Demande d'analyse d'un log HijackThis
allergie
Messages postés
1
Statut
Membre
-
Tirailleur Messages postés 177 Statut Membre -
Tirailleur Messages postés 177 Statut Membre -
Quelqu'un d'expérimenté aurait-il l'extrême courtoisie de me dire ce qu'il faut fixer avec hijackThis dans la liste de logs ci-dessous ? J'ai beau fixer tous les R0 et R1, ils reviennent... Merci d'avance.
Logfile of HijackThis v1.97.7
Scan saved at 16:25:17, on 23/06/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\netjq.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\pctspk.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Apoint\Apntex.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\ntmb32.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Nikon\NkView4\NkVwMon.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 4.0\Acrobat\Acrobat.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\portjacquet.DVALPIFORM\Local Settings\Temporary Internet Files\Content.IE5\GLVQ50XS\HijackThis[1].exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\mkxpc.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mkxpc.dll/index.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mkxpc.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\mkxpc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mkxpc.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\mkxpc.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {CCD82565-EB83-8AF2-8BA3-D64D82F8BA41} - C:\WINNT\msvo32.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Image] rundll32 C:\WINNT\sdkqh32.dll,Install
O4 - HKLM\..\Run: [hge7y9iow8] C:\Program Files\Symantec\ow8mydcg1a.exe
O4 - HKLM\..\Run: [ntmb32.exe] C:\WINNT\ntmb32.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINNT\sdkqh32.dll,Install
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38143.5118634259
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dvalpiform.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{E389DE76-1F3E-4089-9A3E-B8D823C4D410}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBBEF153-0F4A-4003-8A2C-9753C6652ED0}: NameServer = 192.168.1.1
Logfile of HijackThis v1.97.7
Scan saved at 16:25:17, on 23/06/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\netjq.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\pctspk.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Apoint\Apntex.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\ntmb32.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Nikon\NkView4\NkVwMon.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 4.0\Acrobat\Acrobat.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\portjacquet.DVALPIFORM\Local Settings\Temporary Internet Files\Content.IE5\GLVQ50XS\HijackThis[1].exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\mkxpc.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mkxpc.dll/index.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mkxpc.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\mkxpc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mkxpc.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\mkxpc.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {CCD82565-EB83-8AF2-8BA3-D64D82F8BA41} - C:\WINNT\msvo32.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Image] rundll32 C:\WINNT\sdkqh32.dll,Install
O4 - HKLM\..\Run: [hge7y9iow8] C:\Program Files\Symantec\ow8mydcg1a.exe
O4 - HKLM\..\Run: [ntmb32.exe] C:\WINNT\ntmb32.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINNT\sdkqh32.dll,Install
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38143.5118634259
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dvalpiform.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{E389DE76-1F3E-4089-9A3E-B8D823C4D410}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBBEF153-0F4A-4003-8A2C-9753C6652ED0}: NameServer = 192.168.1.1
A voir également:
- Demande d'analyse d'un log HijackThis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Analyse composant pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Analyse performance pc - Guide
- Nouveau tag analysé - Forum Huawei
1 réponse
salut,
ferme internet explorer, relance HijackThis et coche ces lignes puis fais fix checked:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\mkxpc.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mkxpc.dll/index.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mkxpc.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\mkxpc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mkxpc.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\mkxpc.dll/sp.html#37049
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {CCD82565-EB83-8AF2-8BA3-D64D82F8BA41} - C:\WINNT\msvo32.dll
O4 - HKLM\..\Run: [ntmb32.exe] C:\WINNT\ntmb32.exe
O4 - HKLM\..\Run: [Image] rundll32 C:\WINNT\sdkqh32.dll,Install
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dvalpiform.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{E389DE76-1F3E-4089-9A3E-B8D823C4D410}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBBEF153-0F4A-4003-8A2C-9753C6652ED0}: NameServer = 192.168.1.1
ensuite redémarre en mode sans échec (appuie f8 au démarrage de ton ordinateur) puis supprime :
C:\Program Files\Submit\<- le dossier
C:\WINNT\msvo32.dll<- le fichier
C:\WINNT\ntmb32.exe<- le fichier
Redémarre et dis ou en est ton probleme
ferme internet explorer, relance HijackThis et coche ces lignes puis fais fix checked:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\mkxpc.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mkxpc.dll/index.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mkxpc.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\mkxpc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mkxpc.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\mkxpc.dll/sp.html#37049
O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll
O2 - BHO: (no name) - {CCD82565-EB83-8AF2-8BA3-D64D82F8BA41} - C:\WINNT\msvo32.dll
O4 - HKLM\..\Run: [ntmb32.exe] C:\WINNT\ntmb32.exe
O4 - HKLM\..\Run: [Image] rundll32 C:\WINNT\sdkqh32.dll,Install
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dvalpiform.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{E389DE76-1F3E-4089-9A3E-B8D823C4D410}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBBEF153-0F4A-4003-8A2C-9753C6652ED0}: NameServer = 192.168.1.1
ensuite redémarre en mode sans échec (appuie f8 au démarrage de ton ordinateur) puis supprime :
C:\Program Files\Submit\<- le dossier
C:\WINNT\msvo32.dll<- le fichier
C:\WINNT\ntmb32.exe<- le fichier
Redémarre et dis ou en est ton probleme
