besoin svp d'une analyse de hijackthis

Question

Bonjour à tous,j'ai un problème sur mon ordi, il est super lent, l'UC est utilisée n'importe comment.J'ai fait un scan avec avast et il m'a trouvé des fichiers infectés par un virus worm32netskyC, ces fichiers ont tous été effacés.Mais le problème persiste, je pense que le worm n'y était pour rien.j'ai donc fait un scan avec hijackthis, mais je ne sais pas les interpréter...donc si quelqu'un pouvait m'aider et me dire ce qu'il faut que je fasse avec ça, ce serait extremement sympa!merci d'avance voilà le log:Logfile of HijackThis v1.99.1Scan saved at 09:51:26, on 01/10/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exeC:\Program Files\Winamp\Winampa.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\WINDOWS\System32\DRIVERS\CDANTSRV.EXEC:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\airsvcu.exeC:\WINDOWS\System32
vsvc32.exeC:\WINDOWS\system32\slserv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32	askmgr.exeC:\Program Files\Internet Explorer\iexplore.exeC:\PROGRA~1\Wanadoo\Utilisateur1\Sylvain\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initializeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquietO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exeO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startupO4 - Startup: Présentation de Media Manager.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Media Manager\SPLASHA.EXEO4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exeO4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cabO16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/fr/SysWebTelecom.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXEO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exeO23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

toto1988 · Answer

Bonjour,ton log me parait propre mais demande à  balltrap34 ce qu'il en pense.@+

slybzh · Answer

salut,

j'ai scanné avec spyware doctor et il a trouvé 100 infections, mais il veut pas les enlever, il veut que j'achète le logiciel...

voilà ce qu'il a trouvé:

Infection Name Location Risk
Trojan.Dialer.FU HKCR\Interface\{639581D0-8376-4073-B73B-45993FA45156} Medium
Trojan.Dialer.FU HKCR\Interface\{639581D0-8376-4073-B73B-45993FA45156}## Medium
Trojan.Dialer.FU HKCR\Interface\{639581D0-8376-4073-B73B-45993FA45156}\ProxyStubClsid Medium
Trojan.Dialer.FU HKCR\Interface\{639581D0-8376-4073-B73B-45993FA45156}\ProxyStubClsid## Medium
Trojan.Dialer.FU HKCR\Interface\{639581D0-8376-4073-B73B-45993FA45156}\ProxyStubClsid32 Medium
Trojan.Dialer.FU HKCR\Interface\{639581D0-8376-4073-B73B-45993FA45156}\ProxyStubClsid32## Medium
Trojan.Dialer.FU HKCR\Interface\{639581D0-8376-4073-B73B-45993FA45156}\TypeLib Medium
Trojan.Dialer.FU HKCR\Interface\{639581D0-8376-4073-B73B-45993FA45156}\TypeLib## Medium
Trojan.Dialer.FU HKCR\Interface\{639581D0-8376-4073-B73B-45993FA45156}\TypeLib##Version Medium
Trojan.Dialer.FU HKCR\Interface\{66B0C472-A6B5-4E86-8330-F4875AF90929} Medium
Trojan.Dialer.FU HKCR\Interface\{66B0C472-A6B5-4E86-8330-F4875AF90929}## Medium
Trojan.Dialer.FU HKCR\Interface\{66B0C472-A6B5-4E86-8330-F4875AF90929}\ProxyStubClsid Medium
Trojan.Dialer.FU HKCR\Interface\{66B0C472-A6B5-4E86-8330-F4875AF90929}\ProxyStubClsid## Medium
Trojan.Dialer.FU HKCR\Interface\{66B0C472-A6B5-4E86-8330-F4875AF90929}\ProxyStubClsid32 Medium
Trojan.Dialer.FU HKCR\Interface\{66B0C472-A6B5-4E86-8330-F4875AF90929}\ProxyStubClsid32## Medium
Trojan.Dialer.FU HKCR\Interface\{66B0C472-A6B5-4E86-8330-F4875AF90929}\TypeLib Medium
Trojan.Dialer.FU HKCR\Interface\{66B0C472-A6B5-4E86-8330-F4875AF90929}\TypeLib## Medium
Trojan.Dialer.FU HKCR\Interface\{66B0C472-A6B5-4E86-8330-F4875AF90929}\TypeLib##Version Medium
Trojan.Dialer.FU HKCR\SysWebTelecom.SysWebTelecom Medium
Trojan.Dialer.FU HKCR\SysWebTelecom.SysWebTelecom## Medium
Trojan.Dialer.FU HKCR\SysWebTelecom.SysWebTelecom\CLSID Medium
Trojan.Dialer.FU HKCR\SysWebTelecom.SysWebTelecom\CLSID## Medium
Trojan.Dialer.FU HKCR\SysWebTelecom.SysWebTelecom\CurVer Medium
Trojan.Dialer.FU HKCR\SysWebTelecom.SysWebTelecom\CurVer## Medium
Trojan.Dialer.FU HKCR\TypeLib\{21DE6877-97C0-4FC7-9C16-666B996DB4A2} Medium
Trojan.Dialer.FU HKCR\TypeLib\{21DE6877-97C0-4FC7-9C16-666B996DB4A2}## Medium
Trojan.Dialer.FU HKCR\TypeLib\{21DE6877-97C0-4FC7-9C16-666B996DB4A2}\1.0 Medium
Trojan.Dialer.FU HKCR\TypeLib\{21DE6877-97C0-4FC7-9C16-666B996DB4A2}\1.0## Medium
Trojan.Dialer.FU HKCR\TypeLib\{21DE6877-97C0-4FC7-9C16-666B996DB4A2}\1.0\0 Medium
Trojan.Dialer.FU HKCR\TypeLib\{21DE6877-97C0-4FC7-9C16-666B996DB4A2}\1.0\0## Medium
Trojan.Dialer.FU HKCR\TypeLib\{21DE6877-97C0-4FC7-9C16-666B996DB4A2}\1.0\0\win32 Medium
Trojan.Dialer.FU HKCR\TypeLib\{21DE6877-97C0-4FC7-9C16-666B996DB4A2}\1.0\0\win32## Medium
Trojan.Dialer.FU HKCR\TypeLib\{21DE6877-97C0-4FC7-9C16-666B996DB4A2}\1.0\FLAGS Medium
Trojan.Dialer.FU HKCR\TypeLib\{21DE6877-97C0-4FC7-9C16-666B996DB4A2}\1.0\FLAGS## Medium
Trojan.Dialer.FU HKCR\TypeLib\{21DE6877-97C0-4FC7-9C16-666B996DB4A2}\1.0\HELPDIR Medium
Trojan.Dialer.FU HKCR\TypeLib\{21DE6877-97C0-4FC7-9C16-666B996DB4A2}\1.0\HELPDIR## Medium
YourSiteBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658} High
YourSiteBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\iexplore High
Advertising C:\Documents and Settings\Sylvain\Local Settings\Temporary Internet Files\Content.IE5\KZPNUY71\bins=1[1].gif Low
Advertising C:\Documents and Settings\Sylvain\Local Settings\Temporary Internet Files\Content.IE5\OLEV0LMB\bins=1[1].gif Low
IEAccess.HTMLAccess C:\Documents and Settings\Sylvain\Local Settings\Temporary Internet Files\Content.IE5\VYSBFDOT\exit[1].html Medium
Advertising C:\Documents and Settings\Sylvain\Local Settings\Temporary Internet Files\Content.IE5\VYSBFDOT\bins=1[1].gif Low
Advertising C:\Documents and Settings\Sylvain\Local Settings\Temporary Internet Files\Content.IE5\MD47ID0D\bnum=40114445[1] Low
Affiliated with Browser Hijackers C:\Documents and Settings\Sylvain\Local Settings\Temporary Internet Files\Content.IE5\KZPNUY71\index[7].html Elevated
Affiliated with Browser Hijackers C:\Documents and Settings\Sylvain\Local Settings\Temporary Internet Files\Content.IE5\8DURUN4H\1565[1].swf Elevated
Advertising C:\Documents and Settings\Sylvain\Local Settings\Temporary Internet Files\Content.IE5\OLEV0LMB\pops=6[1] Low
Common Components for Carpe Diem dialers C:\Documents and Settings\Sylvain\Local Settings\Temporary Internet Files\Content.IE5\ZE0FNT41\468x80_03[1].jpeg Elevated
Known Bad Sites C:\Documents and Settings\Sylvain\Local Settings\Temporary Internet Files\Content.IE5\4T0ZKB4V\fcnt[1].html High
Advertising C:\Documents and Settings\Sylvain\Local Settings\Temporary Internet Files\Content.IE5\Z6077XKX\bins=1[1].gif Low
Advertising C:\Documents and Settings\Sylvain\Cookies\sylvain@cgi-bin[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@ilead.itrack[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@cgi-bin[2].txt Medium
Advertising C:\Documents and Settings\Sylvain\Cookies\sylvain@ads.webfever.kadserver[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@click-fr[2].txt Medium
Advertising C:\Documents and Settings\Sylvain\Cookies\sylvain@ads.deblok.net.kadserver[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@targetnet[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@gator[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@tradedoubler[2].txt Medium
Advertising C:\Documents and Settings\Sylvain\Cookies\sylvain@advertising[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@hitbox[2].txt Medium
Advertising C:\Documents and Settings\Sylvain\Cookies\sylvain@servedby.advertising[2].txt Low
Advertising C:\Documents and Settings\Sylvain\Cookies\sylvain@valueclick[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@tribalfusion[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@ehg-dig.hitbox[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@xiti[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@ehg-vivacances.hitbox[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@cgi-bin[4].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@phg.hitbox[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@go[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@statse.webtrendslive[2].txt Medium
Known Bad Sites C:\Documents and Settings\Sylvain\Cookies\sylvain@www.parisvoyeur[1].txt High
Known Bad Sites C:\Documents and Settings\Sylvain\Cookies\sylvain@tracker.affistats[2].txt High
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@bluestreak[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@maxserving[2].txt Medium
Advertising C:\Documents and Settings\Sylvain\Cookies\sylvain@overture[2].txt Low
Advertising C:\Documents and Settings\Sylvain\Cookies\sylvain@doubleclick[1].txt Low
Advertising C:\Documents and Settings\Sylvain\Cookies\sylvain@fastclick[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@2o7[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@fl01.ct2.comclick[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@realmedia[3].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@disney.go[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@atwola[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@questionmarket[1].txt Medium
Common Components for Claria C:\Documents and Settings\Sylvain\Cookies\sylvain@belnk[1].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@www.burstbeacon[1].txt Medium
2nd-thought.com C:\Documents and Settings\Sylvain\Cookies\sylvain@as-us.falkag[2].txt Medium
Advertising C:\Documents and Settings\Sylvain\Cookies\sylvain@adtech[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@112.2o7[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@serving-sys[1].txt Medium
Advertising C:\Documents and Settings\Sylvain\Cookies\sylvain@mediaplex[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@247realmedia[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@seeq[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@dcs73d8ey4twkfbrtpj35l5z1_3m1y[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@atdmt[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@bs.serving-sys[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\Sylvain\Cookies\sylvain@apmebf[1].txt Medium
Advertising C:\Documents and Settings\Sylvain\Cookies\sylvain@burstnet[2].txt Low
Advertising C:\Documents and Settings\Sylvain\Cookies\sylvain@com[2].txt Low
Advertising C:\Documents and Settings\Sylvain\Cookies\sylvain@casalemedia[1].txt Low
Advertising C:\Documents and Settings\Sylvain\Cookies\sylvain@paycounter[2].txt Low

en gros les noms des trucs qu'il a trouvé sont:
claria (autre nom=gator)
2nd thought.com
tracking cookie
known bad sites
common components for carpe diem dialers
trojan.dialer.fu
your site bar
advertising
IEAccess.HTMLAccess
Affiliated with browsers hijackers

vous savez comment je pourrais les enlever???

merci!

Utilisateur anonyme · Answer

salut,
Commence par scanner ton pc avec ces 2 anti spywares complémentaires :

1/Spybot S&D 1.4 <<nouvelle version
http://www.safer-networking.org/fr/index.htm

Démo d’utilisation (merci à Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

2/Ad-Aware SE 1.06 <<nouvelle version
http://www.lavasoftusa.com/software/adaware/
-Une aide:
http://www.tutopat.com/viewtopic.php?t=1191
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation)

puis
Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci à Balltrap34).
http://pageperso.aol.fr/balltrap34/democleanup.htm

Une fois tu as tous supprimer ce qu il te trouve, refais un scan

a+

Besoin svp d'une analyse de hijackthis

3 réponses

Discussions similaires

Newsletters