Logo GNT
Actualités Tests & Guides Bons Plans
GTA 6 iPhone 17 Copilot Switch 2 Temu ChatGPT Tesla
OVH Cloud OVH Cloud
Entraide Sécurité Sécurité Virus Log HiJackThis

Log HiJackThis

1 réponse
Avatar
deepthroat
Bonjour,

j'ai un probleme similaire à Nathalie Agnola (voir un plus haut) à
propos d'IE 6, norton et mcafee ne trouvent rien, la reparation d'IE ne
change rien.

Si quelqu'un peut m'aider à decrypter le log hijack :
(J'ai remplacé des données (url) perso par [url-privee] ou [prive]


Logfile of HijackThis v1.97.7
Scan saved at 11:26:22, on 13/09/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\HPJETDSC.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAM FILES\PSION\PSIWIN\PSCONSV.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\PSION\PSIWIN\ELOGERR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://home.netscape.com/home/winsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://[url-privee]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://home.netscape.com/home/winsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://keyword.netscape.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Liens
N1 - Netscape 4: user_pref("browser.startup.homepage",
"http://[url-privee]"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NORTON~1\vptray.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers
communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [MOSearch]
c:\PROGRA~1\FICHIE~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\FICHIERS
COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\NORTON~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\NORTON~1\defwatch.exe
O4 - HKCU\..\Run: [HP JetDiscovery] HPJETDSC.EXE
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT
ACTIVESYNC\WCESCOMM.EXE"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Startup: Serveur de connexion PsiWin 2.3.lnk = C:\Program
Files\Psion\PsiWin\Psconsv.exe
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
5.0\Distillr\AcroTray.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - User Startup: Serveur de connexion PsiWin 2.3.lnk = C:\Program
Files\Psion\PsiWin\Psconsv.exe
O4 - User Startup: Acrobat Assistant.lnk = C:\Program
Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Créer un Favori de l'appareil mobile (HKLM)
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .php: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {ADC3EA10-8A28-41A9-96B4-534ADFC3CA0A} (Configuratore Auto
Control) -
http://www.e-fiat.com/components/ocx/autopricer/configuratoreauto.cab
O16 - DPF: {528B6917-4DED-43F1-B56C-35A1519129CA} (MSIMMessageView
Class) - http://activex.microsoft.com/activex/controls/exim/msimrt.cab
O16 - DPF: {156731E1-D652-11D1-BE03-00A0C9111212} (ATLSBNCheck Class) -
http://msdn.microsoft.com/downloads/samples/internet/sbncheck.cab
O16 - DPF: {F0E42D60-368C-11D0-AD81-00A0C90DC8D9} (Snapshot Viewer
Control 8.0) -
http://activex.microsoft.com/activex/controls/access/Snapview.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/sw-intl.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) -
https://[url-privee]/xenroll.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37900.0118865741
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX
Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) -
http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
http://www.encyclo.wanadoo.fr/JS/tdserver.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) -
http://[url-privee]/qp2.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/0579fb16635bf0349217/netzip/RdxIE601_fr.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = [prive]
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = [prive]
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = [prive]
Signaler un problème avec ce contenu

1 réponse

Supprimer
Cette action est irreversible, confirmez la suppression du commentaire ?
Signaler le commentaire

Veuillez sélectionner un problème

Nudité
Violence
Harcèlement
Fraude
Vente illégale
Discours haineux
Terrorisme
Autre
Avatar
joke0
Salut,

deepthroat:
Si quelqu'un peut m'aider à decrypter le log hijack :


Il ne révèle rien, mais tu n'as pas utilisé la dernière version
(1.98.2). Donc, recommence un rapport...

--
joke0