Trojan:MSIL/Pitit.A

frankl1 · le 5 mars 2013

Bonjour, je poste ce sujet car j'ai une infection sur mon PC. Je pense qu'elle est la cause d'un bug qui m'empêche de travailler car le pc se bloque et m'oblige à le redémarrer de façon barbare...

MSE détecte ce malware en nombre et totalement invisible dans le dossier source: Trojan:MSIL/Pitit.A

J'ai fait un rapport HiJackThis comme demandé, j'espère que vous pourrez m'aider. Merci.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:14:58, on 05/03/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Windows\system\HsMgr.exe

C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\ASUSAUDIOCENTER.EXE

C:\Program Files\SOUNDGRAPH\iMON\iMON.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe

C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe

C:\Program Files\MOTU\Audio\MFWAKeys.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Claro Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.fr - Actus France et Monde - Magazine People & Féminin â€“ Hotmail

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.fr - Actus France et Monde - Magazine People & Féminin â€“ Hotmail

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {8e5025c2-8ea3-430d-80b8-a14151068a6d} - (no file)

O2 - BHO: Claro LTD Helper Object - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.8.5\bh\claro.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - (no file)

O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll

O3 - Toolbar: Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.8.5\claroTlbr.dll

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Cmaudio8788GX] C:\Windows\system\HsMgr.exe Envoke

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [iMON] C:\Program Files\SoundGraph\iMON\iMON.exe /startup

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')

O4 - Startup: seabugger 1.1 fix.exe

O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe

O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

O4 - Global Startup: Hyperappel du Petit Larousse 2009.lnk = C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe

O4 - Global Startup: MOTU Pedal Service.lnk = C:\Program Files\MOTU\Audio\MFWAKeys.exe

O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)

O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)

O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

O20 - AppInit_DLLs: c:\progra~2\browse~1\261123~1.78\{16cdf~1\browse~1.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: AMD FUEL Service - Unknown owner - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe

O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe

O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe

O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe

O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe

O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe

O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe

O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe (file missing)

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--

End of file - 23536 bytes

Apollo · le 5 mars 2013

Bonjour,

Hijackthis est largué, on ne s'en sert plus parce qu'il ne vaut rien sur les derniers systèmes.

1) Télécharge Junkware Removal Tool Download sur le bureau: Junkware Removal Tool Download

Sous XP, double-clique sur l'icône et presse une touche lorsque cela sera demandé.

Sous Vista/7/8, clic droit/exécuter en temps qu'administrateur.

Si l'antivirus fait des siennes: désactive-le provisoirement. Si tu ne sais pas comment faire, reporte-toi à cet article.

Poste le rapport généré à la fin de l'analyse.

NB: Le bureau disparaitra un instant, c'est normal.

---------------------

2) Télécharge AdwCleaner par Xplode: TÃ©lÃ©chargements - Outils de Xplode - AdwCleaner

Enregistre-le sur le bureau (et pas ailleurs).

Si tu es sous XP double clique sur AdwCleaner pour lancer l'outil.

Si tu es sous Vista/Seven, clique droit sur AdwCleaner et choisis exécuter en temps qu'administrateur.

Clique sur Suppression et laisse travailler l'outil.

Le rapport va s'ouvrir en fichier texte; copie la totalité de son contenu et colle-le dans ta réponse.

Le rapport est en outre sauvegardé sous C:\AdwCleaner[s1]

NB: Si l'outil "cale" en mode normal, le lancer en mode sans échec: Comment démarrer Windows en mode sans échec : Astuces pour Dépanner Windows XP

A lire absolument: Lisez d'abord, cliquez après !!! : Questions sur la Sécurité Windows

Logiciels et sponsors : Questions sur la Sécurité Windows

-------------------------

3) ZHPDiag :

Télécharge ZHPDiag de Nicolas Coolman. et enregistre-le sur le BUREAU.
Double-clique sur ZHPDiag.exe pour lancer l'installation
- Important:
  Sous Vista et Windows 7 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur

N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau.

[*]L'outil a créé 2 icônes ZHPDiag et ZHPFix sur le Bureau.

[*]Double-clique sur ZHPDiag pour lancer l'exécution

Important:
Sous Vista et Windows 7 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur

[*]Clique sur le petit tournevis et clique sur TOUS.

Décocher 045 et 061.

[*]Clique sur la loupe pour lancer l'analyse. Tu patientes jusqu'à ce que le scan affiche 100%

Tu refermes ZHPDiag

[*]Le rapport ZHPDiag.txt se trouve sur le Bureau. (et sous c:\ZHP\ZHPDiag.txt)

Ce rapport étant trop long pour le forum, héberge le :

soit directement sur le forum en pièce jointe dans ta réponse : Ajouter un fichier en pièce jointe sur le forum <<< Seulement pour le forum Vista-XP.fr!
soit sur Cjoint et copie-colle le lien fourni dans ta réponse.

@++

frankl1 · le 5 mars 2013

Alors tout d'abord merci pour l'attention que tu portes à mon souci =)

Ensuite, voici le premier rapport demandé:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.8 (03.04.2013:1)

OS: Windows 7 Ultimate x86

Ran by FRaNKL1N on 05/03/2013 at 18:04:19,91

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [service] browser manager

Successfully deleted: [service] browser manager

Successfully stopped: [service] web assistant updater

Successfully deleted: [service] web assistant updater

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\browsermngr start page

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\browsermngrdefaultscope

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bprotector start page

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\bprotectordefaultscope

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{9e131a93-eed7-4beb-b015-a0adb30b5646}

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1733362103-3001561948-3460745233-1000\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1733362103-3001561948-3460745233-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane

Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1

Successfully deleted: [Registry Key] hkey_local_machine\software\babylon

Successfully deleted: [Registry Key] hkey_local_machine\software\babylontoolbar

Successfully deleted: [Registry Key] hkey_current_user\software\browsermngr

Successfully deleted: [Registry Key] hkey_local_machine\software\browsermngr

Successfully deleted: [Registry Key] hkey_current_user\software\conduit

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

Failed to delete: [Registry Key] hkey_current_user\software\datamngr

Failed to delete: [Registry Key] hkey_local_machine\software\datamngr

Successfully deleted: [Registry Key] hkey_current_user\software\im

Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim

Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim

Successfully deleted: [Registry Key] hkey_local_machine\software\web assistant

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasmancs

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibar_installer_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibar_installer_rasmancs

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasmancs

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3128284

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{000f18f2-09eb-4a59-82b2-5ae4184c39c3}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{000f18f2-09eb-4a59-82b2-5ae4184c39c3}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{336d0c35-8a85-403a-b9d2-65c292c39087}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9e131a93-eed7-4beb-b015-a0adb30b5646}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{cff4db9b-135f-47c0-9269-b4c6572fd61a}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Failed to delete: [Folder] "C:\ProgramData\browser manager"

Successfully deleted: [Folder] "C:\ProgramData\visualbee"

Failed to delete: [Folder] "C:\ProgramData\application data\browser manager"

Successfully deleted: [Folder] "C:\Users\FRaNKL1N\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\FRaNKL1N\appdata\local\ilivid player"

Successfully deleted: [Folder] "C:\Users\FRaNKL1N\appdata\local\visualbeeexe"

Successfully deleted: [Folder] "C:\Users\FRaNKL1N\appdata\locallow\claro ltd"

Successfully deleted: [Folder] "C:\Users\FRaNKL1N\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Program Files\claro ltd"

Successfully deleted: [Folder] "C:\Program Files\conduit"

Successfully deleted: [Folder] "C:\Users\FRaNKL1N\start menu\programs\browser manager"

~~~ FireFox

Successfully deleted: [File] C:\user.js

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"

Successfully deleted: [File] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\user.js

Successfully deleted: [File] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\bprotector_extensions.sqlite

Successfully deleted: [File] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\bprotector_prefs.js

Successfully deleted: [File] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi

Successfully deleted: [File] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\searchplugins\babylonmngr.xml

Successfully deleted: [File] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\searchplugins\conduit.xml

Successfully deleted: [File] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\searchplugins\mystart search.xml

Successfully deleted: [File] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\searchplugins\sweetim.xml

Successfully deleted: [Folder] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\smartbar

Successfully deleted: [Folder] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\extensions\ffxtlbr@claro.com

Successfully deleted: [Folder] C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}

Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}

Successfully deleted the following from C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\prefs.js

user_pref("CT3128284.1000082.isPlayDisplay", "true");

user_pref("CT3128284.1000082.state", "{\"state\":\"stopped\",\"text\":\"RMC\",\"description\":\"RMC\",\"url\":\"hxxp://vipicecast.yacast.net/rmc\"}");

user_pref("CT3128284.1000234.TWC_TMP_city", "PARIS");

user_pref("CT3128284.1000234.TWC_TMP_country", "FR");

user_pref("CT3128284.3128284a129638404769606799000000paramsGK0", "{\"updateReqTime\":1345889432498,\"updateRespTime\":1345889432917,\"data\":{\"settings\":{\"icon\":\"hxxp://s

user_pref("CT3128284.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT3128284.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT3128284.FirstTime", "true");

user_pref("CT3128284.FirstTimeFF3", "true");

user_pref("CT3128284.RSS_Pub_Config", "{\"settings\":{\"icon\":\"hxxp://storage.conduit.com/bankimages/iconsGallery/24/4669380633664526619.png\",\"componentId\":\"129638404769

user_pref("CT3128284.RSSapp3128284a129638404769606799000000ReadItemsArr", "%7B%22571579%22%3A0%2C%22571545%22%3A0%2C%22571433%22%3A0%2C%22571423%22%3A0%2C%22571213%22%3A0%2C%2

user_pref("CT3128284.RSSapp3128284a129638404769606799000000cat0", "%5B%7B%22type%22%3A%22rss%22%2C%22version%22%3A%222.0%22%2C%22title%22%3A%2201net.%20Actualit%C3%A9s%20-%20L

user_pref("CT3128284.RSSapp3128284a129638404769606799000000cat1", "%5B%7B%22type%22%3A%22rss%22%2C%22version%22%3A%222.0%22%2C%22title%22%3A%2201net.%20Actualit%C3%A9s%22%2C%2

user_pref("CT3128284.RSSapp3128284a129638404769606799000000embeddedVersion", "2.4.0");

user_pref("CT3128284.RSSapp3128284a129638404769606799000000feedsObj", "%7B%22channels%22%3A%7B%22id%22%3A%22channels%22%2C%22type%22%3A%22rss%22%2C%22data%22%3A%7B%22categorie

user_pref("CT3128284.RSSapp3128284a129638404769606799000000lastReportTime", "1345889432922 ");

user_pref("CT3128284.RSSapp3128284a129638404769606799000000newFeeds", "newFeeds");

user_pref("CT3128284.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3128284&SearchSource=2&q=");

user_pref("CT3128284.UserID", "UN73544273949540752");

user_pref("CT3128284.addressBarTakeOverEnabledInHidden", "true");

user_pref("CT3128284.autoDisableScopes", -1);

user_pref("CT3128284.browser.search.defaultthis.engineName", true);

user_pref("CT3128284.defaultSearch", "true");

user_pref("CT3128284.embeddedsData", "[{\"appId\":\"129638404645388048\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get

user_pref("CT3128284.enableAlerts", "always");

user_pref("CT3128284.enableSearchFromAddressBar", "true");

user_pref("CT3128284.firstTimeDialogOpened", "true");

user_pref("CT3128284.fixPageNotFoundError", "true");

user_pref("CT3128284.fixPageNotFoundErrorInHidden", "true");

user_pref("CT3128284.fixUrls", true);

user_pref("CT3128284.installId", "ct3128284_01net.com.exe");

user_pref("CT3128284.installType", "ConduitNSISIntegration");

user_pref("CT3128284.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT3128284.isNewTabEnabled", true);

user_pref("CT3128284.isPerformedSmartBarTransition", "true");

user_pref("CT3128284.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

user_pref("CT3128284.keyword", true);

user_pref("CT3128284.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp:/

user_pref("CT3128284.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

user_pref("CT3128284.openThankYouPage", "false");

user_pref("CT3128284.openUninstallPage", "true");

user_pref("CT3128284.search.searchAppId", "129638404645388048");

user_pref("CT3128284.search.searchCount", "0");

user_pref("CT3128284.searchInNewTabEnabledInHidden", "true");

user_pref("CT3128284.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT3128284.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

user_pref("CT3128284.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");

user_pref("CT3128284.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3128284\"}");

user_pref("CT3128284.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://01NETcom.OurToolbar.com//xpi\"}");

user_pref("CT3128284.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"01NET.com\"}");

user_pref("CT3128284.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT3128284.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");

user_pref("CT3128284.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1345835423672");

user_pref("CT3128284.serviceLayer_services_appsMetadata_lastUpdate", "1345835423260");

user_pref("CT3128284.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1345835423942");

user_pref("CT3128284.serviceLayer_services_login_10.10.12.503_lastUpdate", "1345835424734");

user_pref("CT3128284.serviceLayer_services_login_10.10.27.6_lastUpdate", "1348483698058");

user_pref("CT3128284.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1345835423889");

user_pref("CT3128284.serviceLayer_services_searchAPI_lastUpdate", "1345835422630");

user_pref("CT3128284.serviceLayer_services_serviceMap_lastUpdate", "1348425866830");

user_pref("CT3128284.serviceLayer_services_toolbarContextMenu_lastUpdate", "1345835423915");

user_pref("CT3128284.serviceLayer_services_toolbarSettings_lastUpdate", "1348490897164");

user_pref("CT3128284.serviceLayer_services_translation_lastUpdate", "1348425866987");

user_pref("CT3128284.settingsINI", true);

user_pref("CT3128284.shouldFirstTimeDialog", "false");

user_pref("CT3128284.smartbar.CTID", "CT3128284");

user_pref("CT3128284.smartbar.Uninstall", "0");

user_pref("CT3128284.smartbar.homepage", true);

user_pref("CT3128284.smartbar.toolbarName", "01NET.com ");

user_pref("CT3128284.startPage", "userChanged");

user_pref("CT3128284.toolbarBornServerTime", "24-8-2012");

user_pref("CT3128284.toolbarCurrentServerTime", "24-9-2012");

user_pref("CT3128284.twitter_v1.8.0_twitter_app_open_t_f", "false");

user_pref("Smartbar.ConduitHomepagesList", "");

user_pref("Smartbar.ConduitSearchEngineList", "");

user_pref("Smartbar.ConduitSearchUrlList", "");

user_pref("Smartbar.keywordURLSelectedCTID", "CT3128284");

user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=109597&tt=3612_1&babsrc=HP_ss&mntrId=be343256000000000000485b39c9f3e7");

user_pref("avg.install.userSPSettings", "Search the web (Babylon)");

user_pref("browser.newtab.url", "hxxp://www.claro-search.com/?affID=113597&tt=3712_1&babsrc=NT_clro&mntrId=be343256000000000000485b39c9f3e7");

user_pref("browser.search.defaultenginename", "Claro Search");

user_pref("browser.search.order.1", "Claro Search");

user_pref("extensions.BabylonToolbar_i.newTab", true);

user_pref("extensions.claro.admin", false);

user_pref("extensions.claro.aflt", "babsst");

user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");

user_pref("extensions.claro.autoRvrt", "false");

user_pref("extensions.claro.cntry", "FR");

user_pref("extensions.claro.dfltLng", "en");

user_pref("extensions.claro.envrmnt", "production");

user_pref("extensions.claro.excTlbr", false);

user_pref("extensions.claro.hdrMd5", "C0FB1D97ADD37D43D1FD7D1377473DDE");

user_pref("extensions.claro.hmpg", false);

user_pref("extensions.claro.id", "be343256000000000000485b39c9f3e7");

user_pref("extensions.claro.instlDay", "15754");

user_pref("extensions.claro.instlRef", "sst");

user_pref("extensions.claro.isdcmntcmplt", true);

user_pref("extensions.claro.lastVrsnTs", "1.6.4.119:50:34");

user_pref("extensions.claro.mntrvrsn", "1.3.1");

user_pref("extensions.claro.newTab", false);

user_pref("extensions.claro.prdct", "claro");

user_pref("extensions.claro.prtnrId", "claro");

user_pref("extensions.claro.rvrt", "false");

user_pref("extensions.claro.sg", "none");

user_pref("extensions.claro.smplGrp", "none");

user_pref("extensions.claro.tlbrId", "base");

user_pref("extensions.claro.tlbrSrchUrl", "");

user_pref("extensions.claro.vrsn", "1.8.8.5");

user_pref("extensions.claro.vrsnTs", "1.6.4.119:50:34");

user_pref("extensions.claro.vrsni", "1.8.8.5");

user_pref("extensions.claro_i.excTlbr", false);

user_pref("extensions.claro_i.newTab", false);

user_pref("extensions.claro_i.smplGrp", "none");

user_pref("extensions.claro_i.vrsnTs", "1.8.8.51:01:49");

user_pref("extensions.incredibar_i.aflt", "orgnl");

user_pref("extensions.incredibar_i.dfltLng", "");

user_pref("extensions.incredibar_i.did", "10643");

user_pref("extensions.incredibar_i.excTlbr", false);

user_pref("extensions.incredibar_i.id", "be343256000000000000485b39c9f3e7");

user_pref("extensions.incredibar_i.installerproductid", "26");

user_pref("extensions.incredibar_i.instlDay", "15596");

user_pref("extensions.incredibar_i.instlRef", "");

user_pref("extensions.incredibar_i.ms_url_id", "");

user_pref("extensions.incredibar_i.newTab", false);

user_pref("extensions.incredibar_i.ppd", "6666646935");

user_pref("extensions.incredibar_i.prdct", "incredibar");

user_pref("extensions.incredibar_i.productid", "26");

user_pref("extensions.incredibar_i.prtnrId", "Incredibar");

user_pref("extensions.incredibar_i.smplGrp", "none");

user_pref("extensions.incredibar_i.tlbrId", "base");

user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=1&loc=IB_TB&i=26&search=");

user_pref("extensions.incredibar_i.upn2", "1");

user_pref("extensions.incredibar_i.upn2n", "1");

user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");

user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1418:40:27");

user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3128284&SearchSource=2&q=");

Emptied folder: C:\Users\FRaNKL1N\AppData\Roaming\mozilla\firefox\profiles\4e70480v.default\minidumps [40 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 05/03/2013 at 18:06:17,47

Computer was rebooted

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Voici le 2e:

# AdwCleaner v2.114 - Rapport créé le 05/03/2013 à 18:09:46

# Mis à jour le 05/03/2013 par Xplode

# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (32 bits)

# Nom d'utilisateur : FRaNKL1N - FRANKL1N-PC

# Mode de démarrage : Normal

# Exécuté depuis : C:\Users\FRaNKL1N\Desktop\adwcleaner.exe

# Option [suppression]

***** [services] *****

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Users\FRaNKL1N\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl

Dossier Supprimé : C:\Users\FRaNKL1N\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Dossier Supprimé : C:\Users\FRaNKL1N\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdmaehkiiampolokajdcelladmnopgp

Dossier Supprimé : C:\Users\FRaNKL1N\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle

Dossier Supprimé : C:\Users\FRaNKL1N\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph

Dossier Supprimé : C:\Windows\Installer\{069B290F-5398-4629-A009-85B4BCB4B1B9}

Fichier Supprimé : C:\END

Fichier Supprimé : C:\Users\FRaNKL1N\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data

Fichier Supprimé : C:\Users\FRaNKL1N\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences

Fichier Supprimé : C:\Users\FRaNKL1N\AppData\Roaming\Mozilla\Firefox\Profiles\4e70480v.default\searchplugins\claro.xml

Supprimé au redémarrage : C:\ProgramData\Browser Manager

***** [Registre] *****

Clé Supprimée : HKCU\Software\953ddddb73ee947

Clé Supprimée : HKCU\Software\Claro LTD

Clé Supprimée : HKCU\Software\DataMngr

Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\ehdmaehkiiampolokajdcelladmnopgp

Clé Supprimée : HKCU\Software\Microsoft\ClaroDirectory

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}

Clé Supprimée : HKLM\SOFTWARE\953ddddb73ee947

Clé Supprimée : HKLM\Software\Claro LTD

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Clé Supprimée : HKLM\SOFTWARE\Classes\claro.claroappCore

Clé Supprimée : HKLM\SOFTWARE\Classes\claro.claroappCore.1

Clé Supprimée : HKLM\SOFTWARE\Classes\claro.clarodskBnd

Clé Supprimée : HKLM\SOFTWARE\Classes\claro.clarodskBnd.1

Clé Supprimée : HKLM\SOFTWARE\Classes\claro.claroHlpr

Clé Supprimée : HKLM\SOFTWARE\Classes\claro.claroHlpr.1

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB}

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}

Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.claroESrvc

Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.claroESrvc.1

Clé Supprimée : HKLM\Software\Classes\Installer\Features\F092B960893592640A90584BCB4B1B9B

Clé Supprimée : HKLM\Software\Classes\Installer\Products\F092B960893592640A90584BCB4B1B9B

Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}

Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}

Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}

Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}

Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}

Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}

Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}

Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}

Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}

Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}

Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}

Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}

Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}

Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}

Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}

Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}

Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Clé Supprimée : HKLM\Software\DataMngr

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\dcillohgikpecbmgioknapdpcjofaafl

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\ehdmaehkiiampolokajdcelladmnopgp

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS

Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7

Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9FAC99E2D8280F4482F22004D09FBA2

Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE26D37B0FFFAE4559860C5C4D938B71

Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F092B960893592640A90584BCB4B1B9B

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{069B290F-5398-4629-A009-85B4BCB4B1B9}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\claro

Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{1F30D846-4BEF-4246-B19E-7E503B0E6639}]

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v19.0 (fr)

Fichier : C:\Users\FRaNKL1N\AppData\Roaming\Mozilla\Firefox\Profiles\4e70480v.default\prefs.js

Supprimée : user_pref("CT3128284.1000082.state", "{\"state\":\"stopped\",\"text\":\"RMC\",\"description\":\"RMC\[...]

Supprimée : user_pref("CT3128284.3128284a129638404769606799000000paramsGK0", "{\"updateReqTime\":1345889432498,\[...]

Supprimée : user_pref("CT3128284.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Supprimée : user_pref("CT3128284.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Supprimée : user_pref("CT3128284.RSS_Pub_Config", "{\"settings\":{\"icon\":\"hxxp://storage.conduit.com/bankimag[...]

Supprimée : user_pref("CT3128284.embeddedsData", "[{\"appId\":\"129638404645388048\",\"apiPermissions\":{\"cross[...]

Supprimée : user_pref("CT3128284.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Supprimée : user_pref("CT3128284.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Supprimée : user_pref("CT3128284.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]

Supprimée : user_pref("CT3128284.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Supprimée : user_pref("CT3128284.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Supprimée : user_pref("CT3128284.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Supprimée : user_pref("CT3128284.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Supprimée : user_pref("CT3128284.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Supprimée : user_pref("CT3128284.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Supprimée : user_pref("CT3128284.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Supprimée : user_pref("CT3128284.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Supprimée : user_pref("CT3128284.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]

-\\ Google Chrome v [impossible d'obtenir la version]

Fichier : C:\Users\FRaNKL1N\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[s1].txt - [10426 octets] - [05/03/2013 18:09:46]

########## EOF - C:\AdwCleaner[s1].txt - [10487 octets] ##########

Et enfin le rapport ZHP:

http://cjoint.com/?3CfszMSyNLl

Modifié le 5 mars 2013 par frankl1

frankl1 · le 5 mars 2013

Petit détail, au dernier redémarragge après scan de zhp, windows a fait une mise à jour...

J'espère que ça ne va pas perturber le processus de désinfection =(

Apollo · le 5 mars 2013

1) ZHPFix :

Ferme toutes les applications ouvertes
Double-clique sur ZHPFix, raccourci installé par ZHPDiag sur le Bureau
Important:
Sous Vista et Windows 7 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur.
Copie les lignes ci-dessous dans la fenêtre

[MD5.00000000000000000000000000000000] [APT] [{55DD8576-9634-4D30-9F4E-B25A9E3993DB}] (...) -- J:\Installer.exe (.not file.)    
[HKCU\Software\DC3_FEXEC]    
O43 - CFD: 13/09/2012 - 17:40:20 - [1,893] ----D C:\Program Files\~Web Assistant    
O43 - CFD: 04/03/2013 - 18:20:02 - [0,005] ----D C:\Users\FRaNKL1N\AppData\Roaming\dclogs    
O51 - MPSK:{e671d1f3-61a1-11e2-bf42-485b39c9f3e7}\AutoRun\command. (...) -- E:\autoplay.exe    
[MD5.64AA04695E70BA743150B36C98C61181] [sPRF][31/12/2012] (...) -- C:\Users\FRaNKL1N\AppData\Local\Temp\MyClaroTB.exe   [887960]    
O87 - FAEL: "{068BE913-0F5E-4E49-8C43-D7899BAE7B0F}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.)    
O87 - FAEL: "{0DBD7A85-BB83-4B67-A694-30A184737513}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.)    
C:\Users\FRaNKL1N\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph    
C:\Users\FRaNKL1N\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle     
C:\Users\FRaNKL1N\AppData\Local\Temp\MyClaroTB.exe    
firewallraz
emptytemp
emptyflash

Le script doit automatiquement apparaitre dans ZHPFix, sinon, colle-le. (avec le bouton "coller le presse-papier)

Clique sur le bouton GO pour lancer le nettoyage

Valide par Oui la désinstallation des programmes si demandé
Laisse l'outil travailler. Si un redémarrage est demandé, accepte et redémarre le PC
Le rapport ZHPFixReport.txt s'affiche. Copie-colle le contenu de ce rapport dans ta réponse.
Le rapport ZHPFixReport.txt est enregistré sous C:\ZHP\ZHPFixReport.txt

Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide.

------------------------

2) Télécharge RogueKiller (par Tigzy) sur le bureau

(A partir d'une clé USB si le Rogue empêche l'accès au net) .

Télécharger RogueKiller (Site Officiel)

Quitte tous les programmes en cours

Lance RogueKiller.exe.

Sous Vista/Seven, faire un clic droit et choisir Exécuter en tant qu'administrateur. Clique sur scan

Poste le rapport stp.

----------------------------------

3) Clique sur Suppression et poste le rapport.

@++

NB: tu as une infection USB, prépare tes supports de stockage amovibles (usb) pour la suite.

Modifié le 5 mars 2013 par Apollo

frankl1 · le 5 mars 2013

Voici le rapport ZHPFix:

Rapport de ZHPFix 1.4.01 par Nicolas Coolman, Update du 02/03/2013

Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-05-03-2013-18-42-57.txt

Run by FRaNKL1N at 05/03/2013 18:42:57

High Elevated Privileges : OK

Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Corbeille vidée

========== Processus mémoire ==========

SUPPRIME Memory Process: C:\Users\FRaNKL1N\AppData\Local\Temp\MyClaroTB.exe

========== Clé(s) du Registre ==========

SUPPRIME Key: HKCU\Software\DC3_FEXEC

SUPPRIME CLSID MPSK: {e671d1f3-61a1-11e2-bf42-485b39c9f3e7}

========== Valeur(s) du Registre ==========

SUPPRIME {068BE913-0F5E-4E49-8C43-D7899BAE7B0F}

SUPPRIME {0DBD7A85-BB83-4B67-A694-30A184737513}

ABSENT Valeur Standard Profile: FirewallRaz :

ABSENT Valeur Domain Profile: FirewallRaz :

SUPPRIME FirewallRaz (Private) : TCP Query User{847ADA9D-BA2C-47DA-B8E7-DE059B8AC7C4}C:\users\frankl1n\downloads\antistealth.exe

SUPPRIME FirewallRaz (Private) : UDP Query User{8FE5DE93-FECA-4E78-8BE6-76F81EA4A7CC}C:\users\frankl1n\downloads\antistealth.exe

SUPPRIME FirewallRaz (Private) : TCP Query User{223FE9EB-B00F-49A1-A483-0B02CF718D46}C:\users\frankl1n\downloads\antistealth(2).exe

SUPPRIME FirewallRaz (Private) : UDP Query User{0C102CB1-E7A7-4470-8A23-664E64C580BE}C:\users\frankl1n\downloads\antistealth(2).exe

========== Dossier(s) ==========

SUPPRIME Folder: C:\Program Files\~Web Assistant

SUPPRIME Folder: C:\Users\FRaNKL1N\AppData\Roaming\dclogs

SUPPRIME Folder: c:\users\frankl1n\appdata\local\google\chrome\user data\default\extensions\pgafcinpmmpklohkojmllohdhomoefph

SUPPRIME Folder: c:\users\frankl1n\appdata\local\google\chrome\user data\default\extensions\mkndcbhcgphcfkkddanakjiepeknbgle

SUPPRIME Temporaires Windows

SUPPRIME Flash Cookies

========== Fichier(s) ==========

SUPPRIME Reboot e:\autoplay.exe

SUPPRIME File: c:\users\frankl1n\appdata\local\temp\myclarotb.exe

ABSENT Folder/File: c:\users\frankl1n\appdata\local\temp\myclarotb.exe

SUPPRIME Temporaires Windows

SUPPRIME Flash Cookies

========== Tache planifiée ==========

SUPPRIME Task: {55DD8576-9634-4D30-9F4E-B25A9E3993DB}

========== Récapitulatif ==========

1 : Processus mémoire

2 : Clé(s) du Registre

8 : Valeur(s) du Registre

6 : Dossier(s)

5 : Fichier(s)

1 : Tache planifiée

End of clean in 00mn 03s

========== Chemin de fichier rapport ==========

C:\ZHP\ZHPFix[R1].txt - 05/03/2013 18:42:57 [2339]

Et puis celui de roguekiller:

RogueKiller V8.5.2 [Feb 23 2013] par Tigzy

mail : tigzyRK<at>gmail<dot>com

Remontees : [RogueKiller] Remontées

Site Web : Télécharger RogueKiller (Site Officiel)

Blog : tigzy-RK

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Demarrage : Mode normal

Utilisateur : FRaNKL1N [Droits d'admin]

Mode : Recherche -- Date : 05/03/2013 18:46:33

| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 11 ¤¤¤

[TASK][sUSP PATH] VisualBeeRecovery : C:\Users\FRaNKL1N\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe /s [x] -> TROUVÉ

[TASK][sUSP PATH] {708DC93C-D6C4-469E-A385-7B5704358C98} : C:\Users\FRaNKL1N\Desktop\__©___\seabugger.exe [x] -> TROUVÉ

[TASK][sUSP PATH] {70F0BA2F-968C-4852-8461-E78358052633} : C:\Users\FRaNKL1N\Desktop\__©___\seabugger.exe [x] -> TROUVÉ

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> TROUVÉ

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> TROUVÉ

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ

[HJ] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

[RUN][HJNAME] [ON_F:Administrateur]HKCU[...]\Run : CTFMON.EXE (C:\WINDOWS\system32\ctfmon.exe) [7] -> TROUVÉ

[RUN][HJNAME] [ON_F:Administrateur.KFRAN-M4HI790R4]HKCU[...]\Run : CTFMON.EXE (C:\WINDOWS\System32\CTFMON.EXE) [7] -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤

¤¤¤ Ruches Externes: ¤¤¤

-> F:\Documents and Settings\Administrateur\NTUSER.DAT

-> F:\Documents and Settings\Administrateur.KFRAN-M4HI790R4\NTUSER.DAT

¤¤¤ Fichier HOSTS: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 genuine.microsoft.com

127.0.0.1 mpa.one.microsoft.com

127.0.0.1 sa.windows.com

127.0.0.1 se.windows.com

127.0.0.1 ie.search.msn.com

127.0.0.1 wustat.windows.com

127.0.0.1 wutrack.windows.com

127.0.0.1 catalog.microsoft.com

127.0.0.1 sls.microsoft.com

¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: M4-CT128M4SSD2 ATA Device +++++

--- User ---

[MBR] 4976cff091951b572217e6b33fe9035e

[bSP] 8923b3684e78c2bd03948ad62ecc4f8d : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDT725050VLA380 USB Device +++++

--- User ---

[MBR] 13f81298c7b5fb9f04014f1b7202d7b1

[bSP] f8d28cb9445e4e63f6541db3f5a509b8 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 476929 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Termine : << RKreport[1]_S_05032013_184633.txt >>

RKreport[1]_S_05032013_184633.txt

J'ai laissé mon disque dur externe connecté sur toutes les procédures demandées.

Apollo · le 5 mars 2013

1) Relance RogueKiller et clique sur Host raz puis poste le rapport svp.

-------

2) Recherche:

Téléchargez UsbFix (créé par El Desaparecido) sur votre Bureau.

TÃ©lÃ©chargements - Outils de El Desaparecido - UsbFix

http://elde s aparecido.com/viewforum.php?f=207&s id=76d5b06766cc8e764f898b36c22b5799
Si votre antivirus affiche une alerte, ignorez-la et désactivez l'antivirus temporairement.

http://s upport.micro s oft.com/k b/930168/fr
Si vous ne savez pas comment faire, reportez-vous à cet article.
Branchez toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc...) sans les ouvrir.

Double cliquez sur UsbFix.exe.
Cliquez sur recherche.

Laissez travailler l'outil.
À la fin du scan, un rapport va s'afficher, postez-le dans votre prochaine réponse sur le forum.
Le rapport est aussi sauvegardé à la racine du disque système ( C:\UsbFix.txt ).

---------------------------------

3) Désinfection/vaccination:

Si votre antivirus affiche une alerte, ignorez-la et désactivez l'antivirus temporairement.
Branchez toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc...) sans les ouvrir.

Double cliquez sur UsbFix.exe.
Cliquez sur Supression

Laissez travailler l'outil.
À la fin du scan, un rapport va s'afficher, postez-le dans votre prochaine réponse sur le forum.
Le rapport est aussi sauvegardé à la racine du disque système ( C:\UsbFix.txt ).

@++

frankl1 · le 5 mars 2013

J'ai refait le rapport RogueKiller:

RogueKiller V8.5.2 [Feb 23 2013] par Tigzy

mail : tigzyRK<at>gmail<dot>com

Remontees : [RogueKiller] Remontées

Site Web : Télécharger RogueKiller (Site Officiel)

Blog : tigzy-RK

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Demarrage : Mode normal

Utilisateur : FRaNKL1N [Droits d'admin]

Mode : HOSTS RAZ -- Date : 05/03/2013 19:05:48

| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 0 ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 genuine.microsoft.com

127.0.0.1 mpa.one.microsoft.com

127.0.0.1 sa.windows.com

127.0.0.1 se.windows.com

127.0.0.1 ie.search.msn.com

127.0.0.1 wustat.windows.com

127.0.0.1 wutrack.windows.com

127.0.0.1 catalog.microsoft.com

127.0.0.1 sls.microsoft.com

¤¤¤ Nouveau fichier HOSTS: ¤¤¤

127.0.0.1 localhost

Termine : << RKreport[3]_H_05032013_190548.txt >>

RKreport[1]_S_05032013_184633.txt ; RKreport[2]_D_05032013_184733.txt ; RKreport[3]_H_05032013_190548.txt

Voici le rapport USBFix:

############################## | UsbFix V 7.113 | [Recherche]

Utilisateur: FRaNKL1N (Administrateur) # FRANKL1N-PC

Mis à jour le 05/03/2013 par El Desaparecido

Lancé à 19:10:17 | 05/03/2013

Site Web: SosVirus • Page dâ€™index

Contact: contact@sosvirus.org

PC: System manufacturer (System Product Name) (X86-based PC)

CPU: AMD Athlon II X3 435 Processor (2900)

RAM -> [Total : 3198 | Free : 2068]

BIOS: BIOS Date: 04/02/10 12:13:53 Ver: 08.00.15

BOOT: Normal boot

OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 32-Bit) # Service Pack 1

WB: Windows Internet Explorer 8.0.7601.17514

SC: Security Center Service [Enabled]

WU: Windows Update Service [Enabled]

AV: Microsoft Security Essentials [Enabled | Updated]

FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 119 Go (12 Go libre(s) - 10%) [] # NTFS

D:\ -> CD-ROM

E:\ -> CD-ROM

F:\ -> Disque fixe # 466 Go (398 Go libre(s) - 85%) [.: K1FF :.] # NTFS

J:\ -> CD-ROM

################## | Processus Actif |

C:\Windows\system32\csrss.exe (440)

C:\Windows\system32\wininit.exe (528)

C:\Windows\system32\csrss.exe (536)

C:\Windows\system32\services.exe (584)

C:\Windows\system32\lsass.exe (600)

C:\Windows\system32\lsm.exe (608)

C:\Windows\system32\winlogon.exe (664)

C:\Windows\system32\svchost.exe (752)

C:\Windows\system32\svchost.exe (832)

C:\Program Files\Microsoft Security Client\MsMpEng.exe (900)

C:\Windows\system32\atiesrxx.exe (976)

C:\Windows\System32\svchost.exe (1024)

C:\Windows\System32\svchost.exe (1064)

C:\Windows\system32\svchost.exe (1096)

C:\Windows\system32\svchost.exe (1120)

C:\Windows\system32\svchost.exe (1380)

C:\Windows\system32\atieclxx.exe (1452)

C:\Windows\System32\spoolsv.exe (1556)

C:\Windows\system32\svchost.exe (1608)

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1812)

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (1844)

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1932)

C:\Windows\system32\Dwm.exe (1984)

C:\Windows\system32\taskhost.exe (2040)

C:\Windows\Explorer.EXE (112)

C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe (628)

C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe (1536)

C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe (1764)

C:\Program Files\Bonjour\mDNSResponder.exe (1956)

C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe (924)

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (2184)

C:\Windows\system\HsMgr.exe (2216)

C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (2256)

C:\Program Files\Microsoft Security Client\msseces.exe (2328)

C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\ASUSAUDIOCENTER.EXE (2400)

C:\Program Files\iTunes\iTunesHelper.exe (2416)

C:\Program Files\SOUNDGRAPH\iMON\iMON.exe (2488)

C:\Program Files\SuperCopier2\SuperCopier2.exe (2532)

C:\Program Files\Windows Sidebar\sidebar.exe (2648)

C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (2668)

C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (2728)

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (2836)

C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe (2904)

C:\Program Files\MOTU\Audio\MFWAKeys.exe (3020)

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (3220)

C:\Program Files\iPod\bin\iPodService.exe (3284)

C:\Program Files\Microsoft Security Client\NisSrv.exe (3396)

C:\Windows\system32\SearchIndexer.exe (3868)

C:\Program Files\Windows Media Player\wmpnetwk.exe (2632)

C:\Windows\system32\svchost.exe (2712)

C:\Windows\System32\svchost.exe (3884)

C:\Windows\system32\taskhost.exe (3604)

C:\Program Files\Mozilla Firefox\firefox.exe (5772)

C:\Program Files\Mozilla Firefox\plugin-container.exe (4120)

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (1968)

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (3108)

C:\Windows\system32\SearchProtocolHost.exe (5252)

C:\Windows\system32\SearchFilterHost.exe (3488)

C:\UsbFix\Go.exe (4804)

C:\Windows\system32\wbem\wmiprvse.exe (4612)

################## | Éléments infectieux |

Présent! C:\Users\FRaNKL1N\AppData\Roaming\RES.exe

Présent! C:\Users\FRaNKL1N\AppData\Roaming\seabugger.exe

Présent! E:\autoplay.exe

Présent! E:\AUTORUN.INF

Présent! F:\autorun.inf

################## | Registre |

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\E

Shell\AutoRun\Command = E:\Startup.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{850f5428-2056-11e1-9fb3-ca4e9263764a}

Shell\AutoRun\Command = J:\Startup.exe

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F | SosVirus • Page dâ€™index |

frankl1 · le 5 mars 2013

Et le 2e rapport USBFix, désolé je fatigue... ^^ Merci pour ton aide Appollo, c'est vraiment cool

############################## | UsbFix V 7.113 | [suppression]

Utilisateur: FRaNKL1N (Administrateur) # FRANKL1N-PC

Mis à jour le 05/03/2013 par El Desaparecido

Lancé à 19:12:52 | 05/03/2013

Site Web: SosVirus • Page dâ€™index

Contact: contact@sosvirus.org

PC: System manufacturer (System Product Name) (X86-based PC)

CPU: AMD Athlon II X3 435 Processor (2900)

RAM -> [Total : 3198 | Free : 1964]

BIOS: BIOS Date: 04/02/10 12:13:53 Ver: 08.00.15

BOOT: Normal boot

OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 32-Bit) # Service Pack 1

WB: Windows Internet Explorer 8.0.7601.17514

SC: Security Center Service [Enabled]

WU: Windows Update Service [Enabled]

AV: Microsoft Security Essentials [Enabled | Updated]

FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 119 Go (12 Go libre(s) - 10%) [] # NTFS

D:\ -> CD-ROM

E:\ -> CD-ROM

F:\ -> Disque fixe # 466 Go (398 Go libre(s) - 85%) [.: K1FF :.] # NTFS

J:\ -> CD-ROM

################## | Processus Stoppés |

Stoppé! C:\Program Files\Microsoft Security Client\MsMpEng.exe (900)

Stoppé! C:\Windows\system32\atiesrxx.exe (976)

Stoppé! C:\Windows\system32\atieclxx.exe (1452)

Stoppé! C:\Windows\System32\spoolsv.exe (1556)

Stoppé! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1812)

Stoppé! C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (1844)

Stoppé! C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1932)

Stoppé! C:\Windows\system32\taskhost.exe (2040)

Stoppé! C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe (628)

Stoppé! C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe (1536)

Stoppé! C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe (1764)

Stoppé! C:\Program Files\Bonjour\mDNSResponder.exe (1956)

Stoppé! C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe (924)

Stoppé! C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (2184)

Stoppé! C:\Windows\system\HsMgr.exe (2216)

Stoppé! C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (2256)

Stoppé! C:\Program Files\Microsoft Security Client\msseces.exe (2328)

Stoppé! C:\Program Files\ASUS Xonar Essence ST Audio\Customapp\ASUSAUDIOCENTER.EXE (2400)

Stoppé! C:\Program Files\iTunes\iTunesHelper.exe (2416)

Stoppé! C:\Program Files\SOUNDGRAPH\iMON\iMON.exe (2488)

Stoppé! C:\Program Files\SuperCopier2\SuperCopier2.exe (2532)

Stoppé! C:\Program Files\Windows Sidebar\sidebar.exe (2648)

Stoppé! C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (2668)

Stoppé! C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (2728)

Stoppé! C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (2836)

Stoppé! C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe (2904)

Stoppé! C:\Program Files\MOTU\Audio\MFWAKeys.exe (3020)

Stoppé! C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (3220)

Stoppé! C:\Program Files\iPod\bin\iPodService.exe (3284)

Stoppé! C:\Program Files\Microsoft Security Client\NisSrv.exe (3396)

Stoppé! C:\Windows\system32\SearchIndexer.exe (3868)

Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (2632)

Stoppé! C:\Program Files\Mozilla Firefox\firefox.exe (5772)

Stoppé! C:\Program Files\Mozilla Firefox\plugin-container.exe (4120)

Stoppé! C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (1968)

################## | Éléments infectieux |

Supprimé! C:\Users\FRaNKL1N\AppData\Roaming\RES.exe

Supprimé! C:\Users\FRaNKL1N\AppData\Roaming\seabugger.exe

Non supprimé ! E:\autoplay.exe

Non supprimé ! E:\AUTORUN.INF

Supprimé! F:\autorun.inf

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\E

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{850f5428-2056-11e1-9fb3-ca4e9263764a}

################## | Listing |

[30/08/2012 - 22:37:57 | SHD ] C:\$Recycle.Bin

[15/06/2011 - 11:46:36 | N | 11342848] C:\AAEdit.exe

[05/03/2013 - 18:09:57 | N | 10557] C:\AdwCleaner[s1].txt

[30/08/2012 - 19:35:22 | D ] C:\AMD

[05/01/2012 - 19:16:36 | D ] C:\ASK Video

[14/11/2012 - 20:41:18 | D ] C:\Autodesk

[10/06/2009 - 22:42:20 | N | 24] C:\autoexec.bat

[10/06/2009 - 22:42:20 | N | 10] C:\config.sys

[20/01/2013 - 22:31:54 | D ] C:\data

[14/07/2009 - 05:53:55 | SHD ] C:\Documents and Settings

[05/03/2013 - 18:32:32 | ASH | 2515148800] C:\hiberfil.sys

[20/01/2013 - 22:28:58 | D ] C:\ILLUSION

[11/01/2012 - 19:09:36 | N | 0] C:\IO.SYS

[05/03/2013 - 18:01:14 | D ] C:\JRT

[11/01/2012 - 19:09:36 | N | 0] C:\MSDOS.SYS

[05/03/2013 - 18:32:33 | ASH | 3353534464] C:\pagefile.sys

[14/07/2009 - 03:37:05 | D ] C:\PerfLogs

[05/03/2013 - 18:20:33 | N | 512] C:\PhysicalDisk0_MBR.bin

[05/03/2013 - 18:42:56 | D ] C:\Program Files

[05/03/2013 - 18:11:55 | HD ] C:\ProgramData

[06/12/2011 - 22:21:00 | SHD ] C:\Recovery

[05/03/2013 - 18:29:49 | SHD ] C:\System Volume Information

[05/03/2013 - 19:13:11 | D ] C:\UsbFix

[05/03/2013 - 19:13:19 | A | 5164] C:\UsbFix [Clean 2] FRANKL1N-PC.txt

[05/03/2013 - 19:10:52 | N | 4876] C:\UsbFix [scan 1] FRANKL1N-PC.txt

[06/12/2011 - 22:21:02 | D ] C:\Users

[05/03/2013 - 18:30:02 | D ] C:\Windows

[05/03/2013 - 18:42:57 | D ] C:\ZHP

[18/12/1997 - 18:42:42 | R | 70471] E:\AUTOPLAY.EXE

[07/02/1997 - 13:17:14 | R | 60] E:\AUTORUN.INF

[17/12/1997 - 20:26:58 | R | 3756] E:\LISEZMOI.TXT

[06/08/1998 - 04:04:55 | D ] E:\NETSHOW

[13/01/1998 - 16:57:56 | R | 695856] E:\SETUP.EXE

[06/08/1998 - 06:26:06 | D ] E:\YDKJ

[09/12/1997 - 17:22:42 | R | 3126] E:\YDKJ.BMP

[15/02/2012 - 11:51:13 | SHD ] F:\$RECYCLE.BIN

[05/03/2013 - 18:30:09 | D ] F:\302c4032f4c16e1fe2

[02/10/2012 - 02:00:42 | D ] F:\71d95c229cc7ceb82c10

[05/02/2013 - 00:51:06 | N | 108372246] F:\Arizona Dream [full album] [soundtrack] [mp3 320 kbps CBR] [EAC Lame] [MoUSE].rar

[05/03/2013 - 16:03:26 | D ] F:\captain francky

[19/06/2010 - 15:19:18 | D ] F:\Diskeeper

[29/01/2013 - 22:36:07 | D ] F:\Documents and Settings

[29/01/2013 - 22:35:26 | D ] F:\FiLMS

[26/08/2012 - 01:16:13 | D ] F:\GetDataBack for FAT and NTFS v4.0.0.1 Portable

[06/02/2013 - 21:30:48 | N | 2621104] F:\Goran Bregovic - Arizona Dream sountrack - 01 - In The Death Car - Performed By Iggy Pop.mp3

[02/02/2013 - 00:59:25 | N | 77690447] F:\Les Garçons Bouchers-Écoutepetitfrère.rar

[31/12/2012 - 23:07:39 | N | 724972062] F:\Mano Negra - Live 1991 (Lyon, Transbordeur).avi

[22/02/2012 - 14:10:15 | D ] F:\msdownld.tmp

[24/01/2011 - 19:21:30 | SHD ] F:\RECYCLER

[29/12/2012 - 18:19:11 | N | 740696064] F:\renaud live bercy 1982.avi

[02/02/2013 - 01:00:33 | N | 166923243] F:\Stupeflip - ( Stupeflip 2003 + Stup Religion 2005).rar

[04/03/2013 - 14:13:01 | D ] F:\stupeflip - hypnoflip invasion

[08/11/2010 - 02:41:08 | SHD ] F:\System Volume Information

[27/06/2010 - 21:31:23 | ASH | 6144] F:\Thumbs.db

[28/08/2011 - 21:35:12 | N | 162] F:\~$ammax2.htm

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | SosVirus • Page dâ€™index |

Apollo · le 5 mars 2013

As-tu toujours cette alerte de MSE sur MSIL.pitit.A ?

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure.

Désactive ton antivirus, firewall et antispyware le temps de l'analyse.

Si vous ne savez pas comment faire, reportez-vous à cet article.

Connecter les supports amovibles (clé usb et autres) avant de procéder.

Tutoriel officiel

Télécharge ComboFix sur ton bureau (et pas ailleurs).

Si la console de récupération n'est pas installée sur un XP, ComboFix va proposer de l'installer: Accepter!
Assure toi que tous les programmes soient fermés avant de commencer.
Double-clique ComboFix.exe afin de l'exécuter.
Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
Il est possible que ton pare-feu (firewall) te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
Lorsque l'analyse sera terminée, un rapport apparaîtra.
Copie-colle ce rapport dans ta prochaine réponse.
Le rapport se trouve dans : C:\Combofix.txt.

Si tu perds la connexion après le passage de ComboFix, voici comment la réparer ICI.

Si le message: "Tentative d'opération non autorisée sur une clé du Registre marquée pour suppression".

apparaissait, redémarrer le pc.

@++

Connexion

Pas encore inscrit ?

Trojan:MSIL/Pitit.A

Messages recommandés

frankl1

Apollo

frankl1

frankl1

Apollo

frankl1

Apollo

frankl1

frankl1

Apollo

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer