Pubs intempestives Gmail Yahoo, viagra etc...
Fermé
Kotin
-
2 avril 2007 à 12:10
salwa5 Messages postés 7452 Date d'inscription jeudi 30 novembre 2006 Statut Contributeur Dernière intervention 18 août 2012 - 3 avril 2007 à 17:51
salwa5 Messages postés 7452 Date d'inscription jeudi 30 novembre 2006 Statut Contributeur Dernière intervention 18 août 2012 - 3 avril 2007 à 17:51
A voir également:
- Pubs intempestives Gmail Yahoo, viagra etc...
- Yahoo mail - Accueil - Mail
- Gmail connexion - Guide
- Créer un compte gmail - Guide
- Gmail connexion autre compte - Guide
- Accusé de reception gmail - Guide
6 réponses
salwa5
Messages postés
7452
Date d'inscription
jeudi 30 novembre 2006
Statut
Contributeur
Dernière intervention
18 août 2012
1 635
2 avril 2007 à 18:06
2 avril 2007 à 18:06
bonjour telecharge hijackthis et colle le resultat ici :
http://www.infos-du-net.com/telecharger/HijackThis.html
demo :
http://pageperso.aol.fr/balltrap34/demohijack.htm
a++++
http://www.infos-du-net.com/telecharger/HijackThis.html
demo :
http://pageperso.aol.fr/balltrap34/demohijack.htm
a++++
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:26:08, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Mes documents\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.243:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
Scan saved at 13:26:08, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Mes documents\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.243:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
Ne tenez pas compte du précédent log, celui-ci est plus représentatif, on y voit clairement les processus ouverts 17exyp.3.exe et compagnie avec IEXPLORE actif alors que je ne l'ai jamais ouvert.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:41:58, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Azureus\Azureus.exe
C:\DOCUME~1\Tonio\LOCALS~1\Temp\30exym50_2.6.exe
C:\DOCUME~1\Tonio\LOCALS~1\Temp\17exyp.3.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Mes documents\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.243:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:41:58, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Azureus\Azureus.exe
C:\DOCUME~1\Tonio\LOCALS~1\Temp\30exym50_2.6.exe
C:\DOCUME~1\Tonio\LOCALS~1\Temp\17exyp.3.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Mes documents\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.243:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
salwa5
Messages postés
7452
Date d'inscription
jeudi 30 novembre 2006
Statut
Contributeur
Dernière intervention
18 août 2012
1 635
3 avril 2007 à 14:36
3 avril 2007 à 14:36
bonjour
Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec (redemarrage + tapotte sans arret sur F8 desque l'ordi s'allume)
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
a+++
Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec (redemarrage + tapotte sans arret sur F8 desque l'ordi s'allume)
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
a+++
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
========================================
SDFix: Version 1.76
Run by Tonio - 03/04/2007 - 16:37:34,86
Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\Tonio\Bureau\sdfix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\DOCUME~1\Tonio\LOCALS~1\Temp\setup.exe - Deleted
C:\WINDOWS\system\smss.exe - Deleted
ADS Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Softros Systems\\Softros Messenger\\Messenger.exe"="C:\\Program Files\\Softros Systems\\Softros Messenger\\Messenger.exe:*:Enabled:Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\32exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\32exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\42exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\42exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\41exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\41exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\66exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\66exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\6exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\6exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\48exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\48exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\16exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\16exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\97exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\97exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\65exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\65exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\73exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\73exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\0exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\0exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\22exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\22exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\64exed32_2.b.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\64exed32_2.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\77exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\77exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\51exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\51exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\19exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\19exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\82exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\82exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\99exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\99exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\37exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\37exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\34exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\34exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\47exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\47exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\3exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\3exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\95exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\95exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\70exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\70exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\91exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\91exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\86exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\86exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\28exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\28exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\60exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\60exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"="C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\48exed32_2.b.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\48exed32_2.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\53exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\53exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\92exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\92exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\9exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\9exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\58exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\58exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\23exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\23exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\96exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\96exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\77exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\77exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\6exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\6exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\66exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\66exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\22exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\22exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\25exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\25exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\10exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\10exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\87exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\87exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\83exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\83exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\36exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\36exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\94exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\94exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\96exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\96exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\99exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\99exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\37exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\37exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\67exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\67exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\35exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\35exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\65exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\65exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\75exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\75exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\52exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\52exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\32exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\32exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\38exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\38exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\97exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\97exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\84exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\84exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\14exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\14exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\20exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\20exinjs.a3.exe:*:Enabled:Microsoft Update"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\Tonio\Bureau\sdfix\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :
C:\Program Files\eRightSoft\SUPER\cygwin1.dll
C:\Program Files\eRightSoft\SUPER\cygz.dll
C:\Program Files\eRightSoft\SUPER\_Setup.dll
C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll
C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll
C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll
C:\WINDOWS\system32\flvDX.dll
C:\Program Files\eRightSoft\SUPER\Setup.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
Finished
===========================================
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:48:49, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Mes documents\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.243:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
SDFix: Version 1.76
Run by Tonio - 03/04/2007 - 16:37:34,86
Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\Tonio\Bureau\sdfix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\DOCUME~1\Tonio\LOCALS~1\Temp\setup.exe - Deleted
C:\WINDOWS\system\smss.exe - Deleted
ADS Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Softros Systems\\Softros Messenger\\Messenger.exe"="C:\\Program Files\\Softros Systems\\Softros Messenger\\Messenger.exe:*:Enabled:Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\32exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\32exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\42exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\42exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\41exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\41exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\66exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\66exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\6exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\6exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\48exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\48exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\16exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\16exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\97exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\97exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\65exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\65exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\73exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\73exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\0exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\0exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\22exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\22exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\64exed32_2.b.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\64exed32_2.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\77exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\77exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\51exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\51exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\19exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\19exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\82exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\82exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\99exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\99exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\37exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\37exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\34exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\34exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\47exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\47exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\3exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\3exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\95exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\95exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\70exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\70exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\91exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\91exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\86exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\86exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\28exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\28exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\60exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\60exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"="C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\48exed32_2.b.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\48exed32_2.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\53exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\53exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\92exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\92exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\9exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\9exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\58exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\58exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\23exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\23exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\96exinjs.a2.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\96exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\77exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\77exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\6exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\6exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\66exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\66exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\22exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\22exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\25exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\25exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\10exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\10exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\87exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\87exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\83exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\83exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\36exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\36exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\94exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\94exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\96exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\96exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\99exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\99exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\37exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\37exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\67exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\67exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\35exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\35exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\65exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\65exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\75exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\75exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\52exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\52exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\32exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\32exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\38exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\38exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\97exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\97exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\84exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\84exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\14exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\14exinjs.a3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\20exinjs.a3.exe"="C:\\DOCUME~1\\Tonio\\LOCALS~1\\Temp\\20exinjs.a3.exe:*:Enabled:Microsoft Update"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\Tonio\Bureau\sdfix\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :
C:\Program Files\eRightSoft\SUPER\cygwin1.dll
C:\Program Files\eRightSoft\SUPER\cygz.dll
C:\Program Files\eRightSoft\SUPER\_Setup.dll
C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll
C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll
C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll
C:\WINDOWS\system32\flvDX.dll
C:\Program Files\eRightSoft\SUPER\Setup.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
Finished
===========================================
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:48:49, on 03/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Mes documents\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.243:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
salwa5
Messages postés
7452
Date d'inscription
jeudi 30 novembre 2006
Statut
Contributeur
Dernière intervention
18 août 2012
1 635
3 avril 2007 à 17:51
3 avril 2007 à 17:51
bonjour telecharge et executes
AVG anti spyware
https://www.01net.com/telecharger/
(n'oublie pas de le mettre a jour avant de lancer le scan)
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau ensuite colle le raport ici
supprime les fichiers inutiles (fichiers temporaire , cookies .. ect avec ceci
Ccleaner
https://www.malekal.com/tutoriel-ccleaner/
a+++++++
AVG anti spyware
https://www.01net.com/telecharger/
(n'oublie pas de le mettre a jour avant de lancer le scan)
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau ensuite colle le raport ici
supprime les fichiers inutiles (fichiers temporaire , cookies .. ect avec ceci
Ccleaner
https://www.malekal.com/tutoriel-ccleaner/
a+++++++