Forum |  HardWare.fr | News | Articles | PC | S'identifier | S'inscrire | Shop Recherche
1823 connectés 

  FORUM HardWare.fr
  Windows & Software
  Win NT/2K/XP

  Analyse Log HijackThis

 


 Mot :   Pseudo :  
 
Bas de page
Auteur Sujet :

Analyse Log HijackThis

n°2581574
stoned
Posté le 26-11-2006 à 13:42:51  profilanswer
 

Bonjour,  
 
Après plusieurs trojan et virus détectés sur mon PC, j'ai fais des scans en ligne, découvert que j'en avais, la plupart ont étés désinfectés mais j'aimerais savoir si il en reste ...  
Merci d'avance,  
 
Gaëtan
 
 
 
Logfile of HijackThis v1.99.1
Scan saved at 13:38:29, on 26/11/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
 
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\WINDOWS\System32\CTsvcCDA.EXE
G:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
G:\Program Files\ULI5289\ALi5289.exe
G:\WINDOWS\System32\nvsvc32.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\SOUNDMAN.EXE
G:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
G:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
G:\Program Files\Common Files\{B4408786-09D7-2060-0426-060822050020}\Update.exe
F:\program files\viamichelin\WCESCOMM.EXE
F:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\WINDOWS\explorer.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Documents and Settings\Famille Bouteiller\Desktop\antispamvirus\Scanner.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - G:\WINDOWS\System32\iabqulxj.dll
O2 - BHO: (no name) - {1693506D-AE6F-4ABD-88CC-2280FE1CBB6D} - G:\WINDOWS\System32\pmnnn.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - G:\WINDOWS\system32\ssqpmli.dll
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - G:\WINDOWS\System32\ixt1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ALi5289] G:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "G:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [A64Tweaker] "G:\Documents and Settings\Famille Bouteiller\Desktop\Overclocking\pc\\a64tweaker.exe" G:\Documents and Settings\Famille Bouteiller\Desktop\Overclocking\pc\\startup.a64
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IpWins] G:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\program files\viamichelin\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Creative Detector] F:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: LimeWire On Startup.lnk = F:\LimeWire\LimeWire.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = G:\Program Files\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - f:\program files\viamichelin\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - f:\program files\viamichelin\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - f:\program files\viamichelin\inetrepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{444327DD-2687-4863-9D14-1A693F965096}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC7BA532-99BF-4A0B-9B80-0229F6632EEB}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{444327DD-2687-4863-9D14-1A693F965096}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Applets - G:\WINDOWS\system32\lv6809jue.dll (file missing)
O20 - Winlogon Notify: NetCache - G:\WINDOWS\system32\enn6l15s1.dll (file missing)
O20 - Winlogon Notify: pmnnn - G:\WINDOWS\System32\pmnnn.dll
O20 - Winlogon Notify: ssqpmli - G:\WINDOWS\SYSTEM32\ssqpmli.dll
O20 - Winlogon Notify: winaiq32 - winaiq32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - G:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Microsoft Windows Man Service (Windows Man Service) - Unknown owner - G:\WINDOWS\winmgr.exe (file missing)
 
 

mood
Publicité
Posté le 26-11-2006 à 13:42:51  profilanswer
 

n°2581618
patparis
Posté le 26-11-2006 à 14:17:39  profilanswer
 

A fixer:
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - G:\WINDOWS\system32\ssqpmli.dll  

n°2581638
stoned
Posté le 26-11-2006 à 14:51:49  profilanswer
 

patparis a écrit :

A fixer:
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - G:\WINDOWS\system32\ssqpmli.dll


 
 
je n'arrive pas à supprimer cette ligne, même en mode sans échec : hijackthis me dis que c'est un compsant BHO .... Comment faire ? est-ce que c'est la seule ligne infectée ?
Je remet un autre log, j'ai changé d'antivirus: AVG était infecté:  
 
Logfile of HijackThis v1.99.1
Scan saved at 14:52:15, on 26/11/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
 
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\System32\CTsvcCDA.EXE
G:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\System32\nvsvc32.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
G:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
G:\Program Files\ULI5289\ALi5289.exe
G:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
G:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
G:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
G:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
G:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
G:\Program Files\Common Files\{B4408786-09D7-2060-0426-060822050020}\Update.exe
F:\program files\viamichelin\WCESCOMM.EXE
F:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Acrobat 7.0\Reader\reader_sl.exe
G:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\WINDOWS\System32\wuauclt.exe
G:\PROGRA~1\Softwin\BITDEF~1\bdlite.exe
G:\Documents and Settings\Famille Bouteiller\Desktop\antispamvirus\Scanner.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - G:\WINDOWS\system32\ssqpmli.dll
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - (no file)
O2 - BHO: (no name) - {FD3A573F-BE62-4B13-92A9-15128DCEBC1E} - G:\WINDOWS\System32\pmnnn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ALi5289] G:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "G:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [A64Tweaker] "G:\Documents and Settings\Famille Bouteiller\Desktop\Overclocking\pc\\a64tweaker.exe" G:\Documents and Settings\Famille Bouteiller\Desktop\Overclocking\pc\\startup.a64
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] G:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] G:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\program files\viamichelin\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Creative Detector] F:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: LimeWire On Startup.lnk = F:\LimeWire\LimeWire.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = G:\Program Files\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - f:\program files\viamichelin\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - f:\program files\viamichelin\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - f:\program files\viamichelin\inetrepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{444327DD-2687-4863-9D14-1A693F965096}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC7BA532-99BF-4A0B-9B80-0229F6632EEB}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{444327DD-2687-4863-9D14-1A693F965096}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Applets - G:\WINDOWS\system32\lv6809jue.dll (file missing)
O20 - Winlogon Notify: NetCache - G:\WINDOWS\system32\enn6l15s1.dll (file missing)
O20 - Winlogon Notify: pmnnn - G:\WINDOWS\System32\pmnnn.dll
O20 - Winlogon Notify: ssqpmli - G:\WINDOWS\SYSTEM32\ssqpmli.dll
O20 - Winlogon Notify: winaiq32 - winaiq32.dll (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - G:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - G:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Microsoft Windows Man Service (Windows Man Service) - Unknown owner - G:\WINDOWS\winmgr.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - G:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
 


Message édité par stoned le 26-11-2006 à 14:53:12
n°2581639
Wolfman
Modérateur
Lobo'tomizado
Posté le 26-11-2006 à 14:53:20  profilanswer
 

Pas d'analyse de log bruts. Une analyse sur http://www.hijackthis.de/fr suffira amplement. Et puis au passage ne t'étonne pas d'avoir un système infecté si il n'est pas à jour.


Aller à :
  FORUM HardWare.fr
  Windows & Software
  Win NT/2K/XP

  Analyse Log HijackThis

 

Sujets relatifs
Log ouverture/fermeture de Windows XPcomment faire des analyse online avec secuser.com ? (resolu)
Domage Colateral des virus!!!Comment faire un LOG avec NERO ??
Log hijackthis, j'ai besoin d'un ProPc long au demarrage, petit problème en tout genre aidez moi svp.
Rapport Hijackthis UC 100%analyse de mon LOG Hijackthis svp
Analyse d'un log HijackthisDemande d'analyse d'un log HijackThis
Plus de sujets relatifs à : Analyse Log HijackThis


Copyright © 1997-2022 Hardware.fr SARL (Signaler un contenu illicite / Données personnelles) / Groupe LDLC / Shop HFR