Aide rapport combofix et hijackthis
adrien35STM
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour, si quelqu'un pouvait me fournir son aide sur ce rapport pour voir si tout va bien Merci.
Rapport Combofix:
ComboFix 08-11-13.01 - Adrien_2 2008-11-16 10:49:49.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1362 [GMT 1:00]
Lancé depuis: c:\documents and settings\Adrien_2\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Adrien_2\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-16 au 2008-11-16 ))))))))))))))))))))))))))))))))))))
.
2008-11-16 10:31 . 2008-11-16 10:31 <REP> d-------- c:\windows\LastGood
2008-11-15 14:32 . 2008-11-15 14:32 <REP> d-------- c:\documents and settings\Adrien_2\Application Data\Malwarebytes
2008-11-15 14:31 . 2008-11-15 14:31 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-15 14:31 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-15 14:31 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-15 11:23 . 2008-11-15 11:55 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-15 11:23 . 2008-11-15 12:01 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-14 22:08 . 2008-11-14 22:08 <REP> d-------- c:\windows\system32\SpycatcherAgentSetupTemp
2008-11-14 19:02 . 2008-11-14 19:02 <REP> d-------- c:\program files\Alwil Software
2008-11-13 20:30 . 2008-11-13 20:38 376 --a------ c:\windows\BricoPackFoldersDelete.cmd
2008-11-13 20:28 . 2008-11-13 20:28 <REP> d-------- c:\documents and settings\Adrien_2\Application Data\Talkback
2008-11-13 18:15 . 2008-11-13 18:15 5,522 --a------ c:\windows\system32\kxkbvflu.dll
2008-11-13 18:12 . 2008-11-13 18:12 5,522 --a------ c:\windows\system32\erjgfwhq.dll
2008-11-13 18:12 . 2008-11-13 18:12 5,522 --a------ c:\windows\system32\cphdryce.dll
2008-11-13 16:59 . 2008-11-13 16:59 5,522 --a------ c:\windows\system32\jorckayg.dll
2008-11-12 16:34 . 2008-11-12 16:34 5,522 --a------ c:\windows\system32\evujxidc.dll
2008-11-12 16:31 . 2008-11-12 16:31 5,522 --a------ c:\windows\system32\wtoubsgp.dll
2008-11-12 16:31 . 2008-11-12 16:31 5,522 --a------ c:\windows\system32\njtokdxt.dll
2008-11-04 18:28 . 2004-07-03 20:59 524,288 --a------ c:\windows\system32\xvidcore.dll
2008-11-04 18:28 . 2002-08-20 00:41 413,760 --a------ c:\windows\system32\mpg4c32.dll
2008-11-04 18:28 . 2003-05-21 23:50 261,632 --a------ c:\windows\system32\mcdvd_32.dll
2008-11-04 18:28 . 2003-05-21 23:50 156,910 --a------ c:\windows\WMSysPr8.prx
2008-11-04 18:28 . 2004-07-03 21:08 139,264 --a------ c:\windows\system32\xvidvfw.dll
2008-11-04 18:28 . 2003-05-21 23:50 82,944 --a------ c:\windows\system32\vct3216.acm
2008-11-04 18:28 . 2004-02-04 21:11 81,920 --a------ c:\windows\system32\AC3ACM.acm
2008-11-04 18:28 . 2004-09-06 16:06 53,248 --a------ c:\windows\system32\xvid.ax
2008-11-04 18:28 . 2003-05-21 23:50 38,912 --a------ c:\windows\system32\alf2cd.acm
2008-11-04 18:28 . 2000-03-14 20:55 13,239 --a------ c:\windows\system32\Scg726.acm
2008-11-04 18:16 . 2008-11-04 18:16 <REP> d-------- c:\documents and settings\Adrien_2\Application Data\AVS4YOU
2008-11-04 17:53 . 2008-11-04 17:54 67 --a------ c:\windows\AVIConverter.INI
2008-11-04 13:49 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-11-04 13:49 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2008-11-04 13:49 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2008-11-04 13:49 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll
2008-11-04 13:49 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll
2008-11-04 13:49 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll
2008-11-04 13:49 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll
2008-11-04 13:42 . 2008-11-04 18:54 <REP> d-------- c:\documents and settings\Adrien_2\Application Data\dvdcss
2008-11-04 13:20 . 2008-11-04 13:20 <REP> d-------- c:\documents and settings\All Users\Application Data\vsosdk
2008-11-04 13:13 . 2008-11-04 13:49 <REP> d-------- c:\program files\VSO
2008-11-04 13:13 . 2008-11-04 18:51 <REP> d-------- c:\documents and settings\Adrien_2\Application Data\Vso
2008-11-04 13:13 . 2008-11-04 13:49 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-11-04 13:13 . 2008-11-04 13:49 47,360 --a------ c:\documents and settings\Adrien_2\Application Data\pcouffin.sys
2008-11-04 13:09 . 2008-11-04 13:09 <REP> d-------- c:\program files\Kibisoft
2008-11-04 13:09 . 2008-11-04 13:10 <REP> d-------- c:\documents and settings\Adrien_2\Application Data\kibisoft
2008-11-04 12:56 . 2008-11-04 12:56 <REP> d-------- c:\program files\ESTsoft
2008-11-04 12:56 . 2008-11-14 18:57 <REP> d-------- c:\documents and settings\Adrien_2\Application Data\ESTsoft
2008-11-04 12:43 . 2008-11-04 12:43 <REP> d-------- c:\program files\Ahead
2008-10-24 11:51 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-16 11:23 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 11:23 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 11:23 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 11:23 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 11:23 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-16 11:23 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 09:50 --------- d-----w c:\documents and settings\Adrien_2\Application Data\uTorrent
2008-11-16 09:37 --------- d-----w c:\documents and settings\Adrien_2\Application Data\StarOffice8
2008-11-15 16:20 --------- d-----w c:\documents and settings\Propriétaire\Application Data\StarOffice8
2008-11-15 11:59 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-15 10:31 --------- d-----w c:\program files\Piratrax
2008-11-14 20:57 --------- d-----w c:\program files\a-squared Anti-Malware
2008-11-14 17:44 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-11-04 17:38 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2008-11-04 11:58 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-01 11:39 --------- d-----w c:\program files\Messenger Plus! Live
2008-09-27 14:51 --------- d-----w c:\program files\eRightSoft
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-08-26 14:53 65,112 -c--a-w c:\windows\BricoPackUninst.cmd
2008-08-26 14:53 219,648 ----a-w c:\windows\system32\uxtheme.dll
2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll
2008-05-22 19:28 848 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-11-15_15.40.13,45 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-26 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-03-07 492808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
StarOffice 8.lnk - c:\program files\Sun\StarOffice 8\program\quickstart.exe [2005-12-07 122880]
c:\documents and settings\Adrien_2\Menu D‚marrer\Programmes\D‚marrage\
StarOffice 8.lnk - c:\program files\Sun\StarOffice 8\program\quickstart.exe [2005-12-07 122880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-11-22 1121536]
S3 cusbohcn;cusbohcn;c:\docume~1\Adrien\LOCALS~1\Temp\cusbohcn.sys [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 10:52:23
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-11-16 10:53:49
ComboFix-quarantined-files.txt 2008-11-16 09:53:42
ComboFix2.txt 2008-11-15 14:40:57
Avant-CF: 27 751 313 408 octets libres
Après-CF: 27,739,668,480 octets libres
154 --- E O F --- 2008-10-24 17:39:59
Et le rapport HijackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:48, on 16/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\Adrien_2\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
Rapport Combofix:
ComboFix 08-11-13.01 - Adrien_2 2008-11-16 10:49:49.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1362 [GMT 1:00]
Lancé depuis: c:\documents and settings\Adrien_2\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Adrien_2\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-16 au 2008-11-16 ))))))))))))))))))))))))))))))))))))
.
2008-11-16 10:31 . 2008-11-16 10:31 <REP> d-------- c:\windows\LastGood
2008-11-15 14:32 . 2008-11-15 14:32 <REP> d-------- c:\documents and settings\Adrien_2\Application Data\Malwarebytes
2008-11-15 14:31 . 2008-11-15 14:31 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-15 14:31 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-15 14:31 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-15 11:23 . 2008-11-15 11:55 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-11-15 11:23 . 2008-11-15 12:01 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-14 22:08 . 2008-11-14 22:08 <REP> d-------- c:\windows\system32\SpycatcherAgentSetupTemp
2008-11-14 19:02 . 2008-11-14 19:02 <REP> d-------- c:\program files\Alwil Software
2008-11-13 20:30 . 2008-11-13 20:38 376 --a------ c:\windows\BricoPackFoldersDelete.cmd
2008-11-13 20:28 . 2008-11-13 20:28 <REP> d-------- c:\documents and settings\Adrien_2\Application Data\Talkback
2008-11-13 18:15 . 2008-11-13 18:15 5,522 --a------ c:\windows\system32\kxkbvflu.dll
2008-11-13 18:12 . 2008-11-13 18:12 5,522 --a------ c:\windows\system32\erjgfwhq.dll
2008-11-13 18:12 . 2008-11-13 18:12 5,522 --a------ c:\windows\system32\cphdryce.dll
2008-11-13 16:59 . 2008-11-13 16:59 5,522 --a------ c:\windows\system32\jorckayg.dll
2008-11-12 16:34 . 2008-11-12 16:34 5,522 --a------ c:\windows\system32\evujxidc.dll
2008-11-12 16:31 . 2008-11-12 16:31 5,522 --a------ c:\windows\system32\wtoubsgp.dll
2008-11-12 16:31 . 2008-11-12 16:31 5,522 --a------ c:\windows\system32\njtokdxt.dll
2008-11-04 18:28 . 2004-07-03 20:59 524,288 --a------ c:\windows\system32\xvidcore.dll
2008-11-04 18:28 . 2002-08-20 00:41 413,760 --a------ c:\windows\system32\mpg4c32.dll
2008-11-04 18:28 . 2003-05-21 23:50 261,632 --a------ c:\windows\system32\mcdvd_32.dll
2008-11-04 18:28 . 2003-05-21 23:50 156,910 --a------ c:\windows\WMSysPr8.prx
2008-11-04 18:28 . 2004-07-03 21:08 139,264 --a------ c:\windows\system32\xvidvfw.dll
2008-11-04 18:28 . 2003-05-21 23:50 82,944 --a------ c:\windows\system32\vct3216.acm
2008-11-04 18:28 . 2004-02-04 21:11 81,920 --a------ c:\windows\system32\AC3ACM.acm
2008-11-04 18:28 . 2004-09-06 16:06 53,248 --a------ c:\windows\system32\xvid.ax
2008-11-04 18:28 . 2003-05-21 23:50 38,912 --a------ c:\windows\system32\alf2cd.acm
2008-11-04 18:28 . 2000-03-14 20:55 13,239 --a------ c:\windows\system32\Scg726.acm
2008-11-04 18:16 . 2008-11-04 18:16 <REP> d-------- c:\documents and settings\Adrien_2\Application Data\AVS4YOU
2008-11-04 17:53 . 2008-11-04 17:54 67 --a------ c:\windows\AVIConverter.INI
2008-11-04 13:49 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-11-04 13:49 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2008-11-04 13:49 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2008-11-04 13:49 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll
2008-11-04 13:49 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll
2008-11-04 13:49 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll
2008-11-04 13:49 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll
2008-11-04 13:42 . 2008-11-04 18:54 <REP> d-------- c:\documents and settings\Adrien_2\Application Data\dvdcss
2008-11-04 13:20 . 2008-11-04 13:20 <REP> d-------- c:\documents and settings\All Users\Application Data\vsosdk
2008-11-04 13:13 . 2008-11-04 13:49 <REP> d-------- c:\program files\VSO
2008-11-04 13:13 . 2008-11-04 18:51 <REP> d-------- c:\documents and settings\Adrien_2\Application Data\Vso
2008-11-04 13:13 . 2008-11-04 13:49 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-11-04 13:13 . 2008-11-04 13:49 47,360 --a------ c:\documents and settings\Adrien_2\Application Data\pcouffin.sys
2008-11-04 13:09 . 2008-11-04 13:09 <REP> d-------- c:\program files\Kibisoft
2008-11-04 13:09 . 2008-11-04 13:10 <REP> d-------- c:\documents and settings\Adrien_2\Application Data\kibisoft
2008-11-04 12:56 . 2008-11-04 12:56 <REP> d-------- c:\program files\ESTsoft
2008-11-04 12:56 . 2008-11-14 18:57 <REP> d-------- c:\documents and settings\Adrien_2\Application Data\ESTsoft
2008-11-04 12:43 . 2008-11-04 12:43 <REP> d-------- c:\program files\Ahead
2008-10-24 11:51 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-16 11:23 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 11:23 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 11:23 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 11:23 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 11:23 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-16 11:23 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 09:50 --------- d-----w c:\documents and settings\Adrien_2\Application Data\uTorrent
2008-11-16 09:37 --------- d-----w c:\documents and settings\Adrien_2\Application Data\StarOffice8
2008-11-15 16:20 --------- d-----w c:\documents and settings\Propriétaire\Application Data\StarOffice8
2008-11-15 11:59 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-15 10:31 --------- d-----w c:\program files\Piratrax
2008-11-14 20:57 --------- d-----w c:\program files\a-squared Anti-Malware
2008-11-14 17:44 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-11-04 17:38 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2008-11-04 11:58 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-01 11:39 --------- d-----w c:\program files\Messenger Plus! Live
2008-09-27 14:51 --------- d-----w c:\program files\eRightSoft
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-08-26 14:53 65,112 -c--a-w c:\windows\BricoPackUninst.cmd
2008-08-26 14:53 219,648 ----a-w c:\windows\system32\uxtheme.dll
2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll
2008-05-22 19:28 848 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-11-15_15.40.13,45 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-26 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-03-07 492808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
StarOffice 8.lnk - c:\program files\Sun\StarOffice 8\program\quickstart.exe [2005-12-07 122880]
c:\documents and settings\Adrien_2\Menu D‚marrer\Programmes\D‚marrage\
StarOffice 8.lnk - c:\program files\Sun\StarOffice 8\program\quickstart.exe [2005-12-07 122880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-11-22 1121536]
S3 cusbohcn;cusbohcn;c:\docume~1\Adrien\LOCALS~1\Temp\cusbohcn.sys [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 10:52:23
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-11-16 10:53:49
ComboFix-quarantined-files.txt 2008-11-16 09:53:42
ComboFix2.txt 2008-11-15 14:40:57
Avant-CF: 27 751 313 408 octets libres
Après-CF: 27,739,668,480 octets libres
154 --- E O F --- 2008-10-24 17:39:59
Et le rapport HijackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:48, on 16/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\Adrien_2\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
A voir également:
- Aide rapport combofix et hijackthis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Plan rapport de stage - Guide
- Rapport de crash windows - Guide
- Impression rapport de stage ✓ - Forum Word
- Modifier rapport d'échelle pdf xchange viewer ✓ - Forum PDF
1 réponse
slt
analyse ces fichiers sur virus total et dis lesquels sont considérés comme infectés ou font 0 size:
https://www.virustotal.com/gui/
c:\windows\system32\kxkbvflu.dll
c:\windows\system32\erjgfwhq.dll
c:\windows\system32\cphdryce.dll
c:\windows\system32\jorckayg.dll
c:\windows\system32\evujxidc.dll
c:\windows\system32\wtoubsgp.dll
c:\windows\system32\njtokdxt.dll
analyse ces fichiers sur virus total et dis lesquels sont considérés comme infectés ou font 0 size:
https://www.virustotal.com/gui/
c:\windows\system32\kxkbvflu.dll
c:\windows\system32\erjgfwhq.dll
c:\windows\system32\cphdryce.dll
c:\windows\system32\jorckayg.dll
c:\windows\system32\evujxidc.dll
c:\windows\system32\wtoubsgp.dll
c:\windows\system32\njtokdxt.dll
