Astuces pc et forum informatique PC Fastoche

Forum informatique > Forum d'aide informatique, astuces et discussions > Internet, réseaux et problèmes liés au web ou à la connexion

Probleme cheval de troie , help: cheval de troie

we_mec_trop_styl...	15/03/2008 à 19:55
	bonjour a tous, j'ai chopé un virus cheval de troie. j'ai fais quelques cleans puis lancer une analyse du systeme avec ewido. en voici le rapport: --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 19:19:37 15/03/2008 + Résultat de l'analyse: HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Ignoré. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1 -> Adware.Generic : Ignoré. C:\Documents and Settings\steph\Local Settings\Temp\Cookies\steph@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignoré. :mozilla.46:C:\Documents and Settings\stef\Application Data\Mozilla\Firefox\Profiles\ampjea8f.default\cookies.txt -> TrackingCookie.2o7 : Ignoré. C:\Documents and Settings\stef\Cookies\stef@2o7[2].txt -> TrackingCookie.2o7 : Ignoré. :mozilla.20:C:\Documents and Settings\stef\Application Data\Mozilla\Firefox\Profiles\ampjea8f.default\cookies.txt -> TrackingCookie.Adtech : Ignoré. :mozilla.22:C:\Documents and Settings\stef\Application Data\Mozilla\Firefox\Profiles\ampjea8f.default\cookies.txt -> TrackingCookie.Adtech : Ignoré. C:\Documents and Settings\steph\Local Settings\Temp\Cookies\steph@adtech[1].txt -> TrackingCookie.Adtech : Ignoré. :mozilla.53:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\o7wfye1k.default\cookies.txt -> TrackingCookie.Advertising : Ignoré. :mozilla.54:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\o7wfye1k.default\cookies.txt -> TrackingCookie.Advertising : Ignoré. :mozilla.55:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\o7wfye1k.default\cookies.txt -> TrackingCookie.Advertising : Ignoré. :mozilla.56:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\o7wfye1k.default\cookies.txt -> TrackingCookie.Advertising : Ignoré. :mozilla.9:C:\Documents and Settings\stef\Application Data\Mozilla\Firefox\Profiles\ampjea8f.default\cookies.txt -> TrackingCookie.Advertising : Ignoré. C:\Documents and Settings\steph\Cookies\steph@advertising[1].txt -> TrackingCookie.Advertising : Ignoré. C:\Documents and Settings\steph\Local Settings\Temp\Cookies\steph@advertising[1].txt -> TrackingCookie.Advertising : Ignoré. :mozilla.61:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\o7wfye1k.default\cookies.txt -> TrackingCookie.Adviva : Ignoré. :mozilla.37:C:\Documents and Settings\stef\Application Data\Mozilla\Firefox\Profiles\ampjea8f.default\cookies.txt -> TrackingCookie.Atdmt : Ignoré. :mozilla.52:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\o7wfye1k.default\cookies.txt -> TrackingCookie.Atdmt : Ignoré. C:\Documents and Settings\stef\Cookies\stef@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré. C:\Documents and Settings\steph\Local Settings\Temp\Cookies\steph@atdmt[2].txt -> TrackingCookie.Atdmt : Ignoré. :mozilla.40:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\o7wfye1k.default\cookies.txt -> TrackingCookie.Bluestreak : Ignoré. C:\Documents and Settings\steph\Local Settings\Temp\Cookies\steph@bluestreak[1].txt -> TrackingCookie.Bluestreak : Ignoré. C:\Documents and Settings\steph\Local Settings\Temp\Cookies\steph@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Ignoré. :mozilla.16:C:\Documents and Settings\stef\Application Data\Mozilla\Firefox\Profiles\ampjea8f.default\cookies.txt -> TrackingCookie.Doubleclick : Ignoré. :mozilla.57:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\o7wfye1k.default\cookies.txt -> TrackingCookie.Doubleclick : Ignoré. C:\Documents and Settings\stef\Cookies\stef@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignoré. C:\Documents and Settings\steph\Local Settings\Temp\Cookies\steph@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignoré. :mozilla.25:C:\Documents and Settings\stef\Application Data\Mozilla\Firefox\Profiles\ampjea8f.default\cookies.txt -> TrackingCookie.Estat : Ignoré. C:\Documents and Settings\steph\Local Settings\Temp\Cookies\steph@fastclick[2].txt -> TrackingCookie.Fastclick : Ignoré. :mozilla.31:C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\tcr0jc83.default\cookies.txt -> TrackingCookie.Googleadservices : Ignoré. :mozilla.32:C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\tcr0jc83.default\cookies.txt -> TrackingCookie.Googleadservices : Ignoré. :mozilla.33:C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\tcr0jc83.default\cookies.txt -> TrackingCookie.Googleadservices : Ignoré. C:\Documents and Settings\steph\Local Settings\Temp\Cookies\steph@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré. C:\Documents and Settings\steph\Local Settings\Temp\Cookies\steph@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré. C:\Documents and Settings\steph\Local Settings\Temp\Cookies\steph@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré. :mozilla.18:C:\Documents and Settings\stef\Application Data\Mozilla\Firefox\Profiles\ampjea8f.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré. :mozilla.31:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\o7wfye1k.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré. :mozilla.34:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\o7wfye1k.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré. :mozilla.35:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\o7wfye1k.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré. :mozilla.36:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\o7wfye1k.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré. C:\Documents and Settings\steph\Local Settings\Temp\Cookies\steph@smartadserver[1].txt -> TrackingCookie.Smartadserver : Ignoré. C:\Documents and Settings\steph\Local Settings\Temp\Cookies\steph@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Ignoré. :mozilla.6:C:\Documents and Settings\stef\Application Data\Mozilla\Firefox\Profiles\ampjea8f.default\cookies.txt -> TrackingCookie.Valueclick : Ignoré. :mozilla.20:C:\Documents and Settings\steph\Application Data\Mozilla\Firefox\Profiles\tcr0jc83.default\cookies.txt -> TrackingCookie.Weborama : Ignoré. :mozilla.32:C:\Documents and Settings\stef\Application Data\Mozilla\Firefox\Profiles\ampjea8f.default\cookies.txt -> TrackingCookie.Weborama : Ignoré. :mozilla.32:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\o7wfye1k.default\cookies.txt -> TrackingCookie.Weborama : Ignoré. :mozilla.33:C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\o7wfye1k.default\cookies.txt -> TrackingCookie.Weborama : Ignoré. :mozilla.48:C:\Documents and Settings\stef\Application Data\Mozilla\Firefox\Profiles\ampjea8f.default\cookies.txt -> TrackingCookie.Weborama : Ignoré. C:\Documents and Settings\stef\Cookies\stef@weborama[1].txt -> TrackingCookie.Weborama : Ignoré. C:\Documents and Settings\steph\Cookies\steph@weborama[1].txt -> TrackingCookie.Weborama : Ignoré. C:\Documents and Settings\steph\Local Settings\Temp\Cookies\steph@weborama[2].txt -> TrackingCookie.Weborama : Ignoré. Fin du rapport est ce que vous pouvez me dire quoi faire par la suite afin de nettoyer mon ordi de ce souci? merci d'avance,


we_mec_trop_styl...	15/03/2008 à 20:09
	j'ai aussi fait un scan avec hijackThis et en voici le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:05:47, on 15/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDserv.exe C:\WINDOWS\system32\lxddcoms.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UStorSrv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Acer\eRecovery\Monitor.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\sistray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\steph\LOCALS~1\Temp\services.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\steph\LOCALS~1\Temp\services.exe O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?e4c206f750964031aa23d604db286204 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?e4c206f750964031aa23d604db286204 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/up...er_v2.2.0.6.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: LXDDCustomerConnect - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXDDserv.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe -- End of file - 9267 bytes toujours en attente de votre aide précieuse. merci d avance

jmlrr	15/03/2008 à 20:19
	Bonsoir, Vous fixez la ligne suivante (d'après le rapport Hijackthis) : O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257 Extremely nasty Fuzzy Algorithmcheck (1.79 / 5.00), Nasty A vous lire pour le résultat, @+

jmlrr	15/03/2008 à 20:21
	Re, Résultat obtenu en collant votre rapport dans la page suivante : http://www.hijackthis.de/index.php Cordialement, @+

Trouver un problème ou une solution similaire à "Probleme cheval de troie":

Vous n'avez pas trouvé ce que vous cherchiez ?
Parlons-en sur le forum ou faites une recherche sur nos forums informatique.

Internet, réseaux et problèmes liés au web ou à la connexion | p2 | p3

Contact • Plan

Nous sommes le : 09/05/08