Rapport svchost.exe
infoutile
-
infoutile -
infoutile -
Bonjour,
Désolé il y a eu erreur de scan, j'ai téléchargé trend micro, je viens de réparer l'erreur, voici le rappor que j'ai reçu :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:28, on 19/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {10912D6E-8505-4D63-85AD-14501BBC1AEC} - (no file)
O2 - BHO: (no name) - {1D160EC5-17CF-4857-8277-9BA2B5BD4693} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {8E356CF5-D2A9-4C1E-8509-E0BA570D5515} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {B62F87D0-98BD-4814-ACD1-91A4D0698E2B} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Kitbar4$.lnk = C:\Documents and Settings\Mshome\Local Settings\Temp\Rar$EX09.782\Kitbar4$.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4a9878f3d7ae428c966e84fe5483c4e0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4a9878f3d7ae428c966e84fe5483c4e0
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {BFB5F154-9212-46F3-B547-AC6106030A54} - http://infoutile.carrefourinternet.com/toolbar/CI.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C6E9BAB-AC4C-472E-851E-A7CA2F3D00CC}: NameServer = 85.255.112.126,85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.126,85.255.112.150
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ssqOfdBQ - ssqOfdBQ.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
Désolé il y a eu erreur de scan, j'ai téléchargé trend micro, je viens de réparer l'erreur, voici le rappor que j'ai reçu :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:28, on 19/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {10912D6E-8505-4D63-85AD-14501BBC1AEC} - (no file)
O2 - BHO: (no name) - {1D160EC5-17CF-4857-8277-9BA2B5BD4693} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {8E356CF5-D2A9-4C1E-8509-E0BA570D5515} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {B62F87D0-98BD-4814-ACD1-91A4D0698E2B} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Kitbar4$.lnk = C:\Documents and Settings\Mshome\Local Settings\Temp\Rar$EX09.782\Kitbar4$.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4a9878f3d7ae428c966e84fe5483c4e0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4a9878f3d7ae428c966e84fe5483c4e0
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {BFB5F154-9212-46F3-B547-AC6106030A54} - http://infoutile.carrefourinternet.com/toolbar/CI.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C6E9BAB-AC4C-472E-851E-A7CA2F3D00CC}: NameServer = 85.255.112.126,85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.126,85.255.112.150
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ssqOfdBQ - ssqOfdBQ.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
A voir également:
- Rapport svchost.exe
- Svchost.exe - Guide
- Plan rapport de stage - Guide
- Rapport de crash windows - Guide
- Impression rapport de stage ✓ - Forum Word
- Modifier rapport d'échelle pdf xchange viewer ✓ - Forum PDF
14 réponses
Téléchargez SmitfraudFix et enregistrez-le sur le bureau
* Ensuite, double cliquez sur SmitfraudFix puis sur Exécuter. (Sous Vista : clic droit sur SmitfraudFix et sélectionnez "Exécuter en tant qu'administrateur")
* Sélectionnez 1 pour créer un rapport des fichiers responsables de l'infection.
* A la fin de l'analyse, un rapport va être généré...Enregistrez-le sur le bureau.
Regarde bien le tuto qui est avec
/!\ Postez le rapport sur le forum pour savoir si la suppression peut être lancée.
En mode sans echec la suppression des fichiers présents.
process.exe
est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
http://www.beyondlogic.org/consulting/processutil/processutil.htm
Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
* Ensuite, double cliquez sur SmitfraudFix puis sur Exécuter. (Sous Vista : clic droit sur SmitfraudFix et sélectionnez "Exécuter en tant qu'administrateur")
* Sélectionnez 1 pour créer un rapport des fichiers responsables de l'infection.
* A la fin de l'analyse, un rapport va être généré...Enregistrez-le sur le bureau.
Regarde bien le tuto qui est avec
/!\ Postez le rapport sur le forum pour savoir si la suppression peut être lancée.
En mode sans echec la suppression des fichiers présents.
process.exe
est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
http://www.beyondlogic.org/consulting/processutil/processutil.htm
Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
slt
tu es détrourné en ukraine
et tu as des restes d'infection vundo
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C6E9BAB-AC4C-472E-851E-A7CA2F3D00CC}: NameServer = 85.255.112.126,85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.126,85.255.112.150
O20 - Winlogon Notify: ssqOfdBQ - ssqOfdBQ.dll (file missing)
tu es détrourné en ukraine
et tu as des restes d'infection vundo
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C6E9BAB-AC4C-472E-851E-A7CA2F3D00CC}: NameServer = 85.255.112.126,85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.126,85.255.112.150
O20 - Winlogon Notify: ssqOfdBQ - ssqOfdBQ.dll (file missing)
Re
Voila le rapport killifix.
ComboFix 09-03-19.01 - Mshome 2009-03-20 15:34:11.1 - NTFSx86
Lancé depuis: c:\documents and settings\Mshome\Bureau\Killfix.exe
FW: Trend Micro Personal Firewall *enabled*
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Mshome\Local Settings\Application Data\miocwwi.dat
c:\documents and settings\Mshome\Local Settings\Application Data\miocwwi.exe
c:\documents and settings\Mshome\Local Settings\Application Data\miocwwi_nav.dat
c:\documents and settings\Mshome\Local Settings\Application Data\miocwwi_navps.dat
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\recycler\S-1-5-76-100028558-100015774-100018141-4820.com
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\TDSSmhxt.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\mqtfqksd.ini
c:\windows\system32\ndrobkpw.ini
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\qgjhrxyr.ini
c:\windows\system32\SrchSTS.exe
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\tmp.reg
c:\windows\system32\TuDeefii.ini
c:\windows\system32\TuDeefii.ini2
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\winsrc.dll.tmp
c:\windows\system32\WS2Fix.exe
c:\windows\system32\xwcrkvyk.ini
D:\Autorun.inf
d:\recycler\S-1-5-76-100028558-100015774-100018141-4820.com
G:\Autorun.inf
g:\recycler\S-1-5-76-100028558-100015774-100018141-4820.com
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-20 au 2009-03-20 ))))))))))))))))))))))))))))))))))))
.
2009-03-20 14:55 . 2009-03-20 14:55 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-20 14:55 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-20 14:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-20 13:14 . 2009-03-20 13:14 <REP> d-------- C:\rsit
2009-03-19 19:15 . 2009-03-19 19:08 50,192 --a------ c:\windows\system32\drivers\tmactmon.sys
2009-03-19 19:15 . 2009-03-19 19:08 49,680 --a------ c:\windows\system32\drivers\tmevtmgr.sys
2009-03-19 19:13 . 2009-03-19 19:13 <REP> d-------- c:\documents and settings\All Users\Application Data\Trend Micro
2009-03-19 19:12 . 2009-03-19 20:48 <REP> d-------- c:\program files\Trend Micro
2009-03-19 19:08 . 2009-03-19 19:08 1,195,448 --a------ c:\windows\system32\drivers\vsapint.sys
2009-03-19 19:08 . 2009-03-19 19:08 661,808 --a------ c:\windows\system32\UfWSC.cpl
2009-03-19 19:08 . 2009-03-19 19:08 334,352 --a------ c:\windows\system32\drivers\TM_CFW.sys
2009-03-19 19:08 . 2009-03-19 19:08 205,328 --a------ c:\windows\system32\drivers\tmxpflt.sys
2009-03-19 19:08 . 2009-03-19 19:08 80,400 --a------ c:\windows\system32\drivers\tmtdi.sys
2009-03-19 19:08 . 2009-03-19 19:08 36,368 --a------ c:\windows\system32\drivers\tmpreflt.sys
2009-03-19 19:01 . 2009-03-19 19:00 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-03-19 18:59 . 2009-03-20 13:25 <REP> d-------- c:\documents and settings\Mshome\.housecall6.6
2009-03-19 10:01 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-03-19 10:00 . 2009-03-19 10:00 <REP> d-------- c:\program files\Panda Security
2009-03-14 17:25 . 2009-03-14 17:37 <REP> d-------- c:\documents and settings\Mshome\Application Data\Keyword Explorer v1.1
2009-03-13 12:53 . 2009-03-13 12:53 151 --ah----- c:\program files\hpothb07.dat
2009-03-12 13:21 . 2009-03-12 13:21 <REP> d-------- c:\program files\H4S
2009-03-11 18:02 . 2009-03-11 18:02 <REP> d-------- c:\program files\FileZilla FTP Client
2009-03-11 15:15 . 2009-03-11 15:30 20,458 --a------ c:\windows\hpoins01.dat
2009-03-11 15:15 . 2003-04-05 13:33 16,622 --------- c:\windows\hpomdl01.dat
2009-03-11 15:11 . 2009-03-11 15:11 <REP> d-------- c:\windows\system32\NtmsData
2009-03-11 11:27 . 2009-03-11 11:27 <REP> dr------- c:\documents and settings\LocalService\Mes documents
2009-03-03 22:29 . 2009-03-19 08:55 <REP> d-------- c:\program files\e-anim701
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 09:53 --------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 2
2009-03-20 09:13 --------- d-----w c:\documents and settings\Mshome\Application Data\skypePM
2009-03-19 07:57 --------- d-----w c:\program files\Java
2009-03-19 07:54 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-19 07:50 --------- d-----w c:\program files\Lavasoft
2009-03-19 07:50 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-17 14:04 --------- d-----w c:\documents and settings\Mshome\Application Data\FileZilla
2009-03-13 11:54 16,072 ---ha-w c:\program files\hpothb07.tif
2009-03-11 14:05 --------- d-----w c:\program files\Hewlett-Packard
2009-03-02 07:27 --------- d-----w c:\program files\LogMeIn
2009-02-28 19:17 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-18 07:34 --------- d-----w c:\program files\KompoZer
2009-02-12 17:29 --------- d-----w c:\program files\Google
2009-02-11 19:38 --------- d-----w c:\documents and settings\Mshome\Application Data\Skype
2009-02-11 18:11 --------- d-----w c:\documents and settings\Daniel Philip\Application Data\Skype
2009-02-11 18:09 --------- d-----w c:\documents and settings\Daniel Philip\Application Data\FileZilla
2009-02-11 17:46 --------- d-----w c:\documents and settings\Daniel Philip\Application Data\skypePM
2009-02-11 17:42 --------- d-----w c:\program files\Fichiers communs\Skype
2009-02-11 17:42 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-11 17:42 --------- d-----r c:\program files\Skype
2009-02-06 13:33 --------- d-----w c:\documents and settings\Daniel Philip\Application Data\KompoZer
2009-02-05 15:18 --------- d-----w c:\documents and settings\Daniel Philip\Application Data\WinPatrol
2009-02-05 15:04 --------- d-----w c:\documents and settings\All Users\Application Data\LogMeIn
2009-02-04 14:19 --------- d-----w c:\documents and settings\Daniel Philip\Application Data\LogMeIn Rescue
2009-02-04 14:18 --------- d-----w c:\program files\LogMeIn Rescue
2009-02-03 16:59 --------- d-----w c:\documents and settings\Daniel Philip\Application Data\OpenOffice.org
2009-02-02 09:37 --------- d-----w c:\program files\Intuisphere
2009-02-01 17:24 --------- d-----w c:\documents and settings\Daniel Philip\Application Data\Hewlett-Packard
2009-02-01 14:38 --------- d-----w c:\documents and settings\Mshome\Application Data\Hewlett-Packard
2009-02-01 14:35 --------- d-----w c:\program files\Fichiers communs\Hewlett-Packard
2009-01-31 16:05 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-31 16:05 --------- d-----w c:\program files\JRE
2009-01-26 08:52 --------- d-----w c:\program files\Pages de Ventes Editeur
2009-01-24 13:53 --------- d-----w c:\documents and settings\Mshome\Application Data\Windows Live Writer
2009-01-20 21:52 --------- d-----w c:\program files\Speed-annonce
2009-01-20 14:28 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-20 10:33 --------- d-----w c:\documents and settings\Mshome\Application Data\gtk-2.0
2009-01-20 10:20 --------- d-----w c:\program files\GIMP-2.0
2009-01-14 12:55 73,216 ----a-w c:\windows\cadkasdeinst01f.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-18 333120]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-03-19 497008]
c:\documents and settings\Daniel Philip\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ulead GIF Animator 5.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Ulead GIF Animator 5.lnk
backup=c:\windows\pss\Ulead GIF Animator 5.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Mshome^Menu Démarrer^Programmes^Démarrage^Kitbar4$.lnk]
path=c:\documents and settings\Mshome\Menu Démarrer\Programmes\Démarrage\Kitbar4$.lnk
backup=c:\windows\pss\Kitbar4$.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 21:43 7630848 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 21:43 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-01-21 20:28 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 Lbd;Lbd; [x]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-03-19 49680]
R3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
R4 LMIRfsClientNP;LMIRfsClientNP; [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-07-24 47640]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-03-19 36368]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2009-03-19 334352]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - fssfltr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - Kbdclass
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - LMIInfo
*Deregistered* - lmimirr
*Deregistered* - LMIRfsDriver
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - MSIServer
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - pavboot
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - SeaPort
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - tmcfw
*Deregistered* - tmcomm
*Deregistered* - tmpreflt
*Deregistered* - tmtdi
*Deregistered* - tmxpflt
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - vsapint
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'
2009-03-20 c:\windows\Tasks\User_Feed_Synchronization-{50F6E0C1-4B28-4049-AA66-24BC5A5B3833}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 02:01]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{10912D6E-8505-4D63-85AD-14501BBC1AEC} - (no file)
BHO-{1D160EC5-17CF-4857-8277-9BA2B5BD4693} - (no file)
BHO-{8E356CF5-D2A9-4C1E-8509-E0BA570D5515} - (no file)
BHO-{B62F87D0-98BD-4814-ACD1-91A4D0698E2B} - (no file)
Notify-ssqOfdBQ - ssqOfdBQ.dll
MSConfigStartUp-QUAD Scheduler - c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
MSConfigStartUp-QUAD Windows service - c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4a9878f3d7ae428c966e84fe5483c4e0
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4a9878f3d7ae428c966e84fe5483c4e0
Trusted Zone: hotconference.com\www
FF - ProfilePath - c:\documents and settings\Mshome\Application Data\Mozilla\Firefox\Profiles\qaynw3wn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 15:37:13
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\gaopdxserv.sys]
"imagepath"="\systemroot\system32\drivers\gaopdxmpibmiqxdulnpmuqpxetidqvwpuwksvw.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a7,67,6b,db,55,66,b6,4c,b9,db,11,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a7,67,6b,db,55,66,b6,4c,b9,db,11,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\msiexec.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Heure de fin: 2009-03-20 15:40:00 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-20 14:39:57
Avant-CF: 21,198,479,360 octets libres
Après-CF: 21,274,943,488 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
Current=6 Default=6 Failed=0 LastKnownGood=8 Sets=2,3,4,5,6,7,8
367 --- E O F --- 2009-03-12 11:49:50
Voila le rapport killifix.
ComboFix 09-03-19.01 - Mshome 2009-03-20 15:34:11.1 - NTFSx86
Lancé depuis: c:\documents and settings\Mshome\Bureau\Killfix.exe
FW: Trend Micro Personal Firewall *enabled*
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Mshome\Local Settings\Application Data\miocwwi.dat
c:\documents and settings\Mshome\Local Settings\Application Data\miocwwi.exe
c:\documents and settings\Mshome\Local Settings\Application Data\miocwwi_nav.dat
c:\documents and settings\Mshome\Local Settings\Application Data\miocwwi_navps.dat
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\recycler\S-1-5-76-100028558-100015774-100018141-4820.com
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\TDSSmhxt.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\mqtfqksd.ini
c:\windows\system32\ndrobkpw.ini
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\qgjhrxyr.ini
c:\windows\system32\SrchSTS.exe
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\tmp.reg
c:\windows\system32\TuDeefii.ini
c:\windows\system32\TuDeefii.ini2
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\winsrc.dll.tmp
c:\windows\system32\WS2Fix.exe
c:\windows\system32\xwcrkvyk.ini
D:\Autorun.inf
d:\recycler\S-1-5-76-100028558-100015774-100018141-4820.com
G:\Autorun.inf
g:\recycler\S-1-5-76-100028558-100015774-100018141-4820.com
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-20 au 2009-03-20 ))))))))))))))))))))))))))))))))))))
.
2009-03-20 14:55 . 2009-03-20 14:55 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-20 14:55 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-20 14:55 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-20 13:14 . 2009-03-20 13:14 <REP> d-------- C:\rsit
2009-03-19 19:15 . 2009-03-19 19:08 50,192 --a------ c:\windows\system32\drivers\tmactmon.sys
2009-03-19 19:15 . 2009-03-19 19:08 49,680 --a------ c:\windows\system32\drivers\tmevtmgr.sys
2009-03-19 19:13 . 2009-03-19 19:13 <REP> d-------- c:\documents and settings\All Users\Application Data\Trend Micro
2009-03-19 19:12 . 2009-03-19 20:48 <REP> d-------- c:\program files\Trend Micro
2009-03-19 19:08 . 2009-03-19 19:08 1,195,448 --a------ c:\windows\system32\drivers\vsapint.sys
2009-03-19 19:08 . 2009-03-19 19:08 661,808 --a------ c:\windows\system32\UfWSC.cpl
2009-03-19 19:08 . 2009-03-19 19:08 334,352 --a------ c:\windows\system32\drivers\TM_CFW.sys
2009-03-19 19:08 . 2009-03-19 19:08 205,328 --a------ c:\windows\system32\drivers\tmxpflt.sys
2009-03-19 19:08 . 2009-03-19 19:08 80,400 --a------ c:\windows\system32\drivers\tmtdi.sys
2009-03-19 19:08 . 2009-03-19 19:08 36,368 --a------ c:\windows\system32\drivers\tmpreflt.sys
2009-03-19 19:01 . 2009-03-19 19:00 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-03-19 18:59 . 2009-03-20 13:25 <REP> d-------- c:\documents and settings\Mshome\.housecall6.6
2009-03-19 10:01 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-03-19 10:00 . 2009-03-19 10:00 <REP> d-------- c:\program files\Panda Security
2009-03-14 17:25 . 2009-03-14 17:37 <REP> d-------- c:\documents and settings\Mshome\Application Data\Keyword Explorer v1.1
2009-03-13 12:53 . 2009-03-13 12:53 151 --ah----- c:\program files\hpothb07.dat
2009-03-12 13:21 . 2009-03-12 13:21 <REP> d-------- c:\program files\H4S
2009-03-11 18:02 . 2009-03-11 18:02 <REP> d-------- c:\program files\FileZilla FTP Client
2009-03-11 15:15 . 2009-03-11 15:30 20,458 --a------ c:\windows\hpoins01.dat
2009-03-11 15:15 . 2003-04-05 13:33 16,622 --------- c:\windows\hpomdl01.dat
2009-03-11 15:11 . 2009-03-11 15:11 <REP> d-------- c:\windows\system32\NtmsData
2009-03-11 11:27 . 2009-03-11 11:27 <REP> dr------- c:\documents and settings\LocalService\Mes documents
2009-03-03 22:29 . 2009-03-19 08:55 <REP> d-------- c:\program files\e-anim701
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 09:53 --------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 2
2009-03-20 09:13 --------- d-----w c:\documents and settings\Mshome\Application Data\skypePM
2009-03-19 07:57 --------- d-----w c:\program files\Java
2009-03-19 07:54 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-19 07:50 --------- d-----w c:\program files\Lavasoft
2009-03-19 07:50 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-17 14:04 --------- d-----w c:\documents and settings\Mshome\Application Data\FileZilla
2009-03-13 11:54 16,072 ---ha-w c:\program files\hpothb07.tif
2009-03-11 14:05 --------- d-----w c:\program files\Hewlett-Packard
2009-03-02 07:27 --------- d-----w c:\program files\LogMeIn
2009-02-28 19:17 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-18 07:34 --------- d-----w c:\program files\KompoZer
2009-02-12 17:29 --------- d-----w c:\program files\Google
2009-02-11 19:38 --------- d-----w c:\documents and settings\Mshome\Application Data\Skype
2009-02-11 18:11 --------- d-----w c:\documents and settings\Daniel Philip\Application Data\Skype
2009-02-11 18:09 --------- d-----w c:\documents and settings\Daniel Philip\Application Data\FileZilla
2009-02-11 17:46 --------- d-----w c:\documents and settings\Daniel Philip\Application Data\skypePM
2009-02-11 17:42 --------- d-----w c:\program files\Fichiers communs\Skype
2009-02-11 17:42 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-11 17:42 --------- d-----r c:\program files\Skype
2009-02-06 13:33 --------- d-----w c:\documents and settings\Daniel Philip\Application Data\KompoZer
2009-02-05 15:18 --------- d-----w c:\documents and settings\Daniel Philip\Application Data\WinPatrol
2009-02-05 15:04 --------- d-----w c:\documents and settings\All Users\Application Data\LogMeIn
2009-02-04 14:19 --------- d-----w c:\documents and settings\Daniel Philip\Application Data\LogMeIn Rescue
2009-02-04 14:18 --------- d-----w c:\program files\LogMeIn Rescue
2009-02-03 16:59 --------- d-----w c:\documents and settings\Daniel Philip\Application Data\OpenOffice.org
2009-02-02 09:37 --------- d-----w c:\program files\Intuisphere
2009-02-01 17:24 --------- d-----w c:\documents and settings\Daniel Philip\Application Data\Hewlett-Packard
2009-02-01 14:38 --------- d-----w c:\documents and settings\Mshome\Application Data\Hewlett-Packard
2009-02-01 14:35 --------- d-----w c:\program files\Fichiers communs\Hewlett-Packard
2009-01-31 16:05 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-31 16:05 --------- d-----w c:\program files\JRE
2009-01-26 08:52 --------- d-----w c:\program files\Pages de Ventes Editeur
2009-01-24 13:53 --------- d-----w c:\documents and settings\Mshome\Application Data\Windows Live Writer
2009-01-20 21:52 --------- d-----w c:\program files\Speed-annonce
2009-01-20 14:28 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-20 10:33 --------- d-----w c:\documents and settings\Mshome\Application Data\gtk-2.0
2009-01-20 10:20 --------- d-----w c:\program files\GIMP-2.0
2009-01-14 12:55 73,216 ----a-w c:\windows\cadkasdeinst01f.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-18 333120]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-03-19 497008]
c:\documents and settings\Daniel Philip\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ulead GIF Animator 5.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Ulead GIF Animator 5.lnk
backup=c:\windows\pss\Ulead GIF Animator 5.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Mshome^Menu Démarrer^Programmes^Démarrage^Kitbar4$.lnk]
path=c:\documents and settings\Mshome\Menu Démarrer\Programmes\Démarrage\Kitbar4$.lnk
backup=c:\windows\pss\Kitbar4$.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 21:43 7630848 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 21:43 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-01-21 20:28 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 Lbd;Lbd; [x]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-03-19 49680]
R3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
R4 LMIRfsClientNP;LMIRfsClientNP; [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-07-24 47640]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2009-03-19 36368]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2009-03-19 334352]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - fssfltr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - Kbdclass
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - LMIInfo
*Deregistered* - lmimirr
*Deregistered* - LMIRfsDriver
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - MSIServer
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - pavboot
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - SeaPort
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - tmcfw
*Deregistered* - tmcomm
*Deregistered* - tmpreflt
*Deregistered* - tmtdi
*Deregistered* - tmxpflt
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - vsapint
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'
2009-03-20 c:\windows\Tasks\User_Feed_Synchronization-{50F6E0C1-4B28-4049-AA66-24BC5A5B3833}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 02:01]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{10912D6E-8505-4D63-85AD-14501BBC1AEC} - (no file)
BHO-{1D160EC5-17CF-4857-8277-9BA2B5BD4693} - (no file)
BHO-{8E356CF5-D2A9-4C1E-8509-E0BA570D5515} - (no file)
BHO-{B62F87D0-98BD-4814-ACD1-91A4D0698E2B} - (no file)
Notify-ssqOfdBQ - ssqOfdBQ.dll
MSConfigStartUp-QUAD Scheduler - c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
MSConfigStartUp-QUAD Windows service - c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4a9878f3d7ae428c966e84fe5483c4e0
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4a9878f3d7ae428c966e84fe5483c4e0
Trusted Zone: hotconference.com\www
FF - ProfilePath - c:\documents and settings\Mshome\Application Data\Mozilla\Firefox\Profiles\qaynw3wn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 15:37:13
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\gaopdxserv.sys]
"imagepath"="\systemroot\system32\drivers\gaopdxmpibmiqxdulnpmuqpxetidqvwpuwksvw.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a7,67,6b,db,55,66,b6,4c,b9,db,11,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a7,67,6b,db,55,66,b6,4c,b9,db,11,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\msiexec.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Heure de fin: 2009-03-20 15:40:00 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-20 14:39:57
Avant-CF: 21,198,479,360 octets libres
Après-CF: 21,274,943,488 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
Current=6 Default=6 Failed=0 LastKnownGood=8 Sets=2,3,4,5,6,7,8
367 --- E O F --- 2009-03-12 11:49:50
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Je voudrais savoir qui est ce qui t'a dit de faire combofix, moi ce que je veux c'est le rapport complet Smithfraud car celui que tu as mis n'est pas complet. Merci.
slt cela est bizarre en général c'est moi qui fais faire killfix
aurait t'il fais deux messages pour le même problème?
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\gaopdxserv.sys]
"imagepath"="\systemroot\system32\drivers\gaopdxmpibmiqxdulnpmuqpxetidqvwpuwksvw.sys"
aurait t'il fais deux messages pour le même problème?
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\gaopdxserv.sys]
"imagepath"="\systemroot\system32\drivers\gaopdxmpibmiqxdulnpmuqpxetidqvwpuwksvw.sys"
C'est peut être la même personne ici :
http://www.commentcamarche.net/forum/affich 11608485 probleme svchost exe erreur
http://www.commentcamarche.net/forum/affich 11610375 svchot exe
http://www.commentcamarche.net/forum/affich 11608485 probleme svchost exe erreur
http://www.commentcamarche.net/forum/affich 11610375 svchot exe
je te laisse finir
il reste dans combofix ceci a virer avec otmovit (ou je pense malwarebyte le vire)
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\gaopdxserv.sys]
"imagepath"="\systemroot\system32\drivers\gaopdxmpibmiqxdulnpmuqpxetidqvwpuwksvw.sys"
bonne suite
il reste dans combofix ceci a virer avec otmovit (ou je pense malwarebyte le vire)
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\gaopdxserv.sys]
"imagepath"="\systemroot\system32\drivers\gaopdxmpibmiqxdulnpmuqpxetidqvwpuwksvw.sys"
bonne suite
voila le rapport :
SmitFraudFix v2.405
Rapport fait à 15:13:16,58, 20/03/2009
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\svchost.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
Je fais quoi avec mon problème !
merci pour votre aide