Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

analyse hijack

franckkk

Par franckkk
dans Analyses et éradication malwares

 Partager

Messages recommandés

franckkk Junior Member

franckkk

Posté(e)
Posté(e)

bonjour

 

en ce beau jour de noel un petit probleme d'ordi, antivirus etc qui refusent de faire leur mise à jour

 

Que pensez vous de ce rapport ?

 

Merci encore pour le coup de main

 

F

 

 

 

 

StartupList report, 24/12/2009, 09:08:50

StartupList version: 1.52.2

Started from : C:\Users\franck\Downloads\HiJackThis.EXE

Detected: Windows Vista SP2 (WinNT 6.00.1906)

Detected: Internet Explorer v8.00 (8.00.6001.18702)

* Using default options

==================================================

 

Running processes:

 

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files\DigitalPersona\Bin\DpAgent.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe

C:\Program Files\Agence Exclusive\Agence.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\pdfforge Toolbar\SearchSettings.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Users\franck\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\conime.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Windows\system32\wuauclt.exe

C:\Users\franck\Desktop\Virus Removal Tool\setup_9.0.0.722_23.12.2009_08-58\setup_9.0.0.722_23.12.2009_08-58.exe

C:\Users\franck\Desktop\Virus Removal Tool\setup_9.0.0.722_23.12.2009_08-58\setup_9.0.0.722_23.12.2009_08-58.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe

C:\Windows\explorer.exe

C:\Users\franck\Downloads\HiJackThis.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\NOTEPAD.EXE

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Users\franck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]

Notification de cadeaux MSN.lnk = C:\Users\franck\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe

OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

_uninst_setup_9.0.0.722_23.12.2009_08-58.exe.lnk = C:\Users\franck\AppData\Local\Temp\_uninst_setup_9.0.0.722_23.12.2009_08-58.exe.bat

 

Shell folders Common Startup:

[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]

Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\Windows\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

DVDAgent = "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"

TSMAgent = "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

CLMLServer for HP TouchSmart = "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

UCam_Menu = "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

UpdateLBPShortCut = "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

UpdatePSTShortCut = "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

DpAgent = C:\Program Files\DigitalPersona\Bin\dpagent.exe

UpdatePDIRShortCut = "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

HP Software Update = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

hpWirelessAssistant = C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

ContentTransferWMDetector.exe = C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

Ad-Watch = C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

NBKeyScan = "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

QlbCtrl.exe = C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

SmartMenu = %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

TVAgent = "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"

Agence = "C:\Program Files\Agence Exclusive\Agence.exe"

Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

AdobeCS4ServiceManager = "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

SearchSettings = C:\Program Files\pdfforge Toolbar\SearchSettings.exe

QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime

NvCplDaemon = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

NvMediaCenter = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

HP Health Check Scheduler = c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"

AVP = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

MSSE = "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

HPAdvisor = C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

LightScribe Control Panel = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

ehTray.exe = C:\Windows\ehome\ehTray.exe

SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

[OptionalComponents]

=

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

[AdobeUpdater]

=

 

--------------------------------------------------

 

Load/Run keys from C:\Windows\WIN.INI:

 

load=*INI section not found*

run=*INI section not found*

 

Load/Run keys from Registry:

 

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

 

--------------------------------------------------

 

Shell & screensaver key from C:\Windows\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=explorer.exe

SCRNSAVE.EXE=C:\Windows\system32\logon.scr

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

 

Enumerating Browser Helper Objects:

 

(no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670}

AEBHO - C:\Program Files\Agence Exclusive\AgenceBHO.dll - {0495F4D7-9FE3-4456-AA9D-1D57E78DF5F0}

AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}

(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

IEVkbdBHO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}

(no name) - (no file) - {5C255C8A-E604-49b4-9D64-90988571CECB}

(no name) - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll - {B922D405-6D13-4A2B-AE89-08A030DA4402}

(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}

Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}

(no name) - C:\Program Files\pdfforge Toolbar\SearchSettings.dll - {E312764E-7706-43F1-8DAB-FCDD2B1E416D}

link filter bho - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll - {E33CF602-D945-461A-83F0-819F76A199F8}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Ad-Aware Update (Weekly).job

GoogleUpdateTaskMachineCore.job

GoogleUpdateTaskMachineUA.job

HPCeeScheduleForfranck.job

NSSstub.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[CKAVWebScan Object]

InProcServer32 = C:\Windows\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll

CODEBASE = http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: C:\Windows\system32\NLAapi.dll

NameSpace #2: C:\Windows\system32\napinsp.dll

NameSpace #3: C:\Windows\system32\pnrpnsp.dll

NameSpace #4: C:\Windows\system32\pnrpnsp.dll

NameSpace #5: C:\Windows\system32\wshbth.dll

NameSpace #6: C:\Program Files\Bonjour\mdnsNSP.dll

 

--------------------------------------------------

 

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

 

Windows NT checkdisk command:

BootExecute = autocheck autochk *

 

Windows NT 'Wininit.ini':

PendingFileRenameOperations: C:\Users\franck\Desktop\Virus Removal Tool1\install.tmp||C:\Users\franck\AppData\Local\Temp\_iu14D2N.tmp

 

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

WebCheck: C:\Windows\System32\webcheck.dll

 

--------------------------------------------------

End of report, 12 837 bytes

Report generated in 0,125 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...