Site intempestif !
Forum Sécurité - Virus : Site intempestif !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:39, on 20/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Maxime\Desktop\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://c
rapidhacker.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cookies63] C:\Windows\system32\cookies63.exe
O4 - HKLM\..\Run: [GLSetIT32] c:\windows\system32\msiexec16.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Users\Maxime\AppData\Roaming\server.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O20 - Winlogon Notify: cookies63 - cookies63.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe (file missing)
--
End of file - 9820 bytes
BTFix :
BTFix 1.088 (par bibi26) - 20/03/2008 20:56:30 - Nettoyage - Mode normal
Lancé depuis C:\Users\Maxime\Desktop\BTFix\BTFix.exe
---> Fichiers/dossiers supprimés (Première passe)
- Fichiers temporaires effacés
- [Heuristique : Search Settings] C:\Windows\Installer\1f1995.msi
- C:\Program Files\Search Settings\kb126\res\
- C:\Program Files\Search Settings\kb126\temp\
- C:\Program Files\Search Settings\kb126\
- C:\Program Files\Search Settings\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\SKIN\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\
- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\
---> Nettoyage terminé
Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:57, on 20/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Maxime\Desktop\BTFix\BTFix.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Maxime\Desktop\HiJackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://crapidhacker.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cookies63] C:\Windows\system32\cookies63.exe
O4 - HKLM\..\Run: [GLSetIT32] c:\windows\system32\msiexec16.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Users\Maxime\AppData\Roaming\server.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3476099071-4058957420-1077832665-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'freenet')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O20 - Winlogon Notify: cookies63 - cookies63.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown owner - C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
--
End of file - 8943 bytes
Re,
1) Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ...
et valide par OK , il te sera demandé de redémarrer, fais le )
Désactive toute protection résidente ( antivirus…) !
Télécharge Combofix de sUBs :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Redémarre en mode sans échecs : aide ici >>>
http://forum.telecharger.01net.com [...] ges-1.html
/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
3) Copie/colle un nouveau rapport HiJackThis avec.
Bonne soirée 
Sécurité / Prévention
Répondre à Egwene
Combofix :
ComboFix 08-03-21.1 - Maxime 2008-03-21 22:32:00.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1688 [GMT 1:00]
Endroit: C:\Users\Maxime\Desktop\ComboFix.exe
.
TimedOut: Windir.dat
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\msnimport.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-21 to 2008-03-21 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 20:28 --------- d-----w C:\Users\Maxime\AppData\Roaming\FileZilla
2008-03-21 16:24 --------- d-----w C:\Users\Maxime\AppData\Roaming\OpenOffice.org2
2008-03-20 20:46 --------- d-----w C:\Program Files\Java
2008-03-20 20:43 --------- d-----w C:\Program Files\Freenet
2008-03-19 17:50 --------- d-----w C:\Program Files\QuickTime
2008-03-19 17:49 --------- d-----w C:\ProgramData\Apple Computer
2008-03-17 17:50 --------- d-----w C:\Users\Maxime\AppData\Roaming\uTorrent
2008-03-17 16:11 --------- d-----w C:\Program Files\Free Easy Burner
2008-03-17 16:05 --------- d-----w C:\Users\Maxime\AppData\Roaming\Roxio
2008-03-14 16:58 --------- d-----w C:\Users\Maxime\AppData\Roaming\Notepad++
2008-03-14 16:57 --------- d-----w C:\Program Files\Notepad++
2008-03-12 21:07 --------- d-----w C:\Program Files\Windows Mail
2008-03-09 13:22 0 ----a-w C:\Users\Maxime\AppData\Roaming\wklnhst.dat
2008-03-09 13:22 --------- d-----w C:\Users\Maxime\AppData\Roaming\Template
2008-03-08 13:16 --------- d-----w C:\Program Files\VirtualDub-1.7.8
2008-03-08 12:54 --------- d-----w C:\Program Files\UltraVNC
2008-03-08 12:54 --------- d-----w C:\Program Files\Realtek
2008-03-08 12:36 --------- d-----w C:\Program Files\SystemGuards.com
2008-03-08 12:36 --------- d-----w C:\Program Files\SoftwareClub.ws
2008-03-08 12:22 --------- d-----w C:\Program Files\VirtualDubMOD
2008-03-08 12:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 12:15 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-03-08 12:12 --------- d-----w C:\Users\Maxime\AppData\Roaming\AVS4YOU
2008-03-08 11:57 --------- d-----w C:\ProgramData\AVS4YOU
2008-03-07 16:01 --------- d-----w C:\Program Files\MultiProxy
2008-03-06 17:43 --------- d-----w C:\Program Files\uTorrent
2008-02-29 15:27 --------- d-----w C:\Program Files\Syhunt
2008-02-29 14:28 --------- d-----w C:\ProgramData\Messenger Plus!
2008-02-29 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-02-29 13:43 --------- d-----w C:\Program Files\Windows Live
2008-02-29 13:43 --------- d-----w C:\Program Files\MSN Messenger
2008-02-29 13:43 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-29 13:33 27,430 ----a-w C:\Users\Maxime\AppData\Roaming\nvModes.dat
2008-02-28 21:22 568,275 ----a-w C:\Windows\System32\server port 665.exe
2008-02-28 21:22 256,000 ----a-w C:\Windows\System32\bluesportscan.exe
2008-02-26 13:53 --------- d-----w C:\Program Files\SoftChris
2008-02-26 13:47 --------- d-----w C:\ProgramData\Lauyan
2008-02-26 13:47 --------- d-----w C:\Program Files\Lauyan
2008-02-26 13:39 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-02-24 16:17 --------- d-----w C:\Program Files\Activision
2008-02-22 22:53 --------- d-----w C:\Users\Maxime\AppData\Roaming\PeerNetworking
2008-02-17 22:29 --------- d-----w C:\Program Files\Téléchargement PHOTOWAYS
2008-02-14 20:42 --------- d-----w C:\Program Files\DivX
2008-02-14 15:35 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 15:35 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 15:32 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 15:32 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 15:32 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 15:32 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 15:32 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 15:32 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 15:32 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 15:31 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 15:31 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 15:31 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 15:31 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 15:31 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 15:31 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 15:31 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 15:31 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 15:31 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 15:31 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 15:31 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 15:29 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 15:29 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 15:28 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 15:28 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 15:34 --------- d-----w C:\Program Files\Google
2008-02-10 15:47 --------- d-----w C:\Program Files\Veoh Networks
2008-02-10 15:38 --------- d-----w C:\Program Files\FileZilla Client
2008-02-08 18:01 --------- d-----w C:\Users\Maxime\AppData\Roaming\BPK
2008-02-08 18:01 --------- d-----w C:\Program Files\Soft-Central
2008-02-02 12:24 --------- d-----w C:\Program Files\SuperScan
2008-01-31 19:03 --------- d-----w C:\Program Files\DBConvert
2008-01-30 15:37 --------- d-----w C:\Users\Maxime\AppData\Roaming\Shareaza
2008-01-30 15:37 --------- d-----w C:\Program Files\Shareaza
2008-01-30 15:36 --------- d-----w C:\Program Files\eMule
2008-01-30 14:57 --------- d-----w C:\Program Files\Audacity
2008-01-25 22:41 --------- d-----w C:\Program Files\PDFCreator
2008-01-11 15:43 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-05 15:45 8,043 ----a-w C:\Users\Maxime\aaaa.exe
2007-12-29 11:16 174 --sha-w C:\Program Files\desktop.ini
2007-12-28 23:37 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-12-28 23:37 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-28 23:37 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-28 23:37 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-28 23:37 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-28 23:37 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-28 23:37 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-12-28 23:37 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-28 23:37 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-28 23:37 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-28 23:37 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2007-12-28 23:37 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-28 23:37 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-28 23:35 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2007-12-28 23:35 376,320 ----a-w C:\Windows\System32\winsrv.dll
2007-12-28 23:33 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-12-28 23:32 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 16:43 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 17:49 4739072]
"{9B71D88C-C598-4935-C5D1-43AA4DB90836}"="C:\Users\Maxime\AppData\Roaming\server.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-29 00:34 1006264]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 21:43 729088]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 04:36 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 18:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 17:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 10:38 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 10:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12 317128]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 11:27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-01 11:27 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 11:27 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-29 16:20 249896]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 13:06 741376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"cookies63"="C:\Windows\system32\cookies63.exe" [ ]
"GLSetIT32"="c:\windows\system32\msiexec16.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
"GrpConv"="grpconv -o" []
C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-29 19:08:23 110592]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-01-25 23:40:49 2641920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cookies63]
cookies63.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1D536503-4C27-4389-8972-3D83BF6ABC2B}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{0B467C74-96CA-47CA-BD31-D644154EE19A}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{19E766DC-93D2-4FB6-BDDC-64EDE3600842}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{4EE6696E-9138-4BDD-AE70-662ABA0385C5}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{E5CB59CB-A509-4B1B-9AC4-1C03A6A51050}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"TCP Query User{3081A81A-A538-48A9-A638-CD79BE1469D2}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= UDP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe
reamweaver 8
"UDP Query User{9741EEDF-F854-45DD-AECE-C70C94804597}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= TCP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exereamweaver 8
"TCP Query User{FF64DE64-A670-4134-BE9B-9171577C8042}C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"= UDP:C:\wamp\bin\apache\apache2.2.6\bin\httpd.exe:Apache HTTP Server
"UDP Query User{49FD920F-02CE-4F9D-8D17-A70C26332BD4}C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"= TCP:C:\wamp\bin\apache\apache2.2.6\bin\httpd.exe:Apache HTTP Server
"TCP Query User{D0A8638D-7907-47A1-BB99-EAE97F56ED85}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{F9745C32-E74E-4EBD-9B88-A6FD6943E5DC}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{8C2D3419-F807-49FA-90B9-CAC161A8BCBB}C:\\users\\maxime\\documents\\superscan4.exe"= UDP:C:\users\maxime\documents\superscan4.exe:superscan4.exe
"UDP Query User{0AC71C73-FADC-449B-9F0D-9CAB945D55E5}C:\\users\\maxime\\documents\\superscan4.exe"= TCP:C:\users\maxime\documents\superscan4.exe:superscan4.exe
"{FBB6D821-FDCE-4607-AD26-F208400CD6DF}"= UDP:20000:EMULE TCP 20000
"TCP Query User{18882049-CA57-48ED-9B9B-4A92721745A1}C:\\program files\\shareaza\\shareaza.exe"= UDP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{2D7CE3AF-EB03-4DFE-A27D-60993E97F9D5}C:\\program files\\shareaza\\shareaza.exe"= TCP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"TCP Query User{1A446C5B-A520-435E-9FE1-01BCBBFB62EE}C:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{213005DE-1302-4F29-A2FB-1665E1EB7D2C}C:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{635F4CE4-717C-4E37-8FB3-A8C25B1A759F}C:\\users\\maxime\\desktop\\superscan4.exe"= UDP:C:\users\maxime\desktop\superscan4.exe:superscan4.exe
"UDP Query User{9DD5A6C2-CFCA-449D-A2F6-B4E0F3742358}C:\\users\\maxime\\desktop\\superscan4.exe"= TCP:C:\users\maxime\desktop\superscan4.exe:superscan4.exe
"TCP Query User{ACA71432-17C6-42C0-961D-AC1BDAB9CF52}C:\\users\\maxime\\desktop\\b2h_v1.0_version_prive.exe"= UDP:C:\users\maxime\desktop\b2h_v1.0_version_prive.exe:b2h_v1.0_version_prive.exe
"UDP Query User{E7AF9B21-49BF-46BD-BFFD-4D2907339B84}C:\\users\\maxime\\desktop\\b2h_v1.0_version_prive.exe"= TCP:C:\users\maxime\desktop\b2h_v1.0_version_prive.exe:b2h_v1.0_version_prive.exe
"TCP Query User{8C540605-D6C3-472D-9893-6B708B78F400}C:\\nc.exe"= UDP:C:\nc.exe:nc
"UDP Query User{E06DC120-5F06-4E86-AB47-DCDB84181E02}C:\\nc.exe"= TCP:C:\nc.exe:nc
"TCP Query User{E10BD649-38FD-4697-A35C-7D86FEFBA1E2}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{A3B5A2EF-EFE5-4572-AD3D-13042DF09BA7}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{355291F3-391A-4DC1-A2CB-874E56378074}C:\\program files\\multiproxy\\mproxy.exe"= UDP:C:\program files\multiproxy\mproxy.exe:MultiProxy personal proxy server
"UDP Query User{86CE5E08-C6A9-4729-B17A-C7C3CBC689C4}C:\\program files\\multiproxy\\mproxy.exe"= TCP:C:\program files\multiproxy\mproxy.exe:MultiProxy personal proxy server
"TCP Query User{660A4C4D-6C5E-4888-8F72-D656D373E1C3}C:\\users\\maxime\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\maxime\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{FE9926B7-878C-4A85-AEBC-9A07BBCEDD46}C:\\users\\maxime\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\maxime\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{98AAB067-7DDE-4A2D-8CF2-BF336EB8CED8}C:\\wamp\\apache2\\bin\\httpd.exe"= UDP:C:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
"UDP Query User{CD2E7506-4556-4029-807C-AA40A74BF222}C:\\wamp\\apache2\\bin\\httpd.exe"= TCP:C:\wamp\apache2\bin\httpd.exe:Apache HTTP Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
S2 freenet-darknet-8888;Freenet 0.7 darknet-8888;"C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe" -s "C:\Program Files\Freenet\wrapper.conf" []
S2 vnccom;vnccom;C:\Windows\system32\Drivers\vnccom.SYS [2004-06-26 13:22]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
S3 sea3bus;Sony Ericsson Device 0A3 driver (WDM);C:\Windows\system32\DRIVERS\sea3bus.sys [2007-01-26 13:05]
S3 sea3mdfl;Sony Ericsson Device 0A3 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\sea3mdfl.sys [2007-01-26 13:06]
S3 sea3mdm;Sony Ericsson Device 0A3 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\sea3mdm.sys [2007-01-26 13:06]
S3 sea3mgmt;Sony Ericsson Device 0A3 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\sea3mgmt.sys [2007-01-26 13:07]
S3 sea3nd5;Sony Ericsson Device 0A3 USB Ethernet Emulation SEMCA3 (NDIS);C:\Windows\system32\DRIVERS\sea3nd5.sys [2007-01-26 13:05]
S3 sea3obex;Sony Ericsson Device 0A3 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\sea3obex.sys [2007-01-26 13:08]
S3 sea3unic;Sony Ericsson Device 0A3 USB Ethernet Emulation SEMCA3 (WDM);C:\Windows\system32\DRIVERS\sea3unic.sys [2007-01-26 13:04]
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2007-05-04 10:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{def61d69-e1f8-11dc-b1c9-001b2495043e}]
\shell\AutoRun\command - G:\launcher.exe
*Newly Created Service* - ECACHE
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-29 14:00:14 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 22:36:34
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-21 22:36:58
ComboFix-quarantined-files.txt 2008-03-21 21:36:56
.
2008-03-21 16:30:41 --- E O F ---
Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:42:52, on 21/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Maxime\Desktop\HiJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://crapidhacker.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cookies63] C:\Windows\system32\cookies63.exe
O4 - HKLM\..\Run: [GLSetIT32] c:\windows\system32\msiexec16.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Users\Maxime\AppData\Roaming\server.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O20 - Winlogon Notify: cookies63 - cookies63.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown owner - C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
--
End of file - 8376 bytes
Re,
Rends toi sur ce lien : Virus Total
- Clique sur Parcourir
- Rends toi jusque sur ce fichier si tu le trouves :
C:\Windows\System32\server port 665.exe
C:\Windows\System32\bluesportscan.exe
C:\Windows\System32\mcmde.dll
C:\Users\Maxime\aaaa.exe
C:\Users\Maxime\AppData\Roaming\server.exe
c:\windows\system32\msiexec16.exe
- Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
- Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
- Lorsque l'analyse est terminée ("Situation actuelle: terminé" ), clique sur Formaté
- Une nouvelle fenêtre de ton navigateur va apparaître
- Clique alors sur cette image :
- Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
- Enfin colle le résultat dans ta prochaine réponse.
Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.
Sécurité / Prévention
Répondre à Egwene
Re,
Il faut que tu fasses tous les autres 
Sécurité / Prévention
Répondre à Egwene
Et voici un autre rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:36, on 22/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Users\Maxime\Desktop\HiJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://crapidhacker.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cookies63] C:\Windows\system32\cookies63.exe
O4 - HKLM\..\Run: [GLSetIT32] c:\windows\system32\msiexec16.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Users\Maxime\AppData\Roaming\server.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Maxime\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O20 - Winlogon Notify: cookies63 - cookies63.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown owner - C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
--
End of file - 8362 bytes
Fais ça : http://www.micro-astuce.com/Forum/topic1607.html
Et essaye de voir si tu trouves : msiexec16.exe et server.exe.
Sécurité / Prévention
Répondre à Egwene
Re,
Poste un nouveau rapport hijackthis
Sécurité / Prévention
Répondre à Egwene
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:58, on 22/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Windows\system32\conime.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\FileZilla FTP Client\filezilla.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Maxime\Desktop\HiJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://crapidhacker.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cookies63] C:\Windows\system32\cookies63.exe
O4 - HKLM\..\Run: [GLSetIT32] c:\windows\system32\msiexec16.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [{9B71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Users\Maxime\AppData\Roaming\server.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Maxime\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
O20 - Winlogon Notify: cookies63 - cookies63.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Freenet 0.7 darknet-8888 (freenet-darknet-8888) - Unknown owner - C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
--
End of file - 9263 bytes
Msiexec16.exe :
22/03/2008 ---- 18:41:09.23
----------------------------------
§§§§§§ [msiexec16.exe] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GLSetIT32"="c:\\windows\\system32\\msiexec16.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{DF611832-0EAE-46DB-BDD8-36EE13CB22E4}C:\\windows\\system32\\msiexec16.exe"="v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\\windows\\system32\\msiexec16.exe|Name=msiexec16|Desc=msiexec16|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{394178A2-8736-4834-9F2F-BC501027AE68}C:\\windows\\system32\\msiexec16.exe"="v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\\windows\\system32\\msiexec16.exe|Name=msiexec16|Desc=msiexec16|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{DF611832-0EAE-46DB-BDD8-36EE13CB22E4}C:\\windows\\system32\\msiexec16.exe"="v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\\windows\\system32\\msiexec16.exe|Name=msiexec16|Desc=msiexec16|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{394178A2-8736-4834-9F2F-BC501027AE68}C:\\windows\\system32\\msiexec16.exe"="v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\\windows\\system32\\msiexec16.exe|Name=msiexec16|Desc=msiexec16|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{DF611832-0EAE-46DB-BDD8-36EE13CB22E4}C:\\windows\\system32\\msiexec16.exe"="v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\\windows\\system32\\msiexec16.exe|Name=msiexec16|Desc=msiexec16|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{394178A2-8736-4834-9F2F-BC501027AE68}C:\\windows\\system32\\msiexec16.exe"="v2.0|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\\windows\\system32\\msiexec16.exe|Name=msiexec16|Desc=msiexec16|Edge=FALSE|"
*******************
[Fichier]
*******************
*********************
[Même date]
*********************
Aucun fichier créé à la même date détecté
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
server.exe :
22/03/2008 ---- 18:43:27.93
----------------------------------
§§§§§§ [server.exe] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-r..comserver.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_7a3f97f91657b675]
"f!raserver.exe.mui"=hex:72,00,61,00,73,00,65,00,72,00,76,00,65,00,72,00,2e,00,\
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_6.0.6000.16386_none_2dbcddf778a79c7b]
"f!raserver.exe"=hex:72,00,61,00,73,00,65,00,72,00,76,00,65,00,72,00,2e,00,65,\
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-sonic-sbeserver_31bf3856ad364e35_6.0.6000.16386_none_1adb45455c4f3d08]
"f!sbeserver.exe"=hex:53,00,42,00,45,00,53,00,65,00,72,00,76,00,65,00,72,00,2e,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\FMObexServer.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\RAServer.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SBEServer.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\TelecaSyncMLDesktopServer.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09CC9BA4-AFCC-4501-9525-9E07A0A32742}\LocalServer32]
@="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\File Manager\\FMObexServer.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C3A70A7-A468-49B9-8ADA-28E11FCCAD5D}\LocalServer32]
@="C:\\Windows\\System32\\RAServer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49010C18-B110-421a-9047-ADCA421CBC40}\LocalServer32]
@="C:\\Windows\\System32\\RAServer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69127644-2511-4DF5-BC6A-26178254AA40}\LocalServer32]
@="C:\\Windows\\System32\\RAServer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7051ADB4-F7CE-43F8-B1CB-F2FC879D8EAD}\LocalServer32]
@="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Sync Manager\\syncmldesktopserver.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C0B3C446-3032-4016-926F-9BAE48BEBFBE}\LocalServer32]
@="C:\\Windows\\System32\\RAServer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0E55F9F-0021-42fe-A1DB-C41F5B564EFE}\LocalServer32]
@="C:\\Windows\\System32\\RAServer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE83181C-DCED-46F4-B539-3FC2F195FA95}\LocalServer32]
@="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Sync Manager\\syncmldesktopserver.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A7C01D63-4403-4BE2-B1AF-6EE0A2E6A1E9}\1.0\0\win32]
@="C:\\Windows\\System32\\RAServer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D93B5545-A877-46BC-9CE9-064AE89EBD5A}\2.0\0\win32]
@="C:\\Program Files\\Sony Ericsson\\Mobile2\\File Manager\\FMObexServer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F04BD17B-8A92-40D9-895E-AD438A9D2F7A}\1.0\0\win32]
@="C:\\Program Files\\Sony Ericsson\\Mobile2\\Sync Manager\\syncmldesktopserver.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17779D0D305E46B4BAC454FACBE57065]
"59D57650765100E48A81BD8060E40A88"="C:\\Program Files\\Sony Ericsson\\Mobile2\\File Manager\\FMObexServer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69CC023B50848464298BE4B1ABFEC2F8]
"59D57650765100E48A81BD8060E40A88"="C:\\Program Files\\Sony Ericsson\\Mobile2\\Sync Manager\\SyncMLDesktopServer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88593230541E63C4E9A02F13F42718AC]
"59D57650765100E48A81BD8060E40A88"="C?\\Program Files\\Sony Ericsson\\Mobile2\\Mobile Phone Monitor\\ToshibaBTServer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\Program Files\\Sony Ericsson\\Mobile2\\Mobile Phone Monitor\\ToshibaBTServer.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-r..comserver.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_7a3f97f91657b675]
"f!raserver.exe.mui"=hex:72,00,61,00,73,00,65,00,72,00,76,00,65,00,72,00,2e,00,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_6.0.6000.16386_none_2dbcddf778a79c7b]
"f!raserver.exe"=hex:72,00,61,00,73,00,65,00,72,00,76,00,65,00,72,00,2e,00,65,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-sonic-sbeserver_31bf3856ad364e35_6.0.6000.16386_none_1adb45455c4f3d08]
"f!sbeserver.exe"=hex:53,00,42,00,45,00,53,00,65,00,72,00,76,00,65,00,72,00,2e,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000]
"_server.exe3DOGL_67207556"=hex:02,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{7B6FEB25-025E-4708-B343-2F03EC46ACD7}\0000]
"_server.exe3DOGL_67207556"=hex:02,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{7B6FEB25-025E-4708-B343-2F03EC46ACD7}\0001]
"_server.exe3DOGL_67207556"=hex:02,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-RAServer-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-RAServer-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-RAServer-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-RAServer-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000]
"_server.exe3DOGL_67207556"=hex:02,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-RAServer-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-RAServer-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-RAServer-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-RAServer-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000]
"_server.exe3DOGL_67207556"=hex:02,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{7B6FEB25-025E-4708-B343-2F03EC46ACD7}\0000]
"_server.exe3DOGL_67207556"=hex:02,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{7B6FEB25-025E-4708-B343-2F03EC46ACD7}\0001]
"_server.exe3DOGL_67207556"=hex:02,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-RAServer-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules]
"RemoteAssistance-RAServer-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-RAServer-In-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteAssistance-RAServer-Out-TCP-NoScope"="v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|"
[HKEY_USERS\S-1-5-21-3476099071-4058957420-1077832665-1000\Software\GNU\ffdshow]
"whitelist"="3wPlayer.exe;ACDSee5.exe;ACDSee6.exe;ACDSee7.exe;ACDSee8.exe;ACDSee8Pro.exe;ACDSee9.exe;Adobe Premiere Elements.exe;Adobe Premiere Pro.exe;aegisub.exe;afreecaplayer.exe;afreecastudio.exe;aim6.exe;ALLPlayer.exe;ALShow.exe;ALSong.exe;AltDVB.exe;amcap.exe;amvtransform.exe;Apollo DivX to DVD Creator.exe;Apollo3GPVideoConverter.exe;Ares.exe;AsfTools.exe;ass_help3r.exe;ASUSDVD.exe;Audition.exe;AutoGK.exe;autorun.exe;avant.exe;AVerTV.exe;Avi2Dvd.exe;avi2mpg.exe;avicodec.exe;avipreview.exe;aviutl.exe;avs2avi.exe;Badak.exe;BearShare.exe;BePipe.exe;bestplayer1.0.exe;BitComet.exe;BlazeDVD.exe;bplay.exe;bsplay.exe;bsplayer.exe;BTVD3DShell.exe;CamRecorder.exe;CamtasiaStudio.exe;carom.exe;christv.exe;cinemaplayer.exe;CinergyDVR.exe;CodecInstaller.exe;ConvertXtoDvd.exe;coolpro2.exe;CorePlayer.exe;coreplayer.exe;Crystal.exe;crystalfree.exe;CrystalPro.exe;cscript.exe;CTCMS.exe;CTCMSU.exe;CTWave.exe;CTWave32.exe;cut_assistant.exe;dashboard.exe;demo32.exe;DivX Player.exe;dllhost.exe;dpgenc.exe;Dr.DivX.exe;drdivx.exe;drdivx2.exe;DreamMaker.exe;DSBrws.exe;DScaler.exe;dv.exe;dvbdream.exe;dvbviewer.exe;DVD Shrink 3.2.exe;DVDAuthor.exe;DVDMaker.exe;DVDMF.exe;dvdplay.exe;DXEnum.exe;Easy RealMedia Tools.exe;ehExtHost.exe;ehshell.exe;emule_TK4.exe;Encode360.exe;fenglei.exe;ffmpeg.exe;filtermanager.exe;firefox.exe;Flash.exe;FMRadio.exe;Fortius.exe;FreeStyle.exe;FSViewer.exe;FusionHDTV.exe;GDivX Player.exe;gdsmux.exe;GoldWave.exe;gom.exe;GomEnc.exe;GoogleDesktop.exe;GoogleDesktopCrawl.exe;graphedit.exe;graphedt.exe;gspot.exe;HBP.exe;HDVSplit.exe;honestechTV.exe;HPWUCli.exe;i_view32.exe;ICQ.exe;ICQLite.exe;iexplore.exe;IHT.exe;IncMail.exe;InfoTool.exe;infotv.exe;iPlayer.exe;JetAudio.exe;jwBrowser.exe;kmplayer.exe;LA.exe;LifeCam.exe;Lilith.exe;makeAVIS.exe;Maxthon.exe;MDirect.exe;Media Center 12.exe;Media Jukebox.exe;Media Player Classic.exe;MediaLife.exe;MediaPortal.exe;MEDIAREVOLUTION.EXE;MediaServer.exe;megui.exe;mencoder.exe;Metacafe.exe;MMPlayer.exe;moviethumb.exe;mpcstar.exe;MpegVideoWizard.exe;mplayer2.exe;mplayerc.exe;msoobe.exe;MultimediaPlayer.exe;Munite.exe;MusicManager.exe;Muzikbrowzer.exe;Mv2PlayerPlus.exe;myplayer.exe;nero.exe;NeroHome.exe;NeroVision.exe;NicoPlayer.exe;NMSTranscoder.exe;nvplayer.exe;Omgjbox.exe;OnlineTV.exe;Opera.exe;OrbStreamerClient.exe;OUTLOOK.EXE;PaintDotNet.exe;paltalk.exe;pcwmp.exe;PhotoScreensaver.scr;Photoshop.exe;Picasa2.exe;playwnd.exe;PowerDirector.exe;powerdvd.exe;POWERPNT.EXE;PPLive.exe;ppmate.exe;PPStream.exe;Procoder2.exe;Producer.exe;progdvb.exe;PVCR.exe;Qonoha.exe;QQPlayerSvr.exe;RadLight.exe;realplay.exe;Recode.exe;rlkernel.exe;RoxMediaDB9.exe;rundll32.exe;SelfMV.exe;Shareaza.exe;sherlock2.exe;ShowTime.exe;sidebar.exe;SinkuHadouken.exe;Sleipnir.exe;smartmovie.exe;SopCast.exe;SplitCam.exe;START.EXE;stillcap.exe;Studio.exe;subedit.exe;SubtitleEdit.exe;SubtitleWorkshop.exe;SWFConverter.exe;TheaterTek DVD.exe;time_adjuster.exe;timecodec.exe;tmc.exe;TMPGEnc.exe;TMPGEnc4XP.exe;TOTALCMD.EXE;tvc.exe;TVersity.exe;TVPlayer.exe;TVUPlayer.exe;UCC.exe;Ultra EDIT.exe;VCD_PLAY.EXE;VeohClient.exe;VFAPIFrameServer.exe;VideoSnapshot.exe;VideoSplitter.exe;VIDEOS~1.SCR;ViPlay.exe;ViPlay3.exe;ViPlay4.exe;virtualdub.exe;virtualdubmod.exe;vplayer.exe;WCreator.exe;WFTV.exe;winamp.exe;WinAVI.exe;WindowsPhotoGallery.exe;windvd.exe;WinMPGVideoConvert.exe;WINWORD.EXE;wmenc.exe;wmplayer.exe;wscript.exe;x264.exe;XNVIEW.EXE;Xvid4PSP.exe;YahooMusicEngine.exe;YahooWidgetEngine.exe;zplayer.exe;Zune.exe;moviemk.exe;ACDSee10.exe;BoonPlayer.exe;CEC_MAIN.exe;msnmsgr.exe;QzoneMusic.exe;ReClockHelper.dll;YahooMessenger.exe;ACDSeePro2.exe;AlltoaviV4.exe;Funshion.exe;Internet TV.exe;MatroskaDiag.exe;QQ.exe;Tvants.exe;video2smv.exe;"
[HKEY_USERS\S-1-5-21-3476099071-4058957420-1077832665-1000\Software\GNU\ffdshow_audio]
"whitelist"="3wPlayer.exe;ACDSee5.exe;ACDSee6.exe;ACDSee7.exe;ACDSee8.exe;ACDSee8Pro.exe;ACDSee9.exe;Adobe Premiere Elements.exe;Adobe Premiere Pro.exe;aegisub.exe;afreecaplayer.exe;afreecastudio.exe;aim6.exe;ALLPlayer.exe;ALShow.exe;ALSong.exe;AltDVB.exe;amcap.exe;amvtransform.exe;Apollo DivX to DVD Creator.exe;Apollo3GPVideoConverter.exe;Ares.exe;AsfTools.exe;ass_help3r.exe;ASUSDVD.exe;Audition.exe;AutoGK.exe;autorun.exe;avant.exe;AVerTV.exe;Avi2Dvd.exe;avi2mpg.exe;avicodec.exe;avipreview.exe;aviutl.exe;avs2avi.exe;Badak.exe;BearShare.exe;BePipe.exe;bestplayer1.0.exe;BitComet.exe;BlazeDVD.exe;bplay.exe;bsplay.exe;bsplayer.exe;BTVD3DShell.exe;CamRecorder.exe;CamtasiaStudio.exe;carom.exe;christv.exe;cinemaplayer.exe;CinergyDVR.exe;CodecInstaller.exe;ConvertXtoDvd.exe;coolpro2.exe;CorePlayer.exe;coreplayer.exe;Crystal.exe;crystalfree.exe;CrystalPro.exe;cscript.exe;CTCMS.exe;CTCMSU.exe;CTWave.exe;CTWave32.exe;cut_assistant.exe;dashboard.exe;demo32.exe;DivX Player.exe;dllhost.exe;dpgenc.exe;Dr.DivX.exe;drdivx.exe;drdivx2.exe;DreamMaker.exe;DSBrws.exe;DScaler.exe;dv.exe;dvbdream.exe;dvbviewer.exe;DVD Shrink 3.2.exe;DVDAuthor.exe;DVDMaker.exe;DVDMF.exe;dvdplay.exe;DXEnum.exe;Easy RealMedia Tools.exe;ehExtHost.exe;ehshell.exe;emule_TK4.exe;Encode360.exe;fenglei.exe;ffmpeg.exe;filtermanager.exe;firefox.exe;Flash.exe;FMRadio.exe;Fortius.exe;FreeStyle.exe;FSViewer.exe;FusionHDTV.exe;GDivX Player.exe;gdsmux.exe;GoldWave.exe;gom.exe;GomEnc.exe;GoogleDesktop.exe;GoogleDesktopCrawl.exe;graphedit.exe;graphedt.exe;gspot.exe;HBP.exe;HDVSplit.exe;honestechTV.exe;HPWUCli.exe;i_view32.exe;ICQ.exe;ICQLite.exe;iexplore.exe;IHT.exe;IncMail.exe;InfoTool.exe;infotv.exe;iPlayer.exe;JetAudio.exe;jwBrowser.exe;kmplayer.exe;LA.exe;LifeCam.exe;Lilith.exe;makeAVIS.exe;Maxthon.exe;MDirect.exe;Media Center 12.exe;Media Jukebox.exe;Media Player Classic.exe;MediaLife.exe;MediaPortal.exe;MEDIAREVOLUTION.EXE;MediaServer.exe;megui.exe;mencoder.exe;Metacafe.exe;MMPlayer.exe;moviethumb.exe;mpcstar.exe;MpegVideoWizard.exe;mplayer2.exe;mplayerc.exe;msoobe.exe;MultimediaPlayer.exe;Munite.exe;MusicManager.exe;Muzikbrowzer.exe;Mv2PlayerPlus.exe;myplayer.exe;nero.exe;NeroHome.exe;NeroVision.exe;NicoPlayer.exe;NMSTranscoder.exe;nvplayer.exe;Omgjbox.exe;OnlineTV.exe;Opera.exe;OrbStreamerClient.exe;OUTLOOK.EXE;PaintDotNet.exe;paltalk.exe;pcwmp.exe;PhotoScreensaver.scr;Photoshop.exe;Picasa2.exe;playwnd.exe;PowerDirector.exe;powerdvd.exe;POWERPNT.EXE;PPLive.exe;ppmate.exe;PPStream.exe;Procoder2.exe;Producer.exe;progdvb.exe;PVCR.exe;Qonoha.exe;QQPlayerSvr.exe;RadLight.exe;realplay.exe;Recode.exe;rlkernel.exe;RoxMediaDB9.exe;rundll32.exe;SelfMV.exe;Shareaza.exe;sherlock2.exe;ShowTime.exe;sidebar.exe;SinkuHadouken.exe;Sleipnir.exe;smartmovie.exe;SopCast.exe;SplitCam.exe;START.EXE;stillcap.exe;Studio.exe;subedit.exe;SubtitleEdit.exe;SubtitleWorkshop.exe;SWFConverter.exe;TheaterTek DVD.exe;time_adjuster.exe;timecodec.exe;tmc.exe;TMPGEnc.exe;TMPGEnc4XP.exe;TOTALCMD.EXE;tvc.exe;TVersity.exe;TVPlayer.exe;TVUPlayer.exe;UCC.exe;Ultra EDIT.exe;VCD_PLAY.EXE;VeohClient.exe;VFAPIFrameServer.exe;VideoSnapshot.exe;VideoSplitter.exe;VIDEOS~1.SCR;ViPlay.exe;ViPlay3.exe;ViPlay4.exe;virtualdub.exe;virtualdubmod.exe;vplayer.exe;WCreator.exe;WFTV.exe;winamp.exe;WinAVI.exe;WindowsPhotoGallery.exe;windvd.exe;WinMPGVideoConvert.exe;WINWORD.EXE;wmenc.exe;wmplayer.exe;wscript.exe;x264.exe;XNVIEW.EXE;Xvid4PSP.exe;YahooMusicEngine.exe;YahooWidgetEngine.exe;zplayer.exe;Zune.exe;moviemk.exe;ACDSee10.exe;BoonPlayer.exe;CEC_MAIN.exe;msnmsgr.exe;QzoneMusic.exe;ReClockHelper.dll;YahooMessenger.exe;ACDSeePro2.exe;AlltoaviV4.exe;Funshion.exe;Internet TV.exe;MatroskaDiag.exe;QQ.exe;Tvants.exe;video2smv.exe;"
[HKEY_USERS\S-1-5-21-3476099071-4058957420-1077832665-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"{9B71D88C-C598-4935-C5D1-43AA4DB90836}"="C:\\Users\\Maxime\\AppData\\Roaming\\server.exe"
*******************
[Fichier]
*******************
*********************
[Même date]
*********************
Aucun fichier créé à la même date détecté
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
Re,
Important :cette procédure a été créée spécifiquement pour cet utilisateur, si vous n'êtes pas cet utilisateur, ne faites pas cette procédure au risque d'endommager sérieusement votre PC !
1) Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.c [...] oveIt2.exe
2) Télécharge et installe Ccleaner :
http://www.01net.com/telecharger/w [...] leurs(...)
-> Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires".
REDEMARRE EN MODE SANS ECHEC ! ( si la manipulation ne marche pas en mode sans échec, fais la en mode normal )
Aide ici : http://www.infos-du-net.com/forum/ [...] mode-echec
/!\ Ne jamais redémarrer en mode sans échec via msconfig /!\
3) Relance HijackThis, clique sur "do a system scan only", coche ces lignes puis clique sur "Fix Checked" et referme HijackThis :
| Citation : R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://c |
4) # Double-clique sur OTMoveIt.exe pour le lancer.
# Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée !!!
# Copie le texte qui se trouve dans l'encadré ci-dessous, sans le mot citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved.
| Citation : c:\windows\system32\msiexec16.exe
|
# Clique sur MoveIt! pour lancer la suppression.
# Si OTMoveIt propose de redémarrer ton PC, accepte.
# Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.
# Dans ta future réponse, envoie le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles
5) Lance CCleaner
>>>Clique sur l'onglet "Nettoyeur" puis sur "Lancer le Nettoyage".
>>>Ensuite clique sur l'onglet Registre, clique sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées". Il est inutile de faire des sauvegardes des clés. Répète l'opération autant de fois qu'il le faut jusqu'à qu'il ne trouve plus d'erreurs.
6) Poste-moi le rapport demandé et refais-moi un scan hijackthis
Sécurité / Prévention
Répondre à Egwene
Re,
Comment va le PC ? Toujours des problèmes ?
Télécharge MalwareByte's Anti-Malware et installe le.
~Redémarre l'ordinateur en mode sans échec (F8 au démarrage de l'ordinateur)
Aide
- Lance MalwareByte's Anti-Malware et sélectionne "Exécuter un examen complet". Patiente le temps du scan.
- Une fois le scan terminé,clique sur "Afficher les résultats" et enregistre le rapport sur ton Bureau.
- Clique enfin sur "Supprimer la sélection".
Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
Aide
Sécurité / Prévention
Répondre à Egwene
Tu n'as pas répondu à la question suivante 
| Citation : Comment va le PC ? Toujours des problèmes ? |
Sécurité / Prévention
Répondre à Egwene
Re,
Tu peux fixer cette ligne avec Hijackthis : R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
C'est un robot... donc les résultat qu'il affiche sont à prendre avec des pincettes.
Pour moi tout est ok
C’est OK, tu n’es plus infecté(e)
1) Télécharge ToolsCleaner sur ton bureau.
http://www.commentcamarche.net/tel [...] nions.php3
Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.
- Clique sur Recherche et laisse le scan agir ...
- Clique sur Suppression pour finaliser.
- Tu peux, si tu le souhaites, te servir des Options facultatives.
- Clique sur Quitter pour obtenir le rapport.
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
2) Télécharge et installe Ccleaner :
http://www.01net.com/telecharger/w [...] 32599.html
- Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Clique sur l'onglet "Nettoyeur" puis sur "Lancer le Nettoyage".
- Ensuite clique sur l'onglet Registre, clique sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées". Il est inutile de faire des sauvegardes des clés. Répète l'opération autant de fois qu'il le faut jusqu'à qu'il ne trouve plus d'erreurs.
- Tutorial ici : http://www.infos-du-net.com/forum/ [...] nstruction
3)
- Désactive ta restauration systeme
- Réactive ta restauration systeme
- Tutorial ici : http://www.infos-du-net.com/forum/ [...] on-systeme
********************************************************************************
Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer" 
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"
Ce serait sympa de rapporter ton infection sur > Malware-Complaints < pour faire condamner ses auteurs
- Règles du forum <- ici
- Poster un message <- ici ( par Malekal )
Pour t'enregistrer clique sur le bouton register ( en haut )
Si tu as plus de 13 ans choisis " I Agree to these terms and am over or exactly 13 years of age "
Si tu as moins de 13 ans choisis " I Agree to these terms and am under 13 years of age "
Tu auras une liste par type d'infection
Si ton infection n'est pas dans la liste crée un message dans Autres infections
a+ et bon surf
Quelques liens intéressants :
http://mickael.barroux.free.fr/securite/
http://www.malekal.com/
http://www.infos-du-net.com/forum/ [...] protection
Message édité par Egwene le 22-03-2008 à 22:02:34
Sécurité / Prévention
Répondre à Egwene
