Mon pc ram !!! il ne veu plus rien faire

Mon pc ram !!! il ne veu plus rien faire - Sécurité - Virus

Recherche Recherche
Règles Règles
Aide Aide

Dans la même thématique :

Ceci répond-il à votre question ? Oui | Non

Voir les posts : Par défaut Tous Les bonnes notes Les notes insuffisantes

Mot : Pseudo : Filtrer
Bas de page
Auteur	Sujet : Mon pc ram !!! il ne veu plus rien faire

el-chico66

Profil : IDNaute

Plus d'informations

22-02-2008 à 21:34:40

Bonjour, voila mon pc ram grave, il ne veut plus rien faire au bout de 30 min, 1h00 et ma box s'éteind assez souvent dans la journée quand on navigue sur le net ...

voila j'aimerais avoir de l'aide !!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:38, on 22/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\AOL\1195902532\ee\AOLSoftware.exe
C:\Program Files\TOPRO\TPPOLL.EXE
C:\WINDOWS\OV530EM.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ViiincEnt\Bureau\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc [...] 0c&Ext=tdc
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,C:\WINDOWS\system32\i386kd.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1195902532\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TPPOLL] C:\Program Files\TOPRO\TPPOLL.EXE
O4 - HKLM\..\Run: [Ovt Wia] C:\WINDOWS\OV530EM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Defy Inside Proc Heart] C:\Documents and Settings\All Users\Application Data\burn download defy inside\Audio multi.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\Ace Media.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [help amok] C:\DOCUME~1\VIIINC~1\APPLIC~1\ONLINE~1\4styledash.exe
O4 - HKCU\..\Run: [EasyFlirt Messenger] C:\Program Files\EasyFlirt Messenger\EasyFlirt Messenger.exe /M
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://xel-chicox.spaces.live.com/ [...] nPUpld.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/con [...] Helper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Games [...] meHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://jeuxenligne.orange.fr/GameS [...] der_v6.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 14795 bytes

Liens

XmichouX

Profil : Helper

Plus d'informations

22-02-2008 à 22:00:40

Masquer

Salut,

Télécharge SDFix (d’Andy Manchesta)

Enregistre le sur ton le bureau.

Lance le.
Fais install afin qu’il puisse s’extraire.

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Lance SDFix.
Double clique sur RunThis.bat . (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.

Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished

Appuie sur une touche.

Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<

---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité/Prévention

el-chico66

Profil : IDNaute

Plus d'informations

06-03-2008 à 18:59:31

Masquer

Désoler du retard !!!

Voila le rapport SDFix !! :::

SDFix: Version 1.145

Run by HP_Administrateur on 05/03/2008 at 16:01

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name:
FCI
khtml

Path:
C:\WINDOWS\system32\svchost.exe:ext.exe
\??\C:\WINDOWS\system32\drivers\khtml.sys

FCI - Deleted
khtml - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Service Ujfk36 - Deleted after Reboot

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\drivers\Ujfk36.sys - Deleted
C:\-38848~1 - Deleted
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\aax221.tmp.exe - Deleted
C:\Program Files\Helper\1201459562.dll - Deleted
C:\WINDOWS\system32\drivers\khtml.sys - Deleted
C:\WINDOWS\system32\ntos.exe - Deleted
C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted
C:\WINDOWS\system32\wsnpoem\video.dll - Deleted

Folder C:\Program Files\Helper - Removed
Folder C:\WINDOWS\system32\wsnpoem - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 16:23:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:1e,e1,6b,79,01,79,86,81,ff,cc,c8,41,0f,e1,51,2e,d3,ba,a5,ee,9a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00

000001]
"a0"=hex:20,01,00,00,9d,be,84,14,7a,78,e9,5b,a5,63,11,c3,8b,74,4a,00,e3,..
"khjeh"=hex:1c,d7,0b,03,d5,1c,8f,fa,08,de,5f,11,8c,6b,d0,0b,fe,e9,24,fb,5a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00

000001\0Jf40]
"khjeh"=hex:91,98,40,81,c7,01,a7,4a,6a,01,72,55,77,d1,83,35,89,cb,a3,98,4c,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00

000001\0Jf41]
"khjeh"=hex:69,18,bf,e8,d6,cb,73,30,96,ab,45,21,c5,1b,b4,b7,fc,0e,df,34,85,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:1e,e1,6b,79,01,79,86,81,ff,cc,c8,41,0f,e1,51,2e,d3,ba,a5,ee,9a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\000000

01]
"a0"=hex:20,01,00,00,9d,be,84,14,7a,78,e9,5b,a5,63,11,c3,8b,74,4a,00,e3,..
"khjeh"=hex:1c,d7,0b,03,d5,1c,8f,fa,08,de,5f,11,8c,6b,d0,0b,fe,e9,24,fb,5a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\000000

01\0Jf40]
"khjeh"=hex:91,98,40,81,c7,01,a7,4a,6a,01,72,55,77,d1,83,35,89,cb,a3,98,4c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\000000

01\0Jf41]
"khjeh"=hex:69,18,bf,e8,d6,cb,73,30,96,ab,45,21,c5,1b,b4,b7,fc,0e,df,34,85,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000000
"TracesSuccessful"=dword:00000000
"LastTraceFailure"=dword:00000000

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 17

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\stand

ardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program

Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers

communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers

communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN

Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN

Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Fichiers communs\\AOL\\1195902532\\ee\\aolsoftware.exe"="C:\\Program

Files\\Fichiers communs\\AOL\\1195902532\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Program

Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*isabled:Java(TM) 2 Platform Standard Edition binary"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network

Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program

Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program

Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program

Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program

Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program

Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Connecteur Wi-Fi USB Nintendo"
"C:\\Program Files\\Conference\\Conference.dll"="C:\\Program

Files\\Conference\\Conference.dll:*:Enabled:Audio/Video Conference"
"C:\\DOCUME~1\\mickael\\LOCALS~1\\Temp\\dllhost.exe"="C:\\DOCUME~1\\mickael\\LOCALS~1\\Temp\\dllho

st.exe:*:Enabled:Flash Player2"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domai

nprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers

communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers

communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN

Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN

Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network

Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 10 Dec 2006 211 A.SHR --- "C:\BOOT.BAK"
Tue 31 May 2005 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Tue 31 May 2005 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Tue 31 May 2005 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Sat 16 Dec 2006 4,184 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Wed 2 Jan 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program

Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Mon 18 Feb 2008 0 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT4.tmp"

Finished!

XmichouX

Profil : Helper

Plus d'informations

10-03-2008 à 18:34:54

Masquer

Re,

Désolé, j'avais perdu ton sujet ! N'hésite pas à faire un UP !
Reposte un HijackThis

---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité/Prévention

el-chico66

Profil : IDNaute

Plus d'informations

14-03-2008 à 18:07:43

Masquer

c'est quoi un UP ??

Ok je repposte l'hijackThis...

Logfile of Trend Micro

HijackThis v2.0.2
Scan saved at 18:07:23, on

14/03/2008
Platform: Windows XP SP2

(WinNT 5.01.2600)
MSIE: Internet Explorer v7.00

(7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.ex

e
C:\WINDOWS\system32\winlogo

n.exe
C:\WINDOWS\system32\services.

exe
C:\WINDOWS\system32\lsass.ex

e
C:\WINDOWS\system32\Ati2evxx

.exe
C:\WINDOWS\system32\svchost.

exe
C:\WINDOWS\System32\svchost.

exe
C:\WINDOWS\system32\brsvc01a

.exe
C:\WINDOWS\system32\spoolsv.

exe
C:\WINDOWS\system32\brss01a.

exe
C:\Program Files\Avira\AntiVir

PersonalEdition

Classic\avguard.exe
C:\Program Files\Avira\AntiVir

PersonalEdition

Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\AC

S\AOLacsd.exe
C:\xampp\apache\bin\apache.ex

e
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.ex

e
C:\WINDOWS\eHome\ehSched.e

xe
C:\Program Files\Fichiers

communs\LightScribe\LSSrvc.ex

e
C:\xampp\mysql\bin\mysqld-nt.e

xe
C:\Program

Files\Nero\Nero8\Nero

BackItUp\NBService.exe
C:\Program

Files\CDBurnerXP\NMSAccessU.

exe
C:\WINDOWS\system32\svchost.

exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx

.exe
C:\WINDOWS\Explorer.EXE
C:\xampp\apache\bin\apache.ex

e
C:\WINDOWS\system32\dllhost.e

xe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.ex

e
C:\Program Files\Fichiers

communs\AOL\1195902532\ee\A

OLSoftware.exe
C:\Program

Files\TOPRO\TPPOLL.EXE
C:\WINDOWS\OV530EM.exe
C:\Program

Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir

PersonalEdition

Classic\avgnt.exe
C:\Program Files\Internet

Explorer\IEXPLORE.EXE
C:\Program

Files\Nero\Nero8\Nero

BackItUp\NBKeyScan.exe
C:\WINDOWS\system32\ctfmon.e

xe
C:\Program Files\MSN

Messenger\msnmsgr.exe
C:\Program Files\AOL

9.0\aoltray.exe
C:\Program Files\Internet

Explorer\IEXPLORE.EXE
C:\Program

Files\WiFiConnector\NintendoW

FCReg.exe
C:\WINDOWS\System32\svchost.

exe
C:\WINDOWS\system32\wscntfy.

exe
C:\Program Files\MSN

Messenger\usnsvc.exe
C:\Program Files\AOL

Compagnon\companion.exe
C:\Program Files\Mozilla

Firefox\firefox.exe
C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe

R1 -

HKCU\Software\Microsoft\Intern

et

Explorer\Main,Default_Page_UR

L =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=FR_

FR&c=64&bd=PAVILION&pf=des

ktop
R1 -

HKCU\Software\Microsoft\Intern

et

Explorer\Main,Default_Search_U

RL =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iesearch&locale=FR

_FR&c=64&bd=PAVILION&pf=de

sktop
R1 -

HKCU\Software\Microsoft\Intern

et Explorer\Main,Search Bar =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iesearch&locale=FR

_FR&c=64&bd=PAVILION&pf=de

sktop
R1 -

HKCU\Software\Microsoft\Intern

et Explorer\Main,Search Page =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iesearch&locale=FR

_FR&c=64&bd=PAVILION&pf=de

sktop
R0 -

HKCU\Software\Microsoft\Intern

et Explorer\Main,Start Page =

http://google.fr/
R1 -

HKLM\Software\Microsoft\Intern

et

Explorer\Main,Default_Page_UR

L = http://www.yahoo.com
R1 -

HKLM\Software\Microsoft\Intern

et

Explorer\Main,Default_Search_U

RL =

http://fr.rd.yahoo.com/customize

/ie/defaults/su/msgr8/*http://fr.se

arch.yahoo.com
R1 -

HKLM\Software\Microsoft\Intern

et Explorer\Main,Search Bar =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iesearch&locale=FR

_FR&c=64&bd=PAVILION&pf=de

sktop
R1 -

HKLM\Software\Microsoft\Intern

et Explorer\Main,Search Page =

http://fr.rd.yahoo.com/customize

/ie/defaults/sp/msgr8/*http://fr.se

arch.yahoo.com
R0 -

HKLM\Software\Microsoft\Intern

et Explorer\Main,Start Page =

http://www.yahoo.com
R0 -

HKLM\Software\Microsoft\Intern

et

Explorer\Search,SearchAssistan

t =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iesearch&locale=FR

_FR&c=64&bd=PAVILION&pf=de

sktop
R1 -

HKCU\Software\Microsoft\Intern

et Explorer\Main,Window Title =

Alice ADSL
R0 -

HKCU\Software\Microsoft\Intern

et

Explorer\Toolbar,LinksFolderNa

me = Liens
R3 - URLSearchHook: (no name)

-

{9CB65206-89C4-402c-BA80-02D

8C59F9B1D} - C:\Program

Files\AskTBar\SrchAstt\1.bin\A5

SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar

Helper -

{02478D38-C3F9-4efb-9B51-7695

ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs

\cpn\yt.dll
O2 - BHO: Aide pour le lien

d'Adobe PDF Reader -

{06849E9F-C8D7-4D59-B87D-784

B7D6BE0B3} - C:\Program

Files\Fichiers

communs\Adobe\Acrobat\Active

X\AcroIEHelper.dll
O2 - BHO: ShoppingReport -

{100EB1FD-D03E-47FD-81F3-EE9

1287F9465} - C:\Program

Files\ShoppingReport\Bin\2.5.0\

ShoppingReport.dll
O2 - BHO: RealPlayer Download

and Record Plugin for Internet

Explorer -

{3049C3E9-B461-4BC5-8870-4C0

9146192CA} - C:\Program

Files\Real\RealPlayer\rpbrowserr

ecordplugin.dll
O2 - BHO: EoBho Class -

{64F56FC1-1272-44CD-BA6E-397

23696E350} - C:\Program

Files\EoRezo\EoAdv\EoRezoBH

O.dll (file missing)
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4

DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) -

{7E853D72-626A-48EC-A868-BA8

D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in

Helper -

{9030D464-4C02-4ABF-8ECC-516

4760863C6} - C:\Program

Files\Fichiers

communs\Microsoft

Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant

BHO -

{9CB65201-89C4-402c-BA80-02D

8C59F9B1D} - C:\Program

Files\AskTBar\SrchAstt\1.bin\A5

SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO -

{FE063DB1-4EC0-403e-8DD8-394

C54984B2C} - C:\Program

Files\AskTBar\bar\1.bin\ASKTBA

R.DLL
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-009

0271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs

\cpn\yt.dll
O3 - Toolbar: Ask Toolbar -

{FE063DB9-4EC0-403e-8DD8-394

C54984B2C} - C:\Program

Files\AskTBar\bar\1.bin\ASKTBA

R.DLL
O4 - HKLM\..\Run: [ehTray]

C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2]

rundll32.exe

ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL]

RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady

Power Message APP]

ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard]

C:\WINDOWS\SMINST\RECGUA

RD.EXE
O4 - HKLM\..\Run:

[HostManager] C:\Program

Files\Fichiers

communs\AOL\1195902532\ee\A

OLSoftware.exe
O4 - HKLM\..\Run: [TPPOLL]

C:\Program

Files\TOPRO\TPPOLL.EXE
O4 - HKLM\..\Run: [Ovt Wia]

C:\WINDOWS\OV530EM.exe
O4 - HKLM\..\Run: [TkBellExe]

"C:\Program Files\Fichiers

communs\Real\Update_OB\reals

ched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime

Task] "C:\Program

Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [Defy Inside

Proc Heart] C:\Documents and

Settings\All Users\Application

Data\burn download defy

inside\Audio multi.exe
O4 - HKLM\..\Run: [avgnt]

"C:\Program Files\Avira\AntiVir

PersonalEdition

Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Itch ford four

knob] C:\Documents and

Settings\All Users\Application

Data\third lies itch ford\Ace

Media.exe
O4 - HKLM\..\Run:

[NeroFilterCheck] C:\Program

Files\Fichiers

communs\Nero\Lib\NeroCheck.e

xe
O4 - HKLM\..\Run: [NBKeyScan]

"C:\Program

Files\Nero\Nero8\Nero

BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe

Reader Speed Launcher]

"C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.e

xe
O4 - HKCU\..\Run: [msnmsgr]

"C:\Program Files\MSN

Messenger\msnmsgr.exe"

/background
O4 - HKCU\..\Run: [help amok]

C:\DOCUME~1\HP_ADM~1\APPL

IC~1\ONLINE~1\4styledash.exe
O4 - .DEFAULT User Startup:

Pin.lnk =

C:\hp\bin\CLOAKER.EXE (User

'Default user')
O4 - .DEFAULT User Startup:

PinMcLnk.lnk =

C:\hp\bin\cloaker.exe (User

'Default user')
O4 - Global Startup: AOL 9.0

Icône AOL.lnk = C:\Program

Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL

Compagnon.lnk = C:\Program

Files\AOL

Compagnon\companion.exe
O4 - Global Startup: Lancer

l'utilitaire d'enregistrement.lnk =

C:\Program

Files\WiFiConnector\NintendoW

FCReg.exe
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00

401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem:

Console Java (Sun) -

{08B0E5C0-4FCB-11CF-AAA5-00

401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button:

ShopperReports - Compare

product prices -

{C5428486-50A0-4a02-9D20-520B

59A9F9B2} - C:\Program

Files\ShoppingReport\Bin\2.5.0\

ShoppingReport.dll
O9 - Extra button:

ShopperReports - Compare

travel rates -

{C5428486-50A0-4a02-9D20-520B

59A9F9B3} - C:\Program

Files\ShoppingReport\Bin\2.5.0\

ShoppingReport.dll
O9 - Extra button: Aide à la

connexion -

{E2D4D26B-0180-43a4-B05F-462

D6D54C789} -

C:\WINDOWS\PCHEALTH\HELP

CTR\Vendors\CN=Hewlett-Packa

rd,L=Cupertino,S=Ca,C=US\IEBu

tton\support.htm
O9 - Extra 'Tools' menuitem:

Aide à la connexion -

{E2D4D26B-0180-43a4-B05F-462

D6D54C789} -

C:\WINDOWS\PCHEALTH\HELP

CTR\Vendors\CN=Hewlett-Packa

rd,L=Cupertino,S=Ca,C=US\IEBu

tton\support.htm
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba3

8496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba3

8496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C

04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem:

Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C

04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF:

{20A60F0D-9AFA-4515-A0FD-83B

D84642501} (Checkers Class) -

http://messenger.zone.msn.com/

binary/msgrchkr.cab56986.cab
O16 - DPF:

{30528230-99f7-4bb4-88d8-fa1d4f

56a2ab} (Installation Support) -

C:\Program

Files\Yahoo!\Common\Yinsthelp

er.dll
O16 - DPF:

{5C051655-FCD5-4969-9182-770E

A5AA5565} (Solitaire Showdown

Class) -

http://messenger.zone.msn.com/

binary/SolitaireShowdown.cab5

6986.cab
O16 - DPF:

{5D6F45B3-9043-443D-A792-1154

47494D24} (UnoCtrl Class) -

http://messenger.zone.msn.com/

FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF:

{7FC1B346-83E6-4774-8D20-1A6

B09B0E737} (Windows Live

Photo Upload Control) -

http://xel-chicox.spaces.live.com

/PhotoUpload/MsnPUpld.cab
O16 - DPF:

{8F48147B-78D9-40F9-ACC0-BD

DE59B246F4} (AccountHelper

Class) -

http://abonnement.aliceadsl.fr/c

onfigurateur/AccountHelper.cab
O16 - DPF:

{B8BE5E93-A60C-4D26-A2DC-22

0313175592} (MSN Games -

Installer) -

http://messenger.zone.msn.com/

binary/ZIntro.cab56649.cab
O16 - DPF:

{BD8667B7-38D8-4C77-B580-18C

3E146372C} (Creative Toolbox

Plug-in) -

http://bmm.imgag.com/imgag/cp

/install/crusher-fr.cab
O16 - DPF:

{BFF1950D-B1B4-4AE8-B842-B2

CCF06D9A1B} (Zylom Games

Player) -

http://game07.zylom.com/activex

/zylomgamesplayer.cab
O16 - DPF:

{C3F79A2B-B9B4-4A66-B012-3E

E46475B072}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/

binary/MessengerStatsPAClient.

cab56907.cab
O16 - DPF:

{D0C0F75C-683A-4390-A791-1AC

FD5599AB8} (Oberon Flash

Game Host) -

http://jeuxenligne.orange.fr/Gam

eshell/GameHost/1.0/OberonGa

meHost.cab
O16 - DPF:

{DF780F87-FF2B-4DF8-92D0-73D

B16A1543A} (PopCapLoader

Object) -

http://jeuxenligne.orange.fr/Gam

eShell/online/fr/hammer_heads/

popcaploader_v6.cab
O23 - Service: Adobe LM Service

- Adobe Systems - C:\Program

Files\Fichiers communs\Adobe

Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir

PersonalEdition Classic

Scheduler (AntiVirScheduler) -

Avira GmbH - C:\Program

Files\Avira\AntiVir

PersonalEdition

Classic\sched.exe
O23 - Service: AntiVir

PersonalEdition Classic Guard

(AntiVirService) - Avira GmbH -

C:\Program Files\Avira\AntiVir

PersonalEdition

Classic\avguard.exe
O23 - Service: AOL Connectivity

Service (AOL ACS) - AOL LLC -

C:\PROGRA~1\FICHIE~1\AOL\AC

S\AOLacsd.exe
O23 - Service: Apache2.2 -

Apache Software Foundation -

C:\xampp\apache\bin\apache.ex

e
O23 - Service: Ati HotKey Poller -

ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx

.exe
O23 - Service: BrSplService

(Brother XP spl Service) -

brother Industries Ltd -

C:\WINDOWS\system32\brsvc01a

.exe
O23 - Service: FileZilla Server

FTP server (FileZilla Server) -

FileZilla Project -

c:\xampp\FileZillaFTP\FileZillaSe

rver.exe
O23 - Service: InstallDriver Table

Manager (IDriverT) - Macrovision

Corporation - C:\Program

Files\Fichiers

communs\InstallShield\Driver\10

50\Intel 32\IDriverT.exe
O23 - Service:

LightScribeService Direct Disc

Labeling Service

(LightScribeService) -

Hewlett-Packard Company -

C:\Program Files\Fichiers

communs\LightScribe\LSSrvc.ex

e
O23 - Service: mysql - Unknown

owner -

C:\xampp\mysql\bin\mysqld-nt.e

xe
O23 - Service: Nero BackItUp

Scheduler 3 - Nero AG -

C:\Program

Files\Nero\Nero8\Nero

BackItUp\NBService.exe
O23 - Service: NMSAccessU -

Unknown owner - C:\Program

Files\CDBurnerXP\NMSAccessU.

exe
O23 - Service: ServiceLayer -

Nokia. - C:\Program Files\PC

Connectivity

Solution\ServiceLayer.exe
O23 - Service: WAN Miniport

(ATW) Service

(WANMiniportService) - America

Online, Inc. -

C:\WINDOWS\wanmpsvc.exe

--
End of file - 12518 bytes

XmichouX

Profil : Helper

Plus d'informations

14-03-2008 à 18:11:58

Masquer

Reposte le rapport, c'est illisible.

---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité/Prévention

el-chico66

Profil : IDNaute

Plus d'informations

16-03-2008 à 20:19:27

Masquer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:47, on 16/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Fichiers communs\AOL\1195902532\ee\AOLSoftware.exe
C:\Program Files\TOPRO\TPPOLL.EXE
C:\WINDOWS\OV530EM.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ViiincEnt\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc [...] 0c&Ext=tdc
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1195902532\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TPPOLL] C:\Program Files\TOPRO\TPPOLL.EXE
O4 - HKLM\..\Run: [Ovt Wia] C:\WINDOWS\OV530EM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Defy Inside Proc Heart] C:\Documents and Settings\All Users\Application Data\burn download defy inside\Audio multi.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\Ace Media.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [help amok] C:\Documents and Settings\ViiincEnt\Application Data\online eq\4styledash.exe
O4 - HKCU\..\Run: [EasyFlirt Messenger] C:\Program Files\EasyFlirt Messenger\EasyFlirt Messenger.exe /M
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun <

Messages similaires

Dans l'actualité

Les téléchargements

Les dernières actualités

Les derniers dossiers

Messages similaires

Dans l'actualité

Les téléchargements

Les dernières actualités

Les derniers dossiers

Merci