processus demarrage non désiré

[cedjaq]

Salut à tous.

J'ai fait un Hijackthis, je voudrais votre avis sur la santé de mon PC.

 

Voici le log >

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 12:35 , on 16/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

D:WINDOWSSystem32smss.exe

D:WINDOWSSYSTEM32winlogon.exe

D:WINDOWSsystem32services.exe

D:WINDOWSsystem32lsass.exe

D:WINDOWSsystem32svchost.exe

D:WINDOWSSystem32svchost.exe

D:WINDOWSsystem32spoolsv.exe

D:WINDOWSExplorer.EXE

D:Program FilesExecutive SoftwareDiskeeperDkService.exe

D:Program FilesEsetnod32krn.exe

D:WINDOWSsystem32nvsvc32.exe

D:WINDOWSsystem32RunDll32.exe

D:Program FilesLogitechiTouchiTouch.exe

D:Program FilesMicrosoft IntelliPointpoint32.exe

D:WINDOWSVM_STI.EXE

D:Program FilesEsetnod32kui.exe

D:Program FilesFarStoneVirtualDriveVDTask.exe

D:WINDOWSsystem32RUNDLL32.EXE

D:Program FilesSuperCopierSuperCopier.exe

D:Program FilesCursorXPCursorXP.exe

D:WINDOWSsystem32ctfmon.exe

D:Program Filess2kctl15b103S2kCtl.exe

D:Program FilesProcessExplorerprocexp.exe

D:WINDOWSBricoPacksVista InspiratObjectDockObjectDock.exe

D:WINDOWSBricoPacksVista InspiratUberIconUberIcon Manager.exe

D:WINDOWSBricoPacksVista InspiratYzShadowYzShadow.exe

D:WINDOWSBricoPacksVista InspiratYzToolbarYzToolBar.exe

D:Program FilesMSN Messengermsnmsgr.exe

D:Program FilesOperaOpera.exe

D:Program FilesInternet Exploreriexplore.exe

H:Mes DocumentsHiJackThis_v2.exe

 

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.fr/ig?hl=fr

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.google.fr/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:PROGRA~1SPYBOT~1SDHelper.dll

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:Program FilesSiber SystemsAI RoboFormroboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:Program FilesJavajre1.6.0_01binssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:Program FilesFichiers communsMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:Program FilesSiber SystemsAI RoboFormroboform.dll

O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM..Run: [zBrowser Launcher] D:Program FilesLogitechiTouchiTouch.exe

O4 - HKLM..Run: [intelliPoint] "D:Program FilesMicrosoft IntelliPointpoint32.exe"

O4 - HKLM..Run: [bigDogPath] D:WINDOWSVM_STI.EXE USB PC Camera 301P

O4 - HKLM..Run: [nod32kui] "D:Program FilesEsetnod32kui.exe" /WAITSERVICE

O4 - HKLM..Run: [VirtualDrive] "D:Program FilesFarStoneVirtualDriveVDTask.exe" /AutoRestore

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE D:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKCU..Run: [superCopier.exe] D:Program FilesSuperCopierSuperCopier.exe

O4 - HKCU..Run: [CursorXP] D:Program FilesCursorXPCursorXP.exe

O4 - HKCU..Run: [ctfmon.exe] D:WINDOWSsystem32ctfmon.exe

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] D:WINDOWSSystem32CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] D:WINDOWSSystem32CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - Startup: Adobe Gamma.lnk = D:Program FilesFichiers communsAdobeCalibrationAdobe Gamma Loader.exe

O4 - Startup: procexp.exe.lnk = D:Program FilesProcessExplorerprocexp.exe

O4 - Startup: Stardock ObjectDock.lnk = D:WINDOWSBricoPacksVista InspiratObjectDockObjectDock.exe

O4 - Startup: UberIcon.lnk = D:WINDOWSBricoPacksVista InspiratUberIconUberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = D:WINDOWSBricoPacksVista InspiratYzShadowYzShadow.exe

O4 - Startup: Y'z ToolBar.lnk = D:WINDOWSBricoPacksVista InspiratYzToolbarYzToolBar.exe

O4 - Global Startup: Raccourci vers S2kCtl.exe.lnk = D:Program Filess2kctl15b103S2kCtl.exe

O8 - Extra context menu item: Barre RoboForm - file://D:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O8 - Extra context menu item: Enregistrer le formulaire - file://D:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html

O8 - Extra context menu item: Personnaliser le menu - file://D:Program FilesSiber SystemsAI RoboFormRoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Remplir le formulaire - file://D:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html

O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:Program FilesWinHTTrackWinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:Program FilesWinHTTrackWinHTTrackIEBar.dll

O9 - Extra button: Réglage rapide de Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:WINDOWSsystem32SHDOCVW.DLL

O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:Program FilesICQLiteICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:Program FilesICQLiteICQLite.exe

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/16.16/uploader2.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cedjaq.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by106fd.bay106.hotmail.msn.com/activex/HMAtchmt.ocx

O18 - Protocol: exalead - {39076C07-7014-41FF-A3CD-841360B1C2EC} - D:Program FilesExaleadExalead DesktopExaScheme.dll

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:WINDOWSSystem32browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:WINDOWSSystem32browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - D:Program FilesFichiers communsAdobe Systems SharedServiceAdobelmsvc.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - D:Program FilesExecutive SoftwareDiskeeperDkService.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - D:WINDOWSSystem32dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - D:WINDOWSsystem32services.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:Program FilesFichiers communsInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - D:WINDOWSSystem32imapi.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - D:Program FilesFichiers communsMacromedia SharedServiceMacromedia Licensing.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:Program FilesEsetnod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:WINDOWSsystem32nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - D:Program FilesFichiers communsSony SharedAVLibPacsptisvr.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - D:WINDOWSsystem32services.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - D:WINDOWSSystem32SCardSvr.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:Program FilesFichiers communsSony SharedAVLibSptisrv.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - D:WINDOWSSystem32vssvc.exe

 

--

End of file - 10479 bytes

 

Et voici le demarrage avec Starter >

 

Elément,Valeur,Section,Enabled,Description,Company

"Adobe Gamma.lnk","D:Program FilesFichiers communsAdobeCalibrationAdobe Gamma Loader.exe","Démarrage - Utilisateur courant","1","Adobe Gamma Loader (Adobe Systems, Inc. Adobe Gamma Loader)","Adobe Systems, Inc."

"BigDogPath","D:WINDOWSVM_STI.EXE USB PC Camera 301P","Registre - Démarrage machine","1","Still Image (STI) Driver","VM."

"Cmaudio","RunDll32 cmicnfg.cpl,CMICtrlWnd","Registre - Démarrage machine","1","",""

"ctfmon.exe","D:WINDOWSsystem32ctfmon.exe","Registre - Démarrage utilisateur courant","1","CTF Loader (Microsoft® Windows® Operating System)","Microsoft Corporation"

"cuhjvzr","d:windowssystem32cuhjvzr.exe cuhjvzr","Registre - Démarrage machine","1","",""

"CursorXP","D:Program FilesCursorXPCursorXP.exe","Registre - Démarrage utilisateur courant","1","CursorXP (Stardock CursorXP)"," "

"ExaleadDesktop",""D:Program FilesExaleadExalead DesktopExaleadDesktop.exe" /startup","Registre - Démarrage machine","0","exalead one:desktop","Exalead SA."

"IntelliPoint",""D:Program FilesMicrosoft IntelliPointpoint32.exe"","Registre - Démarrage machine","1","Point32.exe (Microsoft IntelliPoint)","Microsoft Corporation"

"LiveMonitor","D:Program FilesMSILive Update 3LMonitor.exe","Registre - Démarrage machine","0","UpdateMonitor MFC Application (UpdateMonitor Application)",""

"MSN Messenger 7.5.lnk","D:Program FilesMSN Messengermsnmsgr.exe","Démarrage - Tous les utilisateurs","0","Messenger","Microsoft Corporation"

"nod32kui",""D:Program FilesEsetnod32kui.exe" /WAITSERVICE","Registre - Démarrage machine","1","NOD32 Control Center GUI (NOD32 Antivirus System)","Eset "

"NvCplDaemon","RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup","Registre - Démarrage machine","1","NVIDIA Display Properties Extension (NVIDIA Compatible Windows 2000 Display driver, Version 93.71 )","NVIDIA Corporation"

"NvMediaCenter","RUNDLL32.EXE D:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit","Registre - Démarrage machine","1","NVIDIA Media Center Library","NVIDIA Corporation"

"procexp.exe.lnk","D:Program FilesProcessExplorerprocexp.exe","Démarrage - Utilisateur courant","1","Sysinternals Process Explorer (Process Explorer)","Sysinternals"

"Raccourci vers S2kCtl.exe.lnk","D:Program Filess2kctl15b103S2kCtl.exe","Démarrage - Tous les utilisateurs","1","S2k Bus Controller (S2kCtl)","TwinSSoft"

"RAMDrive",""D:Program FilesFarStoneVirtualDriveVHDRDTask.exe"","Registre - Démarrage machine","0","RDTask Microsoft ??????? (RDTask ????)",""

"Register Homesite+.exe",""D:Program FilesMacromediaHomeSite+Homesite+.exe" /REGSERVER","Registre - Démarrage machine une seule fois étendu","0","HomeSite (HomeSite6)","Macromedia, Inc."

"RegistrySmart",""C:Program FilesRegistrySmartRegistrySmart.exe" -boot","Registre - Démarrage machine","0","",""

"Stardock ObjectDock.lnk","D:WINDOWSBricoPacksVista InspiratObjectDockObjectDock.exe","Démarrage - Utilisateur courant","1","ObjectDock (Stardock ObjectDock)","Stardock"

"SunJavaUpdateSched",""D:Program FilesJavajre1.6.0_01binjusched.exe"","Registre - Démarrage machine","0","Java Platform SE binary (Java Platform SE 6 U1)","Sun Microsystems, Inc."

"SuperCopier.exe","D:Program FilesSuperCopierSuperCopier.exe","Registre - Démarrage utilisateur courant","1","Remplacement de la copie de fichiers de l'explorateur (SuperCopier)","SFX TEAM"

"UberIcon.lnk","D:WINDOWSBricoPacksVista InspiratUberIconUberIcon Manager.exe","Démarrage - Utilisateur courant","1","",""

"VIA RAID TOOL.lnk","D:Program FilesVIARAIDraid_tool.exe","Démarrage - Tous les utilisateurs","0","VIA RAID Tool","VIA Technologies"

"VirtualDrive",""D:Program FilesFarStoneVirtualDriveVDTask.exe" /AutoRestore","Registre - Démarrage machine","1","VirtualDrive VDTask (VirtualDrive Personal)","FarStone Technology Inc."

"winsesame_del","D:Program FilesWinSesameeffaceur.exe","Registre - Démarrage machine","0","",""

"WinSys","D:WINDOWSsystem32WinSys.exe","Registre - Démarrage machine","0","DOT MFC Application (DOT Application)",""

"Y'z Shadow.lnk","D:WINDOWSBricoPacksVista InspiratYzShadowYzShadow.exe","Démarrage - Utilisateur courant","1","Attach drop shadow to windows. (Y'z Shadow)","Y'z@Home"

"Y'z ToolBar.lnk","D:WINDOWSBricoPacksVista InspiratYzToolbarYzToolBar.exe","Démarrage - Utilisateur courant","1","ToolBar icon can be changed. (Y'z ToolBar)","Y'z@Home"

"zBrowser Launcher","D:Program FilesLogitechiTouchiTouch.exe","Registre - Démarrage machine","1","iTouch Application (iTouch)","Logitech Inc."

 

Mon probleme c'est que j'ai un processus au demarrage nommé actuellement "cuhjvzr.exe".

Ce prossecus change de nom au redemarrage du systeme d'exploitation, à chaque fois que je le suprime ou le désactive de ma liste de demarrage, que ce soit avec Msconfig ou Starter.

Je l'ai recherché sur Google et autres moteur de recherche et RIEN ...

De plus ce fichier est introuvable dans system32 (même en fichier caché)

En revanche je le trouve bien dans ma base de registre.

Pouvez vous m'aider svp ?

Merci.

[Thanos]

salut cedjaq

 

Comme tu as pû le constater, pas mal de posts ont disparu!! Ceci est dû au problème technique dont a été victime le forum.Les choses sont à présent entrées dans l'ordre.

Je ne sait pas si un conseiller a répondu à ta demande et si tu as déjà commencé la désinfection!

Tiens nous au courant (si quelqu'un t'a répondu, quelles manipulations tu as faite etc...)

Merci de ta compréhension.