Bonjour, j'ai attrapé un virus appelé Trojan.DVS celui-ci me créé des rundll32.exe (4) dans le gestionnaire des taches de windows. il me ralentit énormément l'ordinateur. j'ai essayé de le desactiver a partir de msconfig.exe ainsi q'avec hijackthis mais cela ne marche pas il redemarre tout le temps. de plus j'ai effectué un scan de vundofix et il ne trouve rien. scan de bitdefender 10 : il me dit qu'il le bloque mais il est toujours présent au redémarrage. configuration ordinateur : windows vista edition familliale, chipset video 945 intel, 1Go de ram. merci d'avance

BIG PB VIRUS DEPUIS 1 SEMAINE [Résolu]

Réponse 1 / 6

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
12 mai 2008 à 22:54

Re,

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

YAGAMI
12 mai 2008 à 23:15

COMBOFIX :
ComboFix 08-05-11.1 - Alexandre 2008-05-12 23:01:10.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.196 [GMT 2:00]
Endroit: C:\Users\Alexandre\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\iiFxWOig.dll
C:\Windows\system32\x64

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))))))))
.

2008-05-12 21:10 . 1998-06-17 18:07 57,344 --a------ C:\Windows\System32\Mfc42loc.dll
2008-05-12 21:10 . 2008-05-12 21:10 528 --a------ C:\Windows\eReg.dat
2008-05-12 21:03 . 2008-05-12 21:04 <REP> d-------- C:\Program Files\EA GAMES
2008-05-12 14:32 . 2008-05-12 14:32 <REP> d-------- C:\Users\Alexandre\AppData\Roaming\TuneUp Software
2008-05-12 14:32 . 2008-05-12 14:32 354,560 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-05-12 14:32 . 2008-04-04 14:51 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-05-12 14:32 . 2008-04-04 14:51 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-05-12 14:31 . 2008-05-12 14:31 <REP> d-------- C:\Users\All Users\TuneUp Software
2008-05-12 14:31 . 2008-05-12 14:31 <REP> d-------- C:\ProgramData\TuneUp Software
2008-05-12 14:30 . 2008-05-12 14:32 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-05-12 14:28 . 2008-05-12 14:28 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-12 11:55 . 2008-05-12 11:55 153,582,803 --a------ C:\Windows\MEMORY.DMP
2008-05-10 17:17 . 2008-05-12 21:52 <REP> d-------- C:\Users\All Users\TrackMania
2008-05-10 17:17 . 2008-05-12 21:52 <REP> d-------- C:\ProgramData\TrackMania
2008-05-10 17:00 . 2008-05-10 17:05 <REP> d-------- C:\Program Files\TmNationsForever
2008-05-09 19:57 . 2008-05-09 19:57 <REP> d-------- C:\VundoFix Backups
2008-05-09 19:30 . 2008-05-09 19:30 <REP> d-------- C:\Program Files\Trend Micro
2008-05-09 14:32 . 2008-05-09 14:32 <REP> d-------- C:\Users\All Users\WindowsSearch
2008-05-09 14:32 . 2008-05-09 14:32 <REP> d-------- C:\ProgramData\WindowsSearch
2008-05-09 02:32 . 2008-05-09 02:32 <REP> d-------- C:\Users\All Users\Uniblue
2008-05-09 02:32 . 2008-05-09 02:32 <REP> d-------- C:\ProgramData\Uniblue
2008-05-09 01:53 . 2008-05-09 01:53 <REP> d-------- C:\Users\All Users\Adsl Software Limited
2008-05-09 01:53 . 2008-05-09 01:53 <REP> d-------- C:\ProgramData\Adsl Software Limited
2008-05-09 01:53 . 2008-05-09 01:53 1 --a------ C:\Windows\System32\kr_done1de
2008-05-09 01:08 . 2008-05-09 01:08 <REP> d-------- C:\Users\All Users\AutoClic
2008-05-09 01:08 . 2008-05-09 01:08 <REP> d-------- C:\ProgramData\AutoClic
2008-05-09 01:08 . 2008-05-09 01:08 <REP> d-------- C:\Program Files\AutoClic
2008-05-08 12:45 . 2008-05-08 12:45 <REP> d-------- C:\Users\Alexandre\AppData\Roaming\Jasc
2008-05-08 12:43 . 2008-05-08 12:44 <REP> d-------- C:\Program Files\Jasc Software Inc
2008-05-03 16:56 . 2008-05-03 16:56 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-01 00:58 . 2008-05-01 17:12 <REP> d-------- C:\Users\Alexandre\Pivot animations
2008-05-01 00:37 . 2008-05-01 00:37 <REP> d-------- C:\Program Files\Pivot Stickfigure Animator
2008-04-25 23:39 . 2008-05-12 20:56 <REP> d-------- C:\Users\Alexandre\AppData\Roaming\uTorrent
2008-04-25 23:39 . 2008-04-25 23:39 <REP> d-------- C:\Program Files\uTorrent
2008-04-16 13:27 . 2008-04-16 13:27 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-14 22:16 . 2008-04-14 22:16 <REP> d-------- C:\Program Files\FoxyTunes
2008-04-13 00:07 . 2008-05-12 12:31 <REP> d-------- C:\Users\All Users\Google Updater
2008-04-13 00:07 . 2008-05-12 12:31 <REP> d-------- C:\ProgramData\Google Updater

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 19:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 14:35 --------- d-----w C:\ProgramData\BitDefender
2008-05-09 00:32 --------- d-----w C:\Users\Alexandre\AppData\Roaming\Uniblue
2008-05-09 00:32 --------- d-----w C:\Program Files\Uniblue
2008-05-08 13:30 --------- d-----w C:\Program Files\Paint.NET
2008-05-04 15:36 --------- d-----w C:\Users\Alexandre\AppData\Roaming\OpenOffice.org2
2008-05-03 14:54 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-05-03 14:48 --------- d-----w C:\Program Files\Java
2008-04-27 18:39 --------- d-----w C:\Program Files\Windows Live
2008-04-27 10:11 --------- d-----w C:\Program Files\Yahoo!
2008-04-26 19:27 --------- d-----w C:\Program Files\AVS4YOU
2008-04-26 19:26 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-04-26 19:24 --------- d-----w C:\Program Files\EA SPORTS
2008-04-26 19:19 --------- d-----w C:\Program Files\eMule
2008-04-25 19:38 --------- d-----w C:\Program Files\Azureus
2008-04-25 19:35 --------- d-----w C:\Users\Alexandre\AppData\Roaming\Azureus
2008-04-15 21:10 --------- d-----w C:\ProgramData\Messenger Plus!
2008-04-13 20:22 --------- d-----w C:\Users\Alexandre\AppData\Roaming\DNA
2008-04-13 20:22 --------- d-----w C:\Users\Alexandre\AppData\Roaming\BitTorrent
2008-04-13 19:38 --------- d-----w C:\Users\Alexandre\AppData\Roaming\PokerAcademyPro2
2008-04-12 22:11 --------- d-----w C:\Program Files\Google
2008-04-11 14:55 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-10 07:47 174 --sha-w C:\Program Files\desktop.ini
2008-04-10 07:33 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-10 07:33 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-10 07:33 --------- d-----w C:\Program Files\Windows Mail
2008-04-10 07:33 --------- d-----w C:\Program Files\Windows Journal
2008-04-10 07:33 --------- d-----w C:\Program Files\Windows Defender
2008-04-10 07:33 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-10 07:33 --------- d-----w C:\Program Files\Windows Calendar
2008-04-10 07:00 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-10 07:00 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-09 17:27 --------- d-----w C:\Users\Alexandre\AppData\Roaming\Apple Computer
2008-04-09 17:12 --------- d-----w C:\Program Files\QuickTime
2008-04-09 05:02 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-03 22:21 --------- d-----w C:\Program Files\DomPlayer
2008-04-03 21:19 --------- d-----w C:\Program Files\DivX
2008-04-02 15:38 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-01 19:20 --------- d-----w C:\Program Files\Red Storm Entertainment
2008-04-01 18:36 --------- d-----w C:\Users\Alexandre\AppData\Roaming\MiniDm
2008-03-31 18:21 --------- d-----w C:\Program Files\IEPro
2008-03-26 17:34 --------- d-----w C:\Program Files\Sierra
2008-03-25 18:25 163,644 ----a-w C:\Windows\system32\drivers\SECDRV.SYS
2008-03-25 17:52 --------- d-----w C:\Program Files\Activision
2008-03-23 20:46 --------- d-----w C:\ProgramData\Azureus
2008-03-13 18:35 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-12 21:19 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-03-12 06:04 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-10 21:55 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-03-10 16:24 22,328 ----a-w C:\Users\Alexandre\AppData\Roaming\PnkBstrK.sys
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-26 01:27 77,824 ----a-w C:\Windows\System32\xcomm.dll
2008-02-26 01:07 81,984 ----a-w C:\Windows\System32\bdod.bin
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 02:05 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2007-08-16 08:50 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-08-16 08:50 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-08-16 08:50 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"@"="" []
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-05-02 15:15 1424648]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"cmds"="C:\Users\ALEXAN~1\AppData\Local\Temp\yayaAsRI.dll" [2008-05-09 17:46 275968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 00:16 411768]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 17:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-02-06 15:21 509496]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 14:46 534648]
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 09:06 413696]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 12:08 438272]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-01-13 10:40 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-01-13 10:40 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-01-13 10:40 81920]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-11 16:21 180224]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 18:12 1029416]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 06:00 204800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-28 17:32 360448]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\66748d42]
--------- 2008-05-12 11:59 90688 C:\Users\ALEXAN~1\AppData\Local\Temp\ixilyiqe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
--a------ 2008-05-09 17:46 275968 C:\Users\ALEXAN~1\AppData\Local\Temp\yayaAsRI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Windows\system32\iiFxWOig.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POEngine]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3C0FC2DE-013A-451D-B496-72DE27C66FD5}"= UDP:C:\Program Files\Microsoft Games\Halo 2 Dedicated Server\h2server.exe:Halo 2 Dedicated Server
"{68827A8E-327A-4915-AF0B-D1854B449731}"= TCP:C:\Program Files\Microsoft Games\Halo 2 Dedicated Server\h2server.exe:Halo 2 Dedicated Server
"{15841D8A-6CBE-4573-9799-C20242B90F5E}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{98A52685-59A8-4838-8920-EBF552BCC516}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{84B0C692-5644-4DF8-BBAB-7A4BC9CECC1C}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{6D6312CB-2C1F-41A3-8D61-22EEDFC9E19F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{57821493-4ED0-4BAC-B74A-3D0E07B0B3C8}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{27D3AB8D-84D0-4885-B40E-9A0F26CC7E21}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{34197BC7-0D4C-41C1-847B-F6144BD0C301}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{7984D549-BBAC-4BF7-B807-683E0D64792A}C:\\program files\\steam\\steamapps\\speedygonzalez229\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\speedygonzalez229\counter-strike source\hl2.exe:hl2
"UDP Query User{A0516EE8-1420-45F8-8112-A1F74489F31A}C:\\program files\\steam\\steamapps\\speedygonzalez229\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\speedygonzalez229\counter-strike source\hl2.exe:hl2
"TCP Query User{74293D02-C479-4880-BFAC-00A49F587832}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{41E75BCA-C0BF-44FA-A2EC-49A57B4743EE}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"{41066062-0782-4D57-9405-49E62620FD43}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{A8388CD7-CD6A-49CF-9B0F-5B28889F469C}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{81D2B140-31BC-4E52-8794-130763D7C8EA}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"TCP Query User{118BFB1A-656E-4C82-9ACC-81FFB385EC3C}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{DA8311A9-19C7-410B-BDF4-245F943E9A53}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{88898477-BC97-42B4-A048-44EA18F6BE82}C:\\program files\\univ-tchat\\univ-tchat.exe"= UDP:C:\program files\univ-tchat\univ-tchat.exe:Univ'Tchat
"UDP Query User{F75327EA-48F7-49CD-A18E-1820D5AD27B2}C:\\program files\\univ-tchat\\univ-tchat.exe"= TCP:C:\program files\univ-tchat\univ-tchat.exe:Univ'Tchat
"TCP Query User{89525D92-C78E-4A0E-B7FA-119D7EA175F3}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{502716FB-6519-43C2-A41F-18202B6E5D8F}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{B36156B7-FC81-4F3A-9B30-1F7628F4873B}C:\\program files\\adsltv\\vlc.exe"= UDP:C:\program files\adsltv\vlc.exe:VLC media player
"UDP Query User{931DB485-7CEB-4996-B4C6-DCC6C22CC8A4}C:\\program files\\adsltv\\vlc.exe"= TCP:C:\program files\adsltv\vlc.exe:VLC media player
"TCP Query User{8D2D663F-0A3F-4CE2-87D3-76AEC759C7EC}C:\\program files\\weezo\\apache\\bin\\weezohttpd.exe"= UDP:C:\program files\weezo\apache\bin\weezohttpd.exe:Apache HTTP Server
"UDP Query User{06156844-2BBD-400E-AC66-7D9AAE0E459C}C:\\program files\\weezo\\apache\\bin\\weezohttpd.exe"= TCP:C:\program files\weezo\apache\bin\weezohttpd.exe:Apache HTTP Server
"TCP Query User{89E21C72-3FDC-4C8E-9FD1-53F6A36A31DB}C:\\program files\\weezo\\apache\\bin\\weezohttpd.exe"= UDP:C:\program files\weezo\apache\bin\weezohttpd.exe:Apache HTTP Server
"UDP Query User{4C085A13-A754-4525-B069-8FE231DEB24A}C:\\program files\\weezo\\apache\\bin\\weezohttpd.exe"= TCP:C:\program files\weezo\apache\bin\weezohttpd.exe:Apache HTTP Server
"TCP Query User{6B7E8B6B-98FF-41D4-A511-0C62D623EE8C}C:\\program files\\steam\\steamapps\\speedygonzalez229\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\speedygonzalez229\counter-strike source\hl2.exe:hl2
"UDP Query User{B16A880E-EDB9-4326-A477-DAF80FB8A8AD}C:\\program files\\steam\\steamapps\\speedygonzalez229\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\speedygonzalez229\counter-strike source\hl2.exe:hl2
"TCP Query User{AFC406BF-76FC-444C-823B-1FB2E3B7CA36}C:\\program files\\univ-tchat\\univ-tchat.exe"= UDP:C:\program files\univ-tchat\univ-tchat.exe:Univ'Tchat
"UDP Query User{23AE30C5-88EA-491B-9203-DBF698597464}C:\\program files\\univ-tchat\\univ-tchat.exe"= TCP:C:\program files\univ-tchat\univ-tchat.exe:Univ'Tchat
"TCP Query User{73E8461C-67FE-441E-A1EC-E0F03D0EF190}C:\\program files\\microsoft games\\halo\\halo.exe"= UDP:C:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{5B3C816B-4FD2-4964-88CE-C3581C938876}C:\\program files\\microsoft games\\halo\\halo.exe"= TCP:C:\program files\microsoft games\halo\halo.exe:Halo
"TCP Query User{B63E0C87-5281-4B82-9388-3E7B742250D2}C:\\program files\\microsoft games\\halo\\halo.exe"= UDP:C:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{43576F65-AB3E-4ACD-914E-724D4B8D2EB2}C:\\program files\\microsoft games\\halo\\halo.exe"= TCP:C:\program files\microsoft games\halo\halo.exe:Halo
"TCP Query User{21402B66-C21F-4FD8-B6EA-FA888983B5C0}C:\\program files\\sierra\\swat 4\\content\\system\\swat4dedicatedserver.exe"= UDP:C:\program files\sierra\swat 4\content\system\swat4dedicatedserver.exe:SWAT 4
"UDP Query User{916EE089-0428-414F-A73C-EE3F7067F8BC}C:\\program files\\sierra\\swat 4\\content\\system\\swat4dedicatedserver.exe"= TCP:C:\program files\sierra\swat 4\content\system\swat4dedicatedserver.exe:SWAT 4
"{74FEC64D-CAC6-4678-96EF-9385610E2A71}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{8D23F222-4348-4B8F-AC7E-B452B95ABB92}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{C7671F07-43FE-4728-8C2C-F5E2BDC4C6BF}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{2E111694-B942-4DAE-B475-9C1D525F488B}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{7C5ABAB4-8B01-4690-9158-D5B3DB349422}C:\\programmes\\activision\\rome - total war\\rometw.exe"= UDP:C:\programmes\activision\rome - total war\rometw.exe:Rome: Total War
"UDP Query User{71262534-BFF5-455C-A5D0-CAAB0ADDF236}C:\\programmes\\activision\\rome - total war\\rometw.exe"= TCP:C:\programmes\activision\rome - total war\rometw.exe:Rome: Total War
"{012A2B44-B18E-40C4-A055-339EA7BC85A2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{0745E35B-744C-4D38-951F-2A7C778A40B3}C:\\program files\\america's army\\system\\armyops.exe"= UDP:C:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{98255647-3B6A-46EB-AAAA-EC5B1D288A4B}C:\\program files\\america's army\\system\\armyops.exe"= TCP:C:\program files\america's army\system\armyops.exe:ArmyOps
"TCP Query User{C6740191-6572-4439-AE21-4A824656F1AD}C:\\program files\\america's army\\system\\armyops.exe"= UDP:C:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{BFC17F51-93C9-4909-A7A3-B9403956D5B1}C:\\program files\\america's army\\system\\armyops.exe"= TCP:C:\program files\america's army\system\armyops.exe:ArmyOps
"{7F45179A-5D47-429C-91BD-39C8C67C2F71}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{F04493DE-6FD4-4955-8051-37191550A0F0}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{DC8EE731-9897-4EAE-9724-DDBEF9EA428C}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{70598E64-3CFA-442B-A583-37D039A8A589}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{B718DC2C-8FF0-4C08-89A5-10A8D18FEDBA}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{8CBB05EA-04B9-4784-B88B-3EF98782FDB0}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{ED02AFDE-27D4-422F-A585-A14D96132892}C:\\toshiba\\drivers\\t\\winvnc.exe"= UDP:C:\toshiba\drivers\t\winvnc.exe:TightVNC Win32 Server
"UDP Query User{D29511FF-81C1-41BB-A0B0-375A72B3A334}C:\\toshiba\\drivers\\t\\winvnc.exe"= TCP:C:\toshiba\drivers\t\winvnc.exe:TightVNC Win32 Server
"TCP Query User{ADC07BB7-D6D1-468A-AA90-A6D1F3EBA7C0}C:\\users\\alexandre\\appdata\\svchost.exe"= UDP:C:\users\alexandre\appdata\svchost.exe:svchost.exe
"UDP Query User{3B1193FB-5750-4202-A58A-C05998B0745D}C:\\users\\alexandre\\appdata\\svchost.exe"= TCP:C:\users\alexandre\appdata\svchost.exe:svchost.exe
"TCP Query User{DF297E35-7653-4D61-8BDC-105085E2906C}C:\\toshiba\\drivers\\t\\winvnc.exe"= UDP:C:\toshiba\drivers\t\winvnc.exe:TightVNC Win32 Server
"UDP Query User{B33BCC68-D921-453F-9291-7AFCE9207542}C:\\toshiba\\drivers\\t\\winvnc.exe"= TCP:C:\toshiba\drivers\t\winvnc.exe:TightVNC Win32 Server
"TCP Query User{F674A2B1-B485-48D5-8A6C-B777E73DD786}C:\\program files\\thq\\dawn of war\\w40k.exe"= UDP:C:\program files\thq\dawn of war\w40k.exe:W40K
"UDP Query User{34B65D13-FB98-4B5D-BF08-BBDA57B2F147}C:\\program files\\thq\\dawn of war\\w40k.exe"= TCP:C:\program files\thq\dawn of war\w40k.exe:W40K
"TCP Query User{C3E0259C-B1EC-4840-B7B1-09AD7F1AF4D5}C:\\program files\\thq\\dawn of war\\w40kwa.exe"= UDP:C:\program files\thq\dawn of war\w40kwa.exe:W40kWA
"UDP Query User{8274B338-1660-4596-B2F9-B4C72CE663AE}C:\\program files\\thq\\dawn of war\\w40kwa.exe"= TCP:C:\program files\thq\dawn of war\w40kwa.exe:W40kWA
"TCP Query User{4AA30756-CC85-435D-904B-C9DF6EDE7F6F}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"UDP Query User{9AC47872-55D7-4D16-B219-54FB2E359F04}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"TCP Query User{C261D3E1-EC72-45EC-ADE9-4A6F01973B59}\\\\pc-de-alexandre\\c\\program files\\america's army\\system\\armyops.exe"= UDP:\\pc-de-alexandre\c\program files\america's army\system\armyops.exe:armyops.exe
"UDP Query User{1BA6BD93-2C08-41A8-B809-F611D3762E9C}\\\\pc-de-alexandre\\c\\program files\\america's army\\system\\armyops.exe"= TCP:\\pc-de-alexandre\c\program files\america's army\system\armyops.exe:armyops.exe
"TCP Query User{1C714909-8B60-4076-A955-772B967D79D5}C:\\program files\\pok3d\\bin-pok3d\\release\\pok3d.exe"= UDP:C:\program files\pok3d\bin-pok3d\release\pok3d.exe:Pok3d
"UDP Query User{9DEF4622-9649-4294-BE91-65FB55436EE0}C:\\program files\\pok3d\\bin-pok3d\\release\\pok3d.exe"= TCP:C:\program files\pok3d\bin-pok3d\release\pok3d.exe:Pok3d
"TCP Query User{5552F4BF-20A6-4F30-8ECB-645C6E0CD4EC}C:\\program files\\pok3d\\bin-cygwin\\poker3d_xwnc.exe"= UDP:C:\program files\pok3d\bin-cygwin\poker3d_xwnc.exe:poker3d_xwnc
"UDP Query User{4EAEA516-9A40-4756-A806-BA711CB42E2D}C:\\program files\\pok3d\\bin-cygwin\\poker3d_xwnc.exe"= TCP:C:\program files\pok3d\bin-cygwin\poker3d_xwnc.exe:poker3d_xwnc
"TCP Query User{2B5A72F1-5A5E-48EF-9528-7E3060CDC8CC}C:\\program files\\pok3d\\bin-cygwin\\rsync.exe"= UDP:C:\program files\pok3d\bin-cygwin\rsync.exe:rsync
"UDP Query User{59B89AC1-E0EA-4BA3-8E84-6EF1A84AAB12}C:\\program files\\pok3d\\bin-cygwin\\rsync.exe"= TCP:C:\program files\pok3d\bin-cygwin\rsync.exe:rsync
"TCP Query User{E475BD30-0B3A-4E6D-B501-B5A121619109}C:\\program files\\pok3d\\bin-cygwin\\poker3d_xwnc.exe"= UDP:C:\program files\pok3d\bin-cygwin\poker3d_xwnc.exe:poker3d_xwnc
"UDP Query User{81B1017F-1272-49BA-9ACF-62FEC12DDE38}C:\\program files\\pok3d\\bin-cygwin\\poker3d_xwnc.exe"= TCP:C:\program files\pok3d\bin-cygwin\poker3d_xwnc.exe:poker3d_xwnc
"TCP Query User{44BFC6BA-A400-48CC-A346-A1D934CF7707}C:\\program files\\pok3d\\bin-cygwin\\rsync.exe"= UDP:C:\program files\pok3d\bin-cygwin\rsync.exe:rsync
"UDP Query User{7ED23EE3-8E8E-4C1C-B074-5A428F4F195A}C:\\program files\\pok3d\\bin-cygwin\\rsync.exe"= TCP:C:\program files\pok3d\bin-cygwin\rsync.exe:rsync
"TCP Query User{8CD40FC2-6110-4BF0-B431-2AD3558FBDC3}C:\\program files\\pok3d\\bin-pok3d\\release\\pok3d.exe"= UDP:C:\program files\pok3d\bin-pok3d\release\pok3d.exe:Pok3d
"UDP Query User{989D904A-3022-4F0A-B5FE-A0F4BF9F8E23}C:\\program files\\pok3d\\bin-pok3d\\release\\pok3d.exe"= TCP:C:\program files\pok3d\bin-pok3d\release\pok3d.exe:Pok3d
"TCP Query User{2E55AC64-651D-4EB6-B37A-CEE7B0537724}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{E3D71B85-6664-416D-85E2-859473C94CBD}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{82F41D7F-55A9-48EA-A9F8-27DBE6EB1BEE}C:\\program files\\maïdo production\\izispot 4\\izispot.exe"= UDP:C:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
"UDP Query User{866CF243-1D0B-413E-BAAE-12464103B9D1}C:\\program files\\maïdo production\\izispot 4\\izispot.exe"= TCP:C:\program files\maïdo production\izispot 4\izispot.exe:IziSpot
"TCP Query User{E7388A05-66CA-4F39-97CD-EE36E92221B3}C:\\program files\\ubisoft\\splinter cell\\versus\\system\\scct_versus.ex"= UDP:C:\program files\ubisoft\splinter cell\versus\system\scct_versus.ex:SCCT_Versus.ex
"UDP Query User{BBA65218-2916-4D5C-BA67-D9A20816723B}C:\\program files\\ubisoft\\splinter cell\\versus\\system\\scct_versus.ex"= TCP:C:\program files\ubisoft\splinter cell\versus\system\scct_versus.ex:SCCT_Versus.ex
"TCP Query User{E5CD7AF6-6FB7-4A7D-81B0-F75EFA198F79}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"UDP Query User{1E6562C0-9A9C-40B2-9A2E-ACA607E8DECB}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"TCP Query User{DE61B3C3-4410-4772-961B-53FFB46996F6}C:\\users\\alexandre\\documents\\tsearch\\tsearch.exe"= UDP:C:\users\alexandre\documents\tsearch\tsearch.exe:tsearch.exe
"UDP Query User{154CFB37-D9DD-40F9-8851-EA0252758A5F}C:\\users\\alexandre\\documents\\tsearch\\tsearch.exe"= TCP:C:\users\alexandre\documents\tsearch\tsearch.exe:tsearch.exe
"{09CFA4D8-9190-443F-8266-15D5C4F8DD62}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{9921112D-2AE1-4EBD-8F26-51818E565FB0}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{6F3D60D2-BDAB-4EA0-B791-7818296A0225}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{23054584-CC0D-478D-BCC6-937EEFCEACC5}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{8960E460-AA12-4D46-BA5A-F36ED54CB83B}C:\\users\\alexandre\\program files\\dna\\btdna.exe"= UDP:C:\users\alexandre\program files\dna\btdna.exe:btdna.exe
"UDP Query User{E6EA8B85-59A3-4632-ADAC-3E1F5A81D971}C:\\users\\alexandre\\program files\\dna\\btdna.exe"= TCP:C:\users\alexandre\program files\dna\btdna.exe:btdna.exe
"TCP Query User{1FAB3598-5741-416F-9B99-4D127751DDF3}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{70FBE463-0CFD-4857-9039-877F2F6204CA}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{D9AD7EE5-C55E-491F-9DC5-0DB39A22204B}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{0ACA933B-3531-498D-8274-0F79A8A21E8E}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{CD015D97-76C9-43A4-8D2F-6CFD2F0D9014}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{E035058F-B26E-45BD-9ECA-87404E48030B}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{4F18AE3A-951F-4165-A921-9C11FD917A20}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{C9E1800C-01ED-4F06-AA95-45306D5B9A1D}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{8C809ACB-B9BF-40B0-ADDE-BB5F15C1333C}"= UDP:C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe:SWAT 4 - The Stetchkov Syndicate
"{3004B7B4-7054-4F49-B8B0-9749AACF968D}"= TCP:C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe:SWAT 4 - The Stetchkov Syndicate
"{D65360C9-C2BE-4EED-9DCB-54BEAC0F1EBB}"= UDP:C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe:SWAT 4 - The Stetchkov Syndicate Dedicated Server
"{1E83FEE5-6A18-4A56-8719-A80C8195F06D}"= TCP:C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe:SWAT 4 - The Stetchkov Syndicate Dedicated Server
"TCP Query User{CAE658C1-5236-4D2A-A4BA-05EB43ACC3AD}C:\\program files\\red storm entertainment\\ravenshield\\system\\ravenshield.exe"= UDP:C:\program files\red storm entertainment\ravenshield\system\ravenshield.exe:RavenShield
"UDP Query User{E8064619-5CB9-4972-9987-DE81EAF09A49}C:\\program files\\red storm entertainment\\ravenshield\\system\\ravenshield.exe"= TCP:C:\program files\red storm entertainment\ravenshield\system\ravenshield.exe:RavenShield
"TCP Query User{F5F672B9-53F0-4043-BA27-B8FB4E341F7D}C:\\program files\\red storm entertainment\\ravenshield\\system\\ucc.exe"= UDP:C:\program files\red storm entertainment\ravenshield\system\ucc.exe:UCC
"UDP Query User{91AF5D45-1416-4D8B-B74C-EC73888195F4}C:\\program files\\red storm entertainment\\ravenshield\\system\\ucc.exe"= TCP:C:\program files\red storm entertainment\ravenshield\system\ucc.exe:UCC
"TCP Query User{86A9A00B-27C4-4334-A29D-979580778C16}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{C697ECBD-7685-4E1B-B9DE-A4A5D16BC8D0}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{E76BC326-D927-4341-A427-F1E8B927B15A}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{24BC1C16-BF01-4ABB-82A7-6CEA7992A855}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{3C01B3A9-EEAC-4469-A6AF-40618111766C}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{33D17219-2232-4DD9-A148-10E053AC6084}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{E41B9835-5DCB-4DE5-8FFA-A6E409C5AE52}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{483D84E2-E2C3-430A-8077-DAE3E6716B9D}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{0410612A-C0FE-4F2F-989A-12640FED0F0A}C:\\users\\alexandre\\appdata\\local\\temp\\nwizsrv.exe"= UDP:C:\users\alexandre\appdata\local\temp\nwizsrv.exe:nwizsrv.exe
"UDP Query User{091216CE-11D9-4ED4-96C1-129247FEF237}C:\\users\\alexandre\\appdata\\local\\temp\\nwizsrv.exe"= TCP:C:\users\alexandre\appdata\local\temp\nwizsrv.exe:nwizsrv.exe
"TCP Query User{49C99D48-7D01-43CA-B200-0F9D5F0D5812}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{3FB8F87D-3AFF-4537-A033-E272B967B2D3}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{192D8E0C-FFC2-4A79-9C91-AB65C7AC81A6}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{D96E6FDD-7A39-4E7F-985B-FC4824C4090E}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{A599FA8E-2A35-4FE2-A78C-889ED8C97087}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= UDP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"UDP Query User{9584283A-5125-4B23-9081-8C02CC1BE283}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= TCP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\\Program Files\\IEPro\\MiniDM.exe"= C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-07-14 05:30]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-02-27 18:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4db969d1-cdc3-11dc-a9cf-0016d4f76a50}]
\shell\AutoRun\command - G:\xn1i9x.com
\shell\explore\Command - G:\xn1i9x.com
\shell\open\Command - G:\xn1i9x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92af4415-3a9d-11dc-94c0-0016d4f76a50}]
\shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94695b6d-204a-11dd-863b-0016d4f76a50}]
\shell\1\Command - G:\test.bat
\shell\2\Command - G:\test.bat
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\test.bat

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FF7637BD-AF04-D060-AF28-E08C500AB9AD}]
C:\Windows\system32\antivirus.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-12 21:00:01 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-04-23 20:38:57 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-13 20:16:02 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-09 01:15:51 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-05-12 17:46:34 C:\Windows\Tasks\User_Feed_Synchronization-{7F6469D2-04E5-457F-8844-573C0A245340}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 23:07:34
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-12 23:09:56
ComboFix-quarantined-files.txt 2008-05-12 21:09:23

Pre-Run: 6,279,802,880 octets libres
Post-Run: 6,171,086,848 octets libres

387 --- E O F --- 2008-05-09 10:53:17

Réponse 2 / 6

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
12 mai 2008 à 22:39

Bonsoir,

poste le rapport de Hijackthis.

YAGAMI
12 mai 2008 à 22:45

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:26, on 09/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\iiFxWOig.dll,#1
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\ALEXAN~1\AppData\Local\Temp\geBtSMfC.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\ALEXAN~1\AppData\Local\Temp\yayaAsRI.dll,c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Alexandre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Steam Client Service - Unknown owner - C:\Program Files\Common Files\Steam\SteamService.exe (file missing)
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

Réponse 3 / 6

jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 1 616
12 mai 2008 à 22:40

bonsoir, et si tu nous mettais un rappoert hijackthis
mettre un rapport hijackthis
comment l'installer: http://pageperso.aol.fr/balltrap34/Hijenr.gif
le télécharger: https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
pour le rapport et fixer les lignes: http://pageperso.aol.fr/balltrap34/demohijack.htm

Réponse 4 / 6

jean_louis_57 Messages postés 1353 Date d'inscription dimanche 13 avril 2008 Statut Membre Dernière intervention 12 février 2020 81
12 mai 2008 à 22:40

regarde la

http://www.commentcamarche.net/forum/affich 4630120 virus trojan dropper vundo d dvd dvs

demande a jfk de l'aide ou a marie

Réponse 5 / 6

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
12 mai 2008 à 23:42

Re,

attention, tu n'avais pas désactivé la garde de ton antivirus pendant le passage de ComboFix.

Copie ou imprime les instructions avant car tu n'y auras pas accès.

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
c:\windows\system32\iifxwoig.dll
c:\users\alexan~1\appdata\local\temp\gebtsmfc.dll
c:\users\alexan~1\appdata\local\temp\yayaasri.dll

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSServer"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSServer"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cmds"=-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

Remets aussi un rapport Hijackthis.

YAGAMI
13 mai 2008 à 00:31

alors je n'ai pas pu poster le log de combofist car l'ordinateur a redémarré.
mais voila le rapport de hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:19, on 2008-05-13
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Steam Client Service - Unknown owner - C:\Program Files\Common Files\Steam\SteamService.exe (file missing)
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

Réponse 6 / 6

jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 1 616
13 mai 2008 à 00:40

bon pour moi ton rapport est bon sauf que tu as deux anti-virus norton et bitdefender il faut absolument que tu en désinstalle un avant de planter ton pc

YAGAMI
13 mai 2008 à 00:41

ok je v y veiller
ET ... MEEEEEEEEEEEEERRRRRRRRRRRRRCCCCCCCCCCCCIIIIIIIIIIIIIII BCP!!!!!!

bye

BIG PB VIRUS DEPUIS 1 SEMAINE

6 réponses

Discussions similaires