12-19 14:44 . 2012-12-19 14:44 56320 ----a-w- c:\windows\system32\OVDecode.dll 2012-12-19 14:38 . 2012-12-19 14:38 28732928 ----a-w- c:\windows\system32\amdocl.dll 2012-12-19 14:34 . 2012-12-19 14:34 50176 ----a-w- c:\windows\system32\OpenCL.dll 2012-12-16 14:13 . 2012-12-22 02:00 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-22 02:00 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-07 12:26 . 2013-01-08 22:43 308736 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 12:20 . 2013-01-08 22:43 2576384 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 10:46 . 2013-01-08 22:43 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 10:46 . 2013-01-08 22:43 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 10:46 . 2013-01-08 22:43 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 10:46 . 2013-01-08 22:43 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 10:46 . 2013-01-08 22:43 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 10:46 . 2013-01-08 22:43 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 10:46 . 2013-01-08 22:43 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 10:46 . 2013-01-08 22:43 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 10:46 . 2013-01-08 22:43 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 10:46 . 2013-01-08 22:43 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 10:46 . 2013-01-08 22:43 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 10:46 . 2013-01-08 22:43 15360 ----a-w- c:\windows\system32\djctq.rs 2012-12-07 10:46 . 2013-01-08 22:43 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 10:46 . 2013-01-08 22:43 51712 ----a-w- c:\windows\system32\esrb.rs 2013-02-20 17:57 . 2012-09-07 00:08 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2009-11-04 380928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "Cmaudio8788GX"="c:\windows\system\HsMgr.exe" [2008-07-11 200704] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808] "iMON"="c:\program files\SoundGraph\iMON\iMON.exe" [2011-06-28 3608576] . c:\users\FRaNKL1N\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ seabugger 1.1 fix.exe [2012-10-28 1691648] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2012-6-24 155648] AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2012-6-24 651264] Hyperappel du Petit Larousse 2009.lnk - c:\program files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe [2012-1-11 237568] MOTU Pedal Service.lnk - c:\program files\MOTU\Audio\MFWAKeys.exe [2011-8-5 188784] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\Drivers\AVerAF35.sys [x] R3 MagixASIODrv;MAGIX_ASIO_BoostDriver;c:\program files\MAGIX\Samplitude_11\mxasio.sys [x] R3 mfwamidi;MOTU Audio MIDI;c:\windows\system32\drivers\mfwamidi.sys [x] R3 mfwawave;MOTU Audio Wave;c:\windows\system32\drivers\mfwawave.sys [x] R3 MotuFWA;MotuFWA;c:\windows\system32\drivers\motufwa.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 PIXMCV;Victor Communication PIX-MCV Driver;c:\windows\system32\Drivers\pixmcvc.sys [x] R3 PIXMCVA;Victor PIX-MCV Audio Capture;c:\windows\system32\Drivers\pixmcva.sys [x] R3 PIXMCVV;Victor PIX-MCV Video Capture;c:\windows\system32\Drivers\pixmcvv.sys [x] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x] S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [x] S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [x] S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [x] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x] S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x] S3 cmudaxp;ASUS Xonar Essence ST Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x] S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . . Contenu du dossier 'Tâches planifiées' . 2013-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-08 18:56] . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.0.254 FF - ProfilePath - c:\users\FRaNKL1N\AppData\Roaming\Mozilla\Firefox\Profiles\4e70480v.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - ExtSQL: 2013-02-15 18:06; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\FRaNKL1N\AppData\Roaming\Mozilla\Firefox\Profiles\4e70480v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-02-27 19:27; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\FRaNKL1N\AppData\Roaming\Mozilla\Firefox\Profiles\4e70480v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - ExtSQL: 2013-02-27 19:27; {239cc760-75a9-4276-b1fc-c0ceb963f373}; c:\users\FRaNKL1N\AppData\Roaming\Mozilla\Firefox\Profiles\4e70480v.default\extensions\{239cc760-75a9-4276-b1fc-c0ceb963f373}.xpi . . ------- Associations de fichier ------- . .scr=AutoCADScriptFile . - - - - ORPHELINS SUPPRIMES - - - - . URLSearchHooks-{8e5025c2-8ea3-430d-80b8-a14151068a6d} - (no file) HKLM-Run-Cmaudio8788 - cmicnfgp.cpl AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2013-03-05 19:55:48 ComboFix-quarantined-files.txt 2013-03-05 18:55 . Avant-CF: 13 033 713 664 octets libres Après-CF: 12 840 955 904 octets libres . - - End Of File - - 9BF595FCCA999AF436A9E5F683398341
- le 5 mars 2013
- 23 réponses
Trojan:MSIL/Pitit.A

frankl1 a répondu à un(e) sujet de frankl1 dans Analyses et éradication malwares

J'ai un soucis avec Combofix, j'ai suivi les instructions pour arrêter la protection en temps réel de MSE mais Combofix m'envoie un message me disant que deux processus MSE sont toujours actifs et que ça peut endommager mon système =/ Que dois je faire?
- le 5 mars 2013
- 23 réponses
Trojan:MSIL/Pitit.A

frankl1 a répondu à un(e) sujet de frankl1 dans Analyses et éradication malwares

oui, à 19h23 j'ai toujours pitit.A detecté par MSE ainsi que Fynloski.A en quarantaine.
- le 5 mars 2013
- 23 réponses
Trojan:MSIL/Pitit.A

frankl1 a répondu à un(e) sujet de frankl1 dans Analyses et éradication malwares

Et le 2e rapport USBFix, désolé je fatigue... ^^ Merci pour ton aide Appollo, c'est vraiment cool ############################## | UsbFix V 7.113 | [suppression] Utilisateur: FRaNKL1N (Administrateur) # FRANKL1N-PC Mis à jour le 05/03/2013 par El Desaparecido Lancé à 19:12:52 | 05/03/2013 Site Web: SosVirus • Page dâ€™index Contact: contact@sosvirus.org PC: System manufacturer (System Product Name) (X86-based PC) CPU: AMD Athlon II X3 435 Processor (2900) RAM -> [Total : 3198 | Free : 1964] BIOS: BIOS Date: 04/02/10 12:13:53 Ver: 08.00.15 BOOT: Normal boot OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 32-Bit) # Service Pack 1 WB: Windows Internet Explorer 8.0.7601.17514 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: Microsoft Security Essentials [Enabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Disque fixe # 119 Go (12 Go libre(s) - 10%) [] # NTFS D:\ -> CD-ROM E:\ -> CD-ROM F:\ -> Disque fixe # 466 Go (398 Go libre(s) - 85%) [.: K1FF :.] # NTFS J:\ -> CD-ROM ################## | Processus Stoppés | Stoppé! C:\Program Files\Microsoft Security Client\MsMpEng.exe (900) Stoppé! C:\Windows\system32\atiesrxx.exe (976) Stoppé! C:\Windows\system32\atieclxx.exe (1452) Stoppé! C:\Windows\System32\spoolsv.exe (1556) Stoppé! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1812) Stoppé! C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (1844) Stoppé! C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1932) Stoppé! C:\Windows\system32\taskhost.exe (2040) Stoppé! C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe (628) Stoppé! C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe (1536) Stoppé! C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe (1764) Stoppé! C:\Program Files\Bonjour\mDNSResponder.exe (1956) Stoppé! C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe (924) Stoppé! C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (2184) Stoppé! C:\Windows\system\HsMgr.exe (2216) Stoppé! C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (2256) Stoppé! C:\Program Files\Microsoft Security Client\msseces.exe (2328) Stoppé! C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\ASUSAUDIOCENTER.EXE (2400) Stoppé! C:\Program Files\iTunes\iTunesHelper.exe (2416) Stoppé! C:\Program Files\SOUNDGRAPH\iMON\iMON.exe (2488) Stoppé! C:\Program Files\SuperCopier2\SuperCopier2.exe (2532) Stoppé! C:\Program Files\Windows Sidebar\sidebar.exe (2648) Stoppé! C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (2668) Stoppé! C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (2728) Stoppé! C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (2836) Stoppé! C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe (2904) Stoppé! C:\Program Files\MOTU\Audio\MFWAKeys.exe (3020) Stoppé! C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (3220) Stoppé! C:\Program Files\iPod\bin\iPodService.exe (3284) Stoppé! C:\Program Files\Microsoft Security Client\NisSrv.exe (3396) Stoppé! C:\Windows\system32\SearchIndexer.exe (3868) Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (2632) Stoppé! C:\Program Files\Mozilla Firefox\firefox.exe (5772) Stoppé! C:\Program Files\Mozilla Firefox\plugin-container.exe (4120) Stoppé! C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (1968) ################## | Éléments infectieux | Supprimé! C:\Users\FRaNKL1N\AppData\Roaming\RES.exe Supprimé! C:\Users\FRaNKL1N\AppData\Roaming\seabugger.exe Non supprimé ! E:\autoplay.exe Non supprimé ! E:\AUTORUN.INF Supprimé! F:\autorun.inf (!) Fichiers temporaires supprimés. ################## | Registre | ################## | Mountpoints2 | Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\E Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{850f5428-2056-11e1-9fb3-ca4e9263764a} ################## | Listing | [30/08/2012 - 22:37:57 | SHD ] C:\$Recycle.Bin [15/06/2011 - 11:46:36 | N | 11342848] C:\AAEdit.exe [05/03/2013 - 18:09:57 | N | 10557] C:\AdwCleaner[s1].txt [30/08/2012 - 19:35:22 | D ] C:\AMD [05/01/2012 - 19:16:36 | D ] C:\ASK Video [14/11/2012 - 20:41:18 | D ] C:\Autodesk [10/06/2009 - 22:42:20 | N | 24] C:\autoexec.bat [10/06/2009 - 22:42:20 | N | 10] C:\config.sys [20/01/2013 - 22:31:54 | D ] C:\data [14/07/2009 - 05:53:55 | SHD ] C:\Documents and Settings [05/03/2013 - 18:32:32 | ASH | 2515148800] C:\hiberfil.sys [20/01/2013 - 22:28:58 | D ] C:\ILLUSION [11/01/2012 - 19:09:36 | N | 0] C:\IO.SYS [05/03/2013 - 18:01:14 | D ] C:\JRT [11/01/2012 - 19:09:36 | N | 0] C:\MSDOS.SYS [05/03/2013 - 18:32:33 | ASH | 3353534464] C:\pagefile.sys [14/07/2009 - 03:37:05 | D ] C:\PerfLogs [05/03/2013 - 18:20:33 | N | 512] C:\PhysicalDisk0_MBR.bin [05/03/2013 - 18:42:56 | D ] C:\Program Files [05/03/2013 - 18:11:55 | HD ] C:\ProgramData [06/12/2011 - 22:21:00 | SHD ] C:\Recovery [05/03/2013 - 18:29:49 | SHD ] C:\System Volume Information [05/03/2013 - 19:13:11 | D ] C:\UsbFix [05/03/2013 - 19:13:19 | A | 5164] C:\UsbFix [Clean 2] FRANKL1N-PC.txt [05/03/2013 - 19:10:52 | N | 4876] C:\UsbFix [scan 1] FRANKL1N-PC.txt [06/12/2011 - 22:21:02 | D ] C:\Users [05/03/2013 - 18:30:02 | D ] C:\Windows [05/03/2013 - 18:42:57 | D ] C:\ZHP [18/12/1997 - 18:42:42 | R | 70471] E:\AUTOPLAY.EXE [07/02/1997 - 13:17:14 | R | 60] E:\AUTORUN.INF [17/12/1997 - 20:26:58 | R | 3756] E:\LISEZMOI.TXT [06/08/1998 - 04:04:55 | D ] E:\NETSHOW [13/01/1998 - 16:57:56 | R | 695856] E:\SETUP.EXE [06/08/1998 - 06:26:06 | D ] E:\YDKJ [09/12/1997 - 17:22:42 | R | 3126] E:\YDKJ.BMP [15/02/2012 - 11:51:13 | SHD ] F:\$RECYCLE.BIN [05/03/2013 - 18:30:09 | D ] F:\302c4032f4c16e1fe2 [02/10/2012 - 02:00:42 | D ] F:\71d95c229cc7ceb82c10 [05/02/2013 - 00:51:06 | N | 108372246] F:\Arizona Dream [full album] [soundtrack] [mp3 320 kbps CBR] [EAC Lame] [MoUSE].rar [05/03/2013 - 16:03:26 | D ] F:\captain francky [19/06/2010 - 15:19:18 | D ] F:\Diskeeper [29/01/2013 - 22:36:07 | D ] F:\Documents and Settings [29/01/2013 - 22:35:26 | D ] F:\FiLMS [26/08/2012 - 01:16:13 | D ] F:\GetDataBack for FAT and NTFS v4.0.0.1 Portable [06/02/2013 - 21:30:48 | N | 2621104] F:\Goran Bregovic - Arizona Dream sountrack - 01 - In The Death Car - Performed By Iggy Pop.mp3 [02/02/2013 - 00:59:25 | N | 77690447] F:\Les Garçons Bouchers-Écoutepetitfrère.rar [31/12/2012 - 23:07:39 | N | 724972062] F:\Mano Negra - Live 1991 (Lyon, Transbordeur).avi [22/02/2012 - 14:10:15 | D ] F:\msdownld.tmp [24/01/2011 - 19:21:30 | SHD ] F:\RECYCLER [29/12/2012 - 18:19:11 | N | 740696064] F:\renaud live bercy 1982.avi [02/02/2013 - 01:00:33 | N | 166923243] F:\Stupeflip - ( Stupeflip 2003 + Stup Religion 2005).rar [04/03/2013 - 14:13:01 | D ] F:\stupeflip - hypnoflip invasion [08/11/2010 - 02:41:08 | SHD ] F:\System Volume Information [27/06/2010 - 21:31:23 | ASH | 6144] F:\Thumbs.db [28/08/2011 - 21:35:12 | N | 162] F:\~$ammax2.htm ################## | Vaccin | C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) ################## | E.O.F | SosVirus • Page dâ€™index |
- le 5 mars 2013
- 23 réponses
Trojan:MSIL/Pitit.A

frankl1 a répondu à un(e) sujet de frankl1 dans Analyses et éradication malwares

J'ai refait le rapport RogueKiller: RogueKiller V8.5.2 [Feb 23 2013] par Tigzy mail : tigzyRK<at>gmail<dot>com Remontees : [RogueKiller] Remontées Site Web : Télécharger RogueKiller (Site Officiel) Blog : tigzy-RK Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Demarrage : Mode normal Utilisateur : FRaNKL1N [Droits d'admin] Mode : HOSTS RAZ -- Date : 05/03/2013 19:05:48 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 0 ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 genuine.microsoft.com 127.0.0.1 mpa.one.microsoft.com 127.0.0.1 sa.windows.com 127.0.0.1 se.windows.com 127.0.0.1 ie.search.msn.com 127.0.0.1 wustat.windows.com 127.0.0.1 wutrack.windows.com 127.0.0.1 catalog.microsoft.com 127.0.0.1 sls.microsoft.com ¤¤¤ Nouveau fichier HOSTS: ¤¤¤ 127.0.0.1 localhost Termine : << RKreport[3]_H_05032013_190548.txt >> RKreport[1]_S_05032013_184633.txt ; RKreport[2]_D_05032013_184733.txt ; RKreport[3]_H_05032013_190548.txt Voici le rapport USBFix: ############################## | UsbFix V 7.113 | [Recherche] Utilisateur: FRaNKL1N (Administrateur) # FRANKL1N-PC Mis à jour le 05/03/2013 par El Desaparecido Lancé à 19:10:17 | 05/03/2013 Site Web: SosVirus • Page dâ€™index Contact: contact@sosvirus.org PC: System manufacturer (System Product Name) (X86-based PC) CPU: AMD Athlon II X3 435 Processor (2900) RAM -> [Total : 3198 | Free : 2068] BIOS: BIOS Date: 04/02/10 12:13:53 Ver: 08.00.15 BOOT: Normal boot OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 32-Bit) # Service Pack 1 WB: Windows Internet Explorer 8.0.7601.17514 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: Microsoft Security Essentials [Enabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Disque fixe # 119 Go (12 Go libre(s) - 10%) [] # NTFS D:\ -> CD-ROM E:\ -> CD-ROM F:\ -> Disque fixe # 466 Go (398 Go libre(s) - 85%) [.: K1FF :.] # NTFS J:\ -> CD-ROM ################## | Processus Actif | C:\Windows\system32\csrss.exe (440) C:\Windows\system32\wininit.exe (528) C:\Windows\system32\csrss.exe (536) C:\Windows\system32\services.exe (584) C:\Windows\system32\lsass.exe (600) C:\Windows\system32\lsm.exe (608) C:\Windows\system32\winlogon.exe (664) C:\Windows\system32\svchost.exe (752) C:\Windows\system32\svchost.exe (832) C:\Program Files\Microsoft Security Client\MsMpEng.exe (900) C:\Windows\system32\atiesrxx.exe (976) C:\Windows\System32\svchost.exe (1024) C:\Windows\System32\svchost.exe (1064) C:\Windows\system32\svchost.exe (1096) C:\Windows\system32\svchost.exe (1120) C:\Windows\system32\svchost.exe (1380) C:\Windows\system32\atieclxx.exe (1452) C:\Windows\System32\spoolsv.exe (1556) C:\Windows\system32\svchost.exe (1608) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1812) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (1844) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1932) C:\Windows\system32\Dwm.exe (1984) C:\Windows\system32\taskhost.exe (2040) C:\Windows\Explorer.EXE (112) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe (628) C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe (1536) C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe (1764) C:\Program Files\Bonjour\mDNSResponder.exe (1956) C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe (924) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (2184) C:\Windows\system\HsMgr.exe (2216) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (2256) C:\Program Files\Microsoft Security Client\msseces.exe (2328) C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\ASUSAUDIOCENTER.EXE (2400) C:\Program Files\iTunes\iTunesHelper.exe (2416) C:\Program Files\SOUNDGRAPH\iMON\iMON.exe (2488) C:\Program Files\SuperCopier2\SuperCopier2.exe (2532) C:\Program Files\Windows Sidebar\sidebar.exe (2648) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (2668) C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (2728) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (2836) C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe (2904) C:\Program Files\MOTU\Audio\MFWAKeys.exe (3020) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (3220) C:\Program Files\iPod\bin\iPodService.exe (3284) C:\Program Files\Microsoft Security Client\NisSrv.exe (3396) C:\Windows\system32\SearchIndexer.exe (3868) C:\Program Files\Windows Media Player\wmpnetwk.exe (2632) C:\Windows\system32\svchost.exe (2712) C:\Windows\System32\svchost.exe (3884) C:\Windows\system32\taskhost.exe (3604) C:\Program Files\Mozilla Firefox\firefox.exe (5772) C:\Program Files\Mozilla Firefox\plugin-container.exe (4120) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (1968) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (3108) C:\Windows\system32\SearchProtocolHost.exe (5252) C:\Windows\system32\SearchFilterHost.exe (3488) C:\UsbFix\Go.exe (4804) C:\Windows\system32\wbem\wmiprvse.exe (4612) ################## | Éléments infectieux | Présent! C:\Users\FRaNKL1N\AppData\Roaming\RES.exe Présent! C:\Users\FRaNKL1N\AppData\Roaming\seabugger.exe Présent! E:\autoplay.exe Présent! E:\AUTORUN.INF Présent! F:\autorun.inf ################## | Registre | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\E Shell\AutoRun\Command = E:\Startup.exe HKCU\.\.\.\.\Explorer\MountPoints2\{850f5428-2056-11e1-9fb3-ca4e9263764a} Shell\AutoRun\Command = J:\Startup.exe ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné! ################## | E.O.F | SosVirus • Page dâ€™index |
- le 5 mars 2013
- 23 réponses
Trojan:MSIL/Pitit.A

frankl1 a répondu à un(e) sujet de frankl1 dans Analyses et éradication malwares

Voici le rapport ZHPFix: Rapport de ZHPFix 1.4.01 par Nicolas Coolman, Update du 02/03/2013 Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-05-03-2013-18-42-57.txt Run by FRaNKL1N at 05/03/2013 18:42:57 High Elevated Privileges : OK Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601) Corbeille vidée ========== Processus mémoire ========== SUPPRIME Memory Process: C:\Users\FRaNKL1N\AppData\Local\Temp\MyClaroTB.exe ========== Clé(s) du Registre ========== SUPPRIME Key: HKCU\Software\DC3_FEXEC SUPPRIME CLSID MPSK: {e671d1f3-61a1-11e2-bf42-485b39c9f3e7} ========== Valeur(s) du Registre ========== SUPPRIME {068BE913-0F5E-4E49-8C43-D7899BAE7B0F} SUPPRIME {0DBD7A85-BB83-4B67-A694-30A184737513} ABSENT Valeur Standard Profile: FirewallRaz : ABSENT Valeur Domain Profile: FirewallRaz : SUPPRIME FirewallRaz (Private) : TCP Query User{847ADA9D-BA2C-47DA-B8E7-DE059B8AC7C4}C:\users\frankl1n\downloads\antistealth.exe SUPPRIME FirewallRaz (Private) : UDP Query User{8FE5DE93-FECA-4E78-8BE6-76F81EA4A7CC}C:\users\frankl1n\downloads\antistealth.exe SUPPRIME FirewallRaz (Private) : TCP Query User{223FE9EB-B00F-49A1-A483-0B02CF718D46}C:\users\frankl1n\downloads\antistealth(2).exe SUPPRIME FirewallRaz (Private) : UDP Query User{0C102CB1-E7A7-4470-8A23-664E64C580BE}C:\users\frankl1n\downloads\antistealth(2).exe ========== Dossier(s) ========== SUPPRIME Folder: C:\Program Files\~Web Assistant SUPPRIME Folder: C:\Users\FRaNKL1N\AppData\Roaming\dclogs SUPPRIME Folder: c:\users\frankl1n\appdata\local\google\chrome\user data\default\extensions\pgafcinpmmpklohkojmllohdhomoefph SUPPRIME Folder: c:\users\frankl1n\appdata\local\google\chrome\user data\default\extensions\mkndcbhcgphcfkkddanakjiepeknbgle SUPPRIME Temporaires Windows SUPPRIME Flash Cookies ========== Fichier(s) ========== SUPPRIME Reboot e:\autoplay.exe SUPPRIME File: c:\users\frankl1n\appdata\local\temp\myclarotb.exe ABSENT Folder/File: c:\users\frankl1n\appdata\local\temp\myclarotb.exe SUPPRIME Temporaires Windows SUPPRIME Flash Cookies ========== Tache planifiée ========== SUPPRIME Task: {55DD8576-9634-4D30-9F4E-B25A9E3993DB} ========== Récapitulatif ========== 1 : Processus mémoire 2 : Clé(s) du Registre 8 : Valeur(s) du Registre 6 : Dossier(s) 5 : Fichier(s) 1 : Tache planifiée End of clean in 00mn 03s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 05/03/2013 18:42:57 [2339] Et puis celui de roguekiller: RogueKiller V8.5.2 [Feb 23 2013] par Tigzy mail : tigzyRK<at>gmail<dot>com Remontees : [RogueKiller] Remontées Site Web : Télécharger RogueKiller (Site Officiel) Blog : tigzy-RK Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Demarrage : Mode normal Utilisateur : FRaNKL1N [Droits d'admin] Mode : Recherche -- Date : 05/03/2013 18:46:33 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 11 ¤¤¤ [TASK][sUSP PATH] VisualBeeRecovery : C:\Users\FRaNKL1N\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe /s [x] -> TROUVÉ [TASK][sUSP PATH] {708DC93C-D6C4-469E-A385-7B5704358C98} : C:\Users\FRaNKL1N\Desktop\__©___\seabugger.exe [x] -> TROUVÉ [TASK][sUSP PATH] {70F0BA2F-968C-4852-8461-E78358052633} : C:\Users\FRaNKL1N\Desktop\__©___\seabugger.exe [x] -> TROUVÉ [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> TROUVÉ [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> TROUVÉ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ [HJ] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ [RUN][HJNAME] [ON_F:Administrateur]HKCU[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\ctfmon.exe) [7] -> TROUVÉ [RUN][HJNAME] [ON_F:Administrateur.KFRAN-M4HI790R4]HKCU[...]\Run : CTFMON.EXE (C:\WINDOWS\System32\CTFMON.EXE) [7] -> TROUVÉ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ ¤¤¤ Ruches Externes: ¤¤¤ -> F:\Documents and Settings\Administrateur\NTUSER.DAT -> F:\Documents and Settings\Administrateur.KFRAN-M4HI790R4\NTUSER.DAT ¤¤¤ Fichier HOSTS: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 genuine.microsoft.com 127.0.0.1 mpa.one.microsoft.com 127.0.0.1 sa.windows.com 127.0.0.1 se.windows.com 127.0.0.1 ie.search.msn.com 127.0.0.1 wustat.windows.com 127.0.0.1 wutrack.windows.com 127.0.0.1 catalog.microsoft.com 127.0.0.1 sls.microsoft.com ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: M4-CT128M4SSD2 ATA Device +++++ --- User --- [MBR] 4976cff091951b572217e6b33fe9035e [bSP] 8923b3684e78c2bd03948ad62ecc4f8d : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Hitachi HDT725050VLA380 USB Device +++++ --- User --- [MBR] 13f81298c7b5fb9f04014f1b7202d7b1 [bSP] f8d28cb9445e4e63f6541db3f5a509b8 : Windows XP MBR Code Partition table: 0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 476929 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[1]_S_05032013_184633.txt >> RKreport[1]_S_05032013_184633.txt J'ai laissé mon disque dur externe connecté sur toutes les procédures demandées.
- le 5 mars 2013
- 23 réponses
Trojan:MSIL/Pitit.A

frankl1 a répondu à un(e) sujet de frankl1 dans Analyses et éradication malwares

Petit détail, au dernier redémarragge après scan de zhp, windows a fait une mise à jour... J'espère que ça ne va pas perturber le processus de désinfection =(
- le 5 mars 2013
- 23 réponses
Trojan:MSIL/Pitit.A

frankl1 a répondu à un(e) sujet de frankl1 dans Analyses et éradication malwares

Alors tout d'abord merci pour l'attention que tu portes à mon souci =) Ensuite, voici le premier rapport demandé: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.6.8 (03.04.2013:1) OS: Windows 7 Ultimate x86 Ran by FRaNKL1N on 05/03/2013 at 18:04:19,91 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] browser manager Successfully deleted: [service] browser manager Successfully stopped: [service] web assistant updater Successfully deleted: [service] web assistant updater ~~~ Registry Values Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\browsermngr start page Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\browsermngrdefaultscope Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bprotector start page Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\bprotectordefaultscope Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{9e131a93-eed7-4beb-b015-a0adb30b5646} Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1733362103-3001561948-3460745233-1000\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1733362103-3001561948-3460745233-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1 Successfully deleted: [Registry Key] hkey_local_machine\software\babylon Successfully deleted: [Registry Key] hkey_local_machine\software\babylontoolbar Successfully deleted: [Registry Key] hkey_current_user\software\browsermngr Successfully deleted: [Registry Key] hkey_local_machine\software\browsermngr Successfully deleted: [Registry Key] hkey_current_user\software\conduit Successfully deleted: [Registry Key] hkey_local_machine\software\conduit Failed to delete: [Registry Key] hkey_current_user\software\datamngr Failed to delete: [Registry Key] hkey_local_machine\software\datamngr Successfully deleted: [Registry Key] hkey_current_user\software\im Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller Successfully deleted: [Registry Key] hkey_current_user\software\sweetim Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim Successfully deleted: [Registry Key] hkey_local_machine\software\web assistant Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibar_installer_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibar_installer_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3128284 Successfully deleted: [Registry Key] hkey_classes_root\clsid\{000f18f2-09eb-4a59-82b2-5ae4184c39c3} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{000f18f2-09eb-4a59-82b2-5ae4184c39c3} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{336d0c35-8a85-403a-b9d2-65c292c39087} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9e131a93-eed7-4beb-b015-a0adb30b5646} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{cff4db9b-135f-47c0-9269-b4c6572fd61a} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\babylon" Failed to delete: [Folder] "C:\ProgramData\browser manager" Successfully deleted: [Folder] "C:\ProgramData\visualbee" Failed to delete: [Folder] "C:\ProgramData\application data\browser manager" Successfully deleted: [Folder] "C:\Users\FRaNKL1N\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\FRaNKL1N\appdata\local\ilivid player" Successfully deleted: [Folder] "C:\Users\FRaNKL1N\appdata\local\visualbeeexe" Successfully deleted: [Folder] "C:\Users\FRaNKL1N\appdata\locallow\claro ltd" Successfully deleted: [Folder] "C:\Users\FRaNKL1N\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Program Files\claro ltd" Successfully deleted: [Folder] "C:\Program Files\conduit" Successfully deleted: [Folder] "C:\Users\FRaNKL1N\start menu\programs\browser manager" ~~~ FireFox Successfully deleted: [File] C:\user.js Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml" Successfully deleted: [File] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\user.js Successfully deleted: [File] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\bprotector_extensions.sqlite Successfully deleted: [File] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\bprotector_prefs.js Successfully deleted: [File] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi Successfully deleted: [File] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\searchplugins\babylonmngr.xml Successfully deleted: [File] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\searchplugins\conduit.xml Successfully deleted: [File] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\searchplugins\mystart search.xml Successfully deleted: [File] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\searchplugins\sweetim.xml Successfully deleted: [Folder] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\smartbar Successfully deleted: [Folder] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\extensions\ffxtlbr@claro.com Successfully deleted: [Folder] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847} Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087} Successfully deleted the following from C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\prefs.js user_pref("CT3128284.1000082.isPlayDisplay", "true"); user_pref("CT3128284.1000082.state", "{\"state\":\"stopped\",\"text\":\"RMC\",\"description\":\"RMC\",\"url\":\"hxxp://vipicecast.yacast.net/rmc\"}"); user_pref("CT3128284.1000234.TWC_TMP_city", "PARIS"); user_pref("CT3128284.1000234.TWC_TMP_country", "FR"); user_pref("CT3128284.3128284a129638404769606799000000paramsGK0", "{\"updateReqTime\":1345889432498,\"updateRespTime\":1345889432917,\"data\":{\"settings\":{\"icon\":\"hxxp://s user_pref("CT3128284.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT3128284.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT3128284.FirstTime", "true"); user_pref("CT3128284.FirstTimeFF3", "true"); user_pref("CT3128284.RSS_Pub_Config", "{\"settings\":{\"icon\":\"hxxp://storage.conduit.com/bankimages/iconsGallery/24/4669380633664526619.png\",\"componentId\":\"129638404769 user_pref("CT3128284.RSSapp3128284a129638404769606799000000ReadItemsArr", "%7B%22571579%22%3A0%2C%22571545%22%3A0%2C%22571433%22%3A0%2C%22571423%22%3A0%2C%22571213%22%3A0%2C%2 user_pref("CT3128284.RSSapp3128284a129638404769606799000000cat0", "%5B%7B%22type%22%3A%22rss%22%2C%22version%22%3A%222.0%22%2C%22title%22%3A%2201net.%20Actualit%C3%A9s%20-%20L user_pref("CT3128284.RSSapp3128284a129638404769606799000000cat1", "%5B%7B%22type%22%3A%22rss%22%2C%22version%22%3A%222.0%22%2C%22title%22%3A%2201net.%20Actualit%C3%A9s%22%2C%2 user_pref("CT3128284.RSSapp3128284a129638404769606799000000embeddedVersion", "2.4.0"); user_pref("CT3128284.RSSapp3128284a129638404769606799000000feedsObj", "%7B%22channels%22%3A%7B%22id%22%3A%22channels%22%2C%22type%22%3A%22rss%22%2C%22data%22%3A%7B%22categorie user_pref("CT3128284.RSSapp3128284a129638404769606799000000lastReportTime", "1345889432922 "); user_pref("CT3128284.RSSapp3128284a129638404769606799000000newFeeds", "newFeeds"); user_pref("CT3128284.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3128284&SearchSource=2&q="); user_pref("CT3128284.UserID", "UN73544273949540752"); user_pref("CT3128284.addressBarTakeOverEnabledInHidden", "true"); user_pref("CT3128284.autoDisableScopes", -1); user_pref("CT3128284.browser.search.defaultthis.engineName", true); user_pref("CT3128284.defaultSearch", "true"); user_pref("CT3128284.embeddedsData", "[{\"appId\":\"129638404645388048\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get user_pref("CT3128284.enableAlerts", "always"); user_pref("CT3128284.enableSearchFromAddressBar", "true"); user_pref("CT3128284.firstTimeDialogOpened", "true"); user_pref("CT3128284.fixPageNotFoundError", "true"); user_pref("CT3128284.fixPageNotFoundErrorInHidden", "true"); user_pref("CT3128284.fixUrls", true); user_pref("CT3128284.installId", "ct3128284_01net.com.exe"); user_pref("CT3128284.installType", "ConduitNSISIntegration"); user_pref("CT3128284.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT3128284.isNewTabEnabled", true); user_pref("CT3128284.isPerformedSmartBarTransition", "true"); user_pref("CT3128284.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); user_pref("CT3128284.keyword", true); user_pref("CT3128284.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp:/ user_pref("CT3128284.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); user_pref("CT3128284.openThankYouPage", "false"); user_pref("CT3128284.openUninstallPage", "true"); user_pref("CT3128284.search.searchAppId", "129638404645388048"); user_pref("CT3128284.search.searchCount", "0"); user_pref("CT3128284.searchInNewTabEnabledInHidden", "true"); user_pref("CT3128284.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT3128284.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); user_pref("CT3128284.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}"); user_pref("CT3128284.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3128284\"}"); user_pref("CT3128284.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://01NETcom.OurToolbar.com//xpi\"}"); user_pref("CT3128284.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"01NET.com\"}"); user_pref("CT3128284.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); user_pref("CT3128284.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}"); user_pref("CT3128284.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1345835423672"); user_pref("CT3128284.serviceLayer_services_appsMetadata_lastUpdate", "1345835423260"); user_pref("CT3128284.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1345835423942"); user_pref("CT3128284.serviceLayer_services_login_10.10.12.503_lastUpdate", "1345835424734"); user_pref("CT3128284.serviceLayer_services_login_10.10.27.6_lastUpdate", "1348483698058"); user_pref("CT3128284.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1345835423889"); user_pref("CT3128284.serviceLayer_services_searchAPI_lastUpdate", "1345835422630"); user_pref("CT3128284.serviceLayer_services_serviceMap_lastUpdate", "1348425866830"); user_pref("CT3128284.serviceLayer_services_toolbarContextMenu_lastUpdate", "1345835423915"); user_pref("CT3128284.serviceLayer_services_toolbarSettings_lastUpdate", "1348490897164"); user_pref("CT3128284.serviceLayer_services_translation_lastUpdate", "1348425866987"); user_pref("CT3128284.settingsINI", true); user_pref("CT3128284.shouldFirstTimeDialog", "false"); user_pref("CT3128284.smartbar.CTID", "CT3128284"); user_pref("CT3128284.smartbar.Uninstall", "0"); user_pref("CT3128284.smartbar.homepage", true); user_pref("CT3128284.smartbar.toolbarName", "01NET.com "); user_pref("CT3128284.startPage", "userChanged"); user_pref("CT3128284.toolbarBornServerTime", "24-8-2012"); user_pref("CT3128284.toolbarCurrentServerTime", "24-9-2012"); user_pref("CT3128284.twitter_v1.8.0_twitter_app_open_t_f", "false"); user_pref("Smartbar.ConduitHomepagesList", ""); user_pref("Smartbar.ConduitSearchEngineList", ""); user_pref("Smartbar.ConduitSearchUrlList", ""); user_pref("Smartbar.keywordURLSelectedCTID", "CT3128284"); user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=109597&tt=3612_1&babsrc=HP_ss&mntrId=be343256000000000000485b39c9f3e7"); user_pref("avg.install.userSPSettings", "Search the web (Babylon)"); user_pref("browser.newtab.url", "hxxp://www.claro-search.com/?affID=113597&tt=3712_1&babsrc=NT_clro&mntrId=be343256000000000000485b39c9f3e7"); user_pref("browser.search.defaultenginename", "Claro Search"); user_pref("browser.search.order.1", "Claro Search"); user_pref("extensions.BabylonToolbar_i.newTab", true); user_pref("extensions.claro.admin", false); user_pref("extensions.claro.aflt", "babsst"); user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}"); user_pref("extensions.claro.autoRvrt", "false"); user_pref("extensions.claro.cntry", "FR"); user_pref("extensions.claro.dfltLng", "en"); user_pref("extensions.claro.envrmnt", "production"); user_pref("extensions.claro.excTlbr", false); user_pref("extensions.claro.hdrMd5", "C0FB1D97ADD37D43D1FD7D1377473DDE"); user_pref("extensions.claro.hmpg", false); user_pref("extensions.claro.id", "be343256000000000000485b39c9f3e7"); user_pref("extensions.claro.instlDay", "15754"); user_pref("extensions.claro.instlRef", "sst"); user_pref("extensions.claro.isdcmntcmplt", true); user_pref("extensions.claro.lastVrsnTs", "1.6.4.119:50:34"); user_pref("extensions.claro.mntrvrsn", "1.3.1"); user_pref("extensions.claro.newTab", false); user_pref("extensions.claro.prdct", "claro"); user_pref("extensions.claro.prtnrId", "claro"); user_pref("extensions.claro.rvrt", "false"); user_pref("extensions.claro.sg", "none"); user_pref("extensions.claro.smplGrp", "none"); user_pref("extensions.claro.tlbrId", "base"); user_pref("extensions.claro.tlbrSrchUrl", ""); user_pref("extensions.claro.vrsn", "1.8.8.5"); user_pref("extensions.claro.vrsnTs", "1.6.4.119:50:34"); user_pref("extensions.claro.vrsni", "1.8.8.5"); user_pref("extensions.claro_i.excTlbr", false); user_pref("extensions.claro_i.newTab", false); user_pref("extensions.claro_i.smplGrp", "none"); user_pref("extensions.claro_i.vrsnTs", "1.8.8.51:01:49"); user_pref("extensions.incredibar_i.aflt", "orgnl"); user_pref("extensions.incredibar_i.dfltLng", ""); user_pref("extensions.incredibar_i.did", "10643"); user_pref("extensions.incredibar_i.excTlbr", false); user_pref("extensions.incredibar_i.id", "be343256000000000000485b39c9f3e7"); user_pref("extensions.incredibar_i.installerproductid", "26"); user_pref("extensions.incredibar_i.instlDay", "15596"); user_pref("extensions.incredibar_i.instlRef", ""); user_pref("extensions.incredibar_i.ms_url_id", ""); user_pref("extensions.incredibar_i.newTab", false); user_pref("extensions.incredibar_i.ppd", "6666646935"); user_pref("extensions.incredibar_i.prdct", "incredibar"); user_pref("extensions.incredibar_i.productid", "26"); user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); user_pref("extensions.incredibar_i.smplGrp", "none"); user_pref("extensions.incredibar_i.tlbrId", "base"); user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=1&loc=IB_TB&i=26&search="); user_pref("extensions.incredibar_i.upn2", "1"); user_pref("extensions.incredibar_i.upn2n", "1"); user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1418:40:27"); user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3128284&SearchSource=2&q="); Emptied folder: C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\minidumps [40 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 05/03/2013 at 18:06:17,47 Computer was rebooted End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Voici le 2e: # AdwCleaner v2.114 - Rapport créé le 05/03/2013 à 18:09:46 # Mis à jour le 05/03/2013 par Xplode # Système d'exploitation : Windows 7 Ultimate Service Pack 1 (32 bits) # Nom d'utilisateur : FRaNKL1N - FRANKL1N-PC # Mode de démarrage : Normal # Exécuté depuis : C:\Users\FRaNKL1N\Desktop\adwcleaner.exe # Option [suppression] ***** [services] ***** ***** [Fichiers / Dossiers] ***** Dossier Supprimé : C:\Users\FRaNKL1N\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl Dossier Supprimé : C:\Users\FRaNKL1N\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Dossier Supprimé : C:\Users\FRaNKL1N\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdmaehkiiampolokajdcelladmnopgp Dossier Supprimé : C:\Users\FRaNKL1N\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle Dossier Supprimé : C:\Users\FRaNKL1N\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph Dossier Supprimé : C:\Windows\Installer\{069B290F-5398-4629-A009-85B4BCB4B1B9} Fichier Supprimé : C:\END Fichier Supprimé : C:\Users\FRaNKL1N\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data Fichier Supprimé : C:\Users\FRaNKL1N\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences Fichier Supprimé : C:\Users\FRaNKL1N\AppData\Roaming\Mozilla\Firefox\Profiles\4e70480v.default\searchplugins\claro.xml Supprimé au redémarrage : C:\ProgramData\Browser Manager ***** [Registre] ***** Clé Supprimée : HKCU\Software\953ddddb73ee947 Clé Supprimée : HKCU\Software\Claro LTD Clé Supprimée : HKCU\Software\DataMngr Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\ehdmaehkiiampolokajdcelladmnopgp Clé Supprimée : HKCU\Software\Microsoft\ClaroDirectory Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Clé Supprimée : HKLM\SOFTWARE\953ddddb73ee947 Clé Supprimée : HKLM\Software\Claro LTD Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65} Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Clé Supprimée : HKLM\SOFTWARE\Classes\claro.claroappCore Clé Supprimée : HKLM\SOFTWARE\Classes\claro.claroappCore.1 Clé Supprimée : HKLM\SOFTWARE\Classes\claro.clarodskBnd Clé Supprimée : HKLM\SOFTWARE\Classes\claro.clarodskBnd.1 Clé Supprimée : HKLM\SOFTWARE\Classes\claro.claroHlpr Clé Supprimée : HKLM\SOFTWARE\Classes\claro.claroHlpr.1 Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB} Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC} Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.claroESrvc Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.claroESrvc.1 Clé Supprimée : HKLM\Software\Classes\Installer\Features\F092B960893592640A90584BCB4B1B9B Clé Supprimée : HKLM\Software\Classes\Installer\Products\F092B960893592640A90584BCB4B1B9B Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478} Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Clé Supprimée : HKLM\Software\DataMngr Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\dcillohgikpecbmgioknapdpcjofaafl Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\ehdmaehkiiampolokajdcelladmnopgp Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32 Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32 Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32 Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7 Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9FAC99E2D8280F4482F22004D09FBA2 Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE26D37B0FFFAE4559860C5C4D938B71 Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F092B960893592640A90584BCB4B1B9B Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{069B290F-5398-4629-A009-85B4BCB4B1B9} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\claro Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{1F30D846-4BEF-4246-B19E-7E503B0E6639}] ***** [Navigateurs] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Le registre ne contient aucune entrée illégitime. -\\ Mozilla Firefox v19.0 (fr) Fichier : C:\Users\FRaNKL1N\AppData\Roaming\Mozilla\Firefox\Profiles\4e70480v.default\prefs.js Supprimée : user_pref("CT3128284.1000082.state", "{\"state\":\"stopped\",\"text\":\"RMC\",\"description\":\"RMC\[...] Supprimée : user_pref("CT3128284.3128284a129638404769606799000000paramsGK0", "{\"updateReqTime\":1345889432498,\[...] Supprimée : user_pref("CT3128284.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Supprimée : user_pref("CT3128284.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...] Supprimée : user_pref("CT3128284.RSS_Pub_Config", "{\"settings\":{\"icon\":\"hxxp://storage.conduit.com/bankimag[...] Supprimée : user_pref("CT3128284.embeddedsData", "[{\"appId\":\"129638404645388048\",\"apiPermissions\":{\"cross[...] Supprimée : user_pref("CT3128284.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Supprimée : user_pref("CT3128284.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Supprimée : user_pref("CT3128284.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...] Supprimée : user_pref("CT3128284.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Supprimée : user_pref("CT3128284.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Supprimée : user_pref("CT3128284.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Supprimée : user_pref("CT3128284.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Supprimée : user_pref("CT3128284.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Supprimée : user_pref("CT3128284.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Supprimée : user_pref("CT3128284.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Supprimée : user_pref("CT3128284.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Supprimée : user_pref("CT3128284.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...] -\\ Google Chrome v [impossible d'obtenir la version] Fichier : C:\Users\FRaNKL1N\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Le fichier ne contient aucune entrée illégitime. ************************* AdwCleaner[s1].txt - [10426 octets] - [05/03/2013 18:09:46] ########## EOF - C:\AdwCleaner[s1].txt - [10487 octets] ########## Et enfin le rapport ZHP: http://cjoint.com/?3CfszMSyNLl
- le 5 mars 2013
- 23 réponses
Trojan:MSIL/Pitit.A

frankl1 a posté un sujet dans Analyses et éradication malwares

Bonjour, je poste ce sujet car j'ai une infection sur mon PC. Je pense qu'elle est la cause d'un bug qui m'empêche de travailler car le pc se bloque et m'oblige à le redémarrer de façon barbare... MSE détecte ce malware en nombre et totalement invisible dans le dossier source: Trojan:MSIL/Pitit.A J'ai fait un rapport HiJackThis comme demandé, j'espère que vous pourrez m'aider. Merci. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:14:58, on 05/03/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Windows\system\HsMgr.exe C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\ASUSAUDIOCENTER.EXE C:\Program Files\SOUNDGRAPH\iMON\iMON.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe C:\Program Files\MOTU\Audio\MFWAKeys.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Claro Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.fr - Actus France et Monde - Magazine People & Féminin â€“ Hotmail R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.fr - Actus France et Monde - Magazine People & Féminin â€“ Hotmail R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {8e5025c2-8ea3-430d-80b8-a14151068a6d} - (no file) O2 - BHO: Claro LTD Helper Object - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.8.5\bh\claro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - (no file) O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll O3 - Toolbar: Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.8.5\claroTlbr.dll O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Cmaudio8788GX] C:\Windows\system\HsMgr.exe Envoke O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [iMON] C:\Program Files\SoundGraph\iMON\iMON.exe /startup O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU') O4 - Startup: seabugger 1.1 fix.exe O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe O4 - Global Startup: Hyperappel du Petit Larousse 2009.lnk = C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe O4 - Global Startup: MOTU Pedal Service.lnk = C:\Program Files\MOTU\Audio\MFWAKeys.exe O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing) O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing) O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll O20 - AppInit_DLLs: c:\progra~2\browse~1\261123~1.78\{16cdf~1\browse~1.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: AMD FUEL Service - Unknown owner - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe (file missing) O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 23536 bytes
- le 5 mars 2013
- 23 réponses

Connexion

frankl1

Compteur de contenus

Inscription

Dernière visite

frankl1's Achievements

Junior Member (3/12)

Réputation sur la communauté

Trojan:MSIL/Pitit.A

Trojan:MSIL/Pitit.A

Trojan:MSIL/Pitit.A

Trojan:MSIL/Pitit.A

Trojan:MSIL/Pitit.A

Trojan:MSIL/Pitit.A

Trojan:MSIL/Pitit.A

Trojan:MSIL/Pitit.A

Trojan:MSIL/Pitit.A

Trojan:MSIL/Pitit.A

Trojan:MSIL/Pitit.A

Trojan:MSIL/Pitit.A

Trojan:MSIL/Pitit.A

Trojan:MSIL/Pitit.A

Zebulon

Outils en ligne

Naviguer