Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

analyse du log hijackthis

alka99

Par alka99
dans Analyses et éradication malwares

 Partager

Messages recommandés

alka99 Junior Member

alka99

Posté(e)
Posté(e)

bonjour, mon pc a ete infecte par des trojan et malware, cela persiste malgre de nombreuse tentave avec divers logiciel,meme si la sitution c significativement amelioree

 

je sollicite donc votre aide surle le hijackthis

 

j etait avec mc afee et devant des pb de fonctionnement et lenteurs,j'ai decide de changer pour la combinaison avast anti virus plus sygate firewall

j ai installer par ailleurs spybot eet a-squared ainsi que ewido ( la version evalutation) decouvrrant une grande quantite de trojan et malware

 

je suis sous windows xp

 

voici le log hijackthis :

 

Logfile of HijackThis v1.99.1

Scan saved at 3:21:36 PM, on 9/26/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Dell\QuickSet\Quickset.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Free Download Manager\fdm.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\eFax Messenger 4.1\J2GTray.exe

C:\Program Files\GetRight\getright.exe

C:\Program Files\GetRight\getright.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

F2 - REG:system.ini: Shell=explorer.exe

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [bHR4.1] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{27B3A312-2E53-4BC3-9CB2-B9023ACC367D}: NameServer = 84.103.237.145 86.64.145.145

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

 

 

j'ai par ailleurs sauver le log des programmes add/remove

 

 

AccessDiver v4.240

Adobe Acrobat - Reader 6.0.2 Update

Adobe Reader 6.0.1

Adware Spyware Scanner Deleter version 0.2

AIM

AOL Coach Version 2.0(Build:20041026.5 en)

AOL Deskbar

AOL Toolbar

AOL You've Got Pictures Screensaver

a-squared Free 2.0

Audacity 1.3.0

avast! Antivirus

AviSplit Classic Version 1.43

AviSynth 2.5

Azureus

Badongo

Broadcom Management Programs

Browser Hijack Retaliator 4.1

CDex extraction audio

Conexant HDA D110 MDC V.92 Modem

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Support 3.1

Dell Wireless WLAN Card

Digital Content Portal

Digital Line Detect

EducateU

eFax Messenger 4.1

eMule

eMusic - 50 Free MP3 offer

ewido anti-spyware 4.0

ffdshow

Free Download Manager 2.0

Friendly PPPoE v3.0.0.26

GetRight

Guubei Enterprise Manager

HammerSnipe PowerTool

High Definition Audio Driver Package - KB835221

HijackThis 1.99.1

Hotfix for Windows Media Format SDK (KB902344)

Hotfix for Windows XP (KB896344)

Intel® Graphics Media Accelerator Driver for Mobile

Internal Network Card Power Management

Internet Explorer Default Page

iTunes

Java 2 Runtime Environment, SE v1.4.2_03

Kit de connexion ADSL

Learn2 Player (Uninstall Only)

Macromedia Flash Player

Macromedia Flash Player 8

Macromedia Shockwave Player

MCU

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB886903)

Microsoft .NET Framework 2.0

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Office Professional Edition 2003

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Modem Helper

MSN Messenger 7.5

Musicmatch for Windows Media Player

NetWaiting

NetZero

NetZeroInstallers

Nokia Connectivity Cable Driver

Nokia PC Connectivity Solution

Nokia PC Suite

PowerDVD 5.5

PPStream

Qualxserve Service Agreement

QuickBooks Simple Start Special Edition

QuickSet

QuickTime

Real Alternative 1.49

SAVVY TV

Security Update for Microsoft .NET Framework 2.0 (KB917283)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Sonic DLA

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

SoulSeek Client 156c

SplitMovie 1.2

Spybot - Search & Destroy 1.4

Sygate Personal Firewall

Synaptics Pointing Device Driver

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

USB MODEM Driver

Video Fixer 3.23

VideoLAN VLC media player 0.8.5

Videora iPod Converter 0.91

Viewpoint Media Player

WebCyberCoach 3.2 Dell

Winamp (remove only)

Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17)

Windows Installer 3.1 (KB893803)

Windows Media Connect

Windows Media Format Runtime

Windows Media Player 10

Windows Media Player 10

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

WinRAR archiver

XviD 1.1 final uninstall

 

 

 

 

 

 

 

 

 

 

j 'ai utilise silentrunner,voici le log

 

 

 

 

 

 

"Silent Runners.vbs", revision 48, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"ModemOnHold" = "C:\Program Files\NetWaiting\netWaiting.exe" [null data]

"DellSupport" = ""C:\Program Files\Dell Support\DSAgnt.exe" /startup" ["Gteko Ltd."]

"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]

"Free Download Manager" = "C:\Program Files\Free Download Manager\fdm.exe -autorun" [null data]

"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]

"SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [null data]

"SigmatelSysTrayApp" = "stsystra.exe" ["SigmaTel, Inc."]

"Dell Wireless Manager UI" = "C:\WINDOWS\system32\WLTRAY" ["Dell Inc"]

"Dell QuickSet" = "C:\Program Files\Dell\QuickSet\Quickset.exe" [empty string]

"DVDLauncher" = ""C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."]

"dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"]

"ISUSPM Startup" = ""C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup" ["InstallShield Software Corporation"]

"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]

"igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]

"igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]

"igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]

"PCSuiteTrayApplication" = "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup" ["Nokia"]

"eFax 4.1" = ""C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R" ["j2 Global Communications, Inc."]

"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"VideoraiPodConverter" = "C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t" [null data]

"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]

"%FP%Friendly fts.exe" = ""C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"" ["Friendly Technologies"]

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

"SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]

"MSKDetectorExe" = "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall" ["McAfee, Inc."]

"BHR4.1" = "C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe" ["Zamaan's Software"]

"!ewido" = ""C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{31FF080D-12A3-439A-A2EF-4BA95A3148E8}\(Default) = "*Z" (unwritable string)

-> {HKLM...CLSID} = "bho2gr Class"

\InProcServer32\(Default) = "C:\Program Files\GetRight\xx2gr.dll" ["Headlight Software, Inc."]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"

-> {HKLM...CLSID} = "Display Panning CPL Extension"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {HKLM...CLSID} = "Portable Media Devices"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{7D5C4BDD-B015-4401-8731-1507B87DE297}" = "QBVersionTool"

-> {HKLM...CLSID} = "VersionShellExt Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll" ["Intuit, Inc."]

"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"

-> {HKLM...CLSID} = "DriveLetterAccess"

\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

-> {HKLM...CLSID} = "Shell Search Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"

-> {HKLM...CLSID} = "ShellLink for Application References"

\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]

"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"

-> {HKLM...CLSID} = "Shell Icon Handler for Application References"

\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]

"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"

-> {HKLM...CLSID} = "Nokia Phone Browser"

\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]

"{6db8213d-6561-483a-af7b-393725a1f0d3}" = "eFax Messenger - Shell Extension"

-> {HKLM...CLSID} = "HotShellExt"

\InProcServer32\(Default) = "C:\Program Files\eFax Messenger 4.1\J2GShell.dll" ["j2 Global Communications, Inc."]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{2D8AD68D-3BCD-4B3B-A2CD-F15354636AAD}" = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\pkrfdisk.dll" [file not found]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension"

-> {HKLM...CLSID} = "a-squared Free Context Menu"

\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

 

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\

INFECTION WARNING! (" ntoskrnl.dll" [file not found]) "SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll"

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

 

HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

HotShellExt_40\(Default) = "{6DB8213D-6561-483a-AF7B-393725A1F0D3}"

-> {HKLM...CLSID} = "HotShellExt"

\InProcServer32\(Default) = "C:\Program Files\eFax Messenger 4.1\J2GShell.dll" ["j2 Global Communications, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"

-> {HKLM...CLSID} = "a-squared Free Context Menu"

\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"]

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]

 

 

Startup items in "cp4" & "All Users" startup folders:

-----------------------------------------------------

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

"Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" ["BVRP Software"]

"eFax 4.1" -> shortcut to: "C:\Program Files\eFax Messenger 4.1\J2GTray.exe" ["j2 Global Communications, Inc."]

"GetRight - Tray Icon" -> shortcut to: "C:\Program Files\GetRight\getright.exe" ["Headlight Software, Inc."]

"QuickBooks Update Agent" -> shortcut to: "C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe" ["Intuit, Inc."]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}" = (no title provided)

-> {HKLM...CLSID} = "ZeroBar"

\InProcServer32\(Default) = "C:\Program Files\NetZero\Toolbar.dll" [empty string]

 

Explorer Bars

 

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Shell Search Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

 

{4982D40A-C53B-4615-B15B-B5B5E98D167C}\

"ButtonText" = "AOL Toolbar"

"MenuText" = "AOL Toolbar"

"CLSIDExtension" = "{4982D40A-C53B-4615-B15B-B5B5E98D167C}"

 

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Research"

 

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\

"ButtonText" = "AIM"

"Exec" = "C:\PROGRA~1\AIM\aim.exe" ["America Online, Inc."]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

Dell Wireless WLAN Tray Service, wltrysvc, "C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe" [null data]

ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]

iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]

NICCONFIGSVC, NICCONFIGSVC, "C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe" ["Dell Inc."]

ServiceLayer, ServiceLayer, ""C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"" ["Nokia."]

Sygate Personal Firewall, SmcService, "C:\Program Files\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]

 

 

----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 168 seconds, including 21 seconds for message boxes)

 

 

 

je vous remercie d'avance de votre aide sur les interpretations et actions a effectuer

Lien vers le commentaire
Partager sur d’autres sites

horus agressor Godlike Member

horus agressor

Posté(e)
Posté(e)

Bonjour,

 

Si tu penses être infecté, un spécialiste du forum viendra bientôt t'en informer et il t'aidera pour la procédure de désinfection :P

 

En attendant, tu pourrais t'occuper de tes log au démarrage (lignes 04), vu le nombre, pas étonnant que ton PC rame :

 

Maîtrisez le démarrage de votre PC http://www.zebulon.fr/articles/msconfig.php

 

Et si tu as encore un peu de temps à tuer : Les services Windows http://www.zebulon.fr/articles/services_1.php , histoire de gérer au mieux tes lignes 023, ça ne fera pas de mal à ton PC, au contraire :P

 

Amicalement.

Lien vers le commentaire
Partager sur d’autres sites
alka99 Junior Member

alka99

Posté(e)
  • Auteur
Posté(e)

merci pour la reponse

 

c est vrai que j ai bcp de processus et services en execution au demmarage

j ai essayer en suivant les conseils ds les liens d en rendre inactifs mais en restant prodent je suis pas assez expert pour savoir lesquels sont necessaire pour mon pc, j ai fait un premier tri en fait , ca rame tjrs

Lien vers le commentaire
Partager sur d’autres sites
horus agressor Godlike Member

horus agressor

Posté(e)
Posté(e) (modifié)

Bonjour,

 

Ben y'a plus qu'à attendre que l'un de nos spécialiste-bénévole se penche sur ton log dès que posssible :P

 

Pour les programmes au démarrage (lignes 04), le parefeu, l'antivirus, un éventuel antispy en résident, une protection de la Base de Registre (style TeaTimer de SpyBot) et, si besoin, ce qui concerne ta connection Internet suffisent au démarrage.

 

Tu pourrais reposter un log HiJackThis en attendant pour voir la différence.

 

Amicalement.

Modifié par horus agressor
Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...