Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

windows antivirus

triton

Par triton
dans Software

 Partager

Messages recommandés

triton Member

triton

Posté(e)
Posté(e)

bonjour à tous

 

pas facile de se débarasser de windowsantivirus qui revient à chaque fois.

 

ci-joints logs :

 

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 15:54:42, on 29/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\printer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\wlancfg.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\JRE\JRE1.4.2\bin\DEX_IC-304V1.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CCleaner\ccleaner.exe

C:\Documents and Settings\boss\Mes documents\antivirus francis\HiJackThis_v2.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.fr/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [install_BlueDSL] D:\install.exe

O4 - HKLM\..\Run: [install_Choix] D:\choix.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe

O4 - HKLM\..\Run: [salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe"

O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DexStarter_IC-304V1] "C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\PrinterDriver\IC-304V1\DexRunner.bat"

O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Moniteur & Configuration.lnk = ?

O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

O4 - Startup: system.exe

O4 - Global Startup: autorun.exe

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{4F24856B-E7B5-42FA-8898-F1B5156B6552}: NameServer = 85.255.114.54,85.255.112.26

O17 - HKLM\System\CCS\Services\Tcpip\..\{7A0DB3F8-E7A9-4D6E-BC8E-A3FDC4AD2558}: NameServer = 85.255.114.54,85.255.112.26

O17 - HKLM\System\CCS\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: NameServer = 85.255.114.54,85.255.112.26

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26

O20 - AppInit_DLLs: C:\WINDOWS\system32\hadjajr.ini

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\WINDOWS\wlancfg.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

 

--

End of file - 9974 bytes

 

 

StartupList report, 29/08/2007, 16:41:16

StartupList version: 1.52.2

Started from : C:\Documents and Settings\boss\Mes documents\antivirus francis\HiJackThis_v2.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\printer.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\JRE\JRE1.4.2\bin\DEX_IC-304V1.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\wlancfg.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\boss\Mes documents\antivirus francis\HiJackThis_v2.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\boss\Menu Démarrer\Programmes\Démarrage]

Moniteur & Configuration.lnk = ?

OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]

Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

IAAnotif = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

SigmatelSysTrayApp = stsystra.exe

ATIPTA = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

DVDLauncher = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

DMXLauncher = C:\Program Files\Dell\Media Experience\DMXLauncher.exe

dla = C:\WINDOWS\system32\dla\tfswctrl.exe

ISUSPM Startup = C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

ISUSScheduler = "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

{0228e555-4f9c-4e35-a3ec-b109a192b4c2} = C:\Program Files\Google\Gmail Notifier\gnotify.exe

avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

AAWTray = C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

WinAVX = C:\WINDOWS\system32\WinAvXX.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

DexStarter_IC-304V1 = "C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\PrinterDriver\IC-304V1\DexRunner.bat"

WinAVX = C:\WINDOWS\system32\WinAvXX.exe

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

 

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

 

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

 

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

 

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=*INI section not found*

run=*INI section not found*

 

Load/Run keys from Registry:

 

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\WINDOWS\system32\hadjajr.ini

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe C:\WINDOWS\system32\printer.exe

SCRNSAVE.EXE=C:\WINDOWS\system32\ss3dfo.scr

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Regedit.exe has no CompanyName property! It is either missing or named something else.

- Regedit.exe has no OriginalFilename property! It is either missing or named something else.

- Regedit.exe has no FileDescription property! It is either missing or named something else.

 

Registry check failed!

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

AppleSoftwareUpdate.job

HPpromotions journeysoftware.job

Rappel d'abonnement 1 auprès de l'ISP.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

--------------------------------------------------

 

Enumerating Windows NT/2000/XP services

 

Ad-Aware 2007 Service: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" (autostart)

avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart)

Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)

Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart)

Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Explorateur d'ordinateur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

drvnddm: system32\drivers\drvnddm.sys (autostart)

Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Journal des événements: %SystemRoot%\system32\services.exe (autostart)

Fax: %systemroot%\system32\fxssvc.exe (autostart)

Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Intel® Matrix Storage Event Monitor: C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe (autostart)

Serveur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Station de travail: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Assistance TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Machine Debug Manager: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)

Planificateur LiveUpdate automatique: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart)

Plug-and-Play: %SystemRoot%\system32\services.exe (autostart)

Services IPSEC: %SystemRoot%\system32\lsass.exe (autostart)

Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart)

Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart)

Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Sentinel: \SystemRoot\System32\Drivers\SENTINEL.SYS (autostart)

Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart)

Service de restauration système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Acquisition d'image Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)

tfsnboio: system32\dla\tfsnboio.sys (autostart)

tfsncofs: system32\dla\tfsncofs.sys (autostart)

tfsndrct: system32\dla\tfsndrct.sys (autostart)

tfsndres: system32\dla\tfsndres.sys (autostart)

tfsnifs: system32\dla\tfsnifs.sys (autostart)

tfsnopio: system32\dla\tfsnopio.sys (autostart)

tfsnpool: system32\dla\tfsnpool.sys (autostart)

tfsnudf: system32\dla\tfsnudf.sys (autostart)

tfsnudfa: system32\dla\tfsnudfa.sys (autostart)

Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Service de lancement de WlanCfg: %SystemRoot%\wlancfg.exe SVC (autostart)

Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

 

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

 

--------------------------------------------------

End of report, 15 085 bytes

Report generated in 0,218 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

 

 

 

il s'agit de mon micro au boulot.

 

merci pour votre aide

chef Extrem Member

chef

Posté(e)
Posté(e)
bonjour à tous

 

pas facile de se débarasser de windowsantivirus qui revient à chaque fois.

 

ci-joints logs :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 15:54:42, on 29/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\printer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\wlancfg.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\JRE\JRE1.4.2\bin\DEX_IC-304V1.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CCleaner\ccleaner.exe

C:\Documents and Settings\boss\Mes documents\antivirus francis\HiJackThis_v2.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.fr/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [install_BlueDSL] D:\install.exe

O4 - HKLM\..\Run: [install_Choix] D:\choix.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe

O4 - HKLM\..\Run: [salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe"

O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DexStarter_IC-304V1] "C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\PrinterDriver\IC-304V1\DexRunner.bat"

O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Moniteur & Configuration.lnk = ?

O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

O4 - Startup: system.exe

O4 - Global Startup: autorun.exe

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{4F24856B-E7B5-42FA-8898-F1B5156B6552}: NameServer = 85.255.114.54,85.255.112.26

O17 - HKLM\System\CCS\Services\Tcpip\..\{7A0DB3F8-E7A9-4D6E-BC8E-A3FDC4AD2558}: NameServer = 85.255.114.54,85.255.112.26

O17 - HKLM\System\CCS\Services\Tcpip\..\{FFA92BA0-7FD5-4866-B39D-58FC128F4843}: NameServer = 85.255.114.54,85.255.112.26

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.54 85.255.112.26

O20 - AppInit_DLLs: C:\WINDOWS\system32\hadjajr.ini

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\WINDOWS\wlancfg.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

 

--

End of file - 9974 bytes

StartupList report, 29/08/2007, 16:41:16

StartupList version: 1.52.2

Started from : C:\Documents and Settings\boss\Mes documents\antivirus francis\HiJackThis_v2.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\printer.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\JRE\JRE1.4.2\bin\DEX_IC-304V1.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\802.11 Wireless LAN\WlanMonitor.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\wlancfg.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\boss\Mes documents\antivirus francis\HiJackThis_v2.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\boss\Menu Démarrer\Programmes\Démarrage]

Moniteur & Configuration.lnk = ?

OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]

Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

IAAnotif = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

SigmatelSysTrayApp = stsystra.exe

ATIPTA = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

DVDLauncher = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

DMXLauncher = C:\Program Files\Dell\Media Experience\DMXLauncher.exe

dla = C:\WINDOWS\system32\dla\tfswctrl.exe

ISUSPM Startup = C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

ISUSScheduler = "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

{0228e555-4f9c-4e35-a3ec-b109a192b4c2} = C:\Program Files\Google\Gmail Notifier\gnotify.exe

avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

AAWTray = C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

WinAVX = C:\WINDOWS\system32\WinAvXX.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

DexStarter_IC-304V1 = "C:\Documents and Settings\boss\Application Data\Color_Server_Client_Tools\PrinterDriver\IC-304V1\DexRunner.bat"

WinAVX = C:\WINDOWS\system32\WinAvXX.exe

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

 

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

 

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

 

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

 

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=*INI section not found*

run=*INI section not found*

 

Load/Run keys from Registry:

 

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\WINDOWS\system32\hadjajr.ini

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe C:\WINDOWS\system32\printer.exe

SCRNSAVE.EXE=C:\WINDOWS\system32\ss3dfo.scr

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Regedit.exe has no CompanyName property! It is either missing or named something else.

- Regedit.exe has no OriginalFilename property! It is either missing or named something else.

- Regedit.exe has no FileDescription property! It is either missing or named something else.

 

Registry check failed!

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

AppleSoftwareUpdate.job

HPpromotions journeysoftware.job

Rappel d'abonnement 1 auprès de l'ISP.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

--------------------------------------------------

 

Enumerating Windows NT/2000/XP services

 

Ad-Aware 2007 Service: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" (autostart)

avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart)

Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)

Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart)

Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Explorateur d'ordinateur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

drvnddm: system32\drivers\drvnddm.sys (autostart)

Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Journal des événements: %SystemRoot%\system32\services.exe (autostart)

Fax: %systemroot%\system32\fxssvc.exe (autostart)

Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Intel® Matrix Storage Event Monitor: C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe (autostart)

Serveur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Station de travail: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Assistance TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Machine Debug Manager: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)

Planificateur LiveUpdate automatique: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart)

Plug-and-Play: %SystemRoot%\system32\services.exe (autostart)

Services IPSEC: %SystemRoot%\system32\lsass.exe (autostart)

Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart)

Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart)

Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Sentinel: \SystemRoot\System32\Drivers\SENTINEL.SYS (autostart)

Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart)

Service de restauration système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Acquisition d'image Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)

tfsnboio: system32\dla\tfsnboio.sys (autostart)

tfsncofs: system32\dla\tfsncofs.sys (autostart)

tfsndrct: system32\dla\tfsndrct.sys (autostart)

tfsndres: system32\dla\tfsndres.sys (autostart)

tfsnifs: system32\dla\tfsnifs.sys (autostart)

tfsnopio: system32\dla\tfsnopio.sys (autostart)

tfsnpool: system32\dla\tfsnpool.sys (autostart)

tfsnudf: system32\dla\tfsnudf.sys (autostart)

tfsnudfa: system32\dla\tfsnudfa.sys (autostart)

Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Service de lancement de WlanCfg: %SystemRoot%\wlancfg.exe SVC (autostart)

Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

 

--------------------------------------------------

End of report, 15 085 bytes

Report generated in 0,218 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

il s'agit de mon micro au boulot.

 

merci pour votre aide

faut posté ici:

http://forum.zebulon.fr/index.php?showforum=40

Rejoindre la conversation

Vous publiez en tant qu’invité. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...