rapport hijackthis

[m4tboy]

Logfile of HijackThis v1.99.1

Scan saved at 22:04:21, on 16/06/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\No-IP\DUC20.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\RealVNC\WinVNC\winvnc.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

c:\program files\softwin\bitdefender8\vsserv.exe

C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Softwin\BitDefender8\bdmcon.exe

C:\Program Files\Softwin\BitDefender8\bdnagent.exe

C:\Program Files\Softwin\BitDefender8\bdoesrv.exe

C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\MSI\PC Alert 4\PCAlert4.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\DvzCommon\DvzMsgr.exe

C:\Program Files\BPFTP Server\G6FTPSrv.exe

C:\Documents and Settings\Famille\Menu Démarrer\Programmes\Démarrage\winupdate07094367[1].exe

D:\Program Files\Palm\HOTSYNC.EXE

C:\Documents and Settings\Famille\Menu Démarrer\Programmes\Démarrage\winupdate21630923[1].exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\Famille\LOCALS~1\Temp\Rar$EX07.859\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: Shell=Explorer.exe,fxsccic.exe,sysstdos.exe,ntlax8vb.exe,wdmatify.exe,wdmaclip.exe,wpabsnds.exe,msr2on32.exe,gpkcds32.exe,sclgaaaa.exe,clusan32.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\fxsccic.exe,C:\WINDOWS\System32\sysstdos.exe,C:\WINDOWS\System32\ntlax8vb.exe,C:\WINDOWS\System32\wdmatify.exe,C:\WINDOWS\System32\wdmaclip.exe,C:\WINDOWS\System32\wpabsnds.exe,C:\WINDOWS\System32\msr2on32.exe,C:\WINDOWS\System32\gpkcds32.exe,C:\WINDOWS\System32\sclgaaaa.exe,C:\WINDOWS\System32\clusan32.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\acrobat reader\ActiveX\AcroIEHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\winvnc.exe" -servicehelper

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [bDMCon] C:\Program Files\Softwin\BitDefender8\\bdmcon.exe

O4 - HKLM\..\Run: [bDNewsAgent] C:\Program Files\Softwin\BitDefender8\\bdnagent.exe

O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe

O4 - HKLM\..\Run: [update Windows] C:\WINDOWS\System32\sysstdos.exe

O4 - HKLM\..\Run: [combop.exe] combop.exe

O4 - HKLM\..\Run: [combo.exe] combo.exe

O4 - HKCU\..\Run: [update Windows] C:\WINDOWS\System32\sysstdos.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - Startup: Overnet.lnk = C:\Program Files\Overnet\overnet.exe

O4 - Startup: BPFTP Server.lnk = C:\Program Files\BPFTP Server\G6FTPSrv.exe

O4 - Startup: winupdate07094367[1].exe

O4 - Startup: HotSync Manager.lnk = D:\Program Files\Palm\HOTSYNC.EXE

O4 - Startup: winupdate21630923[1].exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE

O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://www.accessoveloce.com/webline/x/wvhscoop6x.exe

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com/binaries/Live...ice_4_FR_XP.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsIns....cab?refid=4746

O16 - DPF: {C1C3CC42-F029-49A2-91C2-C043DFAE3C96} (Samson Class) - http://htmldialer.parisvoyeur.com/CABSPOLY...8/fr/Dalila.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F9012A13-66D1-499D-9420-F40E305B27C3}: NameServer = 80.10.246.130 80.10.246.3

O21 - SSODL: Update Player - {611D29C0-CA68-4DD1-AECC-E288C49FEFA0} - C:\WINDOWS\System32\divxs804.dll

O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - c:\program files\softwin\bitdefender8\vsserv.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\winvnc.exe" -service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

 

 

 

 

 

 

 

 

 

Voilà le rapport hijack de l'ordi de mon père.

Je vous solicite pour lui réparer et me dire ce qu'il faut enlever.

 

Merci beaucoup et @+

[ipl_001]

C:\Program Files\eMule\emule.exe

6 - Pas de Warez, pas de cracks, rien d'illégal. Le p2p («peer to peer»), procédé permettant d'échanger tous types de fichiers entre deux ordinateurs connectés sur le réseau, n'est pas toléré !

Discussion fermée !