Analyse raport hisjackthis

nostra76 · le 5 septembre 2006

Bonjour a tous

J'ai effectué la procedure de desinfection, antivir,+nettoyage

+ewido?mais j'ai toujours des malwares ,

que faire ?????

Voici mon rapport

Logfile of HijackThis v1.99.1

Scan saved at 07:37:17, on 05/09/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\System32\hphmon05.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\Mixer.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Documents and Settings\luc\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cegetel.net

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe (file missing)

merci de votre aide ........

LoGiC · le 5 septembre 2006

salut,

ton windows n'est pas du tout a jour....;

par contre est-ce toi qui a installé ce fichier >> O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll

reset5.dll est un dossier employé pour éviter l'activation de Windows XP

nostra76 · le 5 septembre 2006

salut a toi,

Non je ne sais pas du toutce que c'est....???

Mon PC m'indique des critical errors , et veux que j'aile sur un site pour nettoyer mon registre, mais a chaque fois c'est un site different ????

et en plus de temps en temps il se bloque ?

je te joins aussi mon raport antivir en mode sans echec...

AntiVir PersonalEdition Classic

Report file date: mardi 5 septembre 2006 12:52

Jobname: 'Manual Selection'

Scanning for 370940 virus strains and unwanted programs.

Licensed to: AntiVir PersonalEdition Classic

Serial number: 0000149996-WURGE-0001

Platform: Windows XP

Windows version: (plain) [5.1.2600]

Username: luc

Computer name: LARGILLE-PYS8OE

Version informations:

AVSCAN.EXE : 7.0.0.35 540712 21/04/2006 12:47:06

AVSCAN.DLL : 7.0.0.34 41000 05/04/2006 11:03:58

LUKE.DLL : 7.0.0.34 114728 05/04/2006 11:04:00

LUKERES.DLL : 7.0.0.34 25640 05/04/2006 11:04:00

ANTIVIR0.VDF : 6.32.0.60 4323840 02/05/2006 08:29:10

ANTIVIR1.VDF : 6.34.0.209 1930240 02/05/2006 08:29:10

ANTIVIR2.VDF : 6.34.1.1 89600 01/05/2006 17:17:56

ANTIVIR3.VDF : 6.34.1.26 48128 01/05/2006 17:17:56

AVEWIN32.DLL : 7.0.0.8 1171968 21/04/2006 15:40:14

AVPREF.DLL : 6.34.0.0 38440 18/01/2006 12:06:02

AVREP.DLL : 6.34.1.20 2371624 01/05/2006 17:17:56

AVPACK32.DLL : 7.0.0.4 335912 29/03/2006 09:44:26

AVREG.DLL : 6.31.0.90 27688 28/07/2005 10:06:36

NETNT.DLL : 6.32.0.0 6696 27/09/2005 07:56:50

NETNW.DLL : 6.32.0.0 9768 27/09/2005 07:56:50

Start of the scan: mardi 5 septembre 2006 12:52

Start scanning boot sectors:

Boot sector 'C:'

[NOTE] No virus was found!

Boot sector 'G:'

[NOTE] No virus was found!

Boot sector 'H:'

[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( 26 files ).

Starting the file scan:

C:\PAGEFILE.SYS