Virus?? (HijackThis rapport)
Résolu
Kimboo
Messages postés
49
Statut
Membre
-
Shemhazai Messages postés 229 Statut Membre -
Shemhazai Messages postés 229 Statut Membre -
Bonjour, voila à chaque fois que j'ouvre ma ordinateur je reçois un message qui dit que windows ne trouve pas "C:\WINDOWS\KensenjanganSosial.exe" Voici mon rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:08, on 2009-03-29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\vVX3000.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Gestionnaire de securite\Rps.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
O1 - Hosts: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <title>Welcome to 20mbweb.com!</title>
O1 - Hosts: <meta name="robots" content="index,nofollow" />
O1 - Hosts: <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7"/>
O1 - Hosts: <style type="text/css">
O1 - Hosts: body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,form,fieldset,input,textarea,p,blockquote,th,td,img,span {margin:0; padding:0;}
O1 - Hosts: body
O1 - Hosts: {
O1 - Hosts: font-family:arial,helvetica,sans serif;
O1 - Hosts: font-size:12px;
O1 - Hosts: font-weight:normal;
O1 - Hosts: }
O1 - Hosts: .clear { clear:both;}
O1 - Hosts: .buttonb {float: left;}
O1 - Hosts: .footerlink1{font-size: 11px; color: #1637AA;}
O1 - Hosts: .footerlink2{font-size: 11px; color: #000000;}
O1 - Hosts: .blackbullet{margin-bottom: 3px; margin-left: 7px; margin-right: 7px;}
O1 - Hosts: a.extralink{text-decoration: none; color: #000000;}
O1 - Hosts: a.extralink:link{text-decoration: none; color: #000000;}
O1 - Hosts: a.extralink:visited{text-decoration: none; color: #000000;}
O1 - Hosts: a.extralink:hover{text-decoration: none; color: #000000;}
O1 - Hosts: a.prodadvlink{text-decoration: none; color: #000000;font-size: 11px;font-weight: bold;}
O1 - Hosts: a.prodadvlink:link{text-decoration: none; color: #000000;font-size: 11px;font-weight: bold;}
O1 - Hosts: a.prodadvlink:visited{text-decoration: none; color: #000000;font-size: 11px;font-weight: bold;}
O1 - Hosts: a.prodadvlink:hover{text-decoration: none; color: #000000;font-size: 11px;font-weight: bold;}
O1 - Hosts: a.prodadvorlink{text-decoration: none; color: #EB4A06;font-size: 11px;font-weight: bold;}
O1 - Hosts: a.prodadvorlink:link{text-decoration: none; color: #EB4A06;font-size: 11px;font-weight: bold;}
O1 - Hosts: a.prodadvorlink:visited{text-decoration: none; color: #EB4A06;font-size: 11px;font-weight: bold;}
O1 - Hosts: a.prodadvorlink:hover{text-decoration: none; color: #EB4A06;font-size: 11px;font-weight: bold;}
O1 - Hosts: a.bluelink {color: #0000ff;}
O1 - Hosts: a.bluelink:link {color: #0000ff;}
O1 - Hosts: a.bluelink:visited {color: #0000ff;}
O1 - Hosts: a.bluelink:hover {color: #0000ff;}
O1 - Hosts: a.whitelink {color: #ffffff;}
O1 - Hosts: a.whitelink:link {color: #ffffff;}
O1 - Hosts: a.whitelink:visited {color: #ffffff;}
O1 - Hosts: a.whitelink:hover {color: #ffffff;}
O1 - Hosts: a.pricelink{text-decoration: none; color: #FF5500;}
O1 - Hosts: a.pricelink:link{text-decoration: none; color: #FF5500;}
O1 - Hosts: a.pricelink:visited{text-decoration: none; color: #FF5500;}
O1 - Hosts: a.pricelink:hover{text-decoration: none; color: #FF5500;}
O1 - Hosts: .celebbarimg {margin-right: 5px; border: 0px;}
O1 - Hosts: .leftad { padding-top: 4px; text-align: center;overflow: hidden;}
O1 - Hosts: .leftad1 { padding-top: 10px; text-align: center;overflow: hidden;}
O1 - Hosts: </style>
O1 - Hosts: <script language="javascript" type="text/javascript">
O1 - Hosts: var agt=navigator.userAgent.toLowerCase();
O1 - Hosts: var is_opera = (agt.indexOf("opera") != -1);
O1 - Hosts: function ShowHelp(obj,field,hide)
O1 - Hosts: {
O1 - Hosts: //Get help object
O1 - Hosts: var helpObj;
O1 - Hosts: if (document.all){
O1 - Hosts: helpObj = document.all[field+"_help"];}
O1 - Hosts: else if (document.getElementById){
O1 - Hosts: helpObj = document.getElementById(field+"_help");}
O1 - Hosts: if (helpObj) {
O1 - Hosts: //if help object is shown, hide it ; if object hidden, show it
O1 - Hosts: if (hide){
O1 - Hosts: helpObj.style.display = "none";}
O1 - Hosts: else{
O1 - Hosts: helpObj.style.display = "";} }
O1 - Hosts: }
O1 - Hosts: </script>
O1 - Hosts: <script language="javascript" src="http://as.casalemedia.com/sd?s=95328&f=1"></script>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <div style="display:none;visibility:hidden;">
O1 - Hosts: <a href="/st.aspx"><img src="http://images-pw.secureserver.net/images/061703/spc_trans.gif" style="border:none" height="1" width="1" alt="" /></a>
O1 - Hosts: </div>
O1 - Hosts: <div id="header">
O1 - Hosts: <div><img src="http://images-pw.secureserver.net/images/gd/header.gif" border="0" usemap="#headerMap"/>
O1 - Hosts: <map id="headerMap" name="headerMap">
O1 - Hosts: <area shape="rect" coords="39,1,192,73" alt="GoDaddy.com" href="https://www.godaddy.com?isc=GPPGT03&ci=13109&domain=20mbweb.com"/>
O1 - Hosts: <area shape="rect" coords="243,1, 421, 42" href="https://www.godaddy.com?isc=GPPGT03&ci=13110&domain=20mbweb.com" alt="This Web page is parked FREE, courtesy of GoDaddy.com"/>
O1 - Hosts: <area shape="rect" coords="439,8,506,38" href="http://www.godaddy.com/..." alt="SALE!"/>
O1 - Hosts: </map>
O1 - Hosts: </div>
O1 - Hosts: <div id="todaysoffer">
O1 - Hosts: <img style="position: relative; top: 1px;" src="http://images-pw.secureserver.net/images/gd/img_arrows_todaysoffer.gif" border="0" alt="GoDaddy.com"/>
O1 - Hosts: <span style="font-weight: bold;position: relative; top: 1px;"><a class="bluelink" href="http://www.godaddy.com/...">Today's offers at GoDaddy.com</a></span>
O1 - Hosts: </div>
O1 - Hosts: <div id="domainname">
O1 - Hosts: <span style="font-size: 12px; color: #fff;">20mbweb.com</span>
O1 - Hosts: </div>
O1 - Hosts: <div id="topDomainSearch">
O1 - Hosts: <form id="LookupForm" name="LookupForm" method="post" action="http://www.godaddy.com/...">
O1 - Hosts: <input type="text" name="domaintocheck" maxlength="63" style="width:170px;" />
O1 - Hosts: <select name="tld" style="height: 21px;">
O1 - Hosts: <option value=".com">.com</option>
O1 - Hosts: <option value=".net">.net</option>
O1 - Hosts: <option value=".me">.me</option>
O1 - Hosts: <option value=".info">.info</option>
O1 - Hosts: <option value=".org">.org</option>
O1 - Hosts: <option value=".mobi">.mobi</option>
O1 - Hosts: <option value=".biz">.biz</option>
O1 - Hosts: <option value=".us">.us</option>
O1 - Hosts: <option value=".ca">.ca</option>
O1 - Hosts: <option value=".asia">.asia</option>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Gestionnaire de sécurité Sympatico (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe
O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:08, on 2009-03-29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\vVX3000.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Gestionnaire de securite\Rps.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSAComHandler.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Personal Vault\VaultClientUpgrade.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
O1 - Hosts: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <title>Welcome to 20mbweb.com!</title>
O1 - Hosts: <meta name="robots" content="index,nofollow" />
O1 - Hosts: <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7"/>
O1 - Hosts: <style type="text/css">
O1 - Hosts: body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,form,fieldset,input,textarea,p,blockquote,th,td,img,span {margin:0; padding:0;}
O1 - Hosts: body
O1 - Hosts: {
O1 - Hosts: font-family:arial,helvetica,sans serif;
O1 - Hosts: font-size:12px;
O1 - Hosts: font-weight:normal;
O1 - Hosts: }
O1 - Hosts: .clear { clear:both;}
O1 - Hosts: .buttonb {float: left;}
O1 - Hosts: .footerlink1{font-size: 11px; color: #1637AA;}
O1 - Hosts: .footerlink2{font-size: 11px; color: #000000;}
O1 - Hosts: .blackbullet{margin-bottom: 3px; margin-left: 7px; margin-right: 7px;}
O1 - Hosts: a.extralink{text-decoration: none; color: #000000;}
O1 - Hosts: a.extralink:link{text-decoration: none; color: #000000;}
O1 - Hosts: a.extralink:visited{text-decoration: none; color: #000000;}
O1 - Hosts: a.extralink:hover{text-decoration: none; color: #000000;}
O1 - Hosts: a.prodadvlink{text-decoration: none; color: #000000;font-size: 11px;font-weight: bold;}
O1 - Hosts: a.prodadvlink:link{text-decoration: none; color: #000000;font-size: 11px;font-weight: bold;}
O1 - Hosts: a.prodadvlink:visited{text-decoration: none; color: #000000;font-size: 11px;font-weight: bold;}
O1 - Hosts: a.prodadvlink:hover{text-decoration: none; color: #000000;font-size: 11px;font-weight: bold;}
O1 - Hosts: a.prodadvorlink{text-decoration: none; color: #EB4A06;font-size: 11px;font-weight: bold;}
O1 - Hosts: a.prodadvorlink:link{text-decoration: none; color: #EB4A06;font-size: 11px;font-weight: bold;}
O1 - Hosts: a.prodadvorlink:visited{text-decoration: none; color: #EB4A06;font-size: 11px;font-weight: bold;}
O1 - Hosts: a.prodadvorlink:hover{text-decoration: none; color: #EB4A06;font-size: 11px;font-weight: bold;}
O1 - Hosts: a.bluelink {color: #0000ff;}
O1 - Hosts: a.bluelink:link {color: #0000ff;}
O1 - Hosts: a.bluelink:visited {color: #0000ff;}
O1 - Hosts: a.bluelink:hover {color: #0000ff;}
O1 - Hosts: a.whitelink {color: #ffffff;}
O1 - Hosts: a.whitelink:link {color: #ffffff;}
O1 - Hosts: a.whitelink:visited {color: #ffffff;}
O1 - Hosts: a.whitelink:hover {color: #ffffff;}
O1 - Hosts: a.pricelink{text-decoration: none; color: #FF5500;}
O1 - Hosts: a.pricelink:link{text-decoration: none; color: #FF5500;}
O1 - Hosts: a.pricelink:visited{text-decoration: none; color: #FF5500;}
O1 - Hosts: a.pricelink:hover{text-decoration: none; color: #FF5500;}
O1 - Hosts: .celebbarimg {margin-right: 5px; border: 0px;}
O1 - Hosts: .leftad { padding-top: 4px; text-align: center;overflow: hidden;}
O1 - Hosts: .leftad1 { padding-top: 10px; text-align: center;overflow: hidden;}
O1 - Hosts: </style>
O1 - Hosts: <script language="javascript" type="text/javascript">
O1 - Hosts: var agt=navigator.userAgent.toLowerCase();
O1 - Hosts: var is_opera = (agt.indexOf("opera") != -1);
O1 - Hosts: function ShowHelp(obj,field,hide)
O1 - Hosts: {
O1 - Hosts: //Get help object
O1 - Hosts: var helpObj;
O1 - Hosts: if (document.all){
O1 - Hosts: helpObj = document.all[field+"_help"];}
O1 - Hosts: else if (document.getElementById){
O1 - Hosts: helpObj = document.getElementById(field+"_help");}
O1 - Hosts: if (helpObj) {
O1 - Hosts: //if help object is shown, hide it ; if object hidden, show it
O1 - Hosts: if (hide){
O1 - Hosts: helpObj.style.display = "none";}
O1 - Hosts: else{
O1 - Hosts: helpObj.style.display = "";} }
O1 - Hosts: }
O1 - Hosts: </script>
O1 - Hosts: <script language="javascript" src="http://as.casalemedia.com/sd?s=95328&f=1"></script>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <div style="display:none;visibility:hidden;">
O1 - Hosts: <a href="/st.aspx"><img src="http://images-pw.secureserver.net/images/061703/spc_trans.gif" style="border:none" height="1" width="1" alt="" /></a>
O1 - Hosts: </div>
O1 - Hosts: <div id="header">
O1 - Hosts: <div><img src="http://images-pw.secureserver.net/images/gd/header.gif" border="0" usemap="#headerMap"/>
O1 - Hosts: <map id="headerMap" name="headerMap">
O1 - Hosts: <area shape="rect" coords="39,1,192,73" alt="GoDaddy.com" href="https://www.godaddy.com?isc=GPPGT03&ci=13109&domain=20mbweb.com"/>
O1 - Hosts: <area shape="rect" coords="243,1, 421, 42" href="https://www.godaddy.com?isc=GPPGT03&ci=13110&domain=20mbweb.com" alt="This Web page is parked FREE, courtesy of GoDaddy.com"/>
O1 - Hosts: <area shape="rect" coords="439,8,506,38" href="http://www.godaddy.com/..." alt="SALE!"/>
O1 - Hosts: </map>
O1 - Hosts: </div>
O1 - Hosts: <div id="todaysoffer">
O1 - Hosts: <img style="position: relative; top: 1px;" src="http://images-pw.secureserver.net/images/gd/img_arrows_todaysoffer.gif" border="0" alt="GoDaddy.com"/>
O1 - Hosts: <span style="font-weight: bold;position: relative; top: 1px;"><a class="bluelink" href="http://www.godaddy.com/...">Today's offers at GoDaddy.com</a></span>
O1 - Hosts: </div>
O1 - Hosts: <div id="domainname">
O1 - Hosts: <span style="font-size: 12px; color: #fff;">20mbweb.com</span>
O1 - Hosts: </div>
O1 - Hosts: <div id="topDomainSearch">
O1 - Hosts: <form id="LookupForm" name="LookupForm" method="post" action="http://www.godaddy.com/...">
O1 - Hosts: <input type="text" name="domaintocheck" maxlength="63" style="width:170px;" />
O1 - Hosts: <select name="tld" style="height: 21px;">
O1 - Hosts: <option value=".com">.com</option>
O1 - Hosts: <option value=".net">.net</option>
O1 - Hosts: <option value=".me">.me</option>
O1 - Hosts: <option value=".info">.info</option>
O1 - Hosts: <option value=".org">.org</option>
O1 - Hosts: <option value=".mobi">.mobi</option>
O1 - Hosts: <option value=".biz">.biz</option>
O1 - Hosts: <option value=".us">.us</option>
O1 - Hosts: <option value=".ca">.ca</option>
O1 - Hosts: <option value=".asia">.asia</option>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Gestionnaire de sécurité Sympatico] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Bell\Gestionnaire de securite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Bell\Gestionnaire de securite\IdxClnR.exe"
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Gestionnaire de sécurité Sympatico (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe
O23 - Service: Service de mise-à-jour pour le Gestionnaire de sécurité Sympatico (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe
O23 - Service: Gestionnaire de sécurité Sympatico Coupe-feu (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
O23 - Service: Personal Vault Upgrade Service (VaultClientUpgrade) - BELL - C:\Program Files\Personal Vault\VaultClientUpgrade.exe
A voir également:
- Virus?? (HijackThis rapport)
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Virus mcafee - Accueil - Piratage
- Plan rapport de stage - Guide
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
