Clé infécté par trojan bho impossible de supp - Page 2

Précédent
  • 1
  • 2
  1. Xode
     
    voila le rapport combo

    ComboFix 08-11-29.03 - Yous 2008-11-30 14:27:10.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1656 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Yous\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\blingen.dll
    c:\windows\system32\msblink.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-29 19:47 . 2008-11-17 17:18 2,337,865 --a------ c:\windows\system32\pbsvc.exe
    2008-12-28 18:48 . 2008-12-28 18:48 <REP> d-------- c:\documents and settings\Yous\Application Data\vlc
    2008-12-28 18:47 . 2008-12-28 18:47 <REP> d-------- c:\program files\ESTsoft
    2008-12-28 18:47 . 2008-11-29 18:31 <REP> d-------- c:\documents and settings\Yous\Application Data\ESTsoft
    2008-12-25 11:04 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
    2008-11-30 13:53 . 2008-11-30 13:53 <REP> d-------- C:\_OTMoveIt
    2008-11-30 13:18 . 2008-11-30 13:18 <REP> d-------- C:\rsit
    2008-11-30 11:53 . 2008-11-30 11:53 <REP> d-------- c:\program files\PCPitstop
    2008-11-30 11:51 . 2008-11-30 14:06 0 --a------ c:\windows\system32\netsonic.dat
    2008-11-30 10:53 . 2008-11-30 10:53 <REP> d-------- c:\documents and settings\Administrateur.HXC\Application Data\Malwarebytes
    2008-11-30 10:52 . 2007-01-01 03:40 <REP> d--h----- c:\documents and settings\Administrateur.HXC\Voisinage réseau
    2008-11-30 10:52 . 2007-01-01 03:40 <REP> d--h----- c:\documents and settings\Administrateur.HXC\Voisinage d'impression
    2008-11-30 10:52 . 2008-09-03 22:04 <REP> d--h----- c:\documents and settings\Administrateur.HXC\Modèles
    2008-11-30 10:52 . 2007-01-01 03:40 <REP> d-------- c:\documents and settings\Administrateur.HXC\Mes documents
    2008-11-30 10:52 . 2007-01-01 03:40 <REP> dr------- c:\documents and settings\Administrateur.HXC\Menu Démarrer
    2008-11-30 10:52 . 2007-01-01 03:40 <REP> d-------- c:\documents and settings\Administrateur.HXC\Favoris
    2008-11-30 10:52 . 2007-01-01 03:40 <REP> d-------- c:\documents and settings\Administrateur.HXC\Bureau
    2008-11-30 10:52 . 2008-11-30 10:52 <REP> d-------- c:\documents and settings\Administrateur.HXC
    2008-11-29 18:40 . 2008-11-29 18:40 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-11-29 18:40 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-29 18:40 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-11-20 21:44 . 2008-11-20 21:44 42,320 --a------ c:\windows\system32\xfcodec.dll
    2008-11-17 17:36 . 2008-11-30 10:44 <REP> d-------- c:\program files\Folding@Home #01
    2008-11-17 17:19 . 2008-11-17 17:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Ubisoft
    2008-11-17 17:07 . 2008-11-17 17:07 <REP> d-------- c:\program files\Ubisoft
    2008-11-12 19:47 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-12 19:45 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
    2008-11-12 18:59 . 2008-11-12 18:59 <REP> d-------- c:\program files\CA
    2008-11-12 14:51 . 2008-11-12 14:51 0 --a------ c:\windows\PestPatrol5.INI
    2008-11-12 14:35 . 2008-11-12 19:00 <REP> d-------- c:\program files\Fichiers communs\Scanner
    2008-11-12 14:35 . 2008-11-12 14:35 <REP> d-------- c:\documents and settings\All Users\Application Data\CA
    2008-11-11 20:25 . 2008-11-30 10:25 <REP> d-------- c:\program files\P2P_Energy
    2008-11-11 20:25 . 2008-11-11 20:25 <REP> d-------- c:\program files\EZ Boosters
    2008-11-11 20:25 . 2008-11-11 20:25 <REP> d-------- c:\program files\Conduit
    2008-11-06 16:58 . 2008-11-06 19:37 <REP> d-------- c:\program files\DAEMON Tools Toolbar
    2008-11-06 16:58 . 2008-11-09 10:18 <REP> d-------- c:\program files\DAEMON Tools Lite
    2008-11-06 16:54 . 2008-11-06 16:54 <REP> d-------- c:\documents and settings\Yous\Application Data\DAEMON Tools
    2008-11-06 16:54 . 2008-11-06 16:54 717,296 --a------ c:\windows\system32\drivers\sptd.sys
    2008-11-02 19:56 . 2008-11-24 22:40 <REP> d-------- c:\documents and settings\Yous\Application Data\dvdcss
    2008-10-20 18:31 . 2008-12-29 16:21 <REP> d-------- c:\program files\Steam
    2008-10-19 20:57 . 2008-10-19 20:59 <REP> d-------- c:\documents and settings\Yous\Application Data\SumatraPDF
    2008-10-19 20:56 . 2008-10-19 20:56 <REP> d-------- c:\program files\SumatraPDF
    2008-10-15 18:45 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
    2008-10-15 18:45 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
    2008-10-15 18:44 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
    2008-10-15 18:44 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
    2008-10-15 18:44 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
    2008-10-15 18:44 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
    2008-10-05 16:23 . 2008-10-05 16:23 <REP> d-------- c:\windows\system32\AGEIA
    2008-10-05 16:23 . 2008-10-05 16:24 <REP> d-------- c:\windows\NV24522492.TMP
    2008-10-05 16:22 . 2008-10-05 16:22 <REP> d-------- C:\NVIDIA
    2008-10-05 15:17 . 2008-10-05 15:17 <REP> d-------- c:\program files\SystemRequirementsLab
    2008-10-05 15:16 . 2008-10-05 15:16 <REP> d-------- c:\windows\Sun
    2008-10-05 15:16 . 2008-10-05 15:17 <REP> d-------- c:\documents and settings\Yous\Application Data\SystemRequirementsLab
    2008-10-03 04:07 . 2008-10-03 04:07 268 --ah----- C:\sqmdata07.sqm
    2008-10-03 04:07 . 2008-10-03 04:07 244 --ah----- C:\sqmnoopt07.sqm
    2008-10-03 03:59 . 2008-10-03 03:59 268 --ah----- C:\sqmdata06.sqm
    2008-10-03 03:59 . 2008-10-03 03:59 244 --ah----- C:\sqmnoopt06.sqm
    2008-10-02 14:33 . 2008-11-29 18:30 <REP> d-------- c:\program files\Yahoo!
    2008-10-02 12:48 . 2008-10-02 12:48 268 --ah----- C:\sqmdata05.sqm
    2008-10-02 12:48 . 2008-10-02 12:48 244 --ah----- C:\sqmnoopt05.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-30 11:25 --------- d-----w c:\documents and settings\Yous\Application Data\Xfire
    2008-11-30 11:23 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-11-29 18:01 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
    2008-11-29 18:01 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
    2008-11-26 14:07 --------- d-----w c:\program files\Xfire
    2008-11-24 22:06 --------- d-----w c:\documents and settings\Yous\Application Data\LimeWire
    2008-11-17 16:19 22,328 ----a-w c:\documents and settings\Yous\Application Data\PnkBstrK.sys
    2008-11-17 16:18 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
    2008-11-17 16:07 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-11 12:07 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-11-04 16:05 --------- d-----w c:\program files\Activision
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-15 13:43 --------- d-----w c:\program files\TuneUp Utilities 2008
    2008-10-06 21:27 --------- d-----w c:\program files\Fichiers communs\InstallShield
    2008-10-05 15:23 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
    2008-09-29 16:34 --------- d-----w c:\program files\PhotoFiltre
    2008-09-28 16:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2008-09-28 15:25 --------- d-----w c:\program files\SpywareBlaster
    2008-09-25 16:38 796,672 ----a-w c:\windows\GPInstall.exe
    2008-09-16 19:27 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
    2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
    2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll
    2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
    2008-09-04 15:17 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe
    2008-09-04 12:24 315,392 ----a-w c:\windows\HideWin.exe
    2008-09-04 07:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
    2008-08-29 06:57 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
    2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-08-14 13:23 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe
    2008-08-14 13:23 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
    "CaISSDT"="c:\program files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 165416]
    "eTrustPPAP"="c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2008-11-14 258048]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
    "nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Windows Search.lnk.disabled [2008-09-05 1837]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.XFR1"= xfcodec.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^Yous^Menu Démarrer^Programmes^Démarrage^LimeWire Ultra Accelerator.lnk]
    path=c:\documents and settings\Yous\Menu Démarrer\Programmes\Démarrage\LimeWire Ultra Accelerator.lnk
    backup=c:\windows\pss\LimeWire Ultra Accelerator.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-01-19 11:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2008-09-17 08:55 13574144 c:\windows\system32\nvcpl.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Xfire\\xfire.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
    "c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
    "c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\RainbowSixVegas2_SADS.exe"=

    R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-11-29 15504]
    S2 FAH-01;Folding Service #01;"c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe" -local -svcstart []
    S2 FAH-02;Folding Service #02;"c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe" -local -svcstart []
    S2 MBAMService;MBAMService;\mbamservice.exe []
    S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS [2008-09-04 16269]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f3ad742-9941-11db-84ee-806d6172696f}]
    \Shell\AutoRun\command - D:\Setup.EXE

    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-30 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    URLSearchHooks-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
    Toolbar-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
    HKLM-RunOnce-<NO NAME> - (no file)

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - c:\documents and settings\Yous\Application Data\Mozilla\Firefox\Profiles\1weatnv5.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
    FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-30 14:27:43
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-11-30 14:28:11
    ComboFix-quarantined-files.txt 2008-11-30 13:28:07

    Avant-CF: 214 093 012 992 octets libres
    Après-CF: 214,081,376,256 octets libres

    206 --- E O F --- 2008-11-12 19:35:06
    0
  2. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
     
    Salut jlpjlp

    Peut-être faut-il mettre une majuscule dans le script; comme ceci:

    :Reg

    :Files


    Je n'en sais rien.
    Bonne chance.
    Al.
    0
  3. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  4. Xode
     
    le probléme n est pas ce programme mais mes deux infection lol
    0
  5. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt afideg! normalement non pas besoin de majuscule

    X ODE

    bon combofix a viré le fichier

    encore des soucis?
    remets un rapport RSIT
    0
  6. X ode
     
    Salut à toi jlpjlp,
    je pense que je n ai plus le trojan je poste le rapport que tu m a demandé

    si tu sais y jetté un oeil et me dire quoi qu on puissent marqué résolu sur ce suget

    je te remercie pour ton aide

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Yous at 2008-12-01 16:29:17
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 204 GB (86%) free of 238 GB
    Total RAM: 2046 MB (77% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:29:26, on 01/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Yous\Bureau\RSIT.exe
    C:\Program Files\trend micro\Yous.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {0CB66BA8-5E1F-4963-93D1-E1D6B78F0502} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\RunOnce: [InstallShieldSetup] "C:\Program Files\InstallShield Installation Information\{3DD35A30-C65D-4E4D-A5E9-47DD17C9DFF6}\setup.exe" -reboot"C:\Program Files\InstallShield Installation Information\{3DD35A30-C65D-4E4D-A5E9-47DD17C9DFF6}\reboot.ini" -l0x040c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Windows Search.lnk.disabled
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O23 - Service: Folding Service #01 (FAH-01) - Unknown owner - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe (file missing)
    O23 - Service: Folding Service #02 (FAH-02) - Unknown owner - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe (file missing)
    O23 - Service: MBAMService - Unknown owner - \mbamservice.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    0
  7. X ode
     
    Salut à toi jlpjlp,
    je pense que je n ai plus le trojan je poste le rapport que tu m a demandé

    si tu sais y jetté un oeil et me dire quoi qu on puissent marqué résolu sur ce suget

    je te remercie pour ton aide

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Yous at 2008-12-01 16:29:17
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 204 GB (86%) free of 238 GB
    Total RAM: 2046 MB (77% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:29:26, on 01/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Yous\Bureau\RSIT.exe
    C:\Program Files\trend micro\Yous.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {0CB66BA8-5E1F-4963-93D1-E1D6B78F0502} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
    O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\RunOnce: [InstallShieldSetup] "C:\Program Files\InstallShield Installation Information\{3DD35A30-C65D-4E4D-A5E9-47DD17C9DFF6}\setup.exe" -reboot"C:\Program Files\InstallShield Installation Information\{3DD35A30-C65D-4E4D-A5E9-47DD17C9DFF6}\reboot.ini" -l0x040c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Windows Search.lnk.disabled
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O23 - Service: Folding Service #01 (FAH-01) - Unknown owner - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe (file missing)
    O23 - Service: Folding Service #02 (FAH-02) - Unknown owner - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe (file missing)
    O23 - Service: MBAMService - Unknown owner - \mbamservice.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    le rapport est bon . Mais comme je n'ai accès au net que depuis mon tel :) passe un coup du logiciel ccleaner pour nettoyer les traces . Dès que je peux je confirme . À plus
    0
Précédent
  • 1
  • 2