Win32:TratBHO l'enlever

Question

Bonjour, j'ai mon problème avec le cheval de troie qui revien constament.Virus Win32:TratBHO 

si vous pouvez m'aider, j'ai fait les instructions avec SDFI mais je sais pas quoi fair après.

merci de m'aider.




fi
[b]Checking Files /b: 

No Trojan Files Found 






Removing Temp Files 

[b]ADS Check /b: 



[b]Final Check /b: 

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net 
Rootkit scan 2008-04-03 20:14:41 
Windows 5.1.2600 Service Pack 2 NTFS 

scanning hidden processes ... 

scanning hidden services & system hive ... 

scanning hidden registry entries ... 

scanning hidden files ... 

scan completed successfully 
hidden processes: 0 
hidden services: 0 
hidden files: 0 


[b]Remaining Services /b: 



Authorized Application Key Export: 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpoli­cy\standardprofile\authorizedapplications\list] 
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enable­d:@xpsp2res.dll,-22019" 
"D:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="D:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2" 
"D:\Program Files\Messenger\msmsgs.exe"="D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" 
"D:\WINDOWS\system32\dplaysvr.exe"="D:\WINDOWS\system32\dplaysvr.exe:­*:Enabled:Microsoft DirectPlay Helper" 
"C:\Program Files\EMPIRES2.EXE"="C:\Program Files\EMPIRES2.EXE:*:Enabled:Age of Empires II" 
"D:\Program Files\BitLord2\BitLord.exe"="D:\Program Files\BitLord2\BitLord.exe:*:Enabled: " 
"D:\NeverwinterNights\NWN\nwmain.exe"="D:\NeverwinterNights\NWN\nwmai­n.exe:*:Enabled:Neverwinter Nights" 
"D:\Program Files\WiFiConnector\NintendoWFCReg.exe"="D:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Connecteur Wi-Fi USB Nintendo" 
"C:\LimeWire\LimeWire.exe"="C:\LimeWire\LimeWire.exe:*:Enabled:LimeWire­" 
"D:\Program Files\Microsoft Games\Motocross Madness\mcm.exe"="D:\Program Files\Microsoft Games\Motocross Madness\mcm.exe:*:Disabled:Microsoft© Motocross Madness" 
"C:\Program Files\La QuatriŠme Proph‚tie\prophetie.exe"="C:\Program Files\La QuatriŠme Proph‚tie\prophetie.exe:*:Enabled:prophetie" 
"D:\Program Files\Internet Explorer\IEXPLORE.EXE"="D:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer" 
"D:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="D:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET" 
"D:\WINDOWS\system32\rtcshare.exe"="D:\WINDOWS\system32\rtcshare.exe:­*:Enabled:Partage de l'application RTC" 
"D:\Program Files\NetMeeting\conf.exe"="D:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows© NetMeeting©" 
"C:\BMW M3 Challenge\BMW.exe"="C:\BMW M3 Challenge\BMW.exe:*:Enabled:BMW M3 Challenge" 
"D:\Program Files\Atari\Deer Hunter 2005 Demo\DH2005Demo.exe"="D:\Program Files\Atari\Deer Hunter 2005 Demo\DH2005Demo.exe:*:Enabled:DH2005Demo" 
"D:\Documents and Settings\Maxime\Bureau\WoW-frFR-Installer-downloader.exe"="D:\Documents and Settings\Maxime\Bureau\WoW-frFR-Installer-downloader.exe:*:Enabled:Blizzard Downloader" 
"C:\World of Warcraft\WoW-2.2.0-frFR-downloader.exe"="C:\World of Warcraft\WoW-2.2.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader" 
"C:\World of Warcraft\BackgroundDownloader.exe"="C:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader" 
"C:\Stronghold2Demo.exe"="C:\Stronghold2Demo.exe:*:Enabled:Stronghold 2" 
"C:\Starcraft\StarCraft.exe"="C:\Starcraft\StarCraft.exe:*:Enabled:Star­craft" 
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" 
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" 
"D:\Diablo\Diablo.exe"="D:\Diablo\Diablo.exe:*:Enabled:Diablo" 
"C:\Diablo\Diablo.exe"="C:\Diablo\Diablo.exe:*:Enabled:Diablo" 
"C:\Program Files\Diablo\Diablo.exe"="C:\Program Files\Diablo\Diablo.exe:*:Enabled:Diablo" 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpoli­cy\domainprofile\authorizedapplications\list] 
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enable­d:@xpsp2res.dll,-22019" 
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" 
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" 

[b]Remaining Files /b: 



[b]Files with Hidden Attributes /b: 

Fri 7 Sep 2007 4,348 A.SH. --- "D:\Documents and Settings\All Users\DRM\DRMv1.bak" 
Sat 11 Aug 2007 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" 
Wed 23 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT9.tmp&q­uot; 

[b]Finished!/b

jlpjlp · Answer

slt,


colle un rapport hijackthis 
 

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo. 

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste 

Ensuite avec Explorer créer un dossier c:\hijackthis 
Décompresser Hijackthis dans ce dossier. 
C'est important pour les sauvegardes."

Win32:TratBHO l'enlever

1 réponse

Votre réponse

Discussions similaires

Newsletters