Site intempestif !

Site intempestif ! - Sécurité - Virus

Recherche Recherche
Règles Règles
Aide Aide

Dans la même thématique :

Ceci répond-il à votre question ? Oui | Non

Voir les posts : Par défaut Tous Les bonnes notes Les notes insuffisantes

Mot : Pseudo : Filtrer
Bas de page
Auteur	Sujet : Site intempestif !

maxwars

Profil : IDNaute

Plus d'informations

20-03-2008 à 17:56:01

Bonjour,
On m'a conseillé d'aller sur cette section :
En fait j'ai un site qui s'affiche lorsque la page que je cherche n'est pas trouvé ==>www.urlseek.vmn.net

Pour plus d'infos ICI ==> http://www.infos-du-net.com/forum/ [...] ntempestif

Merci d'avance

Liens

Egwene

Profil : Helper

Plus d'informations

20-03-2008 à 18:00:10

Masquer

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention

maxwars

Profil : IDNaute

Plus d'informations

20-03-2008 à 18:23:45

Masquer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:39, on 20/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Maxime\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://crapidhacker.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cookies63] C:\Windows\system32\cookies63.exe
O4 - HKLM\..\Run: [GLSetIT32] c:\windows\system32\msiexec16.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Users\Maxime\AppData\Roaming\server.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O20 - Winlogon Notify: cookies63 - cookies63.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe (file missing)

--
End of file - 9820 bytes

Egwene

Profil : Helper

Plus d'informations

20-03-2008 à 19:09:50

Masquer

Re,

Télécharge BTFix (Bibi26).
Dézippe l'archive sur ton Bureau.

Ouvre le dossier BTFix.
Double clique sur BTFix.exe.
Clique sur Rechercher.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention

maxwars

Profil : IDNaute

Plus d'informations

20-03-2008 à 20:41:47

Masquer

BTFix 1.088 (par bibi26) - 20/03/2008 20:40:34 - Analyse
Lancé depuis C:\Users\Maxime\Desktop\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

- [Heuristique : Search Settings] C:\Windows\Installer\1f1995.msi
- C:\Program Files\Search Settings\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\

---> Analyse terminée

Egwene

Profil : Helper

Plus d'informations

20-03-2008 à 20:46:25

Masquer

Re,

Ouvre à nouveau BTFix.
Clique sur Nettoyer.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
Poste un nouveau rapport hijackthis.

---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention

maxwars

Profil : IDNaute

Plus d'informations

20-03-2008 à 21:01:05

Masquer

BTFix :
BTFix 1.088 (par bibi26) - 20/03/2008 20:56:30 - Nettoyage - Mode normal
Lancé depuis C:\Users\Maxime\Desktop\BTFix\BTFix.exe

---> Fichiers/dossiers supprimés (Première passe)

- Fichiers temporaires effacés
- [Heuristique : Search Settings] C:\Windows\Installer\1f1995.msi
- C:\Program Files\Search Settings\kb126\res\
- C:\Program Files\Search Settings\kb126\temp\
- C:\Program Files\Search Settings\kb126\
- C:\Program Files\Search Settings\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\SKIN\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\

---> Nettoyage terminé

Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:57, on 20/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Maxime\Desktop\BTFix\BTFix.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Maxime\Desktop\HiJackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://crapidhacker.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cookies63] C:\Windows\system32\cookies63.exe
O4 - HKLM\..\Run: [GLSetIT32] c:\windows\system32\msiexec16.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Users\Maxime\AppData\Roaming\server.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3476099071-4058957420-1077832665-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'freenet')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O20 - Winlogon Notify: cookies63 - cookies63.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown owner - C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 8943 bytes

Egwene

Profil : Helper

Plus d'informations

20-03-2008 à 21:19:26

Masquer

Re,

1) Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ...
et valide par OK , il te sera demandé de redémarrer, fais le )

Désactive toute protection résidente ( antivirus…) !

Télécharge Combofix de sUBs :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Redémarre en mode sans échecs : aide ici >>>
http://forum.telecharger.01net.com [...] ges-1.html
/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

3) Copie/colle un nouveau rapport HiJackThis avec.

Bonne soirée :hello:

---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention

maxwars

Profil : IDNaute

Plus d'informations

21-03-2008 à 22:42:52

Masquer

Combofix :
ComboFix 08-03-21.1 - Maxime 2008-03-21 22:32:00.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1688 [GMT 1:00]
Endroit: C:\Users\Maxime\Desktop\ComboFix.exe
.
TimedOut: Windir.dat

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\msnimport.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-21 to 2008-03-21 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 20:28 --------- d-----w C:\Users\Maxime\AppData\Roaming\FileZilla
2008-03-21 16:24 --------- d-----w C:\Users\Maxime\AppData\Roaming\OpenOffice.org2
2008-03-20 20:46 --------- d-----w C:\Program Files\Java
2008-03-20 20:43 --------- d-----w C:\Program Files\Freenet
2008-03-19 17:50 --------- d-----w C:\Program Files\QuickTime
2008-03-19 17:49 --------- d-----w C:\ProgramData\Apple Computer
2008-03-17 17:50 --------- d-----w C:\Users\Maxime\AppData\Roaming\uTorrent
2008-03-17 16:11 --------- d-----w C:\Program Files\Free Easy Burner
2008-03-17 16:05 --------- d-----w C:\Users\Maxime\AppData\Roaming\Roxio
2008-03-14 16:58 --------- d-----w C:\Users\Maxime\AppData\Roaming\Notepad++
2008-03-14 16:57 --------- d-----w C:\Program Files\Notepad++
2008-03-12 21:07 --------- d-----w C:\Program Files\Windows Mail
2008-03-09 13:22 0 ----a-w C:\Users\Maxime\AppData\Roaming\wklnhst.dat
2008-03-09 13:22 --------- d-----w C:\Users\Maxime\AppData\Roaming\Template
2008-03-08 13:16 --------- d-----w C:\Program Files\VirtualDub-1.7.8
2008-03-08 12:54 --------- d-----w C:\Program Files\UltraVNC
2008-03-08 12:54 --------- d-----w C:\Program Files\Realtek
2008-03-08 12:36 --------- d-----w C:\Program Files\SystemGuards.com
2008-03-08 12:36 --------- d-----w C:\Program Files\SoftwareClub.ws
2008-03-08 12:22 --------- d-----w C:\Program Files\VirtualDubMOD
2008-03-08 12:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 12:15 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-03-08 12:12 --------- d-----w C:\Users\Maxime\AppData\Roaming\AVS4YOU
2008-03-08 11:57 --------- d-----w C:\ProgramData\AVS4YOU
2008-03-07 16:01 --------- d-----w C:\Program Files\MultiProxy
2008-03-06 17:43 --------- d-----w C:\Program Files\uTorrent
2008-02-29 15:27 --------- d-----w C:\Program Files\Syhunt
2008-02-29 14:28 --------- d-----w C:\ProgramData\Messenger Plus!
2008-02-29 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-02-29 13:43 --------- d-----w C:\Program Files\Windows Live
2008-02-29 13:43 --------- d-----w C:\Program Files\MSN Messenger
2008-02-29 13:43 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-29 13:33 27,430 ----a-w C:\Users\Maxime\AppData\Roaming\nvModes.dat
2008-02-28 21:22 568,275 ----a-w C:\Windows\System32\server port 665.exe
2008-02-28 21:22 256,000 ----a-w C:\Windows\System32\bluesportscan.exe
2008-02-26 13:53 --------- d-----w C:\Program Files\SoftChris
2008-02-26 13:47 --------- d-----w C:\ProgramData\Lauyan
2008-02-26 13:47 --------- d-----w C:\Program Files\Lauyan
2008-02-26 13:39 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-02-24 16:17 --------- d-----w C:\Program Files\Activision
2008-02-22 22:53 --------- d-----w C:\Users\Maxime\AppData\Roaming\PeerNetworking
2008-02-17 22:29 --------- d-----w C:\Program Files\Téléchargement PHOTOWAYS
2008-02-14 20:42 --------- d-----w C:\Program Files\DivX
2008-02-14 15:35 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 15:35 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 15:32 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 15:32 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 15:32 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 15:32 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 15:32 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 15:32 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 15:32 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 15:31 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 15:31 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 15:31 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 15:31 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 15:31 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 15:31 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 15:31 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 15:31 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 15:31 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 15:31 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 15:31 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 15:29 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 15:29 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 15:28 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 15:28 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 15:34 --------- d-----w C:\Program Files\Google
2008-02-10 15:47 --------- d-----w C:\Program Files\Veoh Networks
2008-02-10 15:38 --------- d-----w C:\Program Files\FileZilla Client
2008-02-08 18:01 --------- d-----w C:\Users\Maxime\AppData\Roaming\BPK
2008-02-08 18:01 --------- d-----w C:\Program Files\Soft-Central
2008-02-02 12:24 --------- d-----w C:\Program Files\SuperScan
2008-01-31 19:03 --------- d-----w C:\Program Files\DBConvert
2008-01-30 15:37 --------- d-----w C:\Users\Maxime\AppData\Roaming\Shareaza
2008-01-30 15:37 --------- d-----w C:\Program Files\Shareaza
2008-01-30 15:36 --------- d-----w C:\Program Files\eMule
2008-01-30 14:57 --------- d-----w C:\Program Files\Audacity
2008-01-25 22:41 --------- d-----w C:\Program Files\PDFCreator
2008-01-11 15:43 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-05 15:45 8,043 ----a-w C:\Users\Maxime\aaaa.exe
2007-12-29 11:16 174 --sha-w C:\Program Files\desktop.ini
2007-12-28 23:37 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-12-28 23:37 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-28 23:37 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-28 23:37 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-28 23:37 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-28 23:37 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-28 23:37 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-12-28 23:37 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-28 23:37 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-28 23:37 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-28 23:37 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2007-12-28 23:37 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-28 23:37 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-28 23:35 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2007-12-28 23:35 376,320 ----a-w C:\Windows\System32\winsrv.dll
2007-12-28 23:33 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-12-28 23:32 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 16:43 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 17:49 4739072]
"{9B71D88C-C598-4935-C5D1-43AA4DB90836}"="C:\Users\Maxime\AppData\Roaming\server.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-29 00:34 1006264]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 21:43 729088]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 04:36 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 18:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 17:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 10:38 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 10:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12 317128]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 11:27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-01 11:27 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 11:27 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-29 16:20 249896]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 13:06 741376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"cookies63"="C:\Windows\system32\cookies63.exe" [ ]
"GLSetIT32"="c:\windows\system32\msiexec16.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
"GrpConv"="grpconv -o" []

C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-29 19:08:23 110592]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-01-25 23:40:49 2641920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cookies63]
cookies63.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1D536503-4C27-4389-8972-3D83BF6ABC2B}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{0B467C74-96CA-47CA-BD31-D644154EE19A}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{19E766DC-93D2-4FB6-BDDC-64EDE3600842}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{4EE6696E-9138-4BDD-AE70-662ABA0385C5}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{E5CB59CB-A509-4B1B-9AC4-1C03A6A51050}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"TCP Query User{3081A81A-A538-48A9-A638-CD79BE1469D2}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= UDP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exereamweaver 8
"UDP Query User{9741EEDF-F854-45DD-AECE-C70C94804597}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= TCP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exereamweaver 8
"TCP Query User{FF64DE64-A670-4134-BE9B-9171577C8042}C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"= UDP:C:\wamp\bin\apache\apache2.2.6\bin\httpd.exe:Apache HTTP Server
"UDP Query User{49FD920F-02CE-4F9D-8D17-A70C26332BD4}C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"= TCP:C:\wamp\bin\apache\apache2.2.6\bin\httpd.exe:Apache HTTP Server
"TCP Query User{D0A8638D-7907-47A1-BB99-EAE97F56ED85}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{F9745C32-E74E-4EBD-9B88-A6FD6943E5DC}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{8C2D3419-F807-49FA-90B9-CAC161A8BCBB}C:\\users\\maxime\\documents\\superscan4.exe"= UDP:C:\users\maxime\documents\superscan4.exe:superscan4.exe
"UDP Query User{0AC71C73-FADC-449B-9F0D-9CAB945D55E5}C:\\users\\maxime\\documents\\superscan4.exe"= TCP:C:\users\maxime\documents\superscan4.exe:superscan4.exe
"{FBB6D821-FDCE-4607-AD26-F208400CD6DF}"= UDP:20000:EMULE TCP 20000
"TCP Query User{18882049-CA57-48ED-9B9B-4A92721745A1}C:\\program files\\shareaza\\shareaza.exe"= UDP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{2D7CE3AF-EB03-4DFE-A27D-60993E97F9D5}C:\\program files\\shareaza\\shareaza.exe"= TCP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"TCP Query User{1A446C5B-A520-435E-9FE1-01BCBBFB62EE}C:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{213005DE-1302-4F29-A2FB-1665E1EB7D2C}C:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{635F4CE4-717C-4E37-8FB3-A8C25B1A759F}C:\\users\\maxime\\desktop\\superscan4.exe"= UDP:C:\users\maxime\desktop\superscan4.exe:superscan4.exe
"UDP Query User{9DD5A6C2-CFCA-449D-A2F6-B4E0F3742358}C:\\users\\maxime\\desktop\\superscan4.exe"= TCP:C:\users\maxime\desktop\superscan4.exe:superscan4.exe
"TCP Query User{ACA71432-17C6-42C0-961D-AC1BDAB9CF52}C:\\users\\maxime\\desktop\\b2h_v1.0_version_prive.exe"= UDP:C:\users\maxime\desktop\b2h_v1.0_version_prive.exe:b2h_v1.0_version_prive.exe
"UDP Query User{E7AF9B21-49BF-46BD-BFFD-4D2907339B84}C:\\users\\maxime\\desktop\\b2h_v1.0_version_prive.exe"= TCP:C:\users\maxime\desktop\b2h_v1.0_version_prive.exe:b2h_v1.0_version_prive.exe
"TCP Query User{8C540605-D6C3-472D-9893-6B708B78F400}C:\\nc.exe"= UDP:C:\nc.exe:nc
"UDP Query User{E06DC120-5F06-4E86-AB47-DCDB84181E02}C:\\nc.exe"= TCP:C:\nc.exe:nc
"TCP Query User{E10BD649-38FD-4697-A35C-7D86FEFBA1E2}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{A3B5A2EF-EFE5-4572-AD3D-13042DF09BA7}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{355291F3-391A-4DC1-A2CB-874E56378074}C:\\program files\\multiproxy\\mproxy.exe"= UDP:C:\program files\multiproxy\mproxy.exe:MultiProxy personal proxy server
"UDP Query User{86CE5E08-C6A9-4729-B17A-C7C3CBC689C4}C:\\program files\\multiproxy\\mproxy.exe"= TCP:C:\program files\multiproxy\mproxy.exe:MultiProxy personal proxy server
"TCP Query User{660A4C4D-6C5E-4888-8F72-D656D373E1C3}C:\\users\\maxime\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\maxime\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{FE9926B7-878C-4A85-AEBC-9A07BBCEDD46}C:\\users\\maxime\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\maxime\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{98AAB067-7DDE-4A2D-8CF2-BF336EB8CED8}C:\\wamp\\apache2\\bin\\httpd.exe"= UDP:C:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
"UDP Query User{CD2E7506-4556-4029-807C-AA40A74BF222}C:\\wamp\\apache2\\bin\\httpd.exe"= TCP:C:\wamp\apache2\bin\httpd.exe:Apache HTTP Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

S2 freenet-darknet-8888;Freenet 0.7 darknet-8888;"C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe" -s "C:\Program Files\Freenet\wrapper.conf" []
S2 vnccom;vnccom;C:\Windows\system32\Drivers\vnccom.SYS [2004-06-26 13:22]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
S3 sea3bus;Sony Ericsson Device 0A3 driver (WDM);C:\Windows\system32\DRIVERS\sea3bus.sys [2007-01-26 13:05]
S3 sea3mdfl;Sony Ericsson Device 0A3 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\sea3mdfl.sys [2007-01-26 13:06]
S3 sea3mdm;Sony Ericsson Device 0A3 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\sea3mdm.sys [2007-01-26 13:06]
S3 sea3mgmt;Sony Ericsson Device 0A3 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\sea3mgmt.sys [2007-01-26 13:07]
S3 sea3nd5;Sony Ericsson Device 0A3 USB Ethernet Emulation SEMCA3 (NDIS);C:\Windows\system32\DRIVERS\sea3nd5.sys [2007-01-26 13:05]
S3 sea3obex;Sony Ericsson Device 0A3 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\sea3obex.sys [2007-01-26 13:08]
S3 sea3unic;Sony Ericsson Device 0A3 USB Ethernet Emulation SEMCA3 (WDM);C:\Windows\system32\DRIVERS\sea3unic.sys [2007-01-26 13:04]
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2007-05-04 10:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{def61d69-e1f8-11dc-b1c9-001b2495043e}]
\shell\AutoRun\command - G:\launcher.exe

*Newly Created Service* - ECACHE
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-29 14:00:14 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 22:36:34
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-21 22:36:58
ComboFix-quarantined-files.txt 2008-03-21 21:36:56
.
2008-03-21 16:30:41 --- E O F ---

Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:42:52, on 21/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Maxime\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://crapidhacker.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cookies63] C:\Windows\system32\cookies63.exe
O4 - HKLM\..\Run: [GLSetIT32] c:\windows\system32\msiexec16.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Users\Maxime\AppData\Roaming\server.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4}

Messages similaires

Dans l'actualité

Les téléchargements

Albums

Les dernières actualités

Les derniers dossiers