clé infécté par trojan bho impossible de suppFermé

Question

Bonjour,
Voila en gros j ai choper un trojan que ni spybot ni malwarebytes n arrive à supprimé et ce même en mode sans échec , donc je vous poste ici en 1 le rapport malwarebytes suivi du rapport hijacktis en espérant trouvé de l aide . D avance merci .

jlpjlp · Answer

slt les rapports...

Xode · Answer

désolé c est pire que ce que je pensai j ai meme plus moyen d ouvrir ma boite email pour confirmé mon inscription sur le fofo !!!!!

Xode · Answer

je suis obligé de répondre ainsi désolé voici les rapport 


Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1437
Windows 5.1.2600 Service Pack 3

30/11/2008 12:39:25
mbam-log-2008-11-30 (12-39-23).txt

Type de recherche: Examen rapide
Eléments examinés: 48554
Temps écoulé: 2 minute(s), 2 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\bhonew.bhoapp (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bhonew.bhoapp.1 (Trojan.BHO) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

2 rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:02:29, on 30/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Yous\Bureau\HiJackThis.exe

O23 - Service: MBAMService - Unknown owner - \mbamservice.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

jlpjlp · Answer

ok
vire ce qui a ét&é trouvé par malwarebyte

ensuite ton gros souci c'est d'avoir deux antivirus!!!! CA (etrust) et avast , vire en un


pour virer avast
https://www.avast.com/fr-fr/uninstall-utility

Xode · Answer

Ben en faite le gros souci c est que malwarebytes ne les supprime pas il dis que c est fais et quand je relance le scan ben ils sont la de nouveau

jlpjlp · Answer

vire ca ou avast

puis


Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

Xode · Answer

Logfile of random's system information tool 1.04 (written by random/random)
Run by Yous at 2008-11-30 13:18:10
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 204 GB (86%) free of 238 GB
Total RAM: 2046 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:21, on 30/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Yous\Bureau\RSIT.exe
C:\Documents and Settings\Yous\Bureau\Yous.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O2 - BHO: DTOOL - {0CB66BA8-5E1F-4963-93D1-E1D6B78F0502} - C:\WINDOWS\system32\blingen.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [InstallShieldSetup] "C:\Program Files\InstallShield Installation Information\{3DD35A30-C65D-4E4D-A5E9-47DD17C9DFF6}\setup.exe" -reboot"C:\Program Files\InstallShield Installation Information\{3DD35A30-C65D-4E4D-A5E9-47DD17C9DFF6}eboot.ini" -l0x040c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Windows Search.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Folding Service #01 (FAH-01) - Unknown owner - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe (file missing)
O23 - Service: Folding Service #02 (FAH-02) - Unknown owner - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe (file missing)
O23 - Service: MBAMService - Unknown owner - \mbamservice.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Xode · Answer

ah oui j ai aussi viré avast

jlpjlp · Answer

analyse ceci sur virus total et colle le rapport:  https://www.virustotal.com/gui/

C:\WINDOWS\system32\blingen.dll 

_______________

ton ordi va mieux depuis que tu as viré avast?


_________________
c'est quoi ton disque D?

Xode · Answer

j vais faire l analyse , euh mieux dans quel sens ? J dirai non j arrive tjr à accédé à hotmail mais quand je clic sur un email ça ne l ouvre tjr pas :-s

Xode · Answer

Antivirus  	Version  	Dernière mise à jour  	Résultat
AhnLab-V3	2008.11.28.2	2008.11.29	-
AntiVir	7.9.0.36	2008.11.29	-
Authentium	5.1.0.4	2008.11.30	-
Avast	4.8.1281.0	2008.11.29	-
AVG	8.0.0.199	2008.11.29	-
BitDefender	7.2	2008.11.30	-
CAT-QuickHeal	10.00	2008.11.29	-
ClamAV	0.94.1	2008.11.30	-
DrWeb	4.44.0.09170	2008.11.29	-
eSafe	7.0.17.0	2008.11.30	-
eTrust-Vet	31.6.6234	2008.11.28	-
Ewido	4.0	2008.11.30	-
F-Prot	4.4.4.56	2008.11.29	-
F-Secure	8.0.14332.0	2008.11.30	-
Fortinet	3.117.0.0	2008.11.30	-
GData	19	2008.11.30	-
Ikarus	T3.1.1.45.0	2008.11.30	-
K7AntiVirus	7.10.538	2008.11.29	-
Kaspersky	7.0.0.125	2008.11.30	-
McAfee	5449	2008.11.29	FakeAlert-R.dll
McAfee+Artemis	5449	2008.11.29	FakeAlert-R.dll
Microsoft	1.4104	2008.11.30	-
NOD32	3651	2008.11.30	-
Norman	5.80.02	2008.11.28	-
Panda	9.0.0.4	2008.11.30	-
PCTools	4.4.2.0	2008.11.30	-
Prevx1	V2	2008.11.30	-
Rising	21.05.62.00	2008.11.30	-
SecureWeb-Gateway	6.7.6	2008.11.29	-
Sophos	4.36.0	2008.11.30	Mal/Emogen-AC
Sunbelt	3.1.1832.2	2008.11.27	-
Symantec	10	2008.11.30	-
TheHacker	6.3.1.1.169	2008.11.29	-
TrendMicro	8.700.0.1004	2008.11.28	-
VBA32	3.12.8.9	2008.11.29	-
ViRobot	2008.11.29.1492	2008.11.29	-
VirusBuster	4.5.11.0	2008.11.29	-
Information additionnelle
File size: 122880 bytes
MD5...: 77ec9d18acded5858fb646ec44b9d146
SHA1..: 17b8a60043349df0f578492d1e184459e6559dc6
SHA256: de423cf3ef8163e6c0386fb5be16d13c905688a85f3a72ee91df57b3c3639b09
SHA512: 048b862b4a61d03ff2f84996874a32034c78240afa89e3a1383f70dff684bcf3
776eb3cca4c6e4072b4bf63504bcfe3f570c067385abc68610ea9ed78e67b99f
ssdeep: 1536:w/j1EOCWoevwCuHX8Bw1ZgbE8RgPkruTEnKAq9yXtwayI/Q:w/hOev7uHLN
8R/zn7FtpyI/
PEiD..: -
TrID..: File type identification
DirectShow filter (52.6%)
Windows OCX File (32.2%)
Win32 Executable MS Visual C++ (generic) (9.8%)
Win32 Executable Generic (2.2%)
Win32 Dynamic Link Library (generic) (1.9%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10007380
timedatestamp.....: 0x492a3846 (Mon Nov 24 05:14:46 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x10d0d 0x11000 6.65 f60e9cd766f9d0bec81b7a13bb9b36b7
.rdata 0x12000 0x4793 0x5000 4.91 1e494ce18807924d299eb17ddb84b8fc
.data 0x17000 0x1d204 0x2000 3.10 997564a2c6d43d6499dd65574491cebb
.rsrc 0x35000 0x1448 0x2000 4.66 235c2d9d1c3282ecdd41afa24dbc98da
.reloc 0x37000 0x2014 0x3000 3.31 1b5340c7ff1dc8f74eded467335765f6

( 7 imports )
> WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -
> KERNEL32.dll: MultiByteToWideChar, WideCharToMultiByte, GetLastError, lstrlenA, lstrlenW, GetTempPathA, GetSystemDirectoryA, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, GetProcAddress, LoadLibraryA, ReleaseMutex, CreateMutexA, OpenMutexA, GetSystemTime, CloseHandle, FileTimeToSystemTime, InterlockedExchange, CreateFileA, GetModuleFileNameA, DisableThreadLibraryCalls, InterlockedIncrement, InterlockedDecrement, RaiseException, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, FlushFileBuffers, GetOEMCP, GetCPInfo, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringA, LCMapStringW, GetEnvironmentStrings, FreeEnvironmentStringsA, HeapSize, SetLastError, TlsFree, TlsSetValue, GetStringTypeA, GetStringTypeW, SetEndOfFile, GetFileTime, GetACP, GetLocaleInfoA, GetThreadLocale, GetVersionExA, HeapAlloc, HeapFree, HeapReAlloc, VirtualProtect, VirtualAlloc, GetModuleHandleA, GetSystemInfo, VirtualQuery, RtlUnwind, DeleteFileA, GetCurrentThreadId, GetCommandLineA, GetProcessHeap, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, SetStdHandle, WriteFile, GetConsoleCP, GetConsoleMode, Sleep, ExitProcess, VirtualFree, HeapDestroy, HeapCreate, ReadFile, SetFilePointer, TlsGetValue, TlsAlloc
> USER32.dll: UnregisterClassA, LoadCursorA, LoadIconA, RegisterClassA, CreateWindowExA, ShowWindow, DestroyWindow, PostQuitMessage, DefWindowProcA
> ADVAPI32.dll: RegDeleteKeyA
> ole32.dll: CoCreateInstance
> OLEAUT32.dll: -, -, -, -
> ATL80.DLL: -, -, -, -, -, -, -, -, -, -, -

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer

jlpjlp · Answer

télécharge OTMoveIt 
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved. 


:files
C:\WINDOWS\system32\blingen.dll

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78F0502}]
HKEY_CLASSES_ROOT\bhonew.bhoapp 
HKEY_CLASSES_ROOT\bhonew.bhoapp.1 



clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 

____________________

et dis ensuite si encore des soucis

a plus

Xode · Answer

voila je fais la suppréssion et il me dis succefull mais le probléme est que quand je veux le fermé le programme ne répond pas et je dois TERMINER MAINTENANT pour le férmé . Sinon pour le rapport dans C:\_OTMoveIt\MovedFiles. je n en trouve aucun si ce n est des sous dossier qui ce términe sur le module blingen.dll . J pige pas

Xode · Answer

j ai refais un scan avec malwarebytes  les infections 
 SONT TOUJOUR LA !!!!!!!!!!!!!!!!

jlpjlp · Answer

pour voir recolle un rapport RSIT

et


verifie avec malwarebyte

jlpjlp · Answer

c'est que tu as oublié de mettre


:files


avant les fichiers


refais

Xode · Answer

Ah voila le rapport Error: Unable to interpret <[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78F0502}]> in the current context! Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11302008_140616

jlpjlp · Answer

ok
c'est que tu as oublié de mettre


:files


avant les fichiers


refais

Xode · Answer

j vais faire le scan avec combo fix

Xode · Answer

voila le rapport rsit 

Logfile of random's system information tool 1.04 (written by random/random)
Run by Yous at 2008-11-30 14:15:02
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 204 GB (86%) free of 238 GB
Total RAM: 2046 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:09, on 30/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Yous\Bureau\RSIT.exe
C:\Documents and Settings\Yous\Bureau\Yous.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O2 - BHO: DTOOL - {0CB66BA8-5E1F-4963-93D1-E1D6B78F0502} - C:\WINDOWS\system32\blingen.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [InstallShieldSetup] "C:\Program Files\InstallShield Installation Information\{3DD35A30-C65D-4E4D-A5E9-47DD17C9DFF6}\setup.exe" -reboot"C:\Program Files\InstallShield Installation Information\{3DD35A30-C65D-4E4D-A5E9-47DD17C9DFF6}eboot.ini" -l0x040c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Windows Search.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Folding Service #01 (FAH-01) - Unknown owner - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe (file missing)
O23 - Service: Folding Service #02 (FAH-02) - Unknown owner - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe (file missing)
O23 - Service: MBAMService - Unknown owner - \mbamservice.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Xode · Answer

voila le rapport combo ComboFix 08-11-29.03 - Yous 2008-11-30 14:27:10.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1656 [GMT 1:00] Lancé depuis: c:\documents and settings\Yous\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\blingen.dll c:\windows\system32\msblink.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-30 )))))))))))))))))))))))))))))))))))) . 2008-12-29 19:47 . 2008-11-17 17:18 2,337,865 --a------ c:\windows\system32\pbsvc.exe 2008-12-28 18:48 . 2008-12-28 18:48 d-------- c:\documents and settings\Yous\Application Data\vlc 2008-12-28 18:47 . 2008-12-28 18:47 d-------- c:\program files\ESTsoft 2008-12-28 18:47 . 2008-11-29 18:31 d-------- c:\documents and settings\Yous\Application Data\ESTsoft 2008-12-25 11:04 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache etapi32.dll 2008-11-30 13:53 . 2008-11-30 13:53 d-------- C:\_OTMoveIt 2008-11-30 13:18 . 2008-11-30 13:18 d-------- C: sit 2008-11-30 11:53 . 2008-11-30 11:53 d-------- c:\program files\PCPitstop 2008-11-30 11:51 . 2008-11-30 14:06 0 --a------ c:\windows\system32 etsonic.dat 2008-11-30 10:53 . 2008-11-30 10:53 d-------- c:\documents and settings\Administrateur.HXC\Application Data\Malwarebytes 2008-11-30 10:52 . 2007-01-01 03:40 d--h----- c:\documents and settings\Administrateur.HXC\Voisinage réseau 2008-11-30 10:52 . 2007-01-01 03:40 d--h----- c:\documents and settings\Administrateur.HXC\Voisinage d'impression 2008-11-30 10:52 . 2008-09-03 22:04 d--h----- c:\documents and settings\Administrateur.HXC\Modèles 2008-11-30 10:52 . 2007-01-01 03:40 d-------- c:\documents and settings\Administrateur.HXC\Mes documents 2008-11-30 10:52 . 2007-01-01 03:40 dr------- c:\documents and settings\Administrateur.HXC\Menu Démarrer 2008-11-30 10:52 . 2007-01-01 03:40 d-------- c:\documents and settings\Administrateur.HXC\Favoris 2008-11-30 10:52 . 2007-01-01 03:40 d-------- c:\documents and settings\Administrateur.HXC\Bureau 2008-11-30 10:52 . 2008-11-30 10:52 d-------- c:\documents and settings\Administrateur.HXC 2008-11-29 18:40 . 2008-11-29 18:40 d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-29 18:40 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-29 18:40 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-20 21:44 . 2008-11-20 21:44 42,320 --a------ c:\windows\system32\xfcodec.dll 2008-11-17 17:36 . 2008-11-30 10:44 d-------- c:\program files\Folding@Home #01 2008-11-17 17:19 . 2008-11-17 17:19 d-------- c:\documents and settings\All Users\Application Data\Ubisoft 2008-11-17 17:07 . 2008-11-17 17:07 d-------- c:\program files\Ubisoft 2008-11-12 19:47 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 19:45 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 18:59 . 2008-11-12 18:59 d-------- c:\program files\CA 2008-11-12 14:51 . 2008-11-12 14:51 0 --a------ c:\windows\PestPatrol5.INI 2008-11-12 14:35 . 2008-11-12 19:00 d-------- c:\program files\Fichiers communs\Scanner 2008-11-12 14:35 . 2008-11-12 14:35 d-------- c:\documents and settings\All Users\Application Data\CA 2008-11-11 20:25 . 2008-11-30 10:25 d-------- c:\program files\P2P_Energy 2008-11-11 20:25 . 2008-11-11 20:25 d-------- c:\program files\EZ Boosters 2008-11-11 20:25 . 2008-11-11 20:25 d-------- c:\program files\Conduit 2008-11-06 16:58 . 2008-11-06 19:37 d-------- c:\program files\DAEMON Tools Toolbar 2008-11-06 16:58 . 2008-11-09 10:18 d-------- c:\program files\DAEMON Tools Lite 2008-11-06 16:54 . 2008-11-06 16:54 d-------- c:\documents and settings\Yous\Application Data\DAEMON Tools 2008-11-06 16:54 . 2008-11-06 16:54 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2008-11-02 19:56 . 2008-11-24 22:40 d-------- c:\documents and settings\Yous\Application Data\dvdcss 2008-10-20 18:31 . 2008-12-29 16:21 d-------- c:\program files\Steam 2008-10-19 20:57 . 2008-10-19 20:59 d-------- c:\documents and settings\Yous\Application Data\SumatraPDF 2008-10-19 20:56 . 2008-10-19 20:56 d-------- c:\program files\SumatraPDF 2008-10-15 18:45 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-15 18:45 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-15 18:44 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache toskrnl.exe 2008-10-15 18:44 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache tkrnlmp.exe 2008-10-15 18:44 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache tkrnlpa.exe 2008-10-15 18:44 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache tkrpamp.exe 2008-10-05 16:23 . 2008-10-05 16:23 d-------- c:\windows\system32\AGEIA 2008-10-05 16:23 . 2008-10-05 16:24 d-------- c:\windows\NV24522492.TMP 2008-10-05 16:22 . 2008-10-05 16:22 d-------- C:\NVIDIA 2008-10-05 15:17 . 2008-10-05 15:17 d-------- c:\program files\SystemRequirementsLab 2008-10-05 15:16 . 2008-10-05 15:16 d-------- c:\windows\Sun 2008-10-05 15:16 . 2008-10-05 15:17 d-------- c:\documents and settings\Yous\Application Data\SystemRequirementsLab 2008-10-03 04:07 . 2008-10-03 04:07 268 --ah----- C:\sqmdata07.sqm 2008-10-03 04:07 . 2008-10-03 04:07 244 --ah----- C:\sqmnoopt07.sqm 2008-10-03 03:59 . 2008-10-03 03:59 268 --ah----- C:\sqmdata06.sqm 2008-10-03 03:59 . 2008-10-03 03:59 244 --ah----- C:\sqmnoopt06.sqm 2008-10-02 14:33 . 2008-11-29 18:30 d-------- c:\program files\Yahoo! 2008-10-02 12:48 . 2008-10-02 12:48 268 --ah----- C:\sqmdata05.sqm 2008-10-02 12:48 . 2008-10-02 12:48 244 --ah----- C:\sqmnoopt05.sqm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-30 11:25 --------- d-----w c:\documents and settings\Yous\Application Data\Xfire 2008-11-30 11:23 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-29 18:01 202,040 ----a-w c:\windows\system32\PnkBstrB.exe 2008-11-29 18:01 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-11-26 14:07 --------- d-----w c:\program files\Xfire 2008-11-24 22:06 --------- d-----w c:\documents and settings\Yous\Application Data\LimeWire 2008-11-17 16:19 22,328 ----a-w c:\documents and settings\Yous\Application Data\PnkBstrK.sys 2008-11-17 16:18 66,872 ----a-w c:\windows\system32\PnkBstrA.exe 2008-11-17 16:07 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-11 12:07 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-04 16:05 --------- d-----w c:\program files\Activision 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-15 13:43 --------- d-----w c:\program files\TuneUp Utilities 2008 2008-10-06 21:27 --------- d-----w c:\program files\Fichiers communs\InstallShield 2008-10-05 15:23 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2008-09-29 16:34 --------- d-----w c:\program files\PhotoFiltre 2008-09-28 16:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-09-28 15:25 --------- d-----w c:\program files\SpywareBlaster 2008-09-25 16:38 796,672 ----a-w c:\windows\GPInstall.exe 2008-09-16 19:27 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll 2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-09-04 15:17 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe 2008-09-04 12:24 315,392 ----a-w c:\windows\HideWin.exe 2008-09-04 07:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe 2008-08-29 06:57 70,936 ----a-w c:\windows\system32\PhysXLoader.dll 2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-14 13:23 2,147,328 ----a-w c:\windows\system32 toskrnl.exe 2008-08-14 13:23 2,025,984 ----a-w c:\windows\system32 tkrnlpa.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016] "CaISSDT"="c:\program files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 165416] "eTrustPPAP"="c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2008-11-14 258048] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32 wiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Windows Search.lnk.disabled [2008-09-05 1837] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\startupfolder\C:^Documents and Settings^Yous^Menu Démarrer^Programmes^Démarrage^LimeWire Ultra Accelerator.lnk] path=c:\documents and settings\Yous\Menu Démarrer\Programmes\Démarrage\LimeWire Ultra Accelerator.lnk backup=c:\windows\pss\LimeWire Ultra Accelerator.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 11:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2008-09-17 08:55 13574144 c:\windows\system32 vcpl.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "c:\WINDOWS\system32\PnkBstrA.exe"= "c:\WINDOWS\system32\PnkBstrB.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "c:\Program Files\MSN Messenger\msnmsgr.exe"= "c:\Program Files\MSN Messenger\livecall.exe"= "c:\Program Files\LimeWire\LimeWire.exe"= "c:\Program Files\Xfire\xfire.exe"= "c:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"= "c:\Program Files\uTorrent\uTorrent.exe"= "c:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe"= "c:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe"= "c:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\RainbowSixVegas2_SADS.exe"= R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-11-29 15504] S2 FAH-01;Folding Service #01;"c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe" -local -svcstart [] S2 FAH-02;Folding Service #02;"c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe" -local -svcstart [] S2 MBAMService;MBAMService;\mbamservice.exe [] S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS [2008-09-04 16269] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f3ad742-9941-11db-84ee-806d6172696f}] \Shell\AutoRun\command - D:\Setup.EXE *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Tâches planifiées' 2008-11-30 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23] . - - - - ORPHELINS SUPPRIMES - - - - URLSearchHooks-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file) Toolbar-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file) HKLM-RunOnce- - (no file) . ------- Examen supplémentaire ------- . FireFox -: Profile - c:\documents and settings\Yous\Application Data\Mozilla\Firefox\Profiles\1weatnv5.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins ppl3260.dll FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins prpjplug.dll FF -: plugin - c:\program files\Yahoo!\Common pyaxmpb.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-30 14:27:43 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-11-30 14:28:11 ComboFix-quarantined-files.txt 2008-11-30 13:28:07 Avant-CF: 214 093 012 992 octets libres Après-CF: 214,081,376,256 octets libres 206 --- E O F --- 2008-11-12 19:35:06

Xode · Answer

Tjr la ???

Xode · Answer

Quelqu un pour m aidé svp ???

afideg · Answer

Salut jlpjlp

Peut-être faut-il mettre une majuscule dans le script; comme ceci:

:Reg

:Files

Je n'en sais rien.
Bonne chance.
Al.

Xode · Answer

le probléme n est pas ce programme mais mes deux infection lol

X ODE · Answer

HELP ME

X ODE · Answer

freedom J SUIS libre de cette crase ^^

jlpjlp · Answer

slt afideg!  normalement non pas besoin de majuscule




X ODE

bon combofix a viré le fichier

encore des soucis?
remets un rapport RSIT

X ode · Answer

Salut à toi jlpjlp,
je pense que je n ai plus le trojan je poste le rapport  que tu m a demandé 

si tu sais y jetté un oeil et me dire quoi qu on puissent marqué résolu sur ce suget 

je te remercie pour ton aide 


Logfile of random's system information tool 1.04 (written by random/random)
Run by Yous at 2008-12-01 16:29:17
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 204 GB (86%) free of 238 GB
Total RAM: 2046 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:26, on 01/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Yous\Bureau\RSIT.exe
C:\Program Files	rend micro\Yous.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0CB66BA8-5E1F-4963-93D1-E1D6B78F0502} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [InstallShieldSetup] "C:\Program Files\InstallShield Installation Information\{3DD35A30-C65D-4E4D-A5E9-47DD17C9DFF6}\setup.exe" -reboot"C:\Program Files\InstallShield Installation Information\{3DD35A30-C65D-4E4D-A5E9-47DD17C9DFF6}eboot.ini" -l0x040c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Windows Search.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Folding Service #01 (FAH-01) - Unknown owner - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe (file missing)
O23 - Service: Folding Service #02 (FAH-02) - Unknown owner - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe (file missing)
O23 - Service: MBAMService - Unknown owner - \mbamservice.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

X ode · Answer

Salut à toi jlpjlp,
je pense que je n ai plus le trojan je poste le rapport  que tu m a demandé 

si tu sais y jetté un oeil et me dire quoi qu on puissent marqué résolu sur ce suget 

je te remercie pour ton aide 


Logfile of random's system information tool 1.04 (written by random/random)
Run by Yous at 2008-12-01 16:29:17
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 204 GB (86%) free of 238 GB
Total RAM: 2046 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:26, on 01/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Yous\Bureau\RSIT.exe
C:\Program Files	rend micro\Yous.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0CB66BA8-5E1F-4963-93D1-E1D6B78F0502} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [InstallShieldSetup] "C:\Program Files\InstallShield Installation Information\{3DD35A30-C65D-4E4D-A5E9-47DD17C9DFF6}\setup.exe" -reboot"C:\Program Files\InstallShield Installation Information\{3DD35A30-C65D-4E4D-A5E9-47DD17C9DFF6}eboot.ini" -l0x040c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Windows Search.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Folding Service #01 (FAH-01) - Unknown owner - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe (file missing)
O23 - Service: Folding Service #02 (FAH-02) - Unknown owner - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe (file missing)
O23 - Service: MBAMService - Unknown owner - \mbamservice.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

jlpjlp · Answer

le rapport est bon . Mais comme je n'ai accès au net que depuis mon tel :) passe un coup du logiciel ccleaner pour nettoyer les traces . Dès que je peux je confirme . À plus

Clé infécté par trojan bho impossible de supp

31 réponses

Discussions similaires

Newsletters