Analyse Log HijackThis

Analyse Log HijackThis - Win NT/2K/XP - Windows & Software

Marsh Posté le 26-11-2006 à 13:42:51    

Bonjour,  
 
Après plusieurs trojan et virus détectés sur mon PC, j'ai fais des scans en ligne, découvert que j'en avais, la plupart ont étés désinfectés mais j'aimerais savoir si il en reste ...  
Merci d'avance,  
 
Gaëtan
 
 
 
Logfile of HijackThis v1.99.1
Scan saved at 13:38:29, on 26/11/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
 
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\WINDOWS\System32\CTsvcCDA.EXE
G:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
G:\Program Files\ULI5289\ALi5289.exe
G:\WINDOWS\System32\nvsvc32.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\SOUNDMAN.EXE
G:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
G:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
G:\Program Files\Common Files\{B4408786-09D7-2060-0426-060822050020}\Update.exe
F:\program files\viamichelin\WCESCOMM.EXE
F:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\WINDOWS\explorer.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Documents and Settings\Famille Bouteiller\Desktop\antispamvirus\Scanner.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - G:\WINDOWS\System32\iabqulxj.dll
O2 - BHO: (no name) - {1693506D-AE6F-4ABD-88CC-2280FE1CBB6D} - G:\WINDOWS\System32\pmnnn.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - G:\WINDOWS\system32\ssqpmli.dll
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - G:\WINDOWS\System32\ixt1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ALi5289] G:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "G:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [A64Tweaker] "G:\Documents and Settings\Famille Bouteiller\Desktop\Overclocking\pc\\a64tweaker.exe" G:\Documents and Settings\Famille Bouteiller\Desktop\Overclocking\pc\\startup.a64
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IpWins] G:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\program files\viamichelin\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Creative Detector] F:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: LimeWire On Startup.lnk = F:\LimeWire\LimeWire.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = G:\Program Files\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - f:\program files\viamichelin\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - f:\program files\viamichelin\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - f:\program files\viamichelin\inetrepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{444327DD-2687-4863-9D14-1A693F965096}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC7BA532-99BF-4A0B-9B80-0229F6632EEB}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{444327DD-2687-4863-9D14-1A693F965096}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Applets - G:\WINDOWS\system32\lv6809jue.dll (file missing)
O20 - Winlogon Notify: NetCache - G:\WINDOWS\system32\enn6l15s1.dll (file missing)
O20 - Winlogon Notify: pmnnn - G:\WINDOWS\System32\pmnnn.dll
O20 - Winlogon Notify: ssqpmli - G:\WINDOWS\SYSTEM32\ssqpmli.dll
O20 - Winlogon Notify: winaiq32 - winaiq32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - G:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Microsoft Windows Man Service (Windows Man Service) - Unknown owner - G:\WINDOWS\winmgr.exe (file missing)
 
 

Reply

Marsh Posté le 26-11-2006 à 13:42:51   

Reply

Marsh Posté le 26-11-2006 à 14:17:39    

A fixer:
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - G:\WINDOWS\system32\ssqpmli.dll  

Reply

Marsh Posté le 26-11-2006 à 14:51:49    

patparis a écrit :

A fixer:
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - G:\WINDOWS\system32\ssqpmli.dll


 
 
je n'arrive pas à supprimer cette ligne, même en mode sans échec : hijackthis me dis que c'est un compsant BHO .... Comment faire ? est-ce que c'est la seule ligne infectée ?
Je remet un autre log, j'ai changé d'antivirus: AVG était infecté:  
 
Logfile of HijackThis v1.99.1
Scan saved at 14:52:15, on 26/11/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
 
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\System32\CTsvcCDA.EXE
G:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\System32\nvsvc32.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
G:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
G:\Program Files\ULI5289\ALi5289.exe
G:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
G:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
G:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
G:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
G:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
G:\Program Files\Common Files\{B4408786-09D7-2060-0426-060822050020}\Update.exe
F:\program files\viamichelin\WCESCOMM.EXE
F:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Acrobat 7.0\Reader\reader_sl.exe
G:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
F:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\WINDOWS\System32\wuauclt.exe
G:\PROGRA~1\Softwin\BITDEF~1\bdlite.exe
G:\Documents and Settings\Famille Bouteiller\Desktop\antispamvirus\Scanner.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - G:\WINDOWS\system32\ssqpmli.dll
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - (no file)
O2 - BHO: (no name) - {FD3A573F-BE62-4B13-92A9-15128DCEBC1E} - G:\WINDOWS\System32\pmnnn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ALi5289] G:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "G:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [A64Tweaker] "G:\Documents and Settings\Famille Bouteiller\Desktop\Overclocking\pc\\a64tweaker.exe" G:\Documents and Settings\Famille Bouteiller\Desktop\Overclocking\pc\\startup.a64
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] G:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] G:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\program files\viamichelin\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Creative Detector] F:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: LimeWire On Startup.lnk = F:\LimeWire\LimeWire.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = G:\Program Files\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - f:\program files\viamichelin\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - f:\program files\viamichelin\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - f:\program files\viamichelin\inetrepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{444327DD-2687-4863-9D14-1A693F965096}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC7BA532-99BF-4A0B-9B80-0229F6632EEB}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{444327DD-2687-4863-9D14-1A693F965096}: NameServer = 195.238.2.22 195.238.2.21
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Applets - G:\WINDOWS\system32\lv6809jue.dll (file missing)
O20 - Winlogon Notify: NetCache - G:\WINDOWS\system32\enn6l15s1.dll (file missing)
O20 - Winlogon Notify: pmnnn - G:\WINDOWS\System32\pmnnn.dll
O20 - Winlogon Notify: ssqpmli - G:\WINDOWS\SYSTEM32\ssqpmli.dll
O20 - Winlogon Notify: winaiq32 - winaiq32.dll (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - G:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - G:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Microsoft Windows Man Service (Windows Man Service) - Unknown owner - G:\WINDOWS\winmgr.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - G:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
 


Message édité par stoned le 26-11-2006 à 14:53:12
Reply

Marsh Posté le 26-11-2006 à 14:53:20    

Pas d'analyse de log bruts. Une analyse sur http://www.hijackthis.de/fr suffira amplement. Et puis au passage ne t'étonne pas d'avoir un système infecté si il n'est pas à jour.

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed