Freeze d'ecran
cereventes
-
CEREVENTES -
CEREVENTES -
Bonjour,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:17:17, on 24/05/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\csrss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\Explorer.EXE
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\WINNT\System32\RUNDLL32.EXE
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
D:\WINNT\System32\ctfmon.exe
D:\Program Files\a-squared Free\a2service.exe
D:\WINNT\System32\alg.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\Microsoft LifeCam\MSCamSvc.exe
D:\WINNT\System32\nvsvc32.exe
D:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\wdfmgr.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\MSN Messenger\livecall.exe
D:\Program Files\SpeedFan\speedfan.exe
D:\WINNT\System32\wbem\wmiprvse.exe
C:\Koei\OROCHI\OROCHI_WIN\OROCHI.exe
D:\DOCUME~1\CEREVE~1\LOCALS~1\Temp\~e5.0001
D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
D:\Documents and Settings\cereventes\Mes documents\Downloads\HijackThis.exe
D:\WINNT\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ycomp/defaults/sb/*http://fr.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.jp/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINNT\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [internat.exe] internat.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [internat.exe] internat.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: GigaTribe.lnk = D:\Program Files\GigaTribe\gigatribe.exe
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - D:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter17 Class) - http://game.netmarble.jp/_common/cab/NMStarterJP7.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.co.jp/_common/cab/NMJTransX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: utgnehz.dll,gnaixnauhuoyizqq.dll,gnaixnauhqq.dll,2nauygniqaixnaij.dll,naijihzeuyouhz.dll,uyomielnux.dll,vlihzouhgnfe.dll,sfhx.dll,eve.dll,jsqc.dll,wtiemnaw.dll,nauhgnem.dll,auhad.dll,naijoad.dll,aixauh.dll,xhqq.dll,QQ.dll,hjxr.dll,zqhs.dll,oadnew.dll,dgzg.dll,hz.dll,nuygnef.dll,uohsom.dll,uyom.dll,gnolnait.dll,ijiq.dll,ijougiemnaw.dll,iemnaw.dll,niluw.dll,naixuhz.dll,xhtd.dll,oadgnohiac.dll,iqnauhc.dll,nahzij.dll,gnefnaib.dll,gsqq.dll,3auhad.dll,2ty.dll,jsfg.dll,qcsct.dll,rj.dll,fmxh.dll,jmx.dll,wtwx.dll,ddtj.dll,fz.dll,dqncj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared files\RichVideo.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:17:17, on 24/05/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\csrss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\Explorer.EXE
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\WINNT\System32\RUNDLL32.EXE
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
D:\WINNT\System32\ctfmon.exe
D:\Program Files\a-squared Free\a2service.exe
D:\WINNT\System32\alg.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\Microsoft LifeCam\MSCamSvc.exe
D:\WINNT\System32\nvsvc32.exe
D:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\wdfmgr.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\MSN Messenger\livecall.exe
D:\Program Files\SpeedFan\speedfan.exe
D:\WINNT\System32\wbem\wmiprvse.exe
C:\Koei\OROCHI\OROCHI_WIN\OROCHI.exe
D:\DOCUME~1\CEREVE~1\LOCALS~1\Temp\~e5.0001
D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
D:\Documents and Settings\cereventes\Mes documents\Downloads\HijackThis.exe
D:\WINNT\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ycomp/defaults/sb/*http://fr.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.jp/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINNT\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [internat.exe] internat.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [internat.exe] internat.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: GigaTribe.lnk = D:\Program Files\GigaTribe\gigatribe.exe
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - D:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter17 Class) - http://game.netmarble.jp/_common/cab/NMStarterJP7.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://www.netmarble.co.jp/_common/cab/NMJTransX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: utgnehz.dll,gnaixnauhuoyizqq.dll,gnaixnauhqq.dll,2nauygniqaixnaij.dll,naijihzeuyouhz.dll,uyomielnux.dll,vlihzouhgnfe.dll,sfhx.dll,eve.dll,jsqc.dll,wtiemnaw.dll,nauhgnem.dll,auhad.dll,naijoad.dll,aixauh.dll,xhqq.dll,QQ.dll,hjxr.dll,zqhs.dll,oadnew.dll,dgzg.dll,hz.dll,nuygnef.dll,uohsom.dll,uyom.dll,gnolnait.dll,ijiq.dll,ijougiemnaw.dll,iemnaw.dll,niluw.dll,naixuhz.dll,xhtd.dll,oadgnohiac.dll,iqnauhc.dll,nahzij.dll,gnefnaib.dll,gsqq.dll,3auhad.dll,2ty.dll,jsfg.dll,qcsct.dll,rj.dll,fmxh.dll,jmx.dll,wtwx.dll,ddtj.dll,fz.dll,dqncj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared files\RichVideo.exe
A voir également:
- Freeze d'ecran
- Pc freeze - Guide
- Deep freeze - Télécharger - Sécurité
- Double ecran - Guide
- Capture d'écran whatsapp - Accueil - Messagerie instantanée
- Retourner ecran pc - Guide
26 réponses
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voila le rapport
SmitFraudFix v2.322
Rapport fait à 20:30:36,00, 24/05/2008
Executé à partir de D:\Documents and Settings\cereventes\Mes documents\Downloads\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
D:\WINNT\System32\smss.exe
D:\WINNT\system32\csrss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\Explorer.EXE
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\WINNT\System32\RUNDLL32.EXE
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
D:\WINNT\System32\ctfmon.exe
D:\Program Files\a-squared Free\a2service.exe
D:\WINNT\System32\alg.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\Microsoft LifeCam\MSCamSvc.exe
D:\WINNT\System32\nvsvc32.exe
D:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\wdfmgr.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\SpeedFan\speedfan.exe
D:\Program Files\The KMPlayer\KMPlayer.exe
D:\WINNT\system32\NOTEPAD.EXE
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\MSN Messenger\livecall.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINNT\System32\wbem\wmiprvse.exe
D:\Program Files\Hamachi\hamachi.exe
D:\WINNT\System32\wbem\wmiprvse.exe
D:\WINNT\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» D:\
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINNT
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINNT\system
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINNT\Web
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINNT\system32
»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\cereventes
»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\cereventes\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\CEREVE~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="D:\\WINNT\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: ADI USB Remote NDIS Network Device #2
DNS Server Search Order: 192.168.30.1
DNS Server Search Order: 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{95ABF102-304E-4A96-AF64-38127096E2C6}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8903479D-BFBB-49FA-8EB0-01951D3144B3}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{95ABF102-304E-4A96-AF64-38127096E2C6}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{95ABF102-304E-4A96-AF64-38127096E2C6}: DhcpNameServer=192.168.30.1 0.0.0.0
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.322
Rapport fait à 20:30:36,00, 24/05/2008
Executé à partir de D:\Documents and Settings\cereventes\Mes documents\Downloads\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
D:\WINNT\System32\smss.exe
D:\WINNT\system32\csrss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\Explorer.EXE
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\WINNT\System32\RUNDLL32.EXE
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
D:\WINNT\System32\ctfmon.exe
D:\Program Files\a-squared Free\a2service.exe
D:\WINNT\System32\alg.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\Microsoft LifeCam\MSCamSvc.exe
D:\WINNT\System32\nvsvc32.exe
D:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\wdfmgr.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\SpeedFan\speedfan.exe
D:\Program Files\The KMPlayer\KMPlayer.exe
D:\WINNT\system32\NOTEPAD.EXE
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\MSN Messenger\livecall.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINNT\System32\wbem\wmiprvse.exe
D:\Program Files\Hamachi\hamachi.exe
D:\WINNT\System32\wbem\wmiprvse.exe
D:\WINNT\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» D:\
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINNT
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINNT\system
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINNT\Web
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINNT\system32
»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\cereventes
»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\cereventes\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\CEREVE~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="D:\\WINNT\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: ADI USB Remote NDIS Network Device #2
DNS Server Search Order: 192.168.30.1
DNS Server Search Order: 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{95ABF102-304E-4A96-AF64-38127096E2C6}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8903479D-BFBB-49FA-8EB0-01951D3144B3}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{95ABF102-304E-4A96-AF64-38127096E2C6}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{95ABF102-304E-4A96-AF64-38127096E2C6}: DhcpNameServer=192.168.30.1 0.0.0.0
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
oui mé il consomme peu et ma bloké tout lé virus
mé mon probleme vien pas d'un virus enfin je croi pas
mé mon probleme vien pas d'un virus enfin je croi pas
la derniere fois je me suis mal exprimé mon systeme d exploitation est bien un windows xp avec licience originale on a juste allégé le systeme et enlevé les services pack pour qu il soit plus rapide merci pour tes conseil j ai bien scanné et bien nettoyé et retiré les virus qu il y avait et maintenant plus un seul freeze ou lag merci beaucoup
Salut,
fix :
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter17 Class) - http://game.netmarble.jp/_common/cab/NMStarterJP7.cab
O20 - AppInit_DLLs: utgnehz.dll,gnaixnauhuoyizqq.dll,gnaixnauhqq.dll,2nauygniqaixnaij.dll,naijihzeuy ouhz.dll,uyomielnux.dll,vlihzouhgnfe.dll,sfhx.dll,eve.dll,jsqc.dll,wtiemnaw.dll ,nauhgnem.dll,auhad.dll,naijoad.dll,aixauh.dll,xhqq.dll,QQ.dll,hjxr.dll,zqhs.dl l,oadnew.dll,dgzg.dll,hz.dll,nuygnef.dll,uohsom.dll,uyom.dll,gnolnait.dll,ijiq. dll,ijougiemnaw.dll,iemnaw.dll,niluw.dll,naixuhz.dll,xhtd.dll,oadgnohiac.dll,iq nauhc.dll,nahzij.dll,gnefnaib.dll,gsqq.dll,3auhad.dll,2ty.dll,jsfg.dll,qcsct.dl l,rj.dll,fmxh.dll,jmx.dll,wtwx.dll,ddtj.dll,fz.dll,dqncj.dll
Puis
passe un coup de smitfraudfix, tu as un tutoriel ici :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
et colle le rapport
fix :
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter17 Class) - http://game.netmarble.jp/_common/cab/NMStarterJP7.cab
O20 - AppInit_DLLs: utgnehz.dll,gnaixnauhuoyizqq.dll,gnaixnauhqq.dll,2nauygniqaixnaij.dll,naijihzeuy ouhz.dll,uyomielnux.dll,vlihzouhgnfe.dll,sfhx.dll,eve.dll,jsqc.dll,wtiemnaw.dll ,nauhgnem.dll,auhad.dll,naijoad.dll,aixauh.dll,xhqq.dll,QQ.dll,hjxr.dll,zqhs.dl l,oadnew.dll,dgzg.dll,hz.dll,nuygnef.dll,uohsom.dll,uyom.dll,gnolnait.dll,ijiq. dll,ijougiemnaw.dll,iemnaw.dll,niluw.dll,naixuhz.dll,xhtd.dll,oadgnohiac.dll,iq nauhc.dll,nahzij.dll,gnefnaib.dll,gsqq.dll,3auhad.dll,2ty.dll,jsfg.dll,qcsct.dl l,rj.dll,fmxh.dll,jmx.dll,wtwx.dll,ddtj.dll,fz.dll,dqncj.dll
Puis
passe un coup de smitfraudfix, tu as un tutoriel ici :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
et colle le rapport
