Aide pour analyse hijackthise
melanie
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
StartupList report, 2007-12-25, 15:11:06
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16574)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Spleak\SpleakLoader.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\WINDOWS\system32\FreezeScreenSaver.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\GetData\Recover My Files\RecoverMyFiles.exe
C:\Program Files\GetData\Recover My Files\RecoverMyFiles.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage]
ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
igfxtray = C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd = C:\WINDOWS\system32\hkcmd.exe
igfxpers = C:\WINDOWS\system32\igfxpers.exe
RTHDCPL = RTHDCPL.EXE
Alcmtr = ALCMTR.EXE
VX1000 = C:\WINDOWS\vVX1000.exe
nod32kui = "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
LifeCam = "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NeroFilterCheck = C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
AnyDVD = C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
SpleakPlugin = "C:\Program Files\Spleak\SpleakLoader.exe"
Amok Eggs Four Web = C:\Documents and Settings\All Users\Application Data\part dead amok eggs\Show start.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
msnmsgr = ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
deletepoll = C:\DOCUME~1\PROPRI~1\APPLIC~1\PINGHO~1\Intra Mags Second.exe
IncrediMail = C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
RocketDock = "C:\Program Files\RocketDock\RocketDock.exe"
eMuleAutoStart = C:\Program Files\eMule\emule.exe -AutoStart
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
ShoppingReport - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll - {100EB1FD-D03E-47FD-81F3-EE91287F9465}
SWEETIE - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
(no name) - C:\Program Files\Share_Accelerator_MM\tbSha1.dll - {4596013b-6c31-408b-a266-deae5c086dc2}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL - {9CB65201-89C4-402c-BA80-02D8C59F9B1D}
(no name) - C:\Program Files\Multi_Media\tbMul0.dll - {b5146c40-189a-4311-bda9-fbae3e023187}
XBTB03021 - C:\Program Files\Freeze.com Toolbar\freeze_int.dll (file missing) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18}
(no name) - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL - {FE063DB1-4EC0-403e-8DD8-394C54984B2C}
--------------------------------------------------
Enumerating Task Scheduler jobs:
AD22A28D92E95AE1.job
Maintenance en 1 clic.job
Norton Security Scan.job
rpc.job
--------------------------------------------------
Enumerating Download Program Files:
[{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
[{2357B3CF-7F8D-4451-8D81-FD6097610AEE}]
CODEBASE = http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
[Solitaire Showdown Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SolitaireShowdown.dll
CODEBASE = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://www.update.microsoft.com/...
[Windows Live Photo Upload Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://melanyb2222.spaces.live.com/PhotoUpload/MsnPUpld.cab
[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
--------------------------------------------------
End of report, 8 890 bytes
Report generated in 0,094 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
StartupList report, 2007-12-25, 15:11:06
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16574)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Spleak\SpleakLoader.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\WINDOWS\system32\FreezeScreenSaver.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\GetData\Recover My Files\RecoverMyFiles.exe
C:\Program Files\GetData\Recover My Files\RecoverMyFiles.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage]
ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\ENJOY Plus!.exe
RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
igfxtray = C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd = C:\WINDOWS\system32\hkcmd.exe
igfxpers = C:\WINDOWS\system32\igfxpers.exe
RTHDCPL = RTHDCPL.EXE
Alcmtr = ALCMTR.EXE
VX1000 = C:\WINDOWS\vVX1000.exe
nod32kui = "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
LifeCam = "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NeroFilterCheck = C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
AnyDVD = C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
SpleakPlugin = "C:\Program Files\Spleak\SpleakLoader.exe"
Amok Eggs Four Web = C:\Documents and Settings\All Users\Application Data\part dead amok eggs\Show start.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
msnmsgr = ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
deletepoll = C:\DOCUME~1\PROPRI~1\APPLIC~1\PINGHO~1\Intra Mags Second.exe
IncrediMail = C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
RocketDock = "C:\Program Files\RocketDock\RocketDock.exe"
eMuleAutoStart = C:\Program Files\eMule\emule.exe -AutoStart
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
ShoppingReport - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll - {100EB1FD-D03E-47FD-81F3-EE91287F9465}
SWEETIE - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
(no name) - C:\Program Files\Share_Accelerator_MM\tbSha1.dll - {4596013b-6c31-408b-a266-deae5c086dc2}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL - {9CB65201-89C4-402c-BA80-02D8C59F9B1D}
(no name) - C:\Program Files\Multi_Media\tbMul0.dll - {b5146c40-189a-4311-bda9-fbae3e023187}
XBTB03021 - C:\Program Files\Freeze.com Toolbar\freeze_int.dll (file missing) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18}
(no name) - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL - {FE063DB1-4EC0-403e-8DD8-394C54984B2C}
--------------------------------------------------
Enumerating Task Scheduler jobs:
AD22A28D92E95AE1.job
Maintenance en 1 clic.job
Norton Security Scan.job
rpc.job
--------------------------------------------------
Enumerating Download Program Files:
[{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
[{2357B3CF-7F8D-4451-8D81-FD6097610AEE}]
CODEBASE = http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
[Solitaire Showdown Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SolitaireShowdown.dll
CODEBASE = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://www.update.microsoft.com/...
[Windows Live Photo Upload Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://melanyb2222.spaces.live.com/PhotoUpload/MsnPUpld.cab
[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
--------------------------------------------------
End of report, 8 890 bytes
Report generated in 0,094 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
A voir également:
- Aide pour analyse hijackthise
- Analyse composant pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Analyse performance pc - Guide
- Échec de l'analyse antivirus. ✓ - Forum Antivirus
- Analyse et réparation disque dur externe - Guide
1 réponse
bonsoir supprime ta version hijackthis et utilise celle ci!
1) Télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre-le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
renome le sandra.exe ( clic droit puis renomer)
Lance le puis:
Clique sur "do a system scan and save logfile" (cf démo)
Faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
1) Télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre-le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
renome le sandra.exe ( clic droit puis renomer)
Lance le puis:
Clique sur "do a system scan and save logfile" (cf démo)
Faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
