Virus pas méchant mais chiant
Dernière réponse : dans Le monde de Windows
Coucou tout le monde: est-ce que vous connaissez un virus dont le fichier s'appelle "64exinjs.a9" ou "77exinjs.a9" ou "44exhm.txt.4" et qui se reproduit tout le temps en changeant de numéro par ce que celui là commence à me taper sur le système (nerveux, je précise ![:lol:]( ":lol:")
), Merci de votre aide
), Merci de votre aide Autres pages sur : virus mechant chiant
Lassé par la pub ? Créez un compte
Non mais jamais personne aura le même numéro (ou alors coup de pot ^^) puisque ce virus génère aléatoirement ses noms de fichiers.
Par contre si c'est fichiers se régénèrent automatiquement, c'est qu'il n'est pas complètement éliminé et que soit au démarrage ou soit après la suppression il recrée son fichier.
Si un anti-virus ne suffit pas, tu peux utiliser HijackThis
Par contre si c'est fichiers se régénèrent automatiquement, c'est qu'il n'est pas complètement éliminé et que soit au démarrage ou soit après la suppression il recrée son fichier.
Si un anti-virus ne suffit pas, tu peux utiliser HijackThis
Le rapport me donne ça mais je le vois pas dedans ![:sweat:]( ":sweat:")
Scan saved at 23:05:16, on 07/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\DOCUME~1\Simon\LOCALS~1\Temp\79exinjs.a9.exe
C:\Downloads\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Afficher l'ancienne version sur &archives.org - C:\Documents and Settings\Simon\Application Data\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
O8 - Extra context menu item: Recherche &Google - C:\Documents and Settings\Simon\Application Data\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O8 - Extra context menu item: Traduire cette page - C:\Documents and Settings\Simon\Application Data\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\system32\shdocvw.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 6820 bytes
Il agit dans les processus et fait gonfler celui d'Internet explorer
Citation :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 23:05:16, on 07/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\DOCUME~1\Simon\LOCALS~1\Temp\79exinjs.a9.exe
C:\Downloads\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Afficher l'ancienne version sur &archives.org - C:\Documents and Settings\Simon\Application Data\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
O8 - Extra context menu item: Recherche &Google - C:\Documents and Settings\Simon\Application Data\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O8 - Extra context menu item: Traduire cette page - C:\Documents and Settings\Simon\Application Data\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\system32\shdocvw.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 6820 bytes
Il agit dans les processus et fait gonfler celui d'Internet explorer
Faudrait encore que ce soit un simple spyware... On en cause ici : http://forum.telecharger.01net.com/telecharger/securite...
(il a les dents solide) c'est vrai que IE est source de merdier, je vais essayer de scaner avec d'autre antivirus et mettre un firewall sur ce Pc et en préventionsur l'autre 
Spoiler
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 02:02:04, on 09/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\Anti virus\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Afficher l'ancienne version sur &archives.org - C:\Documents and Settings\Simon\Application Data\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
O8 - Extra context menu item: Recherche &Google - C:\Documents and Settings\Simon\Application Data\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O8 - Extra context menu item: Traduire cette page - C:\Documents and Settings\Simon\Application Data\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 7762 bytes
Scan saved at 02:02:04, on 09/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\Anti virus\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Afficher l'ancienne version sur &archives.org - C:\Documents and Settings\Simon\Application Data\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
O8 - Extra context menu item: Recherche &Google - C:\Documents and Settings\Simon\Application Data\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O8 - Extra context menu item: Traduire cette page - C:\Documents and Settings\Simon\Application Data\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 7762 bytes
Voilà ce que donne hijackthis!!!!
Spoiler
SDFix: Version 1.86
Run by Simon - 09/06/2007 - 1:37:43,76
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Simon\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\system\smss.exe - Deleted
C:\WINDOWS\system32\system32.exe - Deleted
Removing Temp Files...
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Checking if ADS is attached to ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"="C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe:*:Enabled:VNC Viewer for Win32"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe:*:Enabled![:p]( ":p")
owerCinema"
"C:\\Program Files\\Switch Off\\swoff.exe"="C:\\Program Files\\Switch Off\\swoff.exe:*:Enabled:Automatic shutdown utility"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\68exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\68exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\89exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\89exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\27exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\27exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\52exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\52exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\14exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\14exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\94exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\94exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\15exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\15exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\41exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\41exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\80exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\80exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\90exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\90exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\48exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\48exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\32exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\32exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\92exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\92exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\76exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\76exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\42exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\42exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\46exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\46exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\74exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\74exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\34exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\34exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\7exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\7exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\11exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\11exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\85exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\85exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\20exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\20exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\88exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\88exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\36exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\36exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\9exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\9exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\2exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\2exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\19exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\19exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\82exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\82exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\71exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\71exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\77exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\77exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\83exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\83exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\4exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\4exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\96exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\96exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\50exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\50exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\39exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\39exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\72exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\72exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\26exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\26exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\40exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\40exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\28exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\28exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\61exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\61exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\8exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\8exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\22exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\22exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\95exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\95exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\44exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\44exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\75exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\75exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\57exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\57exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\81exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\81exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\43exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\43exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\37exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\37exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\84exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\84exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\91exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\91exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\60exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\60exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\64exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\64exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\33exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\33exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\79exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\79exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\62exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\62exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\18exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\18exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\38exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\38exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\63exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\63exinjs.a9.exe:*:Enabled:Microsoft Update"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\Simon\Bureau\SDFix\backups\backups.zip
Listing Files with Hidden Attributes:
C:\Program Files\Microsoft Works Suite 2005\Setup\mnyinsta.dll
C:\Program Files\Microsoft Works Suite 2005\Setup\setuplng.dll
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Works Suite 2005\Setup\launcher.exe
C:\Program Files\Microsoft Works Suite 2005\Setup\RmvSuite.exe
C:\Program Files\Microsoft Works Suite 2005\Setup\unregwtr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Common Files\X10\Common\x10prod.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
Listing User Accounts:
comptes d'utilisateurs de \\PORTABLE
Administrateur Autres personnes HelpAssistant
Invit‚ S‚curit‚ Simon
SUPPORT_388945a0
La commande s'est termin‚e correctement.
Finished
Run by Simon - 09/06/2007 - 1:37:43,76
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Simon\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\system\smss.exe - Deleted
C:\WINDOWS\system32\system32.exe - Deleted
Removing Temp Files...
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Checking if ADS is attached to ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"="C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe:*:Enabled:VNC Viewer for Win32"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe:*:Enabled
owerCinema""C:\\Program Files\\Switch Off\\swoff.exe"="C:\\Program Files\\Switch Off\\swoff.exe:*:Enabled:Automatic shutdown utility"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\68exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\68exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\89exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\89exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\27exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\27exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\52exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\52exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\14exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\14exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\94exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\94exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\15exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\15exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\41exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\41exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\80exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\80exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\90exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\90exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\48exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\48exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\32exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\32exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\92exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\92exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\76exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\76exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\42exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\42exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\46exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\46exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\74exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\74exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\34exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\34exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\7exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\7exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\11exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\11exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\85exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\85exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\20exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\20exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\88exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\88exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\36exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\36exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\9exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\9exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\2exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\2exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\19exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\19exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\82exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\82exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\71exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\71exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\77exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\77exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\83exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\83exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\4exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\4exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\96exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\96exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\50exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\50exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\39exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\39exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\72exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\72exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\26exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\26exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\40exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\40exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\28exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\28exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\61exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\61exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\8exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\8exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\22exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\22exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\95exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\95exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\44exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\44exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\75exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\75exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\57exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\57exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\81exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\81exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\43exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\43exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\37exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\37exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\84exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\84exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\91exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\91exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\60exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\60exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\64exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\64exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\33exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\33exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\79exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\79exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\62exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\62exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\18exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\18exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\38exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\38exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\63exinjs.a9.exe"="C:\\DOCUME~1\\Simon\\LOCALS~1\\Temp\\63exinjs.a9.exe:*:Enabled:Microsoft Update"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\Simon\Bureau\SDFix\backups\backups.zip
Listing Files with Hidden Attributes:
C:\Program Files\Microsoft Works Suite 2005\Setup\mnyinsta.dll
C:\Program Files\Microsoft Works Suite 2005\Setup\setuplng.dll
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Works Suite 2005\Setup\launcher.exe
C:\Program Files\Microsoft Works Suite 2005\Setup\RmvSuite.exe
C:\Program Files\Microsoft Works Suite 2005\Setup\unregwtr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Common Files\X10\Common\x10prod.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
Listing User Accounts:
comptes d'utilisateurs de \\PORTABLE
Administrateur Autres personnes HelpAssistant
Invit‚ S‚curit‚ Simon
SUPPORT_388945a0
La commande s'est termin‚e correctement.
Finished
Et là c'est SDFix
Spoiler
Rapport Navipromo.bat 0.73 effectué le 09/06/2007 à 1:26:13,18
C:\Documents and Settings\Simon\Bureau
L'opération se déroule en mode sans échec sous le compte "Simon"
** Recherche...
1/ jhefmzh trouvé, recherche de jhefmzh*
C:\WINDOWS\system32\jhefmzh.dat
C:\WINDOWS\system32\jhefmzh.exe
C:\WINDOWS\system32\jhefmzh_nav.dat
C:\WINDOWS\system32\jhefmzh_navps.dat
------------------
Fin du rapport de recherche
Adware Navipromo trouvé 1 fois avec cette méthode
################################################
** Nettoyage...
1/ Déplacement de jhefmzh* vers C:\Navipromo\Backups...
C:\WINDOWS\System32\jhefmzh* déplacé avec succès !
------------------
Aucune entrée de registre n'a été trouvée
* Backups :
C:\Navipromo\Backups\ARPCache.reg
C:\Navipromo\Backups\HKCURun.reg
C:\Navipromo\Backups\HKLMRun.reg
C:\Navipromo\Backups\jhefmzh.dat
C:\Navipromo\Backups\jhefmzh.exe
C:\Navipromo\Backups\jhefmzh_nav.dat
C:\Navipromo\Backups\jhefmzh_navps.dat
C:\Navipromo\Backups\pack.epk
C:\Navipromo\Backups\Uninstall.reg
Ajout d'extension .off aux backups
## Fin du rapport de Suppression
-------------
Rapport Navipromo.bat 0.73 effectué le 09/06/2007 à 1:27:35,15
L'opération se déroule en mode sans échec sous le compte "Simon"
## Suppression Heuristique
* Backups :
C:\Navipromo\Backups\Heuristic\linkprd.exe
Ajout d'extension .off aux backups
Backups exe renommés avec succès
## Fin du rapport Heuristique
C:\Documents and Settings\Simon\Bureau
L'opération se déroule en mode sans échec sous le compte "Simon"
** Recherche...
1/ jhefmzh trouvé, recherche de jhefmzh*
C:\WINDOWS\system32\jhefmzh.dat
C:\WINDOWS\system32\jhefmzh.exe
C:\WINDOWS\system32\jhefmzh_nav.dat
C:\WINDOWS\system32\jhefmzh_navps.dat
------------------
Fin du rapport de recherche
Adware Navipromo trouvé 1 fois avec cette méthode
################################################
** Nettoyage...
1/ Déplacement de jhefmzh* vers C:\Navipromo\Backups...
C:\WINDOWS\System32\jhefmzh* déplacé avec succès !
------------------
Aucune entrée de registre n'a été trouvée
* Backups :
C:\Navipromo\Backups\ARPCache.reg
C:\Navipromo\Backups\HKCURun.reg
C:\Navipromo\Backups\HKLMRun.reg
C:\Navipromo\Backups\jhefmzh.dat
C:\Navipromo\Backups\jhefmzh.exe
C:\Navipromo\Backups\jhefmzh_nav.dat
C:\Navipromo\Backups\jhefmzh_navps.dat
C:\Navipromo\Backups\pack.epk
C:\Navipromo\Backups\Uninstall.reg
Ajout d'extension .off aux backups
## Fin du rapport de Suppression
-------------
Rapport Navipromo.bat 0.73 effectué le 09/06/2007 à 1:27:35,15
L'opération se déroule en mode sans échec sous le compte "Simon"
## Suppression Heuristique
* Backups :
C:\Navipromo\Backups\Heuristic\linkprd.exe
Ajout d'extension .off aux backups
Backups exe renommés avec succès
## Fin du rapport Heuristique
Et enfin Navipromo
Voilà j'espere qu'avec tout sa il reviendra plus à la charge
Lassé par la pub ? Créez un compte
