verification boot system

verification boot system - Virus/Spywares - Windows & Software

Marsh Posté le 16-05-2007 à 18:27:45    

Salut à tous.
J'ai fait un Hijackthis, je voudrais votre avis sur la santé de mon PC.
 
Voici le log >

 
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:35 , on 16/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
 
Running processes:
D:WINDOWSSystem32smss.exe
D:WINDOWSSYSTEM32winlogon.exe
D:WINDOWSsystem32services.exe
D:WINDOWSsystem32lsass.exe
D:WINDOWSsystem32svchost.exe
D:WINDOWSSystem32svchost.exe
D:WINDOWSsystem32spoolsv.exe
D:WINDOWSExplorer.EXE
D:Program FilesExecutive SoftwareDiskeeperDkService.exe
D:Program FilesEsetnod32krn.exe
D:WINDOWSsystem32nvsvc32.exe
D:WINDOWSsystem32RunDll32.exe
D:Program FilesLogitechiTouchiTouch.exe
D:Program FilesMicrosoft IntelliPointpoint32.exe
D:WINDOWSVM_STI.EXE
D:Program FilesEsetnod32kui.exe
D:Program FilesFarStoneVirtualDriveVDTask.exe
D:WINDOWSsystem32RUNDLL32.EXE
D:Program FilesSuperCopierSuperCopier.exe
D:Program FilesCursorXPCursorXP.exe
D:WINDOWSsystem32ctfmon.exe
D:Program Filess2kctl15b103S2kCtl.exe
D:Program FilesProcessExplorerprocexp.exe
D:WINDOWSBricoPacksVista InspiratObjectDockObjectDock.exe
D:WINDOWSBricoPacksVista InspiratUberIconUberIcon Manager.exe
D:WINDOWSBricoPacksVista InspiratYzShadowYzShadow.exe
D:WINDOWSBricoPacksVista InspiratYzToolbarYzToolBar.exe
D:Program FilesMSN Messengermsnmsgr.exe
D:Program FilesOperaOpera.exe
D:Program FilesInternet Exploreriexplore.exe
H:Mes DocumentsHiJackThis_v2.exe
 
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.fr/ig?hl=fr
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.google.fr/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =  
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:Program FilesSiber SystemsAI RoboFormroboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:Program FilesJavajre1.6.0_01binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:Program FilesFichiers communsMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:Program FilesSiber SystemsAI RoboFormroboform.dll
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [zBrowser Launcher] D:Program FilesLogitechiTouchiTouch.exe
O4 - HKLM..Run: [IntelliPoint] "D:Program FilesMicrosoft IntelliPointpoint32.exe"
O4 - HKLM..Run: [BigDogPath] D:WINDOWSVM_STI.EXE USB PC Camera 301P
O4 - HKLM..Run: [nod32kui] "D:Program FilesEsetnod32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [VirtualDrive] "D:Program FilesFarStoneVirtualDriveVDTask.exe" /AutoRestore
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE D:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKCU..Run: [SuperCopier.exe] D:Program FilesSuperCopierSuperCopier.exe
O4 - HKCU..Run: [CursorXP] D:Program FilesCursorXPCursorXP.exe
O4 - HKCU..Run: [ctfmon.exe] D:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] D:WINDOWSSystem32CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] D:WINDOWSSystem32CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = D:Program FilesFichiers communsAdobeCalibrationAdobe Gamma Loader.exe
O4 - Startup: procexp.exe.lnk = D:Program FilesProcessExplorerprocexp.exe
O4 - Startup: Stardock ObjectDock.lnk = D:WINDOWSBricoPacksVista InspiratObjectDockObjectDock.exe
O4 - Startup: UberIcon.lnk = D:WINDOWSBricoPacksVista InspiratUberIconUberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = D:WINDOWSBricoPacksVista InspiratYzShadowYzShadow.exe
O4 - Startup: Y'z ToolBar.lnk = D:WINDOWSBricoPacksVista InspiratYzToolbarYzToolBar.exe
O4 - Global Startup: Raccourci vers S2kCtl.exe.lnk = D:Program Filess2kctl15b103S2kCtl.exe
O8 - Extra context menu item: Barre RoboForm - file://D:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://D:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://D:Program FilesSiber SystemsAI RoboFormRoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://D:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:Program FilesJavajre1.6.0_01binssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:Program FilesJavajre1.6.0_01binssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:Program FilesWinHTTrackWinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:Program FilesWinHTTrackWinHTTrackIEBar.dll
O9 - Extra button: Réglage rapide de Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:WINDOWSsystem32SHDOCVW.DLL
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:Program FilesICQLiteICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:Program FilesICQLiteICQLite.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/16.16/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cedjaq.spaces.live.com//Pho [...] nPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by106fd.bay106.hotmail.msn. [...] Atchmt.ocx
O18 - Protocol: exalead - {39076C07-7014-41FF-A3CD-841360B1C2EC} - D:Program FilesExaleadExalead DesktopExaScheme.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:WINDOWSSystem32browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:WINDOWSSystem32browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:Program FilesFichiers communsAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:Program FilesExecutive SoftwareDiskeeperDkService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - D:WINDOWSSystem32dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - D:WINDOWSsystem32services.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:Program FilesFichiers communsInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - D:WINDOWSSystem32imapi.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - D:Program FilesFichiers communsMacromedia SharedServiceMacromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:Program FilesEsetnod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:WINDOWSsystem32nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:Program FilesFichiers communsSony SharedAVLibPacsptisvr.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - D:WINDOWSsystem32services.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - D:WINDOWSSystem32SCardSvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:Program FilesFichiers communsSony SharedAVLibSptisrv.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - D:WINDOWSSystem32vssvc.exe
 
--
End of file - 10479 bytes
 
Et voici le demarrage avec Starter >
 
Elément,Valeur,Section,Enabled,Description,Company
"Adobe Gamma.lnk","D:Program FilesFichiers communsAdobeCalibrationAdobe Gamma Loader.exe","Démarrage - Utilisateur courant","1","Adobe Gamma Loader (Adobe Systems, Inc. Adobe Gamma Loader)","Adobe Systems, Inc."
"BigDogPath","D:WINDOWSVM_STI.EXE USB PC Camera 301P","Registre - Démarrage machine","1","Still Image (STI) Driver","VM."
"Cmaudio","RunDll32 cmicnfg.cpl,CMICtrlWnd","Registre - Démarrage machine","1","",""
"ctfmon.exe","D:WINDOWSsystem32ctfmon.exe","Registre - Démarrage utilisateur courant","1","CTF Loader (Microsoft® Windows® Operating System)","Microsoft Corporation"
"cuhjvzr","d:windowssystem32cuhjvzr.exe cuhjvzr","Registre - Démarrage machine","1","",""[i][u]
"CursorXP","D:Program FilesCursorXPCursorXP.exe","Registre - Démarrage utilisateur courant","1","CursorXP (Stardock CursorXP)"," "
"ExaleadDesktop",""D:Program FilesExaleadExalead DesktopExaleadDesktop.exe" /startup","Registre - Démarrage machine","0","exalead one:desktop","Exalead SA."
"IntelliPoint",""D:Program FilesMicrosoft IntelliPointpoint32.exe"","Registre - Démarrage machine","1","Point32.exe (Microsoft IntelliPoint)","Microsoft Corporation"
"LiveMonitor","D:Program FilesMSILive Update 3LMonitor.exe","Registre - Démarrage machine","0","UpdateMonitor MFC Application (UpdateMonitor Application)",""
"MSN Messenger 7.5.lnk","D:Program FilesMSN Messengermsnmsgr.exe","Démarrage - Tous les utilisateurs","0","Messenger","Microsoft Corporation"
"nod32kui",""D:Program FilesEsetnod32kui.exe" /WAITSERVICE","Registre - Démarrage machine","1","NOD32 Control Center GUI (NOD32 Antivirus System)","Eset "
"NvCplDaemon","RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup","Registre - Démarrage machine","1","NVIDIA Display Properties Extension (NVIDIA Compatible Windows 2000 Display driver, Version 93.71 )","NVIDIA Corporation"
"NvMediaCenter","RUNDLL32.EXE D:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit","Registre - Démarrage machine","1","NVIDIA Media Center Library","NVIDIA Corporation"
"procexp.exe.lnk","D:Program FilesProcessExplorerprocexp.exe","Démarrage - Utilisateur courant","1","Sysinternals Process Explorer (Process Explorer)","Sysinternals"
"Raccourci vers S2kCtl.exe.lnk","D:Program Filess2kctl15b103S2kCtl.exe","Démarrage - Tous les utilisateurs","1","S2k Bus Controller (S2kCtl)","TwinSSoft"
"RAMDrive",""D:Program FilesFarStoneVirtualDriveVHDRDTask.exe"","Registre - Démarrage machine","0","RDTask Microsoft ??????? (RDTask ????)",""
"Register Homesite+.exe",""D:Program FilesMacromediaHomeSite+Homesite+.exe" /REGSERVER","Registre - Démarrage machine une seule fois étendu","0","HomeSite (HomeSite6)","Macromedia, Inc."
"RegistrySmart",""C:Program FilesRegistrySmartRegistrySmart.exe" -boot","Registre - Démarrage machine","0","",""
"Stardock ObjectDock.lnk","D:WINDOWSBricoPacksVista InspiratObjectDockObjectDock.exe","Démarrage - Utilisateur courant","1","ObjectDock (Stardock ObjectDock)","Stardock"
"SunJavaUpdateSched",""D:Program FilesJavajre1.6.0_01binjusched.exe"","Registre - Démarrage machine","0","Java(TM) Platform SE binary (Java(TM) Platform SE 6 U1)","Sun Microsystems, Inc."
"SuperCopier.exe","D:Program FilesSuperCopierSuperCopier.exe","Registre - Démarrage utilisateur courant","1","Remplacement de la copie de fichiers de l'explorateur (SuperCopier)","SFX TEAM"
"UberIcon.lnk","D:WINDOWSBricoPacksVista InspiratUberIconUberIcon Manager.exe","Démarrage - Utilisateur courant","1","",""
"VIA RAID TOOL.lnk","D:Program FilesVIARAIDraid_tool.exe","Démarrage - Tous les utilisateurs","0","VIA RAID Tool","VIA Technologies"
"VirtualDrive",""D:Program FilesFarStoneVirtualDriveVDTask.exe" /AutoRestore","Registre - Démarrage machine","1","VirtualDrive VDTask (VirtualDrive Personal)","FarStone Technology Inc."
"winsesame_del","D:Program FilesWinSesameeffaceur.exe","Registre - Démarrage machine","0","",""
"WinSys","D:WINDOWSsystem32WinSys.exe","Registre - Démarrage machine","0","DOT MFC Application (DOT Application)",""
"Y'z Shadow.lnk","D:WINDOWSBricoPacksVista InspiratYzShadowYzShadow.exe","Démarrage - Utilisateur courant","1","Attach drop shadow to windows. (Y'z Shadow)","Y'z@Home"
"Y'z ToolBar.lnk","D:WINDOWSBricoPacksVista InspiratYzToolbarYzToolBar.exe","Démarrage - Utilisateur courant","1","ToolBar icon can be changed. (Y'z ToolBar)","Y'z@Home"
"zBrowser Launcher","D:Program FilesLogitechiTouchiTouch.exe","Registre - Démarrage machine","1","iTouch Application (iTouch)","Logitech Inc."
 
Mon probleme c'est que j'ai un processus au demarrage nommé actuellement "cuhjvzr.exe".
Ce prossecus change de nom au redemarrage du systeme d'exploitation, à chaque fois que je le suprime ou le désactive de ma liste de demarrage, que ce soit avec Msconfig ou Starter.
Je l'ai recherché sur Google et autres moteur de recherche et RIEN ...
De plus ce fichier est introuvable dans system32 (même en fichier caché)
En revanche je le trouve bien dans ma base de registre.
Pouvez vous m'aider svp ?
Merci.

Reply

Marsh Posté le 16-05-2007 à 18:27:45   

Reply

Marsh Posté le 17-05-2007 à 08:38:17    

Pas de log Hijackthis, check the rules !


---------------
Hackers News & Security Crawler
Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed