Virus trojan-spy.win32@mx
reguia
Messages postés
1
Statut
Membre
-
g!rly Messages postés 18462 Statut Contributeur -
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
J'ai chopé comme tant d"autres ce fameux trojan-spy.win32@mx. J'ai utilisé HijackThis v2.0.2 pour générer ce rapport en espérant que l'on puisse m'aider à m'en debarasser. Merci beaucoup.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:22, on 01/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Applications\wcs.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Applications\iebtm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Applications\wcm.exe
C:\Program Files\Intel\Intel Matrix Storage
Manager\IAAnotif.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\Applications\iebtmm.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462
\GoogleToolbarNotifier.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sony\Sony Picture
Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common
Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage
Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-
8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\lxdicoms.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\Alcohol Soft\Alcohol 120
\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\StkCSrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\MsPMSPSv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
C:\Windows\System32\alg.exe
C:\Program Files\PC Connectivity
Solution\Transports\NclUSBSrv.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\PC Connectivity
Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity
Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\HMIDA\AppData\Local\Temp\Rar$EX00.557\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar
= https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page
= about:blank
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page
= https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page
= https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres
pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: freenews.fr Toolbar - {c2c7c8f0-ab5b-4273-
8291-c10737ccdb29} - C:\Program Files\freenews.fr\tbfre1.dll
R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-
ccc6-4162-a20d-67402a26a215} - C:\Program
Files\Best_Security_Tips\tbBest.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-
17B458C2A3A8} - C:\Program Files\Internet Download
Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-
7695ECA05670} - C:\Program Files\Yahoo!
\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-
C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-
C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute
CS3/contributeieplugin.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} -
(no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9
-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-
8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} -
(no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861
-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0
\Acrobat\AcroIEFavClient.dll
O2 - BHO: freenews.fr Toolbar - {c2c7c8f0-ab5b-4273-8291-
c10737ccdb29} - C:\Program Files\freenews.fr\tbfre1.dll
O2 - BHO: (no name) - {D46BEAA4-A304-40B3-A9DA-EC7F7F501F25} -
C:\Program Files\Applications\iebt.dll
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-
a20d-67402a26a215} - C:\Program
Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F}
- c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-
98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} -
C:\Program Files\Dealio\kb124\Dealio.dll
O3 - Toolbar: freenews.fr Toolbar - {c2c7c8f0-ab5b-4273-8291-
c10737ccdb29} - C:\Program Files\freenews.fr\tbfre1.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0
\fr\msntb.dll
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162
-a20d-67402a26a215} - C:\Program
Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-
0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0
\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-
2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute
CS3/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel
Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4
\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero
BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead
Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program
Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1
\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%
\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500
-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-
4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark
Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDICATS] rundll32 C:\Windows\system32
\spool\DRIVERS\W32X86\3\LXDItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
Internet Security Suite\eTrust PestPatrol Anti-
Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program
Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download
Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462
\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA
Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program
Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia
PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia
PC Suite 7\PCSuite.exe" -onlytray
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program
Files\Applications\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program
Files\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de détection de support Picture Motion
Browser.lnk = C:\Program Files\Sony\Sony Picture
Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant -
res://C:\Program Files\Adobe\Acrobat 8.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Baixar com o Rapidown... -
C:\Program Files\Rapidown\RapidownGet.htm
O8 - Extra context menu item: Baixar tudo com o Rapidown... -
C:\Program Files\Rapidown\RapidownGetAll.htm
O8 - Extra context menu item: Compare Prices with &Dealio -
C:\Users\HMIDA\AppData\LocalLow\Dealio\kb124
\res\DealioSearch.html
O8 - Extra context menu item: Consulter les dictionnaires
(SYSTRAN) - res://C:\Program Files\SYSTRAN\6
\\GUIres.dll/lookup.js
O8 - Extra context menu item: Convertir en Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0
\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en
Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0
\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un
fichier PDF existant - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe
PDF - res://C:\Program Files\Adobe\Acrobat 8.0
\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un
fichier PDF existant - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés
en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés
en un fichier PDF existant - res://C:\Program
Files\Adobe\Acrobat 8.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download all by Rapidown... -
C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download all links with IDM -
C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download by Rapidown... -
C:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: Download FLV video content with
IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program
Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Traduire (SYSTRAN) -
res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222
- {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-
00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem:
@C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-
11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-
444553540011} - C:\Program Files\Rapidown\Rapidown.exe
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-
B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-
D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-
9DF278BE776E} - http://www.iexplorerclue.com/redirect.php (file
missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-
4BE8-A284-9DF278BE776E} -
http://www.iexplorerclue.com/redirect.php (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-
07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315
-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-
1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version
Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common
Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Active File Monitor
(AdobeActiveFileMonitor) - Adobe Systems Incorporated - (no
file)
O23 - Service: ADSM Service (ADSMService) - Unknown owner -
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner -
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL
Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner -
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec
Corporation - C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. -
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service:
##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour
Service) - Apple Computer, Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. -
C:\Program Files\Common
Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) -
Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe
Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google -
C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON)
- Intel Corporation - C:\Program Files\Intel\Intel Matrix
Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Program
Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1
\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice
Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-
8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxdi_device - - C:\Windows\system32
\lxdicoms.exe
O23 - Service: MySQL - Unknown owner -
C:\Clyo\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program
Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program
Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA -
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific
Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32
\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service
(RegSrvc) - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SiSoftware Database Agent Service
(SandraDataSrv) - SiSoftware - C:\Program
Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32
\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) -
SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite
XIIc\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC
Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB
Probe\SPM\spmgr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket
Division Software - C:\Program Files\Alcohol Soft\Alcohol 120
\StarWind\StarWindServiceAE.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv)
- Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,
-1 (TuneUp.Defrag) - TuneUp Software GmbH -
C:\Windows\System32\TuneUpDefragService.exe
J'ai chopé comme tant d"autres ce fameux trojan-spy.win32@mx. J'ai utilisé HijackThis v2.0.2 pour générer ce rapport en espérant que l'on puisse m'aider à m'en debarasser. Merci beaucoup.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:22, on 01/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Applications\wcs.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Applications\iebtm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Applications\wcm.exe
C:\Program Files\Intel\Intel Matrix Storage
Manager\IAAnotif.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\Applications\iebtmm.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462
\GoogleToolbarNotifier.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sony\Sony Picture
Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common
Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage
Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-
8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\lxdicoms.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\Alcohol Soft\Alcohol 120
\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\StkCSrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\MsPMSPSv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
C:\Windows\System32\alg.exe
C:\Program Files\PC Connectivity
Solution\Transports\NclUSBSrv.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\PC Connectivity
Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity
Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\HMIDA\AppData\Local\Temp\Rar$EX00.557\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar
= https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page
= about:blank
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page
= https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page
= https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres
pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: freenews.fr Toolbar - {c2c7c8f0-ab5b-4273-
8291-c10737ccdb29} - C:\Program Files\freenews.fr\tbfre1.dll
R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-
ccc6-4162-a20d-67402a26a215} - C:\Program
Files\Best_Security_Tips\tbBest.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-
17B458C2A3A8} - C:\Program Files\Internet Download
Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-
7695ECA05670} - C:\Program Files\Yahoo!
\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-
C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-
C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute
CS3/contributeieplugin.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} -
(no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9
-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-
8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} -
(no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861
-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0
\Acrobat\AcroIEFavClient.dll
O2 - BHO: freenews.fr Toolbar - {c2c7c8f0-ab5b-4273-8291-
c10737ccdb29} - C:\Program Files\freenews.fr\tbfre1.dll
O2 - BHO: (no name) - {D46BEAA4-A304-40B3-A9DA-EC7F7F501F25} -
C:\Program Files\Applications\iebt.dll
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-
a20d-67402a26a215} - C:\Program
Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F}
- c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-
98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} -
C:\Program Files\Dealio\kb124\Dealio.dll
O3 - Toolbar: freenews.fr Toolbar - {c2c7c8f0-ab5b-4273-8291-
c10737ccdb29} - C:\Program Files\freenews.fr\tbfre1.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0
\fr\msntb.dll
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162
-a20d-67402a26a215} - C:\Program
Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-
0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0
\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-
2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute
CS3/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel
Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4
\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero
BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead
Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program
Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1
\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%
\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500
-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-
4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark
Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDICATS] rundll32 C:\Windows\system32
\spool\DRIVERS\W32X86\3\LXDItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust
Internet Security Suite\eTrust PestPatrol Anti-
Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program
Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download
Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462
\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA
Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program
Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia
PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia
PC Suite 7\PCSuite.exe" -onlytray
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program
Files\Applications\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program
Files\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de détection de support Picture Motion
Browser.lnk = C:\Program Files\Sony\Sony Picture
Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant -
res://C:\Program Files\Adobe\Acrobat 8.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Baixar com o Rapidown... -
C:\Program Files\Rapidown\RapidownGet.htm
O8 - Extra context menu item: Baixar tudo com o Rapidown... -
C:\Program Files\Rapidown\RapidownGetAll.htm
O8 - Extra context menu item: Compare Prices with &Dealio -
C:\Users\HMIDA\AppData\LocalLow\Dealio\kb124
\res\DealioSearch.html
O8 - Extra context menu item: Consulter les dictionnaires
(SYSTRAN) - res://C:\Program Files\SYSTRAN\6
\\GUIres.dll/lookup.js
O8 - Extra context menu item: Convertir en Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0
\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en
Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0
\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un
fichier PDF existant - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe
PDF - res://C:\Program Files\Adobe\Acrobat 8.0
\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un
fichier PDF existant - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés
en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés
en un fichier PDF existant - res://C:\Program
Files\Adobe\Acrobat 8.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download all by Rapidown... -
C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download all links with IDM -
C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download by Rapidown... -
C:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: Download FLV video content with
IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program
Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Traduire (SYSTRAN) -
res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222
- {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-
00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem:
@C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-
11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-
444553540011} - C:\Program Files\Rapidown\Rapidown.exe
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-
B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-
D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-
9DF278BE776E} - http://www.iexplorerclue.com/redirect.php (file
missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-
4BE8-A284-9DF278BE776E} -
http://www.iexplorerclue.com/redirect.php (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-
07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315
-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-
1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version
Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common
Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Active File Monitor
(AdobeActiveFileMonitor) - Adobe Systems Incorporated - (no
file)
O23 - Service: ADSM Service (ADSMService) - Unknown owner -
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner -
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL
Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner -
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec
Corporation - C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. -
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service:
##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour
Service) - Apple Computer, Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. -
C:\Program Files\Common
Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) -
Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe
Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google -
C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON)
- Intel Corporation - C:\Program Files\Intel\Intel Matrix
Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Program
Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1
\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice
Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-
8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxdi_device - - C:\Windows\system32
\lxdicoms.exe
O23 - Service: MySQL - Unknown owner -
C:\Clyo\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program
Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program
Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA -
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific
Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32
\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service
(RegSrvc) - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SiSoftware Database Agent Service
(SandraDataSrv) - SiSoftware - C:\Program
Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32
\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) -
SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite
XIIc\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC
Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB
Probe\SPM\spmgr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket
Division Software - C:\Program Files\Alcohol Soft\Alcohol 120
\StarWind\StarWindServiceAE.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv)
- Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,
-1 (TuneUp.Defrag) - TuneUp Software GmbH -
C:\Windows\System32\TuneUpDefragService.exe
A voir également:
- Virus trojan-spy.win32@mx
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Artemis virus - Forum Virus
- Trojan sms-par google ✓ - Forum Virus
- Virus informatique - Guide
1 réponse
salut,
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Post egalement un nouveau rapport hijack this stp
@+
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Post egalement un nouveau rapport hijack this stp
@+
