Votre question

Rapport Hijack This : comment supprimer les entrées néfastes ?

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Novembre 2008 22:12:45

Bonsoir,

je viens de faire un test avec HiJack this, et je l'ai analysé sur : http://www.hijackthis.de/fr#anl

Je l'ai fait car j'ai eu plusieurs soucis :
- une fois une veille, je ne peux pas le sortir de veille mon PC, je suis obligé de le débrancher.
- Une pub s'affiche à chaque nouvelle page qui s'affiche dans mon navigateur.
- Tout à l'heure, mes serveurs DNS étaient effacés (plus de connexion).
- Au démarrage, mon PC m'indique qu'il ne peut pas ouvrir le fichier 3BD.tmp

j'ai déjà fais des scans : Antivir et S&D, j'ai supprimé :

- \AppData\Local\Temp\tmp1BFA.tmp
[DETECTION] Is the TR/Passcrack.B Trojan
- \AppData\Local\Temp\tmp9EEF.tmp
[DETECTION] Is the TR/Dldr.Agent.ahcg.14 Trojan
- \System32\kdzzd.exe
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
- [DETECTION] Is the TR/Dldr.Small.bws.20 Trojan
- TR/Crypt.XPACK.Gen [trojan]'
detected in file 'E:\resycled\boot.com.
- TR/Crypt.XPACK.Gen [trojan]
-D:\resycled\boot.com.
- C:\resycled\boot.com
- C:\Windows\Temp\301.tmp.


Et encore plein d'autres !

Voici mon rapport Hijack This, si quelqu'un pouvait m'aider, et notamment me dire comment supprimer 3BD.tmp et kdzzd.exe , ainsi que les autres.

Merci.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:53, on 07/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [3BD.tmp] C:\Windows\temp\3BD.tmp
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{40BA7110-5BEA-48B5-9865-F12FC04175F0}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - E:\xampplite\apache\bin\apache.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: mysql - Unknown owner - E:\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdzzd.exe (file missing)

--
End of file - 7157 bytes

Autres pages sur : rapport hijack this supprimer entrees nefastes

a b 8 Sécurité
7 Novembre 2008 22:48:27

Bonjour,

Tu as accès à Internet là ?
8 Novembre 2008 00:51:05

oui j'ai accès à internet.
Contenus similaires
a b 8 Sécurité
8 Novembre 2008 14:44:59

Ok.

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    8 Novembre 2008 21:44:43

    Voilà le rapport de MalwareByte's Anti-Malware :
    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1374
    Windows 6.0.6001 Service Pack 1

    08/11/2008 21:38:40
    mbam-log-2008-11-08 (21-38-40).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 154347
    Temps écoulé: 20 minute(s), 21 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Tribute Service (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\sexvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    8 Novembre 2008 21:45:09

    Et voici le nouveau rapport Hijack this :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:43:40, on 08/11/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{40BA7110-5BEA-48B5-9865-F12FC04175F0}: NameServer = 212.27.53.252,212.27.54.252
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apache2.2 - Apache Software Foundation - E:\xampplite\apache\bin\apache.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: mysql - Unknown owner - E:\xampplite\mysql\bin\mysqld-nt.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

    --
    End of file - 7036 bytes
    a b 8 Sécurité
    9 Novembre 2008 14:37:34

    Reposte un rapport Hijackthis.
    9 Novembre 2008 15:56:53

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:56:46, on 09/11/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\eMule\eMule.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{40BA7110-5BEA-48B5-9865-F12FC04175F0}: NameServer = 212.27.53.252,212.27.54.252
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apache2.2 - Apache Software Foundation - E:\xampplite\apache\bin\apache.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: mysql - Unknown owner - E:\xampplite\mysql\bin\mysqld-nt.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

    --
    End of file - 7025 bytes
    a b 8 Sécurité
    9 Novembre 2008 18:11:59

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    9 Novembre 2008 19:21:47

    De quoi pense tu que mon PC est infecté ?
    Après avoir exécuté ComboFix, ma "passerelle par défaut" de ma connexion était effacée. Je l'ai remise pour avoir accès à internet.

    Voilà le rapport et merci pour ce que tu fais !

    ComboFix 08-11-07.01 - Spydeus 2008-11-09 19:06:58.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.931 [GMT 1:00]
    Lancé depuis: d:\logiciels\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\Autorun.inf
    E:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_FILEMON


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-09 au 2008-11-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-08 21:08 . 2008-11-08 21:08 <REP> d-------- c:\users\Spydeus\AppData\Roaming\Malwarebytes
    2008-11-08 21:08 . 2008-11-08 21:08 <REP> d-------- c:\users\All Users\Malwarebytes
    2008-11-08 21:08 . 2008-11-08 21:08 <REP> d-------- c:\programdata\Malwarebytes
    2008-11-08 21:08 . 2008-11-08 21:08 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-11-08 21:08 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
    2008-11-08 21:08 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
    2008-11-08 01:26 . 2008-11-08 01:26 250 --a------ c:\windows\gmer.ini
    2008-11-08 01:23 . 2008-11-08 01:23 <REP> d-------- c:\program files\Zone Labs
    2008-11-08 01:23 . 2008-03-03 15:05 1,086,952 --a------ c:\windows\System32\zpeng24.dll
    2008-11-08 01:23 . 2008-03-03 15:05 54,672 --a------ c:\windows\System32\vsutil_loc040c.dll
    2008-11-08 01:23 . 2008-11-08 01:23 5,571 --a------ c:\windows\System32\vsconfig.xml
    2008-11-08 01:22 . 2008-11-08 01:23 <REP> d-------- c:\windows\System32\ZoneLabs
    2008-11-08 01:22 . 2008-11-08 01:22 <REP> d-------- c:\users\All Users\CheckPoint
    2008-11-08 01:22 . 2008-11-08 01:22 <REP> d-------- c:\programdata\CheckPoint
    2008-11-08 01:22 . 2008-11-09 19:13 352,615 --ah----- c:\windows\System32\drivers\vsconfig.xml
    2008-11-08 01:22 . 2008-03-03 15:06 279,440 --------- c:\windows\System32\drivers\vsdatant.sys
    2008-11-08 01:22 . 2008-03-03 15:06 279,440 --a------ c:\windows\System32\drivers\~GLH0014.TMP
    2008-11-08 01:21 . 2008-11-09 18:58 <REP> d-------- c:\windows\Internet Logs
    2008-11-08 01:17 . 2008-11-08 01:17 410,976 --a------ c:\windows\System32\deploytk.dll
    2008-11-07 21:55 . 2008-11-07 21:55 <REP> d-------- c:\program files\Trend Micro
    2008-11-07 19:06 . 2008-11-07 19:06 88 --a------ c:\windows\wininit.ini
    2008-11-07 18:47 . 2008-11-07 18:47 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2008-11-07 18:47 . 2008-11-07 18:47 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2008-11-06 19:58 . 2008-11-06 19:58 <REP> d-------- c:\program files\@stake
    2008-11-06 19:58 . 2002-02-05 10:59 599,800 --a------ c:\windows\System32\Cfx4032.ocx
    2008-11-06 19:58 . 2001-10-08 08:46 136,976 --a------ c:\windows\System32\SfxBar.dll
    2008-11-05 11:40 . 2008-11-05 11:40 <REP> d-------- c:\program files\MSXML 4.0
    2008-11-05 11:40 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
    2008-11-05 11:40 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
    2008-11-05 11:40 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
    2008-11-04 16:58 . 2002-12-16 18:11 26,120 --a------ c:\windows\System32\drivers\SNTNLUSB.SYS
    2008-11-04 16:49 . 2008-11-04 16:50 <REP> d-------- c:\users\Spydeus\AppData\Roaming\Nero
    2008-11-04 15:16 . 2008-11-04 15:16 4,767 --a------ c:\windows\Irremote.ini
    2008-11-04 15:02 . 2008-11-04 15:08 <REP> d-------- c:\users\All Users\Nero
    2008-11-04 15:02 . 2008-11-04 15:08 <REP> d-------- c:\programdata\Nero
    2008-11-04 15:02 . 2008-11-04 15:15 <REP> d-------- c:\program files\Nero
    2008-11-04 15:02 . 2008-11-04 15:27 <REP> d-------- c:\program files\Common Files\Nero
    2008-11-01 18:15 . 2008-11-01 18:15 <REP> d-------- c:\windows\System32\AGEIA
    2008-11-01 18:15 . 2008-11-01 18:15 <REP> d-------- c:\program files\AGEIA Technologies
    2008-10-21 19:52 . 2008-10-21 19:55 139,264 --a------ c:\windows\War3Unin.exe
    2008-10-21 19:52 . 2008-10-21 19:56 76,468 --a------ c:\windows\War3Unin.dat
    2008-10-21 19:52 . 2008-10-21 19:55 2,829 --a------ c:\windows\War3Unin.pif
    2008-10-21 19:51 . 2008-11-03 15:52 <REP> d-------- c:\program files\Warcraft III
    2008-10-19 11:49 . 2008-07-22 08:48 3,658,752 --a------ c:\windows\System32\drivers\NETw5v32.sys
    2008-10-19 11:49 . 2008-07-22 08:48 2,756,608 --a------ c:\windows\System32\NETw5r32.dll
    2008-10-19 11:49 . 2008-07-22 08:48 659,456 --a------ c:\windows\System32\NETw5c32.dll
    2008-10-18 11:37 . 1997-04-08 19:08 299,520 --a------ c:\windows\uninst.exe
    2008-10-18 11:37 . 1996-11-06 20:11 69,632 --a------ c:\windows\RAUNINST.EXE
    2008-10-13 09:56 . 2008-10-13 09:56 70,936 --a------ c:\windows\System32\PhysXLoader.dll
    2008-10-12 10:29 . 2008-10-12 10:29 3,734,536 --a------ c:\windows\System32\d3dx9_36.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-09 18:14 32,061 ----a-w c:\users\All Users\nvModes.dat
    2008-11-09 18:14 32,061 ----a-w c:\programdata\nvModes.dat
    2008-11-08 20:10 --------- d-----w c:\users\Spydeus\AppData\Roaming\Azureus
    2008-11-08 00:17 --------- d-----w c:\program files\Java
    2008-11-07 21:40 --------- d-----w c:\programdata\Spybot - Search & Destroy
    2008-11-07 21:28 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-06 17:12 --------- d-----w c:\program files\Common Files\InstallShield
    2008-11-03 17:38 --------- d-----w c:\program files\Azureus
    2008-11-02 11:32 --------- d-----w c:\programdata\NVIDIA
    2008-11-01 17:14 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2008-11-01 11:08 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
    2008-11-01 11:08 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
    2008-10-22 15:55 453,152 ----a-w c:\windows\System32\NVUNINST.EXE
    2008-10-18 11:56 --------- d-----w c:\program files\EA Games
    2008-10-17 07:00 --------- d-----w c:\program files\Windows Mail
    2008-10-16 16:37 --------- d-----w c:\programdata\Microsoft Help
    2008-10-12 19:12 --------- d-----w c:\programdata\Messenger Plus!
    2008-10-04 19:07 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
    2008-10-04 19:07 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
    2008-10-04 15:32 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
    2008-10-04 15:31 22,328 ----a-w c:\users\Spydeus\AppData\Roaming\PnkBstrK.sys
    2008-10-04 15:10 --------- d-----w c:\program files\Activision
    2008-10-04 13:54 --------- d-----w c:\program files\Realtek
    2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
    2008-09-28 18:31 --------- d-----w c:\users\Spydeus\AppData\Roaming\FileZilla
    2008-09-23 16:58 --------- d-----w c:\program files\FileZilla FTP Client
    2008-09-20 12:32 --------- d-----w c:\program files\Bradbury
    2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
    2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
    2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
    2008-09-13 19:27 --------- d-----w c:\users\Spydeus\AppData\Roaming\GetRightToGo
    2008-08-26 12:21 174 --sha-w c:\program files\desktop.ini
    2008-08-26 11:53 82,432 ----a-w c:\windows\System32\axaltocm.dll
    2008-08-26 11:53 101,888 ----a-w c:\windows\System32\ifxcardm.dll
    2008-08-25 22:48 269,312 ----a-w c:\windows\System32\es.dll
    2008-08-25 22:30 61,440 ----a-w c:\windows\System32\winipsec.dll
    2008-08-25 22:30 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
    2008-08-25 22:30 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
    2008-08-25 22:30 272,896 ----a-w c:\windows\System32\polstore.dll
    2008-08-25 22:23 2,048 ----a-w c:\windows\System32\tzres.dll
    2008-08-25 22:12 181,760 ----a-w c:\windows\System32\fsquirt.exe
    2008-08-25 22:10 988,216 ----a-w c:\windows\System32\winload.exe
    2008-08-25 22:10 927,288 ----a-w c:\windows\System32\winresume.exe
    2008-08-25 22:10 615,992 ----a-w c:\windows\System32\ci.dll
    2008-08-25 22:10 6,656 ----a-w c:\windows\System32\kbd106n.dll
    2008-08-25 22:10 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
    2008-08-25 22:10 40,960 ----a-w c:\windows\System32\srclient.dll
    2008-08-25 22:10 378,368 ----a-w c:\windows\System32\srcore.dll
    2008-08-25 22:10 318,464 ----a-w c:\windows\System32\rstrui.exe
    2008-08-25 22:10 19,000 ----a-w c:\windows\System32\kd1394.dll
    2008-08-25 22:10 14,848 ----a-w c:\windows\System32\srdelayed.exe
    2008-08-25 22:07 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
    2008-08-25 22:07 295,936 ----a-w c:\windows\System32\gdi32.dll
    2008-08-25 22:07 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
    2008-08-25 22:05 14,848 ----a-w c:\windows\System32\wshrm.dll
    2008-08-25 22:04 1,695,744 ----a-w c:\windows\System32\gameux.dll
    2008-08-25 22:03 84,480 ----a-w c:\windows\System32\INETRES.dll
    2008-08-25 22:03 738,304 ----a-w c:\windows\System32\inetcomm.dll
    2008-08-25 22:02 1,314,816 ----a-w c:\windows\System32\quartz.dll
    2008-08-25 20:39 319,456 ----a-w c:\windows\DIFxAPI.dll
    2008-08-25 20:39 315,392 ----a-w c:\windows\HideWin.exe
    2008-08-25 20:22 1,700,352 ----a-w c:\windows\System32\gdiplus.dll
    2008-08-25 20:16 355,584 ----a-w c:\windows\System32\TuneUpDefragService.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2006-11-06 10:46 2854912 --a------ c:\program files\Protector Suite QL\farchns.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2006-11-06 10:46 2854912 --a------ c:\program files\Protector Suite QL\farchns.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-11-06 49168]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-09-19 174872]
    "IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-09-19 33048]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-19 894512]
    "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-10-11 431456]
    "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
    "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-10-11 712704]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-08-27 266497]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-08 136600]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-22 13675040]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-22 92704]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 c:\windows\RtHDVCpl.exe]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ColorVisionStartup.lnk - c:\program files\ColorVision\Utility\ColorVisionStartup.exe [2007-02-13 385024]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-25 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2006-11-06 10:34 52224 c:\windows\System32\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli psqlpwd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    "OODefragTray"=c:\windows\system32\oodtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1088973826-1489363509-1024585940-1000]
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{8A73A9F0-15A8-463B-A7FD-8E651B39384D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{5024BD4A-EBF9-4861-86BD-0A93EE375169}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
    "UDP Query User{3F3259D1-A1A7-44AB-8217-4541D3C9FF09}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
    "TCP Query User{DE0C3553-824E-4C98-8585-956E3A52DDA7}c:\\program files\\homeplayer\\homeplayer.exe"= UDP:c:\program files\homeplayer\homeplayer.exe:HomePlayer
    "UDP Query User{D8453335-DD22-46B9-A4D6-194F7D2B4765}c:\\program files\\homeplayer\\homeplayer.exe"= TCP:c:\program files\homeplayer\homeplayer.exe:HomePlayer
    "TCP Query User{3C0B9FE5-62E4-4ED2-83D4-0F1E89603DB2}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{5F9931DF-317D-4CDC-A3FA-7B57B597600E}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
    "{0B37A813-FBB2-4A0E-820D-A409A27ABDCF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{65D01035-A3F6-4481-90B9-C9974CD18EDB}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
    "UDP Query User{22F19241-0EA3-46F5-9B24-A6995ACC02CD}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
    "TCP Query User{4B47A02E-D38D-4CCF-8FD2-C4E0888765ED}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{1BD8718D-580C-4D8B-9392-6C9CDFCFFDF0}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{B395FBAB-549D-4815-BDCA-0B6E087CC13E}e:\\xampplite\\apache\\bin\\apache.exe"= UDP:e:\xampplite\apache\bin\apache.exe:Apache HTTP Server
    "UDP Query User{212BAFD4-E908-4725-AE8C-C029B2BCE39F}e:\\xampplite\\apache\\bin\\apache.exe"= TCP:e:\xampplite\apache\bin\apache.exe:Apache HTTP Server
    "TCP Query User{FBDA6DED-737F-4A13-933A-215DD74AC2AC}c:\\program files\\filezilla ftp client\\filezilla.exe"= UDP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
    "UDP Query User{8D4B0ED4-045D-4CC1-9C02-B8111FE8FEC8}c:\\program files\\filezilla ftp client\\filezilla.exe"= TCP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
    "{1C874559-0990-4F12-9A0B-54C872447073}"= UDP:c:\windows\System32\PnkBstrA.exe:p nkBstrA
    "{CE439526-F4E6-49F0-9D93-5EF4BBED991C}"= TCP:c:\windows\System32\PnkBstrA.exe:p nkBstrA
    "{89E0738E-1289-4615-9175-EE8EB4074B07}"= UDP:c:\windows\System32\PnkBstrB.exe:p nkBstrB
    "{ECC8B59B-489E-4437-B33E-695B3F8B7875}"= TCP:c:\windows\System32\PnkBstrB.exe:p nkBstrB
    "{B3C8DC6F-31EE-4C21-BAED-B6584FDA2EF9}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{80F09A5F-8585-4413-BD8C-64C5A30F802F}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "TCP Query User{90363E87-B6B2-4EB3-A28A-C8725AF5CBB4}c:\\program files\\ea games\\command and conquer generals\\game.dat"= UDP:c:\program files\ea games\command and conquer generals\game.dat:game
    "UDP Query User{0C5DEEA1-EF34-4784-AB80-43C32899B1C8}c:\\program files\\ea games\\command and conquer generals\\game.dat"= TCP:c:\program files\ea games\command and conquer generals\game.dat:game
    "TCP Query User{1ED29984-F37D-4B0F-9BE6-746C63AA1189}c:\\users\\spydeus\\desktop\\cs lan\\hl.exe"= UDP:c:\users\spydeus\desktop\cs lan\hl.exe:hl.exe
    "UDP Query User{0DB0BC91-3E03-4370-A943-E360345B1959}c:\\users\\spydeus\\desktop\\cs lan\\hl.exe"= TCP:c:\users\spydeus\desktop\cs lan\hl.exe:hl.exe
    "TCP Query User{9213CE5E-AD54-4C18-8D6D-628AE284532C}c:\\program files\\counter-strike source lan edition\\hl2.exe"= UDP:c:\program files\counter-strike source lan edition\hl2.exe:hl2
    "UDP Query User{CA16E1E1-B47A-41CE-8467-E5168711476F}c:\\program files\\counter-strike source lan edition\\hl2.exe"= TCP:c:\program files\counter-strike source lan edition\hl2.exe:hl2
    "{9E6F6008-DD2D-48BD-8EDF-86B17A5879AF}"= UDP:c:\windows\System32\PnkBstrA.exe:p nkBstrA
    "{A20F6569-6874-4EBD-A315-08BA02F4EBE5}"= TCP:c:\windows\System32\PnkBstrA.exe:p nkBstrA
    "{3D0C8723-E42C-43CC-8161-58EDF289BAD6}"= UDP:c:\windows\System32\PnkBstrB.exe:p nkBstrB
    "{550DA8B6-6825-4F53-B262-0C002C33D547}"= TCP:c:\windows\System32\PnkBstrB.exe:p nkBstrB
    "TCP Query User{77846425-42B4-4204-A3FC-09A30134A62A}c:\\program files\\homeplayer\\homeplayer.exe"= UDP:c:\program files\homeplayer\homeplayer.exe:HomePlayer
    "UDP Query User{6194ED79-47F6-40FC-BF46-D6DFC05A806C}c:\\program files\\homeplayer\\homeplayer.exe"= TCP:c:\program files\homeplayer\homeplayer.exe:HomePlayer
    "TCP Query User{CF8C3FA1-ED18-4FDD-B811-11EF87F2EC88}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
    "UDP Query User{5BC4FA20-F8EC-4A0E-91F9-073C5A479F41}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
    "{E4C293D7-4640-41C0-9D07-0AFDBB7F33EE}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
    "{A8C352A2-5805-47B1-A37D-6B553070A396}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-09-19 210432]
    R2 Apache2.2;Apache2.2;e:\xampplite\apache\bin\apache.exe [2008-06-14 17408]
    R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
    R2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe [2008-01-19 21504]
    R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-07-22 3658752]
    S3 Spyder2;ColorVision Spyder2;c:\windows\system32\DRIVERS\Spyder2.sys [2007-01-17 12288]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-08-25 355584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contenu du dossier 'Tâches planifiées'

    2008-11-09 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23]

    2008-11-08 c:\windows\Tasks\User_Feed_Synchronization-{C49735F2-A09E-4388-B0AB-E080B6B97507}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
    .
    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - c:\users\Spydeus\AppData\Roaming\Mozilla\Firefox\Profiles\r4kg4vo1.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://portail.free.fr/
    FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
    FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-09 19:14:54
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\System32\nvvsvc.exe
    c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\windows\System32\audiodg.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Protector Suite QL\upeksvr.exe
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    e:\xampplite\mysql\bin\mysqld-nt.exe
    c:\windows\System32\oodag.exe
    c:\windows\System32\PnkBstrA.exe
    c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
    c:\windows\System32\conime.exe
    c:\program files\Protector Suite QL\psqltray.exe
    c:\program files\Synaptics\SynTP\SynToshiba.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-11-09 19:17:19 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-11-09 18:17:09

    Avant-CF: 29 581 856 768 octets libres
    Après-CF: 29,217,275,904 octets libres

    295 --- E O F --- 2008-11-08 00:08:20
    a b 8 Sécurité
    9 Novembre 2008 19:26:26

    Reposte un rapport Hijackthis.
    9 Novembre 2008 19:43:58

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:43:50, on 09/11/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Windows\Explorer.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{40BA7110-5BEA-48B5-9865-F12FC04175F0}: NameServer = 212.27.53.252,212.27.54.252
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apache2.2 - Apache Software Foundation - E:\xampplite\apache\bin\apache.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: mysql - Unknown owner - E:\xampplite\mysql\bin\mysqld-nt.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

    --
    End of file - 6770 bytes
    a b 8 Sécurité
    10 Novembre 2008 17:36:19

    Encore des soucis ?
    10 Novembre 2008 19:25:25

    Oui encore 2 (enfin deux qui sont visibles) :
    - je ne peux toujours pas sortir du mode veille
    - Quand je redémarre, les icônes du bureau se remettent dans un autre ordre. Impossible de les garder dans la disposition voulue.

    merci.
    a b 8 Sécurité
    10 Novembre 2008 20:05:29

    Je ne pense pas que cela soit lié à une infection.
    11 Novembre 2008 11:56:29

    Tout à l'heure alors que je n'avais rien fait de "dangereux" j'ai eu ce message de la part de antivir :
    Virus or unwanted program 'HTML/Spoofing.Gen [virus]'
    detected in file 'C:\Users\Spydeus\AppData\Local\Mozilla\Firefox\Profiles\r4kg4vo1.default\Cache\B1EF863Fd01.
    Action performed: Delete file
    a b 8 Sécurité
    11 Novembre 2008 13:38:30

    Vide le dossier Cache :
    C:\Users\Spydeus\AppData\Local\Mozilla\Firefox\Profiles\r4kg4vo1.default\Cache
    11 Novembre 2008 15:18:48

    Voilà j'ai vidé ce dossier. J'espère que cette fois c'est bon !

    merci pour tout.
    a b 8 Sécurité
    11 Novembre 2008 18:25:47

    Bon surf ;) 
    11 Avril 2011 20:07:47

    bonjour, voici mon rapport hijack pouvez vous me dire comment supprimer les virus? merci

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:01:12, on 11/04/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19019)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
    C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Users\olga\Desktop\Downloads\HiJackThis.exe
    C:\Windows\System32\mobsync.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnr...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=c:\windows\system32\ezshellstart.exe
    O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O3 - Toolbar: Deenero - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - C:\Program Files\Deenero\deenero_1,0,2,0.dll
    O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS