Se connecter / S'enregistrer
Votre question

Rapport Hijackthis à interpréter par expert...

Tags :
  • Hijackthis
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Décembre 2008 20:37:39

Bonsoir, Je vous poste un rapport que j'ai généré de mon ordi suite à un PANDÉMIE de virus... Y-aurait-il quelqu'un qui peut me l'interpréter.

Merci BEAUCOUP !

++++++++++++++++++++++++++++++++
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.28.37, on 02/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Maxtor\Schedule2\schedul2.exe
C:\Programmi\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\VIRITEXP\virccsvc.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\File comuni\Maxtor\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Hewlett-Packard\Digital

Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital

Imaging\bin\hpotdd01.exe
C:\Programmi\Hewlett-Packard\Digital

Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Hewlett-Packard\Digital

Imaging\Bin\hpoSTS08.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documenti\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title = Microsoft Internet Explorer

fornito da Alice
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) -

{982CFBD7-4731-7A1F-8E6E-8ED176F45160} - (no file)
O4 - HKLM\..\Run: [avast!]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE

TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [mxomssmenu]

"C:\Programmi\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32

cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Acronis Scheduler2 Service]

"C:\Programmi\File comuni\Maxtor\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]

C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]

C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]

C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI]

C:\Programmi\Skype\Phone\IEPlugin\unins000.exe

/VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]

C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI]

C:\Programmi\Skype\Phone\IEPlugin\unins000.exe

/VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default

user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk =

C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: TransText.lnk =

C:\Programmi\ChaosSoft\TransText\TransText.exe
O8 - Extra context menu item: E&sporta in Microsoft

Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) -

{85d1f590-48f4-11d9-9669-0800200c9a66} -

C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender

Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a66} -

C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy

Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.alice.it
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: TruePass EPF 7,0,100,739 -

https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassap...

let-epf.cab
O16 - DPF: Yahoo! Blackjack -

http://origin.games.yahoo.net/games/clients/y/jt0_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}

(CKAVWebScan Object) -

http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}

(ActiveScan 2.0 Installer Class) -

http://acs.pandasoftware.com/activescan/cabs/as2stubie....

ab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN

Photo Upload Tool) -

http://by131fd.bay131.hotmail.msn.com/resources/MsnPUpl...

.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image

Uploader Control) -

http://www.photoweb.fr/telechargement/telechargement-ph...

toweb.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} -

http://ma-config.com/activex/hardwaredetection_3_0_1_1....

ab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java

Runtime Environment 1.6.0) -

http://javadl.sun.com/webapps/download/AutoDL?BundleId=...

3100
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst....

ab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN

Games - Installer) -

http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab566...

9.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom

Games Player) -

http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash

Casino Helper Object) -

https://spinpalace.microgaming.com/freeplay/FlashAX2.ca...
O17 -

HKLM\System\CCS\Services\Tcpip\..\{F88CB17D-1AAD-40E2-95

A7-8EE876D47E47}: NameServer = 85.37.17.5 85.38.28.77
O18 - Protocol: skype4com -

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) -

Acronis - C:\Programmi\File

comuni\Maxtor\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) -

ALWIL Software - C:\Programmi\Alwil

Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software -

C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software -

C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software -

C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google -

C:\Programmi\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) -

Seagate Technology LLC -

C:\Programmi\Maxtor\Sync\SyncServices.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner -

C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: VirIT Console Client (viritccsvc) -

Unknown owner - C:\VIRITEXP\virccsvc.EXE

--
End of file - 8319 bytes

Autres pages sur : rapport hijackthis interpreter expert

a b 8 Sécurité
3 Décembre 2008 12:57:33

Bnjour,

Apparemment ok.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS