Clé infécté par trojan bho impossible de supp
Xode
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Voila en gros j ai choper un trojan que ni spybot ni malwarebytes n arrive à supprimé et ce même en mode sans échec , donc je vous poste ici en 1 le rapport malwarebytes suivi du rapport hijacktis en espérant trouvé de l aide . D avance merci .
Voila en gros j ai choper un trojan que ni spybot ni malwarebytes n arrive à supprimé et ce même en mode sans échec , donc je vous poste ici en 1 le rapport malwarebytes suivi du rapport hijacktis en espérant trouvé de l aide . D avance merci .
A voir également:
- Clé infécté par trojan bho impossible de supp
- Clé usb non détectée - Guide
- Clé d'activation windows 10 - Guide
- Formater clé usb - Guide
- Clé usb - Accueil - Stockage
- Clé de registre - Guide
31 réponses
voila le rapport combo
ComboFix 08-11-29.03 - Yous 2008-11-30 14:27:10.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1656 [GMT 1:00]
Lancé depuis: c:\documents and settings\Yous\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\blingen.dll
c:\windows\system32\msblink.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-30 ))))))))))))))))))))))))))))))))))))
.
2008-12-29 19:47 . 2008-11-17 17:18 2,337,865 --a------ c:\windows\system32\pbsvc.exe
2008-12-28 18:48 . 2008-12-28 18:48 <REP> d-------- c:\documents and settings\Yous\Application Data\vlc
2008-12-28 18:47 . 2008-12-28 18:47 <REP> d-------- c:\program files\ESTsoft
2008-12-28 18:47 . 2008-11-29 18:31 <REP> d-------- c:\documents and settings\Yous\Application Data\ESTsoft
2008-12-25 11:04 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-30 13:53 . 2008-11-30 13:53 <REP> d-------- C:\_OTMoveIt
2008-11-30 13:18 . 2008-11-30 13:18 <REP> d-------- C:\rsit
2008-11-30 11:53 . 2008-11-30 11:53 <REP> d-------- c:\program files\PCPitstop
2008-11-30 11:51 . 2008-11-30 14:06 0 --a------ c:\windows\system32\netsonic.dat
2008-11-30 10:53 . 2008-11-30 10:53 <REP> d-------- c:\documents and settings\Administrateur.HXC\Application Data\Malwarebytes
2008-11-30 10:52 . 2007-01-01 03:40 <REP> d--h----- c:\documents and settings\Administrateur.HXC\Voisinage réseau
2008-11-30 10:52 . 2007-01-01 03:40 <REP> d--h----- c:\documents and settings\Administrateur.HXC\Voisinage d'impression
2008-11-30 10:52 . 2008-09-03 22:04 <REP> d--h----- c:\documents and settings\Administrateur.HXC\Modèles
2008-11-30 10:52 . 2007-01-01 03:40 <REP> d-------- c:\documents and settings\Administrateur.HXC\Mes documents
2008-11-30 10:52 . 2007-01-01 03:40 <REP> dr------- c:\documents and settings\Administrateur.HXC\Menu Démarrer
2008-11-30 10:52 . 2007-01-01 03:40 <REP> d-------- c:\documents and settings\Administrateur.HXC\Favoris
2008-11-30 10:52 . 2007-01-01 03:40 <REP> d-------- c:\documents and settings\Administrateur.HXC\Bureau
2008-11-30 10:52 . 2008-11-30 10:52 <REP> d-------- c:\documents and settings\Administrateur.HXC
2008-11-29 18:40 . 2008-11-29 18:40 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-29 18:40 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-29 18:40 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-20 21:44 . 2008-11-20 21:44 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-11-17 17:36 . 2008-11-30 10:44 <REP> d-------- c:\program files\Folding@Home #01
2008-11-17 17:19 . 2008-11-17 17:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Ubisoft
2008-11-17 17:07 . 2008-11-17 17:07 <REP> d-------- c:\program files\Ubisoft
2008-11-12 19:47 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 19:45 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 18:59 . 2008-11-12 18:59 <REP> d-------- c:\program files\CA
2008-11-12 14:51 . 2008-11-12 14:51 0 --a------ c:\windows\PestPatrol5.INI
2008-11-12 14:35 . 2008-11-12 19:00 <REP> d-------- c:\program files\Fichiers communs\Scanner
2008-11-12 14:35 . 2008-11-12 14:35 <REP> d-------- c:\documents and settings\All Users\Application Data\CA
2008-11-11 20:25 . 2008-11-30 10:25 <REP> d-------- c:\program files\P2P_Energy
2008-11-11 20:25 . 2008-11-11 20:25 <REP> d-------- c:\program files\EZ Boosters
2008-11-11 20:25 . 2008-11-11 20:25 <REP> d-------- c:\program files\Conduit
2008-11-06 16:58 . 2008-11-06 19:37 <REP> d-------- c:\program files\DAEMON Tools Toolbar
2008-11-06 16:58 . 2008-11-09 10:18 <REP> d-------- c:\program files\DAEMON Tools Lite
2008-11-06 16:54 . 2008-11-06 16:54 <REP> d-------- c:\documents and settings\Yous\Application Data\DAEMON Tools
2008-11-06 16:54 . 2008-11-06 16:54 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-11-02 19:56 . 2008-11-24 22:40 <REP> d-------- c:\documents and settings\Yous\Application Data\dvdcss
2008-10-20 18:31 . 2008-12-29 16:21 <REP> d-------- c:\program files\Steam
2008-10-19 20:57 . 2008-10-19 20:59 <REP> d-------- c:\documents and settings\Yous\Application Data\SumatraPDF
2008-10-19 20:56 . 2008-10-19 20:56 <REP> d-------- c:\program files\SumatraPDF
2008-10-15 18:45 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-15 18:45 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 18:44 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 18:44 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 18:44 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 18:44 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-05 16:23 . 2008-10-05 16:23 <REP> d-------- c:\windows\system32\AGEIA
2008-10-05 16:23 . 2008-10-05 16:24 <REP> d-------- c:\windows\NV24522492.TMP
2008-10-05 16:22 . 2008-10-05 16:22 <REP> d-------- C:\NVIDIA
2008-10-05 15:17 . 2008-10-05 15:17 <REP> d-------- c:\program files\SystemRequirementsLab
2008-10-05 15:16 . 2008-10-05 15:16 <REP> d-------- c:\windows\Sun
2008-10-05 15:16 . 2008-10-05 15:17 <REP> d-------- c:\documents and settings\Yous\Application Data\SystemRequirementsLab
2008-10-03 04:07 . 2008-10-03 04:07 268 --ah----- C:\sqmdata07.sqm
2008-10-03 04:07 . 2008-10-03 04:07 244 --ah----- C:\sqmnoopt07.sqm
2008-10-03 03:59 . 2008-10-03 03:59 268 --ah----- C:\sqmdata06.sqm
2008-10-03 03:59 . 2008-10-03 03:59 244 --ah----- C:\sqmnoopt06.sqm
2008-10-02 14:33 . 2008-11-29 18:30 <REP> d-------- c:\program files\Yahoo!
2008-10-02 12:48 . 2008-10-02 12:48 268 --ah----- C:\sqmdata05.sqm
2008-10-02 12:48 . 2008-10-02 12:48 244 --ah----- C:\sqmnoopt05.sqm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 11:25 --------- d-----w c:\documents and settings\Yous\Application Data\Xfire
2008-11-30 11:23 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-29 18:01 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-29 18:01 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-26 14:07 --------- d-----w c:\program files\Xfire
2008-11-24 22:06 --------- d-----w c:\documents and settings\Yous\Application Data\LimeWire
2008-11-17 16:19 22,328 ----a-w c:\documents and settings\Yous\Application Data\PnkBstrK.sys
2008-11-17 16:18 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-11-17 16:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-11 12:07 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-04 16:05 --------- d-----w c:\program files\Activision
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-15 13:43 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-10-06 21:27 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-10-05 15:23 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-09-29 16:34 --------- d-----w c:\program files\PhotoFiltre
2008-09-28 16:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-09-28 15:25 --------- d-----w c:\program files\SpywareBlaster
2008-09-25 16:38 796,672 ----a-w c:\windows\GPInstall.exe
2008-09-16 19:27 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 15:17 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-09-04 12:24 315,392 ----a-w c:\windows\HideWin.exe
2008-09-04 07:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-08-29 06:57 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:23 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"CaISSDT"="c:\program files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 165416]
"eTrustPPAP"="c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2008-11-14 258048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Windows Search.lnk.disabled [2008-09-05 1837]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Yous^Menu Démarrer^Programmes^Démarrage^LimeWire Ultra Accelerator.lnk]
path=c:\documents and settings\Yous\Menu Démarrer\Programmes\Démarrage\LimeWire Ultra Accelerator.lnk
backup=c:\windows\pss\LimeWire Ultra Accelerator.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 11:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-09-17 08:55 13574144 c:\windows\system32\nvcpl.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\RainbowSixVegas2_SADS.exe"=
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-11-29 15504]
S2 FAH-01;Folding Service #01;"c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe" -local -svcstart []
S2 FAH-02;Folding Service #02;"c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe" -local -svcstart []
S2 MBAMService;MBAMService;\mbamservice.exe []
S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS [2008-09-04 16269]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f3ad742-9941-11db-84ee-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.EXE
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-11-30 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23]
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
Toolbar-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Yous\Application Data\Mozilla\Firefox\Profiles\1weatnv5.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 14:27:43
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-11-30 14:28:11
ComboFix-quarantined-files.txt 2008-11-30 13:28:07
Avant-CF: 214 093 012 992 octets libres
Après-CF: 214,081,376,256 octets libres
206 --- E O F --- 2008-11-12 19:35:06
ComboFix 08-11-29.03 - Yous 2008-11-30 14:27:10.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1656 [GMT 1:00]
Lancé depuis: c:\documents and settings\Yous\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\blingen.dll
c:\windows\system32\msblink.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-30 ))))))))))))))))))))))))))))))))))))
.
2008-12-29 19:47 . 2008-11-17 17:18 2,337,865 --a------ c:\windows\system32\pbsvc.exe
2008-12-28 18:48 . 2008-12-28 18:48 <REP> d-------- c:\documents and settings\Yous\Application Data\vlc
2008-12-28 18:47 . 2008-12-28 18:47 <REP> d-------- c:\program files\ESTsoft
2008-12-28 18:47 . 2008-11-29 18:31 <REP> d-------- c:\documents and settings\Yous\Application Data\ESTsoft
2008-12-25 11:04 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-30 13:53 . 2008-11-30 13:53 <REP> d-------- C:\_OTMoveIt
2008-11-30 13:18 . 2008-11-30 13:18 <REP> d-------- C:\rsit
2008-11-30 11:53 . 2008-11-30 11:53 <REP> d-------- c:\program files\PCPitstop
2008-11-30 11:51 . 2008-11-30 14:06 0 --a------ c:\windows\system32\netsonic.dat
2008-11-30 10:53 . 2008-11-30 10:53 <REP> d-------- c:\documents and settings\Administrateur.HXC\Application Data\Malwarebytes
2008-11-30 10:52 . 2007-01-01 03:40 <REP> d--h----- c:\documents and settings\Administrateur.HXC\Voisinage réseau
2008-11-30 10:52 . 2007-01-01 03:40 <REP> d--h----- c:\documents and settings\Administrateur.HXC\Voisinage d'impression
2008-11-30 10:52 . 2008-09-03 22:04 <REP> d--h----- c:\documents and settings\Administrateur.HXC\Modèles
2008-11-30 10:52 . 2007-01-01 03:40 <REP> d-------- c:\documents and settings\Administrateur.HXC\Mes documents
2008-11-30 10:52 . 2007-01-01 03:40 <REP> dr------- c:\documents and settings\Administrateur.HXC\Menu Démarrer
2008-11-30 10:52 . 2007-01-01 03:40 <REP> d-------- c:\documents and settings\Administrateur.HXC\Favoris
2008-11-30 10:52 . 2007-01-01 03:40 <REP> d-------- c:\documents and settings\Administrateur.HXC\Bureau
2008-11-30 10:52 . 2008-11-30 10:52 <REP> d-------- c:\documents and settings\Administrateur.HXC
2008-11-29 18:40 . 2008-11-29 18:40 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-29 18:40 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-29 18:40 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-20 21:44 . 2008-11-20 21:44 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-11-17 17:36 . 2008-11-30 10:44 <REP> d-------- c:\program files\Folding@Home #01
2008-11-17 17:19 . 2008-11-17 17:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Ubisoft
2008-11-17 17:07 . 2008-11-17 17:07 <REP> d-------- c:\program files\Ubisoft
2008-11-12 19:47 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 19:45 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 18:59 . 2008-11-12 18:59 <REP> d-------- c:\program files\CA
2008-11-12 14:51 . 2008-11-12 14:51 0 --a------ c:\windows\PestPatrol5.INI
2008-11-12 14:35 . 2008-11-12 19:00 <REP> d-------- c:\program files\Fichiers communs\Scanner
2008-11-12 14:35 . 2008-11-12 14:35 <REP> d-------- c:\documents and settings\All Users\Application Data\CA
2008-11-11 20:25 . 2008-11-30 10:25 <REP> d-------- c:\program files\P2P_Energy
2008-11-11 20:25 . 2008-11-11 20:25 <REP> d-------- c:\program files\EZ Boosters
2008-11-11 20:25 . 2008-11-11 20:25 <REP> d-------- c:\program files\Conduit
2008-11-06 16:58 . 2008-11-06 19:37 <REP> d-------- c:\program files\DAEMON Tools Toolbar
2008-11-06 16:58 . 2008-11-09 10:18 <REP> d-------- c:\program files\DAEMON Tools Lite
2008-11-06 16:54 . 2008-11-06 16:54 <REP> d-------- c:\documents and settings\Yous\Application Data\DAEMON Tools
2008-11-06 16:54 . 2008-11-06 16:54 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-11-02 19:56 . 2008-11-24 22:40 <REP> d-------- c:\documents and settings\Yous\Application Data\dvdcss
2008-10-20 18:31 . 2008-12-29 16:21 <REP> d-------- c:\program files\Steam
2008-10-19 20:57 . 2008-10-19 20:59 <REP> d-------- c:\documents and settings\Yous\Application Data\SumatraPDF
2008-10-19 20:56 . 2008-10-19 20:56 <REP> d-------- c:\program files\SumatraPDF
2008-10-15 18:45 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-15 18:45 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 18:44 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 18:44 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 18:44 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 18:44 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-05 16:23 . 2008-10-05 16:23 <REP> d-------- c:\windows\system32\AGEIA
2008-10-05 16:23 . 2008-10-05 16:24 <REP> d-------- c:\windows\NV24522492.TMP
2008-10-05 16:22 . 2008-10-05 16:22 <REP> d-------- C:\NVIDIA
2008-10-05 15:17 . 2008-10-05 15:17 <REP> d-------- c:\program files\SystemRequirementsLab
2008-10-05 15:16 . 2008-10-05 15:16 <REP> d-------- c:\windows\Sun
2008-10-05 15:16 . 2008-10-05 15:17 <REP> d-------- c:\documents and settings\Yous\Application Data\SystemRequirementsLab
2008-10-03 04:07 . 2008-10-03 04:07 268 --ah----- C:\sqmdata07.sqm
2008-10-03 04:07 . 2008-10-03 04:07 244 --ah----- C:\sqmnoopt07.sqm
2008-10-03 03:59 . 2008-10-03 03:59 268 --ah----- C:\sqmdata06.sqm
2008-10-03 03:59 . 2008-10-03 03:59 244 --ah----- C:\sqmnoopt06.sqm
2008-10-02 14:33 . 2008-11-29 18:30 <REP> d-------- c:\program files\Yahoo!
2008-10-02 12:48 . 2008-10-02 12:48 268 --ah----- C:\sqmdata05.sqm
2008-10-02 12:48 . 2008-10-02 12:48 244 --ah----- C:\sqmnoopt05.sqm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 11:25 --------- d-----w c:\documents and settings\Yous\Application Data\Xfire
2008-11-30 11:23 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-29 18:01 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-29 18:01 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-26 14:07 --------- d-----w c:\program files\Xfire
2008-11-24 22:06 --------- d-----w c:\documents and settings\Yous\Application Data\LimeWire
2008-11-17 16:19 22,328 ----a-w c:\documents and settings\Yous\Application Data\PnkBstrK.sys
2008-11-17 16:18 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-11-17 16:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-11 12:07 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-04 16:05 --------- d-----w c:\program files\Activision
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-15 13:43 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-10-06 21:27 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-10-05 15:23 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-09-29 16:34 --------- d-----w c:\program files\PhotoFiltre
2008-09-28 16:39 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-09-28 15:25 --------- d-----w c:\program files\SpywareBlaster
2008-09-25 16:38 796,672 ----a-w c:\windows\GPInstall.exe
2008-09-16 19:27 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 15:17 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-09-04 12:24 315,392 ----a-w c:\windows\HideWin.exe
2008-09-04 07:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-08-29 06:57 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:23 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-22 842584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"CaISSDT"="c:\program files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 165416]
"eTrustPPAP"="c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2008-11-14 258048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Windows Search.lnk.disabled [2008-09-05 1837]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Yous^Menu Démarrer^Programmes^Démarrage^LimeWire Ultra Accelerator.lnk]
path=c:\documents and settings\Yous\Menu Démarrer\Programmes\Démarrage\LimeWire Ultra Accelerator.lnk
backup=c:\windows\pss\LimeWire Ultra Accelerator.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 11:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-09-17 08:55 13574144 c:\windows\system32\nvcpl.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\RainbowSixVegas2_SADS.exe"=
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-11-29 15504]
S2 FAH-01;Folding Service #01;"c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe" -local -svcstart []
S2 FAH-02;Folding Service #02;"c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe" -local -svcstart []
S2 MBAMService;MBAMService;\mbamservice.exe []
S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS [2008-09-04 16269]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f3ad742-9941-11db-84ee-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.EXE
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-11-30 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23]
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
Toolbar-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Yous\Application Data\Mozilla\Firefox\Profiles\1weatnv5.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 14:27:43
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-11-30 14:28:11
ComboFix-quarantined-files.txt 2008-11-30 13:28:07
Avant-CF: 214 093 012 992 octets libres
Après-CF: 214,081,376,256 octets libres
206 --- E O F --- 2008-11-12 19:35:06
Salut jlpjlp
Peut-être faut-il mettre une majuscule dans le script; comme ceci:
:Reg
:Files
Je n'en sais rien.
Bonne chance.
Al.
Peut-être faut-il mettre une majuscule dans le script; comme ceci:
:Reg
:Files
Je n'en sais rien.
Bonne chance.
Al.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
slt afideg! normalement non pas besoin de majuscule
X ODE
bon combofix a viré le fichier
encore des soucis?
remets un rapport RSIT
X ODE
bon combofix a viré le fichier
encore des soucis?
remets un rapport RSIT
Salut à toi jlpjlp,
je pense que je n ai plus le trojan je poste le rapport que tu m a demandé
si tu sais y jetté un oeil et me dire quoi qu on puissent marqué résolu sur ce suget
je te remercie pour ton aide
Logfile of random's system information tool 1.04 (written by random/random)
Run by Yous at 2008-12-01 16:29:17
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 204 GB (86%) free of 238 GB
Total RAM: 2046 MB (77% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:26, on 01/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Yous\Bureau\RSIT.exe
C:\Program Files\trend micro\Yous.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0CB66BA8-5E1F-4963-93D1-E1D6B78F0502} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [InstallShieldSetup] "C:\Program Files\InstallShield Installation Information\{3DD35A30-C65D-4E4D-A5E9-47DD17C9DFF6}\setup.exe" -reboot"C:\Program Files\InstallShield Installation Information\{3DD35A30-C65D-4E4D-A5E9-47DD17C9DFF6}\reboot.ini" -l0x040c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Windows Search.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Folding Service #01 (FAH-01) - Unknown owner - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe (file missing)
O23 - Service: Folding Service #02 (FAH-02) - Unknown owner - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe (file missing)
O23 - Service: MBAMService - Unknown owner - \mbamservice.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
je pense que je n ai plus le trojan je poste le rapport que tu m a demandé
si tu sais y jetté un oeil et me dire quoi qu on puissent marqué résolu sur ce suget
je te remercie pour ton aide
Logfile of random's system information tool 1.04 (written by random/random)
Run by Yous at 2008-12-01 16:29:17
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 204 GB (86%) free of 238 GB
Total RAM: 2046 MB (77% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:26, on 01/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Yous\Bureau\RSIT.exe
C:\Program Files\trend micro\Yous.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0CB66BA8-5E1F-4963-93D1-E1D6B78F0502} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [InstallShieldSetup] "C:\Program Files\InstallShield Installation Information\{3DD35A30-C65D-4E4D-A5E9-47DD17C9DFF6}\setup.exe" -reboot"C:\Program Files\InstallShield Installation Information\{3DD35A30-C65D-4E4D-A5E9-47DD17C9DFF6}\reboot.ini" -l0x040c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Windows Search.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Folding Service #01 (FAH-01) - Unknown owner - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe (file missing)
O23 - Service: Folding Service #02 (FAH-02) - Unknown owner - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe (file missing)
O23 - Service: MBAMService - Unknown owner - \mbamservice.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
Salut à toi jlpjlp,
je pense que je n ai plus le trojan je poste le rapport que tu m a demandé
si tu sais y jetté un oeil et me dire quoi qu on puissent marqué résolu sur ce suget
je te remercie pour ton aide
Logfile of random's system information tool 1.04 (written by random/random)
Run by Yous at 2008-12-01 16:29:17
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 204 GB (86%) free of 238 GB
Total RAM: 2046 MB (77% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:26, on 01/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Yous\Bureau\RSIT.exe
C:\Program Files\trend micro\Yous.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0CB66BA8-5E1F-4963-93D1-E1D6B78F0502} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [InstallShieldSetup] "C:\Program Files\InstallShield Installation Information\{3DD35A30-C65D-4E4D-A5E9-47DD17C9DFF6}\setup.exe" -reboot"C:\Program Files\InstallShield Installation Information\{3DD35A30-C65D-4E4D-A5E9-47DD17C9DFF6}\reboot.ini" -l0x040c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Windows Search.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Folding Service #01 (FAH-01) - Unknown owner - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe (file missing)
O23 - Service: Folding Service #02 (FAH-02) - Unknown owner - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe (file missing)
O23 - Service: MBAMService - Unknown owner - \mbamservice.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
je pense que je n ai plus le trojan je poste le rapport que tu m a demandé
si tu sais y jetté un oeil et me dire quoi qu on puissent marqué résolu sur ce suget
je te remercie pour ton aide
Logfile of random's system information tool 1.04 (written by random/random)
Run by Yous at 2008-12-01 16:29:17
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 204 GB (86%) free of 238 GB
Total RAM: 2046 MB (77% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:26, on 01/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Yous\Bureau\RSIT.exe
C:\Program Files\trend micro\Yous.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0CB66BA8-5E1F-4963-93D1-E1D6B78F0502} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [InstallShieldSetup] "C:\Program Files\InstallShield Installation Information\{3DD35A30-C65D-4E4D-A5E9-47DD17C9DFF6}\setup.exe" -reboot"C:\Program Files\InstallShield Installation Information\{3DD35A30-C65D-4E4D-A5E9-47DD17C9DFF6}\reboot.ini" -l0x040c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Windows Search.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Folding Service #01 (FAH-01) - Unknown owner - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe (file missing)
O23 - Service: Folding Service #02 (FAH-02) - Unknown owner - C:\Program Files\Folding@Home #01\Folding@Home #02\FAH-Console.exe (file missing)
O23 - Service: MBAMService - Unknown owner - \mbamservice.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
