Rapport Hijack This : comment supprimer les entrées néfastes ?
Dernière réponse : dans Sécurité
Bonsoir,
je viens de faire un test avec HiJack this, et je l'ai analysé sur : http://www.hijackthis.de/fr#anl
Je l'ai fait car j'ai eu plusieurs soucis :
- une fois une veille, je ne peux pas le sortir de veille mon PC, je suis obligé de le débrancher.
- Une pub s'affiche à chaque nouvelle page qui s'affiche dans mon navigateur.
- Tout à l'heure, mes serveurs DNS étaient effacés (plus de connexion).
- Au démarrage, mon PC m'indique qu'il ne peut pas ouvrir le fichier 3BD.tmp
j'ai déjà fais des scans : Antivir et S&D, j'ai supprimé :
- \AppData\Local\Temp\tmp1BFA.tmp
[DETECTION] Is the TR/Passcrack.B Trojan
- \AppData\Local\Temp\tmp9EEF.tmp
[DETECTION] Is the TR/Dldr.Agent.ahcg.14 Trojan
- \System32\kdzzd.exe
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
- [DETECTION] Is the TR/Dldr.Small.bws.20 Trojan
- TR/Crypt.XPACK.Gen [trojan]'
detected in file 'E:\resycled\boot.com.
- TR/Crypt.XPACK.Gen [trojan]
-D:\resycled\boot.com.
- C:\resycled\boot.com
- C:\Windows\Temp\301.tmp.
Et encore plein d'autres !
Voici mon rapport Hijack This, si quelqu'un pouvait m'aider, et notamment me dire comment supprimer 3BD.tmp et kdzzd.exe , ainsi que les autres.
Merci.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:53, on 07/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [3BD.tmp] C:\Windows\temp\3BD.tmp
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{40BA7110-5BEA-48B5-9865-F12FC04175F0}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - E:\xampplite\apache\bin\apache.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: mysql - Unknown owner - E:\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdzzd.exe (file missing)
--
End of file - 7157 bytes
je viens de faire un test avec HiJack this, et je l'ai analysé sur : http://www.hijackthis.de/fr#anl
Je l'ai fait car j'ai eu plusieurs soucis :
- une fois une veille, je ne peux pas le sortir de veille mon PC, je suis obligé de le débrancher.
- Une pub s'affiche à chaque nouvelle page qui s'affiche dans mon navigateur.
- Tout à l'heure, mes serveurs DNS étaient effacés (plus de connexion).
- Au démarrage, mon PC m'indique qu'il ne peut pas ouvrir le fichier 3BD.tmp
j'ai déjà fais des scans : Antivir et S&D, j'ai supprimé :
- \AppData\Local\Temp\tmp1BFA.tmp
[DETECTION] Is the TR/Passcrack.B Trojan
- \AppData\Local\Temp\tmp9EEF.tmp
[DETECTION] Is the TR/Dldr.Agent.ahcg.14 Trojan
- \System32\kdzzd.exe
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
- [DETECTION] Is the TR/Dldr.Small.bws.20 Trojan
- TR/Crypt.XPACK.Gen [trojan]'
detected in file 'E:\resycled\boot.com.
- TR/Crypt.XPACK.Gen [trojan]
-D:\resycled\boot.com.
- C:\resycled\boot.com
- C:\Windows\Temp\301.tmp.
Et encore plein d'autres !
Voici mon rapport Hijack This, si quelqu'un pouvait m'aider, et notamment me dire comment supprimer 3BD.tmp et kdzzd.exe , ainsi que les autres.
Merci.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:53, on 07/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [3BD.tmp] C:\Windows\temp\3BD.tmp
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{40BA7110-5BEA-48B5-9865-F12FC04175F0}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - E:\xampplite\apache\bin\apache.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: mysql - Unknown owner - E:\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdzzd.exe (file missing)
--
End of file - 7157 bytes
Autres pages sur : rapport hijack this supprimer entrees nefastes
Lassé par la pub ? Créez un compte
Ok.
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Voilà le rapport de MalwareByte's Anti-Malware :
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1374
Windows 6.0.6001 Service Pack 1
08/11/2008 21:38:40
mbam-log-2008-11-08 (21-38-40).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 154347
Temps écoulé: 20 minute(s), 21 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Tribute Service (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sexvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1374
Windows 6.0.6001 Service Pack 1
08/11/2008 21:38:40
mbam-log-2008-11-08 (21-38-40).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 154347
Temps écoulé: 20 minute(s), 21 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Tribute Service (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sexvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Et voici le nouveau rapport Hijack this :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43:40, on 08/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{40BA7110-5BEA-48B5-9865-F12FC04175F0}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - E:\xampplite\apache\bin\apache.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: mysql - Unknown owner - E:\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 7036 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43:40, on 08/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{40BA7110-5BEA-48B5-9865-F12FC04175F0}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - E:\xampplite\apache\bin\apache.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: mysql - Unknown owner - E:\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 7036 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:46, on 09/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\eMule\eMule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{40BA7110-5BEA-48B5-9865-F12FC04175F0}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - E:\xampplite\apache\bin\apache.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: mysql - Unknown owner - E:\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 7025 bytes
Scan saved at 15:56:46, on 09/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\eMule\eMule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{40BA7110-5BEA-48B5-9865-F12FC04175F0}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - E:\xampplite\apache\bin\apache.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: mysql - Unknown owner - E:\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 7025 bytes
Re,
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
De quoi pense tu que mon PC est infecté ?
Après avoir exécuté ComboFix, ma "passerelle par défaut" de ma connexion était effacée. Je l'ai remise pour avoir accès à internet.
Voilà le rapport et merci pour ce que tu fais !
ComboFix 08-11-07.01 - Spydeus 2008-11-09 19:06:58.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.931 [GMT 1:00]
Lancé depuis: d:\logiciels\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
E:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FILEMON
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-09 au 2008-11-09 ))))))))))))))))))))))))))))))))))))
.
2008-11-08 21:08 . 2008-11-08 21:08 <REP> d-------- c:\users\Spydeus\AppData\Roaming\Malwarebytes
2008-11-08 21:08 . 2008-11-08 21:08 <REP> d-------- c:\users\All Users\Malwarebytes
2008-11-08 21:08 . 2008-11-08 21:08 <REP> d-------- c:\programdata\Malwarebytes
2008-11-08 21:08 . 2008-11-08 21:08 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-08 21:08 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-08 21:08 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-08 01:26 . 2008-11-08 01:26 250 --a------ c:\windows\gmer.ini
2008-11-08 01:23 . 2008-11-08 01:23 <REP> d-------- c:\program files\Zone Labs
2008-11-08 01:23 . 2008-03-03 15:05 1,086,952 --a------ c:\windows\System32\zpeng24.dll
2008-11-08 01:23 . 2008-03-03 15:05 54,672 --a------ c:\windows\System32\vsutil_loc040c.dll
2008-11-08 01:23 . 2008-11-08 01:23 5,571 --a------ c:\windows\System32\vsconfig.xml
2008-11-08 01:22 . 2008-11-08 01:23 <REP> d-------- c:\windows\System32\ZoneLabs
2008-11-08 01:22 . 2008-11-08 01:22 <REP> d-------- c:\users\All Users\CheckPoint
2008-11-08 01:22 . 2008-11-08 01:22 <REP> d-------- c:\programdata\CheckPoint
2008-11-08 01:22 . 2008-11-09 19:13 352,615 --ah----- c:\windows\System32\drivers\vsconfig.xml
2008-11-08 01:22 . 2008-03-03 15:06 279,440 --------- c:\windows\System32\drivers\vsdatant.sys
2008-11-08 01:22 . 2008-03-03 15:06 279,440 --a------ c:\windows\System32\drivers\~GLH0014.TMP
2008-11-08 01:21 . 2008-11-09 18:58 <REP> d-------- c:\windows\Internet Logs
2008-11-08 01:17 . 2008-11-08 01:17 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-07 21:55 . 2008-11-07 21:55 <REP> d-------- c:\program files\Trend Micro
2008-11-07 19:06 . 2008-11-07 19:06 88 --a------ c:\windows\wininit.ini
2008-11-07 18:47 . 2008-11-07 18:47 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-07 18:47 . 2008-11-07 18:47 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-06 19:58 . 2008-11-06 19:58 <REP> d-------- c:\program files\@stake
2008-11-06 19:58 . 2002-02-05 10:59 599,800 --a------ c:\windows\System32\Cfx4032.ocx
2008-11-06 19:58 . 2001-10-08 08:46 136,976 --a------ c:\windows\System32\SfxBar.dll
2008-11-05 11:40 . 2008-11-05 11:40 <REP> d-------- c:\program files\MSXML 4.0
2008-11-05 11:40 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-11-05 11:40 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-11-05 11:40 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-11-04 16:58 . 2002-12-16 18:11 26,120 --a------ c:\windows\System32\drivers\SNTNLUSB.SYS
2008-11-04 16:49 . 2008-11-04 16:50 <REP> d-------- c:\users\Spydeus\AppData\Roaming\Nero
2008-11-04 15:16 . 2008-11-04 15:16 4,767 --a------ c:\windows\Irremote.ini
2008-11-04 15:02 . 2008-11-04 15:08 <REP> d-------- c:\users\All Users\Nero
2008-11-04 15:02 . 2008-11-04 15:08 <REP> d-------- c:\programdata\Nero
2008-11-04 15:02 . 2008-11-04 15:15 <REP> d-------- c:\program files\Nero
2008-11-04 15:02 . 2008-11-04 15:27 <REP> d-------- c:\program files\Common Files\Nero
2008-11-01 18:15 . 2008-11-01 18:15 <REP> d-------- c:\windows\System32\AGEIA
2008-11-01 18:15 . 2008-11-01 18:15 <REP> d-------- c:\program files\AGEIA Technologies
2008-10-21 19:52 . 2008-10-21 19:55 139,264 --a------ c:\windows\War3Unin.exe
2008-10-21 19:52 . 2008-10-21 19:56 76,468 --a------ c:\windows\War3Unin.dat
2008-10-21 19:52 . 2008-10-21 19:55 2,829 --a------ c:\windows\War3Unin.pif
2008-10-21 19:51 . 2008-11-03 15:52 <REP> d-------- c:\program files\Warcraft III
2008-10-19 11:49 . 2008-07-22 08:48 3,658,752 --a------ c:\windows\System32\drivers\NETw5v32.sys
2008-10-19 11:49 . 2008-07-22 08:48 2,756,608 --a------ c:\windows\System32\NETw5r32.dll
2008-10-19 11:49 . 2008-07-22 08:48 659,456 --a------ c:\windows\System32\NETw5c32.dll
2008-10-18 11:37 . 1997-04-08 19:08 299,520 --a------ c:\windows\uninst.exe
2008-10-18 11:37 . 1996-11-06 20:11 69,632 --a------ c:\windows\RAUNINST.EXE
2008-10-13 09:56 . 2008-10-13 09:56 70,936 --a------ c:\windows\System32\PhysXLoader.dll
2008-10-12 10:29 . 2008-10-12 10:29 3,734,536 --a------ c:\windows\System32\d3dx9_36.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 18:14 32,061 ----a-w c:\users\All Users\nvModes.dat
2008-11-09 18:14 32,061 ----a-w c:\programdata\nvModes.dat
2008-11-08 20:10 --------- d-----w c:\users\Spydeus\AppData\Roaming\Azureus
2008-11-08 00:17 --------- d-----w c:\program files\Java
2008-11-07 21:40 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-11-07 21:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-06 17:12 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-03 17:38 --------- d-----w c:\program files\Azureus
2008-11-02 11:32 --------- d-----w c:\programdata\NVIDIA
2008-11-01 17:14 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-01 11:08 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-01 11:08 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
2008-10-22 15:55 453,152 ----a-w c:\windows\System32\NVUNINST.EXE
2008-10-18 11:56 --------- d-----w c:\program files\EA Games
2008-10-17 07:00 --------- d-----w c:\program files\Windows Mail
2008-10-16 16:37 --------- d-----w c:\programdata\Microsoft Help
2008-10-12 19:12 --------- d-----w c:\programdata\Messenger Plus!
2008-10-04 19:07 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-10-04 19:07 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2008-10-04 15:32 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-10-04 15:31 22,328 ----a-w c:\users\Spydeus\AppData\Roaming\PnkBstrK.sys
2008-10-04 15:10 --------- d-----w c:\program files\Activision
2008-10-04 13:54 --------- d-----w c:\program files\Realtek
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-28 18:31 --------- d-----w c:\users\Spydeus\AppData\Roaming\FileZilla
2008-09-23 16:58 --------- d-----w c:\program files\FileZilla FTP Client
2008-09-20 12:32 --------- d-----w c:\program files\Bradbury
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-13 19:27 --------- d-----w c:\users\Spydeus\AppData\Roaming\GetRightToGo
2008-08-26 12:21 174 --sha-w c:\program files\desktop.ini
2008-08-26 11:53 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-08-26 11:53 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-08-25 22:48 269,312 ----a-w c:\windows\System32\es.dll
2008-08-25 22:30 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-08-25 22:30 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-08-25 22:30 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-08-25 22:30 272,896 ----a-w c:\windows\System32\polstore.dll
2008-08-25 22:23 2,048 ----a-w c:\windows\System32\tzres.dll
2008-08-25 22:12 181,760 ----a-w c:\windows\System32\fsquirt.exe
2008-08-25 22:10 988,216 ----a-w c:\windows\System32\winload.exe
2008-08-25 22:10 927,288 ----a-w c:\windows\System32\winresume.exe
2008-08-25 22:10 615,992 ----a-w c:\windows\System32\ci.dll
2008-08-25 22:10 6,656 ----a-w c:\windows\System32\kbd106n.dll
2008-08-25 22:10 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2008-08-25 22:10 40,960 ----a-w c:\windows\System32\srclient.dll
2008-08-25 22:10 378,368 ----a-w c:\windows\System32\srcore.dll
2008-08-25 22:10 318,464 ----a-w c:\windows\System32\rstrui.exe
2008-08-25 22:10 19,000 ----a-w c:\windows\System32\kd1394.dll
2008-08-25 22:10 14,848 ----a-w c:\windows\System32\srdelayed.exe
2008-08-25 22:07 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-08-25 22:07 295,936 ----a-w c:\windows\System32\gdi32.dll
2008-08-25 22:07 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-08-25 22:05 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-08-25 22:04 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-08-25 22:03 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-08-25 22:03 738,304 ----a-w c:\windows\System32\inetcomm.dll
2008-08-25 22:02 1,314,816 ----a-w c:\windows\System32\quartz.dll
2008-08-25 20:39 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-08-25 20:39 315,392 ----a-w c:\windows\HideWin.exe
2008-08-25 20:22 1,700,352 ----a-w c:\windows\System32\gdiplus.dll
2008-08-25 20:16 355,584 ----a-w c:\windows\System32\TuneUpDefragService.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-11-06 10:46 2854912 --a------ c:\program files\Protector Suite QL\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-11-06 10:46 2854912 --a------ c:\program files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-11-06 49168]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-09-19 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-09-19 33048]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-19 894512]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-10-11 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-10-11 712704]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-08-27 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-08 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-22 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-22 92704]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ColorVisionStartup.lnk - c:\program files\ColorVision\Utility\ColorVisionStartup.exe [2007-02-13 385024]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-25 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-11-06 10:34 52224 c:\windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"OODefragTray"=c:\windows\system32\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1088973826-1489363509-1024585940-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8A73A9F0-15A8-463B-A7FD-8E651B39384D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{5024BD4A-EBF9-4861-86BD-0A93EE375169}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{3F3259D1-A1A7-44AB-8217-4541D3C9FF09}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{DE0C3553-824E-4C98-8585-956E3A52DDA7}c:\\program files\\homeplayer\\homeplayer.exe"= UDP:c:\program files\homeplayer\homeplayer.exe:HomePlayer
"UDP Query User{D8453335-DD22-46B9-A4D6-194F7D2B4765}c:\\program files\\homeplayer\\homeplayer.exe"= TCP:c:\program files\homeplayer\homeplayer.exe:HomePlayer
"TCP Query User{3C0B9FE5-62E4-4ED2-83D4-0F1E89603DB2}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{5F9931DF-317D-4CDC-A3FA-7B57B597600E}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{0B37A813-FBB2-4A0E-820D-A409A27ABDCF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{65D01035-A3F6-4481-90B9-C9974CD18EDB}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{22F19241-0EA3-46F5-9B24-A6995ACC02CD}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{4B47A02E-D38D-4CCF-8FD2-C4E0888765ED}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{1BD8718D-580C-4D8B-9392-6C9CDFCFFDF0}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{B395FBAB-549D-4815-BDCA-0B6E087CC13E}e:\\xampplite\\apache\\bin\\apache.exe"= UDP:e:\xampplite\apache\bin\apache.exe:Apache HTTP Server
"UDP Query User{212BAFD4-E908-4725-AE8C-C029B2BCE39F}e:\\xampplite\\apache\\bin\\apache.exe"= TCP:e:\xampplite\apache\bin\apache.exe:Apache HTTP Server
"TCP Query User{FBDA6DED-737F-4A13-933A-215DD74AC2AC}c:\\program files\\filezilla ftp client\\filezilla.exe"= UDP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"UDP Query User{8D4B0ED4-045D-4CC1-9C02-B8111FE8FEC8}c:\\program files\\filezilla ftp client\\filezilla.exe"= TCP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"{1C874559-0990-4F12-9A0B-54C872447073}"= UDP:c:\windows\System32\PnkBstrA.exe![:p]( ":p")
nkBstrA
"{CE439526-F4E6-49F0-9D93-5EF4BBED991C}"= TCP:c:\windows\System32\PnkBstrA.exe![:p]( ":p")
nkBstrA
"{89E0738E-1289-4615-9175-EE8EB4074B07}"= UDP:c:\windows\System32\PnkBstrB.exe![:p]( ":p")
nkBstrB
"{ECC8B59B-489E-4437-B33E-695B3F8B7875}"= TCP:c:\windows\System32\PnkBstrB.exe![:p]( ":p")
nkBstrB
"{B3C8DC6F-31EE-4C21-BAED-B6584FDA2EF9}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{80F09A5F-8585-4413-BD8C-64C5A30F802F}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{90363E87-B6B2-4EB3-A28A-C8725AF5CBB4}c:\\program files\\ea games\\command and conquer generals\\game.dat"= UDP:c:\program files\ea games\command and conquer generals\game.dat:game
"UDP Query User{0C5DEEA1-EF34-4784-AB80-43C32899B1C8}c:\\program files\\ea games\\command and conquer generals\\game.dat"= TCP:c:\program files\ea games\command and conquer generals\game.dat:game
"TCP Query User{1ED29984-F37D-4B0F-9BE6-746C63AA1189}c:\\users\\spydeus\\desktop\\cs lan\\hl.exe"= UDP:c:\users\spydeus\desktop\cs lan\hl.exe:hl.exe
"UDP Query User{0DB0BC91-3E03-4370-A943-E360345B1959}c:\\users\\spydeus\\desktop\\cs lan\\hl.exe"= TCP:c:\users\spydeus\desktop\cs lan\hl.exe:hl.exe
"TCP Query User{9213CE5E-AD54-4C18-8D6D-628AE284532C}c:\\program files\\counter-strike source lan edition\\hl2.exe"= UDP:c:\program files\counter-strike source lan edition\hl2.exe:hl2
"UDP Query User{CA16E1E1-B47A-41CE-8467-E5168711476F}c:\\program files\\counter-strike source lan edition\\hl2.exe"= TCP:c:\program files\counter-strike source lan edition\hl2.exe:hl2
"{9E6F6008-DD2D-48BD-8EDF-86B17A5879AF}"= UDP:c:\windows\System32\PnkBstrA.exe![:p]( ":p")
nkBstrA
"{A20F6569-6874-4EBD-A315-08BA02F4EBE5}"= TCP:c:\windows\System32\PnkBstrA.exe![:p]( ":p")
nkBstrA
"{3D0C8723-E42C-43CC-8161-58EDF289BAD6}"= UDP:c:\windows\System32\PnkBstrB.exe![:p]( ":p")
nkBstrB
"{550DA8B6-6825-4F53-B262-0C002C33D547}"= TCP:c:\windows\System32\PnkBstrB.exe![:p]( ":p")
nkBstrB
"TCP Query User{77846425-42B4-4204-A3FC-09A30134A62A}c:\\program files\\homeplayer\\homeplayer.exe"= UDP:c:\program files\homeplayer\homeplayer.exe:HomePlayer
"UDP Query User{6194ED79-47F6-40FC-BF46-D6DFC05A806C}c:\\program files\\homeplayer\\homeplayer.exe"= TCP:c:\program files\homeplayer\homeplayer.exe:HomePlayer
"TCP Query User{CF8C3FA1-ED18-4FDD-B811-11EF87F2EC88}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{5BC4FA20-F8EC-4A0E-91F9-073C5A479F41}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{E4C293D7-4640-41C0-9D07-0AFDBB7F33EE}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{A8C352A2-5805-47B1-A37D-6B553070A396}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-09-19 210432]
R2 Apache2.2;Apache2.2;e:\xampplite\apache\bin\apache.exe [2008-06-14 17408]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-07-22 3658752]
S3 Spyder2;ColorVision Spyder2;c:\windows\system32\DRIVERS\Spyder2.sys [2007-01-17 12288]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-08-25 355584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
2008-11-09 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23]
2008-11-08 c:\windows\Tasks\User_Feed_Synchronization-{C49735F2-A09E-4388-B0AB-E080B6B97507}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\Spydeus\AppData\Roaming\Mozilla\Firefox\Profiles\r4kg4vo1.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://portail.free.fr/
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 19:14:54
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
e:\xampplite\mysql\bin\mysqld-nt.exe
c:\windows\System32\oodag.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\windows\System32\conime.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Heure de fin: 2008-11-09 19:17:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-09 18:17:09
Avant-CF: 29 581 856 768 octets libres
Après-CF: 29,217,275,904 octets libres
295 --- E O F --- 2008-11-08 00:08:20
Après avoir exécuté ComboFix, ma "passerelle par défaut" de ma connexion était effacée. Je l'ai remise pour avoir accès à internet.
Voilà le rapport et merci pour ce que tu fais !
ComboFix 08-11-07.01 - Spydeus 2008-11-09 19:06:58.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.931 [GMT 1:00]
Lancé depuis: d:\logiciels\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
E:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FILEMON
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-09 au 2008-11-09 ))))))))))))))))))))))))))))))))))))
.
2008-11-08 21:08 . 2008-11-08 21:08 <REP> d-------- c:\users\Spydeus\AppData\Roaming\Malwarebytes
2008-11-08 21:08 . 2008-11-08 21:08 <REP> d-------- c:\users\All Users\Malwarebytes
2008-11-08 21:08 . 2008-11-08 21:08 <REP> d-------- c:\programdata\Malwarebytes
2008-11-08 21:08 . 2008-11-08 21:08 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-08 21:08 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-08 21:08 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-08 01:26 . 2008-11-08 01:26 250 --a------ c:\windows\gmer.ini
2008-11-08 01:23 . 2008-11-08 01:23 <REP> d-------- c:\program files\Zone Labs
2008-11-08 01:23 . 2008-03-03 15:05 1,086,952 --a------ c:\windows\System32\zpeng24.dll
2008-11-08 01:23 . 2008-03-03 15:05 54,672 --a------ c:\windows\System32\vsutil_loc040c.dll
2008-11-08 01:23 . 2008-11-08 01:23 5,571 --a------ c:\windows\System32\vsconfig.xml
2008-11-08 01:22 . 2008-11-08 01:23 <REP> d-------- c:\windows\System32\ZoneLabs
2008-11-08 01:22 . 2008-11-08 01:22 <REP> d-------- c:\users\All Users\CheckPoint
2008-11-08 01:22 . 2008-11-08 01:22 <REP> d-------- c:\programdata\CheckPoint
2008-11-08 01:22 . 2008-11-09 19:13 352,615 --ah----- c:\windows\System32\drivers\vsconfig.xml
2008-11-08 01:22 . 2008-03-03 15:06 279,440 --------- c:\windows\System32\drivers\vsdatant.sys
2008-11-08 01:22 . 2008-03-03 15:06 279,440 --a------ c:\windows\System32\drivers\~GLH0014.TMP
2008-11-08 01:21 . 2008-11-09 18:58 <REP> d-------- c:\windows\Internet Logs
2008-11-08 01:17 . 2008-11-08 01:17 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-07 21:55 . 2008-11-07 21:55 <REP> d-------- c:\program files\Trend Micro
2008-11-07 19:06 . 2008-11-07 19:06 88 --a------ c:\windows\wininit.ini
2008-11-07 18:47 . 2008-11-07 18:47 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-07 18:47 . 2008-11-07 18:47 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-06 19:58 . 2008-11-06 19:58 <REP> d-------- c:\program files\@stake
2008-11-06 19:58 . 2002-02-05 10:59 599,800 --a------ c:\windows\System32\Cfx4032.ocx
2008-11-06 19:58 . 2001-10-08 08:46 136,976 --a------ c:\windows\System32\SfxBar.dll
2008-11-05 11:40 . 2008-11-05 11:40 <REP> d-------- c:\program files\MSXML 4.0
2008-11-05 11:40 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-11-05 11:40 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-11-05 11:40 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-11-04 16:58 . 2002-12-16 18:11 26,120 --a------ c:\windows\System32\drivers\SNTNLUSB.SYS
2008-11-04 16:49 . 2008-11-04 16:50 <REP> d-------- c:\users\Spydeus\AppData\Roaming\Nero
2008-11-04 15:16 . 2008-11-04 15:16 4,767 --a------ c:\windows\Irremote.ini
2008-11-04 15:02 . 2008-11-04 15:08 <REP> d-------- c:\users\All Users\Nero
2008-11-04 15:02 . 2008-11-04 15:08 <REP> d-------- c:\programdata\Nero
2008-11-04 15:02 . 2008-11-04 15:15 <REP> d-------- c:\program files\Nero
2008-11-04 15:02 . 2008-11-04 15:27 <REP> d-------- c:\program files\Common Files\Nero
2008-11-01 18:15 . 2008-11-01 18:15 <REP> d-------- c:\windows\System32\AGEIA
2008-11-01 18:15 . 2008-11-01 18:15 <REP> d-------- c:\program files\AGEIA Technologies
2008-10-21 19:52 . 2008-10-21 19:55 139,264 --a------ c:\windows\War3Unin.exe
2008-10-21 19:52 . 2008-10-21 19:56 76,468 --a------ c:\windows\War3Unin.dat
2008-10-21 19:52 . 2008-10-21 19:55 2,829 --a------ c:\windows\War3Unin.pif
2008-10-21 19:51 . 2008-11-03 15:52 <REP> d-------- c:\program files\Warcraft III
2008-10-19 11:49 . 2008-07-22 08:48 3,658,752 --a------ c:\windows\System32\drivers\NETw5v32.sys
2008-10-19 11:49 . 2008-07-22 08:48 2,756,608 --a------ c:\windows\System32\NETw5r32.dll
2008-10-19 11:49 . 2008-07-22 08:48 659,456 --a------ c:\windows\System32\NETw5c32.dll
2008-10-18 11:37 . 1997-04-08 19:08 299,520 --a------ c:\windows\uninst.exe
2008-10-18 11:37 . 1996-11-06 20:11 69,632 --a------ c:\windows\RAUNINST.EXE
2008-10-13 09:56 . 2008-10-13 09:56 70,936 --a------ c:\windows\System32\PhysXLoader.dll
2008-10-12 10:29 . 2008-10-12 10:29 3,734,536 --a------ c:\windows\System32\d3dx9_36.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 18:14 32,061 ----a-w c:\users\All Users\nvModes.dat
2008-11-09 18:14 32,061 ----a-w c:\programdata\nvModes.dat
2008-11-08 20:10 --------- d-----w c:\users\Spydeus\AppData\Roaming\Azureus
2008-11-08 00:17 --------- d-----w c:\program files\Java
2008-11-07 21:40 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-11-07 21:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-06 17:12 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-03 17:38 --------- d-----w c:\program files\Azureus
2008-11-02 11:32 --------- d-----w c:\programdata\NVIDIA
2008-11-01 17:14 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-01 11:08 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-01 11:08 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
2008-10-22 15:55 453,152 ----a-w c:\windows\System32\NVUNINST.EXE
2008-10-18 11:56 --------- d-----w c:\program files\EA Games
2008-10-17 07:00 --------- d-----w c:\program files\Windows Mail
2008-10-16 16:37 --------- d-----w c:\programdata\Microsoft Help
2008-10-12 19:12 --------- d-----w c:\programdata\Messenger Plus!
2008-10-04 19:07 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-10-04 19:07 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2008-10-04 15:32 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-10-04 15:31 22,328 ----a-w c:\users\Spydeus\AppData\Roaming\PnkBstrK.sys
2008-10-04 15:10 --------- d-----w c:\program files\Activision
2008-10-04 13:54 --------- d-----w c:\program files\Realtek
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-28 18:31 --------- d-----w c:\users\Spydeus\AppData\Roaming\FileZilla
2008-09-23 16:58 --------- d-----w c:\program files\FileZilla FTP Client
2008-09-20 12:32 --------- d-----w c:\program files\Bradbury
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-13 19:27 --------- d-----w c:\users\Spydeus\AppData\Roaming\GetRightToGo
2008-08-26 12:21 174 --sha-w c:\program files\desktop.ini
2008-08-26 11:53 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-08-26 11:53 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-08-25 22:48 269,312 ----a-w c:\windows\System32\es.dll
2008-08-25 22:30 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-08-25 22:30 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-08-25 22:30 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-08-25 22:30 272,896 ----a-w c:\windows\System32\polstore.dll
2008-08-25 22:23 2,048 ----a-w c:\windows\System32\tzres.dll
2008-08-25 22:12 181,760 ----a-w c:\windows\System32\fsquirt.exe
2008-08-25 22:10 988,216 ----a-w c:\windows\System32\winload.exe
2008-08-25 22:10 927,288 ----a-w c:\windows\System32\winresume.exe
2008-08-25 22:10 615,992 ----a-w c:\windows\System32\ci.dll
2008-08-25 22:10 6,656 ----a-w c:\windows\System32\kbd106n.dll
2008-08-25 22:10 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2008-08-25 22:10 40,960 ----a-w c:\windows\System32\srclient.dll
2008-08-25 22:10 378,368 ----a-w c:\windows\System32\srcore.dll
2008-08-25 22:10 318,464 ----a-w c:\windows\System32\rstrui.exe
2008-08-25 22:10 19,000 ----a-w c:\windows\System32\kd1394.dll
2008-08-25 22:10 14,848 ----a-w c:\windows\System32\srdelayed.exe
2008-08-25 22:07 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-08-25 22:07 295,936 ----a-w c:\windows\System32\gdi32.dll
2008-08-25 22:07 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-08-25 22:05 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-08-25 22:04 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-08-25 22:03 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-08-25 22:03 738,304 ----a-w c:\windows\System32\inetcomm.dll
2008-08-25 22:02 1,314,816 ----a-w c:\windows\System32\quartz.dll
2008-08-25 20:39 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-08-25 20:39 315,392 ----a-w c:\windows\HideWin.exe
2008-08-25 20:22 1,700,352 ----a-w c:\windows\System32\gdiplus.dll
2008-08-25 20:16 355,584 ----a-w c:\windows\System32\TuneUpDefragService.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-11-06 10:46 2854912 --a------ c:\program files\Protector Suite QL\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-11-06 10:46 2854912 --a------ c:\program files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-11-06 49168]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-09-19 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-09-19 33048]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-19 894512]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-10-11 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-10-11 712704]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-08-27 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-08 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-22 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-22 92704]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 c:\windows\RtHDVCpl.exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ColorVisionStartup.lnk - c:\program files\ColorVision\Utility\ColorVisionStartup.exe [2007-02-13 385024]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-25 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-11-06 10:34 52224 c:\windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"OODefragTray"=c:\windows\system32\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1088973826-1489363509-1024585940-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8A73A9F0-15A8-463B-A7FD-8E651B39384D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{5024BD4A-EBF9-4861-86BD-0A93EE375169}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{3F3259D1-A1A7-44AB-8217-4541D3C9FF09}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{DE0C3553-824E-4C98-8585-956E3A52DDA7}c:\\program files\\homeplayer\\homeplayer.exe"= UDP:c:\program files\homeplayer\homeplayer.exe:HomePlayer
"UDP Query User{D8453335-DD22-46B9-A4D6-194F7D2B4765}c:\\program files\\homeplayer\\homeplayer.exe"= TCP:c:\program files\homeplayer\homeplayer.exe:HomePlayer
"TCP Query User{3C0B9FE5-62E4-4ED2-83D4-0F1E89603DB2}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{5F9931DF-317D-4CDC-A3FA-7B57B597600E}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{0B37A813-FBB2-4A0E-820D-A409A27ABDCF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{65D01035-A3F6-4481-90B9-C9974CD18EDB}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{22F19241-0EA3-46F5-9B24-A6995ACC02CD}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{4B47A02E-D38D-4CCF-8FD2-C4E0888765ED}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{1BD8718D-580C-4D8B-9392-6C9CDFCFFDF0}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{B395FBAB-549D-4815-BDCA-0B6E087CC13E}e:\\xampplite\\apache\\bin\\apache.exe"= UDP:e:\xampplite\apache\bin\apache.exe:Apache HTTP Server
"UDP Query User{212BAFD4-E908-4725-AE8C-C029B2BCE39F}e:\\xampplite\\apache\\bin\\apache.exe"= TCP:e:\xampplite\apache\bin\apache.exe:Apache HTTP Server
"TCP Query User{FBDA6DED-737F-4A13-933A-215DD74AC2AC}c:\\program files\\filezilla ftp client\\filezilla.exe"= UDP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"UDP Query User{8D4B0ED4-045D-4CC1-9C02-B8111FE8FEC8}c:\\program files\\filezilla ftp client\\filezilla.exe"= TCP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"{1C874559-0990-4F12-9A0B-54C872447073}"= UDP:c:\windows\System32\PnkBstrA.exe
nkBstrA"{CE439526-F4E6-49F0-9D93-5EF4BBED991C}"= TCP:c:\windows\System32\PnkBstrA.exe
nkBstrA"{89E0738E-1289-4615-9175-EE8EB4074B07}"= UDP:c:\windows\System32\PnkBstrB.exe
nkBstrB"{ECC8B59B-489E-4437-B33E-695B3F8B7875}"= TCP:c:\windows\System32\PnkBstrB.exe
nkBstrB"{B3C8DC6F-31EE-4C21-BAED-B6584FDA2EF9}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{80F09A5F-8585-4413-BD8C-64C5A30F802F}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{90363E87-B6B2-4EB3-A28A-C8725AF5CBB4}c:\\program files\\ea games\\command and conquer generals\\game.dat"= UDP:c:\program files\ea games\command and conquer generals\game.dat:game
"UDP Query User{0C5DEEA1-EF34-4784-AB80-43C32899B1C8}c:\\program files\\ea games\\command and conquer generals\\game.dat"= TCP:c:\program files\ea games\command and conquer generals\game.dat:game
"TCP Query User{1ED29984-F37D-4B0F-9BE6-746C63AA1189}c:\\users\\spydeus\\desktop\\cs lan\\hl.exe"= UDP:c:\users\spydeus\desktop\cs lan\hl.exe:hl.exe
"UDP Query User{0DB0BC91-3E03-4370-A943-E360345B1959}c:\\users\\spydeus\\desktop\\cs lan\\hl.exe"= TCP:c:\users\spydeus\desktop\cs lan\hl.exe:hl.exe
"TCP Query User{9213CE5E-AD54-4C18-8D6D-628AE284532C}c:\\program files\\counter-strike source lan edition\\hl2.exe"= UDP:c:\program files\counter-strike source lan edition\hl2.exe:hl2
"UDP Query User{CA16E1E1-B47A-41CE-8467-E5168711476F}c:\\program files\\counter-strike source lan edition\\hl2.exe"= TCP:c:\program files\counter-strike source lan edition\hl2.exe:hl2
"{9E6F6008-DD2D-48BD-8EDF-86B17A5879AF}"= UDP:c:\windows\System32\PnkBstrA.exe
nkBstrA"{A20F6569-6874-4EBD-A315-08BA02F4EBE5}"= TCP:c:\windows\System32\PnkBstrA.exe
nkBstrA"{3D0C8723-E42C-43CC-8161-58EDF289BAD6}"= UDP:c:\windows\System32\PnkBstrB.exe
nkBstrB"{550DA8B6-6825-4F53-B262-0C002C33D547}"= TCP:c:\windows\System32\PnkBstrB.exe
nkBstrB"TCP Query User{77846425-42B4-4204-A3FC-09A30134A62A}c:\\program files\\homeplayer\\homeplayer.exe"= UDP:c:\program files\homeplayer\homeplayer.exe:HomePlayer
"UDP Query User{6194ED79-47F6-40FC-BF46-D6DFC05A806C}c:\\program files\\homeplayer\\homeplayer.exe"= TCP:c:\program files\homeplayer\homeplayer.exe:HomePlayer
"TCP Query User{CF8C3FA1-ED18-4FDD-B811-11EF87F2EC88}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{5BC4FA20-F8EC-4A0E-91F9-073C5A479F41}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{E4C293D7-4640-41C0-9D07-0AFDBB7F33EE}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{A8C352A2-5805-47B1-A37D-6B553070A396}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-09-19 210432]
R2 Apache2.2;Apache2.2;e:\xampplite\apache\bin\apache.exe [2008-06-14 17408]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-07-22 3658752]
S3 Spyder2;ColorVision Spyder2;c:\windows\system32\DRIVERS\Spyder2.sys [2007-01-17 12288]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-08-25 355584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
2008-11-09 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23]
2008-11-08 c:\windows\Tasks\User_Feed_Synchronization-{C49735F2-A09E-4388-B0AB-E080B6B97507}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\Spydeus\AppData\Roaming\Mozilla\Firefox\Profiles\r4kg4vo1.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://portail.free.fr/
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 19:14:54
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
e:\xampplite\mysql\bin\mysqld-nt.exe
c:\windows\System32\oodag.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\windows\System32\conime.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Heure de fin: 2008-11-09 19:17:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-09 18:17:09
Avant-CF: 29 581 856 768 octets libres
Après-CF: 29,217,275,904 octets libres
295 --- E O F --- 2008-11-08 00:08:20
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:50, on 09/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\Explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{40BA7110-5BEA-48B5-9865-F12FC04175F0}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - E:\xampplite\apache\bin\apache.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: mysql - Unknown owner - E:\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 6770 bytes
Scan saved at 19:43:50, on 09/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\Explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{40BA7110-5BEA-48B5-9865-F12FC04175F0}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - E:\xampplite\apache\bin\apache.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: mysql - Unknown owner - E:\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
--
End of file - 6770 bytes
bonjour, voici mon rapport hijack pouvez vous me dire comment supprimer les virus? merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:12, on 11/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\olga\Desktop\Downloads\HiJackThis.exe
C:\Windows\System32\mobsync.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnr...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\system32\ezshellstart.exe
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Deenero - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - C:\Program Files\Deenero\deenero_1,0,2,0.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:12, on 11/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\olga\Desktop\Downloads\HiJackThis.exe
C:\Windows\System32\mobsync.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnr...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\system32\ezshellstart.exe
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Deenero - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - C:\Program Files\Deenero\deenero_1,0,2,0.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumSpyware rapport hijack this
- ForumAide pour rapport hijack this
- ForumRapport hijack this. probleme
- ForumRapport hijack this . svchost
- ForumRapport hijack this
- ForumIntrusion rapport hijack this
- ForumRapport hijack this, infectee ou non
- ForumLecture rapport hijack this
- ForumVirus, rapport hijack this
- ForumDoute sur rapport hijack this
- Voir plus
