Bonjour,
j'ai eu un probleme avec l'espece de spyware qui utilise une imposture de smitfraud pour recuperer des infos des paimements en ligne (le fameux fond d'ecran bleu impossible a changer).
J'ai essayer de nettoyer tout ca, et je voudrais savoir si vous pourriez m'aider a annalyser mon dernier scan d'hijackthis pour etre sur qu'il n'y a plus rien :
Citation:
Logfile of HijackThis v1.99.1
Scan saved at 12:38:21, on 06/07/2005
Platform: Windows XP
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Programs\Avast4\aswUpdSv.exe
E:\Programs\Avast4\ashServ.exe
E:\Programs\Avast4\ashDisp.exe
E:\Programs\ZoneAlarm\zlclient.exe
E:\programs\QuickTime\qttask.exe
E:\programs\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Programs\ActionRecorder\ActionRecorder.exe
E:\Programs\SuperCopier\SuperCopier.exe
E:\Programs\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Programs\Avast4\ashMaiSv.exe
E:\Programs\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
F:\Mes Documents\utilitaires\trojan\hijackthis\HijackThis .exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\programs\Adobe\acrobat reader\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programs\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] E:\Programs\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] E:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\programs\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\programs\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AutoAct] E:\Programs\ActionRecorder\ActionRecorder.exe -auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SuperCopier.exe] E:\Programs\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with Go!Zilla - file://E:\Programs\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\Programs\OFFICE\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\programs\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\programs\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Programs\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Programs\ICQ\ICQ.exe
O9 - Extra button: Microsoft® JavaScript® Console - {6EC325DD-9B5E-4E8F-AB43-E69F12E418A4} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {6EC325DD-9B5E-4E8F-AB43-E69F12E418A4} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - C:\Documents and Settings\gw3\Local Settings\Temporary Internet Files\Content.IE5\C4UXJBUC\access[1].exe (file missing)
O9 - Extra button: Microsoft® JavaScript® Console - {6EC325DD-9B5E-4E8F-AB43-E69F12E418A4} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {6EC325DD-9B5E-4E8F-AB43-E69F12E418A4} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - C:\Documents and Settings\gw3\Local Settings\Temporary Internet Files\Content.IE5\C4UXJBUC\access[1].exe (file missing) (HKCU)
O16 - DPF: Interface Chat Voila - http://chat5.x-echo.com/version4/Applet/vchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9379AF5B-E19B-4B2E-A144-E07EE781F3EC}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Programs\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Programs\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Programs\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Programs\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaSrv - Unknown owner - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Programs\DiskeeperLite\DKService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - E:\programs\FileZilla Server\FileZilla Server.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
Merci de votre aide,
Koopa.
06/07/2005, 12h22
Mode linéaire
