Bonjour à tous,
voila le problème :
depuis un certain temps j' ai un message d' alerte Avast sur une infection par le Win32:Trojano-803 [Trj]
je n' arrive pas à l' éradiquer directement. il me balance dans windows :
C:\TEMP\NCASEP~1.EXE
J'ai donc fait un scan avec hijackthis et voila ce qu'il en resort:
Logfile of HijackThis v1.99.0
Scan saved at 19:51:16, on 05/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common\FSM32.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Admilli Service\AdmilliKeep.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\PROGRA~1\F-SECU~1\4476822\Program\SERVIC~1.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Anti-Virus\fsgk32st.exe
C:\Program Files\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\4476822\Program\fspex.exe
C:\Program Files\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\4476822\program\fsbwsys.exe
C:\Program Files\Common\FSMA32.EXE
C:\Program Files\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common\FCH32.EXE
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Common\FAMEH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Anti-Virus\fsav32.exe
C:\Program Files\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\FSGUI\fsguiexe.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Marc\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10406.dll' missing
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) -
http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/CDTInc/ie/bridge-c11.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} -
http://www.errorguard.com/installation/Install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104278056968
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://www.creative.com/su/ocx/15009/CTPID.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Internet Security 2005 - Unknown - C:\PROGRA~1\F-SECU~1\4476822\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown - C:\Program Files\Anti-Virus\fsgk32st.exe
O23 - Service: Forceware Web Interface - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: fsbwsys - Unknown - C:\Program Files\F-Secure Internet Security\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon - F-Secure Corporation - C:\Program Files\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent - F-Secure Corporation - C:\Program Files\Common\FSMA32.EXE
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: ForceWare IP service - Unknown - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service - Unknown - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Pouvez-vous me dire si il y a écentuellement des éléments à suprimer?
En vous remerçiant.
Warok.
Afficher la suite
