Se connecter / S'enregistrer
Votre question

chevaux de troies et avast?

Tags :
  • Avast
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Juin 2007 16:31:23

bonjour,
J'aura besoin d'un conseil : pourqoua avast me signale des chevaux de troies et quand je les suprimes il revienent?

Autres pages sur : chevaux troies avast

a b 8 Sécurité
23 Juin 2007 16:54:17

Bonjour,

Leur emplacement ?

Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.

Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :

  • Edition / Sélectionner tout
  • Edition / Copier
  • Clique-Droit / Coller dans ta réponse

    AIDE : Tuto en vidéo sur Hijackthis
    23 Juin 2007 17:35:33

    voila :
    Logfile of HijackThis v1.99.1
    Scan saved at 17:35:16, on 23/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\rmctrl.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\WINDOWS\tsnpstd3.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\vsnpstd3.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\ENJOY Plus!\Enjoy Plus!.exe
    C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Sect lite vc 4] C:\Documents and Settings\All Users\Application Data\link boob sect lite\Logo Bib.exe
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [j1221836] rundll32 C:\WINDOWS\system32\j1221836.dll sook
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\ytmhrqqa.dll",realset
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [OnlineBat] C:\DOCUME~1\ADMINI~1\APPLIC~1\Bluedash\Internet Heart.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\Enjoy Plus!.exe
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: c:\windows\system32\ssqpqoo.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Administrateur\Application Data\tmp2.tmp.exe (file missing)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    Contenus similaires
    a b 8 Sécurité
    23 Juin 2007 18:21:09

    Re,

    Merci de répondre à mes questions la prochaine fois :) 

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    23 Juin 2007 20:16:40

    dsl pour la question mais je n'ai pas fait attention, j'ai l'inpression que la plupart des virus etc.. se situ dans le system 32.

    voila : Logfile of HijackThis v1.99.1
    Scan saved at 20:15:06, on 23/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\rmctrl.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\tsnpstd3.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\vsnpstd3.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\Program Files\ENJOY Plus!\Enjoy Plus!.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1965A007-EAC5-48AF-A749-6F38E46EEA5c} - C:\WINDOWS\system32\locxckit.dll (file missing)
    O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\tmpD.tmp.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {6d5891dd-5e26-4e27-8bdd-79505015f7ab} - C:\WINDOWS\system32\maptil.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {D09BD919-EE29-4C08-BD23-4F51F38027A5} - C:\WINDOWS\system32\qomlihh.dll (file missing)
    O2 - BHO: (no name) - {FAA3B1C2-AEB9-4547-B222-24A604EF8DC1} - C:\WINDOWS\system32\vtsqp.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Sect lite vc 4] C:\Documents and Settings\All Users\Application Data\link boob sect lite\Logo Bib.exe
    O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [j1221836] rundll32 C:\WINDOWS\system32\j1221836.dll sook
    O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [OnlineBat] C:\DOCUME~1\ADMINI~1\APPLIC~1\Bluedash\Internet Heart.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: ENJOY Plus!.lnk = C:\Program Files\ENJOY Plus!\Enjoy Plus!.exe
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: c:\windows\system32\ssqpqoo.dll
    O20 - Winlogon Notify: maptil - C:\WINDOWS\SYSTEM32\maptil.dll
    O20 - Winlogon Notify: qomlihh - qomlihh.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Administrateur\Application Data\tmp2.tmp.exe (file missing)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe




    a b 8 Sécurité
    23 Juin 2007 20:32:41

    Le rapport Vundofix ?
    23 Juin 2007 20:35:41

    VundoFix V6.5.1

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Scan started at 20:02:39 23/06/2007

    Listing files found while scanning....

    C:\windows\system32\affuiyqv.dll
    C:\windows\system32\aqqrhmty.ini
    C:\windows\system32\aqqrhmty.tmp
    C:\windows\system32\bbwgevil.ini
    C:\windows\system32\ewsxfogp.ini
    C:\windows\system32\fgkdikof.ini
    C:\windows\system32\fokidkgf.dll
    C:\windows\system32\hpitaemn.dll
    C:\windows\system32\ixyycibn.ini
    C:\windows\system32\krotkxis.ini
    C:\windows\system32\kyvettiu.ini
    C:\WINDOWS\system32\lbngvymc.dll
    C:\windows\system32\livegwbb.dll
    C:\WINDOWS\system32\lmccdfoq.dll
    C:\WINDOWS\system32\luyyrogo.dll
    C:\windows\system32\nbicyyxi.dll
    C:\windows\system32\nmeatiph.ini
    C:\WINDOWS\system32\orcpamgp.dll
    C:\windows\system32\pgofxswe.dll
    C:\windows\system32\pqstv.bak1
    C:\windows\system32\pqstv.bak2
    C:\windows\system32\pqstv.ini
    C:\windows\system32\pqstv.ini2
    C:\windows\system32\pqstv.tmp
    C:\windows\system32\sixktork.dll
    C:\windows\system32\uittevyk.dll
    C:\windows\system32\vqyiuffa.ini
    C:\WINDOWS\system32\vtsqp.dll
    C:\WINDOWS\system32\ytmhrqqa.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\affuiyqv.dll
    C:\windows\system32\affuiyqv.dll Has been deleted!

    Attempting to delete C:\windows\system32\aqqrhmty.ini
    C:\windows\system32\aqqrhmty.ini Has been deleted!

    Attempting to delete C:\windows\system32\aqqrhmty.tmp
    C:\windows\system32\aqqrhmty.tmp Has been deleted!

    Attempting to delete C:\windows\system32\bbwgevil.ini
    C:\windows\system32\bbwgevil.ini Has been deleted!

    Attempting to delete C:\windows\system32\ewsxfogp.ini
    C:\windows\system32\ewsxfogp.ini Has been deleted!

    Attempting to delete C:\windows\system32\fgkdikof.ini
    C:\windows\system32\fgkdikof.ini Has been deleted!

    Attempting to delete C:\windows\system32\fokidkgf.dll
    C:\windows\system32\fokidkgf.dll Has been deleted!

    Attempting to delete C:\windows\system32\hpitaemn.dll
    C:\windows\system32\hpitaemn.dll Has been deleted!

    Attempting to delete C:\windows\system32\ixyycibn.ini
    C:\windows\system32\ixyycibn.ini Has been deleted!

    Attempting to delete C:\windows\system32\krotkxis.ini
    C:\windows\system32\krotkxis.ini Has been deleted!

    Attempting to delete C:\windows\system32\kyvettiu.ini
    C:\windows\system32\kyvettiu.ini Has been deleted!

    Attempting to delete C:\windows\system32\livegwbb.dll
    C:\windows\system32\livegwbb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\lmccdfoq.dll
    C:\WINDOWS\system32\lmccdfoq.dll Has been deleted!

    Attempting to delete C:\windows\system32\nbicyyxi.dll
    C:\windows\system32\nbicyyxi.dll Has been deleted!

    Attempting to delete C:\windows\system32\nmeatiph.ini
    C:\windows\system32\nmeatiph.ini Has been deleted!

    Attempting to delete C:\windows\system32\pgofxswe.dll
    C:\windows\system32\pgofxswe.dll Has been deleted!

    Attempting to delete C:\windows\system32\pqstv.bak1
    C:\windows\system32\pqstv.bak1 Has been deleted!

    Attempting to delete C:\windows\system32\pqstv.bak2
    C:\windows\system32\pqstv.bak2 Has been deleted!

    Attempting to delete C:\windows\system32\pqstv.ini
    C:\windows\system32\pqstv.ini Has been deleted!

    Attempting to delete C:\windows\system32\pqstv.ini2
    C:\windows\system32\pqstv.ini2 Has been deleted!

    Attempting to delete C:\windows\system32\pqstv.tmp
    C:\windows\system32\pqstv.tmp Has been deleted!

    Attempting to delete C:\windows\system32\sixktork.dll
    C:\windows\system32\sixktork.dll Has been deleted!

    Attempting to delete C:\windows\system32\uittevyk.dll
    C:\windows\system32\uittevyk.dll Has been deleted!

    Attempting to delete C:\windows\system32\vqyiuffa.ini
    C:\windows\system32\vqyiuffa.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtsqp.dll
    C:\WINDOWS\system32\vtsqp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ytmhrqqa.dll
    C:\WINDOWS\system32\ytmhrqqa.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.5.1

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Scan started at 20:08:32 23/06/2007

    Listing files found while scanning....

    C:\windows\system32\ytmhrqqa.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\ytmhrqqa.dll
    C:\windows\system32\ytmhrqqa.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    voila lol c'est enorme que t'arrive a te repéré la dedans
    a b 8 Sécurité
    23 Juin 2007 21:05:12

    Re,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS