Pc infecte

[Fermé]
Signaler
Messages postés
34
Date d'inscription
vendredi 14 novembre 2008
Statut
Membre
Dernière intervention
13 février 2010
-
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
-
Bonjour,
ça fait des semaines que je traine qqch ds mon pc et maintenant c rendu evident que jai choppe une merde. jai peur quelle c propage a mes disques externes et usb etc..... Jai choppe ce truc comme un vrai amateur en ouvrant un lien qui se promene sur msn et lorsque tu chatte avec qqun ca donne limpression que lautre tenvoie un lien et rien ne souvre et oups...tu es finis ...le probleme c que mon nod na rien vue venir (jcomprend pas prkoi)

un hijack this pour que qqun me l'interprete svp.....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:16 PM, on 8/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\System32\PAStiSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Search Guard PlusU\sgpupdaters.exe
C:\Windows\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Power Soft\Freebie Notes\FreebieNotes.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Leo\Desktop\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHelper Class - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\SGPSA\mtwb3sh.dll
O1 - Hosts: 148.244.43.5 bancomer.com
O1 - Hosts: 148.244.43.5 bancomer.com.mx
O1 - Hosts: 148.244.43.5 www.bancomer.com
O1 - Hosts: 148.244.43.5 www.bancomer.com.mx
O1 - Hosts: 192.193.230.100 banamex.com.mx
O1 - Hosts: 192.193.230.100 www.banamex.com.mx
O1 - Hosts: 200.76.36.117 www.bb.com.mx
O1 - Hosts: 200.76.36.117 bb.com.mx
O1 - Hosts: 69.64.58.104 www.scotiabankinverlat.com
O1 - Hosts: 69.64.58.104 scotiabankinverlat.com
O1 - Hosts: 69.64.58.104 www.scotiabank.com.mx
O1 - Hosts: 69.64.58.104 scotiabank.com.mx
O1 - Hosts: 200.23.76.20 www.afirme.com
O1 - Hosts: 200.23.76.20 afirme.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Papelera] C:\recycler\papeleraxpn.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Freebie Notes] "C:\Program Files\Power Soft\Freebie Notes\FreebieNotes.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-ca.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9b9a44aa3cb71) (gupdate1c9b9a44aa3cb71) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\Windows\System32\PAStiSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

7 réponses

Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
Bonjour
Télécharge GenProc http://www.genproc.com/GenProc.exe

double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
Messages postés
34
Date d'inscription
vendredi 14 novembre 2008
Statut
Membre
Dernière intervention
13 février 2010

bon jai fais le scan....est ce que je dois suivre les instructions qui apparaissent sur le scan? ou j'attend?
voici le rapport de toute facon...



Rapport GenProc 2.617 [1] - Fri 08/28/2009 à 20:03:49
@ Windows Vista Service Pack 1 - Mode normal
@ Mozilla Firefox (3.5.2) [Navigateur par défaut]

~~ "C:\Windows\sed.exe" a été renommé sed.exe_RenameGenProc ~~
~~ "C:\Windows\grep.exe" a été renommé grep.exe_RenameGenProc ~~

Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures" ; par la suite, laisse-le avec ses réglages par défaut. C'est tout.

# Etape 1/ Télécharge :

- Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 (Team IDN) sur ton Bureau.


Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Leo *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).


# Etape 2/

Lance Toolbar-S&D situé sur le Bureau. Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.

# Etape 3/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 4/

Redémarre normalement et poste, dans la même réponse :

- Le contenu du rapport TB.txt situé dans C:\ ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
- Un nouveau rapport GenProc ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

~~ Arguments de la procédure ~~


# Détections [1] GenProc 2.617 Fri 08/28/2009 à 20:05:49
Toolbar:le Fri 08/28/2009 à 20:06:25 "C:\Windows\iun6002.exe"

----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------

~~ Fin à 20:07:18 ~~
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
suit ces manips
Messages postés
34
Date d'inscription
vendredi 14 novembre 2008
Statut
Membre
Dernière intervention
13 février 2010

salut bon jai fait les manips comme dit ..tout c bien passe ..sauf mon pc deconne comme jamais encore..il n'arrete pas de me poper des fenetre a chq 2 min me disant que tel truc a cesse de fonctionner, tel autre a cesse de fonctionner, ainsi de suite ...jvais bientot le lancer de mon 3e etage....bon voici mes rapports....




-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A08
USER : Leo ( Not Administrator ! )
BOOT : Fail-safe boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
C:\ (Local Disk) - NTFS - Total:232 Go (Free:82 Go)
D:\ (CD or DVD)
E:\ (USB) - FAT32 - Total:7623 Mo (Free:0 Go)
F:\ (Local Disk) - NTFS - Total:9 Go (Free:0 Go)
G:\ (Local Disk) - NTFS - Total:233 Go (Free:14 Go)
H:\ (Local Disk) - NTFS - Total:99 Go (Free:85 Go)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( Tue 09/01/2009|19:53 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.ca/?gws_rd=ssl"
"Start Page Redirect Cache"="https://www.msn.com/fr-fr/"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
"Url"="http://www.microsoft.com/athome/community/rss.xml"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\Windows\\System32\\blank.htm"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Leo\AppData\Roaming\uTorrent\Boris Fx v9.2 + Crack - HeartBug.torrent
C:\Users\Leo\AppData\Roaming\uTorrent\Reason 4 + Keygen + Patch RPS.1.torrent
C:\Users\Leo\AppData\Roaming\uTorrent\Reason 4 + Keygen + Patch RPS.torrent
C:\Users\Leo\AppData\Roaming\uTorrent\Sony Vegas Pro 8.0c Build 260+Keygen[H33T]-MasterUploader.1.torrent
C:\Users\Leo\AppData\Roaming\uTorrent\Sony Vegas Pro 8.0c Build 260+Keygen[H33T]-MasterUploader.torrent
C:\Users\Leo\AppData\Roaming\uTorrent\WinZip Pro (FULL+Keygen).rar.torrent


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - Tue 09/01/2009|19:51 - Option : [2]
2 - "C:\ToolBar SD\TB_2.txt" - Tue 09/01/2009|19:53 - Option : [2]

-----------\\ Fin du rapport a 19:53:27.01



-----------------------------------------------O------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:34 AM, on 9/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\System32\PAStiSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Search Guard PlusU\sgpupdaters.exe
C:\Program Files\Eset\nod32kui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\RECYCLER\S-1-5-21-7713349796-3322753541-066282318-2451\glps.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Leo\Desktop\HiJackThis.exe
C:\Windows\Explorer.exe
C:\Windows\system32\Dwm.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHelper Class - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\SGPSA\mtwb3sh.dll
O1 - Hosts: 148.244.43.5 bancomer.com
O1 - Hosts: 148.244.43.5 bancomer.com.mx
O1 - Hosts: 148.244.43.5 www.bancomer.com
O1 - Hosts: 148.244.43.5 www.bancomer.com.mx
O1 - Hosts: 192.193.230.100 banamex.com.mx
O1 - Hosts: 192.193.230.100 www.banamex.com.mx
O1 - Hosts: 200.76.36.117 www.bb.com.mx
O1 - Hosts: 200.76.36.117 bb.com.mx
O1 - Hosts: 69.64.58.104 www.scotiabankinverlat.com
O1 - Hosts: 69.64.58.104 scotiabankinverlat.com
O1 - Hosts: 69.64.58.104 www.scotiabank.com.mx
O1 - Hosts: 69.64.58.104 scotiabank.com.mx
O1 - Hosts: 200.5.92.194 https://www.bbva.com.ar
O1 - Hosts: 200.5.92.194 www.bbva.com.ar
O1 - Hosts: 200.5.92.194 bbva.com.ar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Papelera] C:\recycler\papeleraxpn.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Freebie Notes] "C:\Program Files\Power Soft\Freebie Notes\FreebieNotes.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-ca.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9b9a44aa3cb71) (gupdate1c9b9a44aa3cb71) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\Windows\System32\PAStiSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
[*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Messages postés
34
Date d'inscription
vendredi 14 novembre 2008
Statut
Membre
Dernière intervention
13 février 2010

ComboFix 09-09-02.02 - Leo 09/02/2009 20:06.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3837.2881 [GMT -4:00]
Running from: c:\users\Leo\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spyware Doctor *enabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\IE3SH.exe
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWB3SH.dll
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\search_br.bmp
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\program files\SGPSA\mtwb3sh.dll
c:\recycler\S-1-5-21-7713349796-3322753541-066282318-2451
c:\recycler\S-1-5-21-7713349796-3322753541-066282318-2451\Desktop.ini
c:\recycler\S-1-5-21-7713349796-3322753541-066282318-2451\glps.exe
c:\users\Leo\AppData\Local\Temp\catchme.dll
c:\users\Leo\AppData\Roaming\inst.exe
c:\windows\system32\oem17.inf
F:\Autorun.inf
G:\autorun.inf
H:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.

2009-09-03 00:19 . 2009-09-03 00:22 -------- d-----w- c:\users\Leo\AppData\Local\temp
2009-09-03 00:19 . 2009-09-03 00:19 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-09-03 00:19 . 2009-09-03 00:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-01 23:48 . 2009-09-01 23:53 -------- d-----w- C:\ToolBar SD
2009-08-29 00:03 . 2009-09-02 11:27 -------- d-----w- C:\GenProc
2009-08-22 06:51 . 2009-08-22 06:51 -------- d-----w- c:\program files\Search Guard PlusU
2009-08-22 06:51 . 2009-08-22 06:51 -------- d-----w- c:\program files\Search Guard Plus
2009-08-14 07:31 . 2009-08-14 07:31 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-08-14 07:31 . 2009-08-14 07:47 -------- d-----w- c:\users\Leo\AppData\Roaming\Winamp
2009-08-13 21:44 . 2009-08-13 21:44 995200 ----a-w- c:\users\Public\MyWebTattoo.exe
2009-08-07 22:04 . 2009-08-07 22:04 -------- d-----w- c:\windows\system32\psconv
2009-08-07 22:04 . 2009-08-07 22:04 -------- d-----w- c:\program files\psconvert

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 00:06 . 2008-05-31 23:38 -------- d-----w- c:\program files\ESET
2009-09-02 23:02 . 2008-05-31 00:09 234521 ----a-w- c:\programdata\nvModes.dat
2009-09-02 22:57 . 2009-04-10 05:49 -------- d-----w- c:\programdata\Google Updater
2009-09-02 12:18 . 2008-11-12 04:04 -------- d-----w- c:\program files\Spyware Doctor
2009-08-31 02:18 . 2008-06-16 00:11 -------- d-----w- c:\users\Leo\AppData\Roaming\dvdcss
2009-08-22 04:43 . 2008-11-03 06:31 -------- d-----w- c:\program files\Replay AV 8
2009-08-14 07:32 . 2008-05-31 02:07 -------- d-----w- c:\program files\Winamp
2009-08-08 06:53 . 2009-03-07 01:42 -------- d-----w- c:\users\Leo\AppData\Roaming\FileZilla
2009-08-07 22:08 . 2009-08-07 22:05 1024 ----a-w- c:\programdata\imgpdf2.dll
2009-08-07 21:43 . 2008-05-30 22:20 102264 ----a-w- c:\users\Leo\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-19 15:08 . 2009-03-17 16:14 -------- d-----w- c:\program files\JkDefrag
2009-07-09 20:47 . 2008-11-01 04:03 -------- d-----w- c:\program files\Java
2009-07-05 11:38 . 2009-07-05 11:38 -------- d-----w- c:\users\Leo\AppData\Roaming\SorensonMedia
2009-07-05 11:34 . 2009-07-05 11:34 -------- d-----w- c:\program files\Sorenson Media
2009-07-05 11:34 . 2008-05-30 22:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2007-03-09 08:12 . 2007-03-09 08:12 27648 --sha-w- c:\windows\System32\AVSredirect.dll
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Freebie Notes"="c:\program files\Power Soft\Freebie Notes\FreebieNotes.exe" [2009-05-17 1051008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-22 166432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13515296]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-02-22 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-05-31 949376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi4"=ma_cmidn.dll
"midi3"=ma_cmidn.dll
"midi5"=ma_cmidn.dll
"midi2"=ma_cmidn.dll
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Leo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2791DBAC-E2C7-4EBF-AA6B-88AE54E92E8F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{D740F0C6-AB82-4C98-A5C1-9357C08BC807}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{4BF28887-A474-41A8-8B51-D9B3BF8C4C75}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{5C20EBE3-B7BD-4A3C-A58D-E1F3B4982091}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{FABD4E32-8DA2-432F-A5BD-D85FF9DA022B}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{DD703BF3-C3AE-4232-9229-F30AA7098C44}c:\\users\\leo\\desktop\\new folder\\ghost recon advanced warfighter 2\\graw2.exe"= UDP:c:\users\leo\desktop\new folder\ghost recon advanced warfighter 2\graw2.exe:graw2.exe
"UDP Query User{3135BCA7-213B-4847-8435-ED571EBDD061}c:\\users\\leo\\desktop\\new folder\\ghost recon advanced warfighter 2\\graw2.exe"= TCP:c:\users\leo\desktop\new folder\ghost recon advanced warfighter 2\graw2.exe:graw2.exe
"TCP Query User{0A31AABC-E86B-43D9-BDC8-615CCAD549AD}c:\\users\\leo\\desktop\\new folder\\ghost recon advanced warfighter 2\\graw2_dedicated.exe"= UDP:c:\users\leo\desktop\new folder\ghost recon advanced warfighter 2\graw2_dedicated.exe:graw2_dedicated.exe
"UDP Query User{D4F687C4-5DFA-4717-9FCD-CF8F243D7E5D}c:\\users\\leo\\desktop\\new folder\\ghost recon advanced warfighter 2\\graw2_dedicated.exe"= TCP:c:\users\leo\desktop\new folder\ghost recon advanced warfighter 2\graw2_dedicated.exe:graw2_dedicated.exe
"{6EB68A1A-6A5E-4167-A72C-D4720FB8745D}"= UDP:18580:BitComet 18580 TCP
"{B209CC09-D780-41BF-8439-AA79D2B969D5}"= TCP:18580:BitComet 18580 UDP
"{0448BFCD-8F2E-43AF-8571-D7D8DD828BD9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{771F9AFE-DD17-40EE-8862-64212373D354}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{6427E611-ADB7-4881-B023-3C85B4C5FE02}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3FCB3689-2C45-4EE6-8A14-927CDE7F21EB}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{129AC6E6-6328-40F3-BECF-33A473588DD0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{15982DF6-569E-4DB5-A3B8-86E72437F195}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{C256EF8E-7BF1-408B-B625-60A5A84E605D}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E4427EFA-A9B2-4BED-951C-EAABB952DE84}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{328F95E6-EA82-4023-B5BC-E5A237F7EFA8}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{B1B4FE5F-F8E1-4A00-88C1-C7B7514FA487}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{9A50C2E9-73E8-4355-B7FA-A75F6A19E74A}c:\\program files\\arkaos vj 3.6.1 fc2\\arkaos.exe"= UDP:c:\program files\arkaos vj 3.6.1 fc2\arkaos.exe:ArKaos VJ Application
"UDP Query User{AA674BE9-36AA-4377-8DCD-63A4A50558C4}c:\\program files\\arkaos vj 3.6.1 fc2\\arkaos.exe"= TCP:c:\program files\arkaos vj 3.6.1 fc2\arkaos.exe:ArKaos VJ Application
"{3B6DFD8A-E1BD-42EE-BA78-084E80CD2AEE}"= UDP:5353:Adobe CSI CS4
"{EB013CC7-84F0-4060-A7B0-81616C16583E}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{1133EA42-4723-45EB-91D0-53F016115099}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{652B9D8C-9E6F-4A64-A546-B70A1AE89785}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{7808DF24-368E-4888-8A04-242541331A19}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{6324277E-E513-4C39-9352-FA2F34F0B66F}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{92F8D52C-98E6-42D4-94C3-CB8C1CF01F96}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{DBEE3BD3-DB03-49C4-8977-57E52E3438B6}c:\\program files\\resolume 2.41\\resolume.exe"= UDP:c:\program files\resolume 2.41\resolume.exe:Resolume 2.41
"UDP Query User{4980CF0A-237D-4329-AC7A-DD517E466431}c:\\program files\\resolume 2.41\\resolume.exe"= TCP:c:\program files\resolume 2.41\resolume.exe:Resolume 2.41
"{8D188B78-0E42-486A-A508-E6A84BF828F2}"= UDP:18580:BitComet 18580 TCP
"{3AE38CD8-1062-44F4-A18D-C75B0B904D2E}"= TCP:18580:BitComet 18580 UDP
"TCP Query User{385499D6-AE00-45FD-8A82-D86186DA47F9}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{7E00E501-DA58-40D6-84AA-30276BF4F7B6}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{FC01F889-5822-4FBA-923D-2EDC15B22E91}c:\\program files\\resolume 2.41\\resolume.exe"= UDP:c:\program files\resolume 2.41\resolume.exe:Resolume 2.41
"UDP Query User{89185BAC-2F40-473D-A195-29715C99759D}c:\\program files\\resolume 2.41\\resolume.exe"= TCP:c:\program files\resolume 2.41\resolume.exe:Resolume 2.41
"TCP Query User{5B6D79A2-F454-4F20-A22F-495B32448D08}c:\\wamp\\bin\\apache\\apache2.2.11\\bin\\httpd.exe"= UDP:c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe:Apache HTTP Server
"UDP Query User{85A3BC8C-347C-4FE1-B2DD-F60FF600882F}c:\\wamp\\bin\\apache\\apache2.2.11\\bin\\httpd.exe"= TCP:c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe:Apache HTTP Server
"TCP Query User{21E674AB-9834-42CD-8A66-244276426A55}c:\\program files\\sorenson media\\sorenson squeeze\\squeeze.exe"= UDP:c:\program files\sorenson media\sorenson squeeze\squeeze.exe:Squeeze Application
"UDP Query User{316AF5B4-350C-46A0-84EB-1E8B13E08C77}c:\\program files\\sorenson media\\sorenson squeeze\\squeeze.exe"= TCP:c:\program files\sorenson media\sorenson squeeze\squeeze.exe:Squeeze Application

R1 nod32drv;nod32drv;c:\windows\System32\drivers\nod32drv.sys [5/31/2009 2:21 PM 15424]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [6/1/2008 12:04 PM 73728]
S2 gupdate1c9b9a44aa3cb71;Google Update Service (gupdate1c9b9a44aa3cb71);c:\program files\Google\Update\GoogleUpdate.exe [4/10/2009 2:18 AM 133104]
S3 PAC7311;Trust Webcam 14839;c:\windows\System32\drivers\PA707UCM.SYS [10/18/2005 1:48 PM 154752]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/12/2008 12:04 AM 356920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-10 05:49]

2009-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 06:18]

2009-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-10 06:18]

2009-09-02 c:\windows\Tasks\User_Feed_Synchronization-{D4C0D1E8-8D1A-4810-9070-878FF35EC6CF}.job
- c:\windows\system32\msfeedssync.exe [2009-05-31 11:31]

2008-05-31 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 15:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\zap330mx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={E8F7C841-D617-58FC-7A40-996D57481CFA}&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-02 20:21
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2520)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
c:\program files\ESET\nod32krn.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\stacsv.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\BCMWLTRY.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-09-03 20:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-03 00:28

Pre-Run: 86,600,556,544 bytes free
Post-Run: 86,477,074,432 bytes free

307 --- E O F --- 2009-05-31 20:09
Messages postés
34
Date d'inscription
vendredi 14 novembre 2008
Statut
Membre
Dernière intervention
13 février 2010

oups desolé j'ai posté 2 fois le même mess
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
Etape 1/ Télécharge :

ToolsCleaner! (A.Rothstein & Dj QUIOU) sur ton Bureau.
http://pc-system.fr/


Etape 2/- Double-clique sur ToolsCleaner2.exe pour le lancer.
- Clique sur Recherche et laisse le scan agir.
- Clique sur Suppression pour finaliser.
- Tu peux, si tu le souhaites, te servir des Options Facultatives.
- Clique sur Quitter pour obtenir le rapport C:\TCleaner.txt



Etape 3/
Poste ce rapport
https://www.micro-astuce.com/securite/NanoScan-Panda.php
Messages postés
34
Date d'inscription
vendredi 14 novembre 2008
Statut
Membre
Dernière intervention
13 février 2010

salut, toolscleaner ne veux pas s'executer, il marque not responding...quest que jfais?
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
l'étape 3
Messages postés
34
Date d'inscription
vendredi 14 novembre 2008
Statut
Membre
Dernière intervention
13 février 2010

Salut, je sais pas si tu as eu mon dernier scan mais voila, apres le scan avec panda voici le rapport:


;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-09-15 23:51:06
PROTECTIONS: 3
MALWARE: 15
SUSPECTS: 5
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ESET NOD32 antivirus system 2.70 2.70 Yes Yes
Spyware Doctor 6.0.0.386 No Yes
Windows Defender 1.1.1505.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\leo@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\leo@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@atdmt[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@mediaplex[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\leo@xiti[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\leo@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\leo@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@bs.serving-sys[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\leo@weborama[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\leo@advertising[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\leo@overture[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\guest@questionmarket[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\leo@adultfriendfinder[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Cookies\leo@smartadserver[2].txt
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Program Files\Adobe\Photoshop CS\Plug-Ins\Imagenomic\patch.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location ܚz�0�,�9
;===================================================================================================================================================================================
No C:\Program Files\Native Instruments\Traktor DJ Studio 3\Patch T3 normal.exe ܚz�0�,�9
No C:\Program Files\Replay AV 8\ReplayAV.exe ܚz�0�,�9
No C:\Program Files\Replay AV 8\ReplayConverter.exe ܚz�0�,�9
No C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\IE\MTWB3SH.dll.vir ܚz�0�,�9
No C:\Qoobox\Quarantine\C\Program Files\SGPSA\mtwb3sh.dll.vir ܚz�0�,�9
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ܚz�0�,�9
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
supprime

C:\Program Files\Adobe\Photoshop CS\Plug-Ins\Imagenomic\patch.exe
C:\Program Files\Native Instruments\Traktor DJ Studio 3\Patch T3 normal.ܚexe
C:\Program Files\Replay AV 8\ReplayAV.exe ܚ
C:\Program Files\Replay AV 8\ReplayConverter.exe
C:\Qoobox

des soucis encore?