Sujet Précédent Sujet Suivant

Problème CID avec windos vista

Venatio Messages postés 13 Statut Membre -  
 Utilisateur anonyme -
Bonjour, voila j'ai un problème d'affichage de pub CID que je n'arrive pas a arrété.

Alors j'ai bien un fichier nommé CID dans pannaux de configuration/gestion des programmes/CID help.
Mais je n'arrive pas a le désintaller.

j'ai déja dl COmbofix et le rapport est le suivant :

ComboFix 08-05-27.4 - Yann 2008-05-28 2:10:28.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1089 [GMT 2:00]
Endroit: C:\Users\Yann\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 23:43 --------- d-----w C:\Program Files\eMule
2008-05-27 23:39 --------- d-----w C:\Program Files\Steam
2008-05-24 11:52 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-05-23 14:26 --------- d-----w C:\Users\Yann\AppData\Roaming\uTorrent
2008-05-23 14:20 --------- d-----w C:\ProgramData\site link test
2008-05-23 14:20 --------- d-----w C:\ProgramData\beep axis mode free
2008-05-21 23:46 --------- d-----w C:\Users\Yann\AppData\Roaming\mIRC
2008-05-19 15:54 --------- d-----w C:\Users\Yann\AppData\Roaming\AVSMedia
2008-05-19 09:43 --------- d-----w C:\Program Files\World of Warcraft
2008-05-17 07:18 --------- d-----w C:\Program Files\Codemasters
2008-05-16 19:31 --------- d-----w C:\Program Files\mIRC
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 18:27 --------- d-----w C:\Program Files\Windows Live
2008-05-15 18:22 --------- d-----w C:\ProgramData\WLInstaller
2008-05-14 00:59 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 00:59 --------- d-----w C:\Program Files\Windows Mail
2008-05-10 13:09 --------- d-----w C:\ProgramData\Media Center Programs
2008-05-10 12:44 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-09 21:34 --------- d-----w C:\Users\Yann\AppData\Roaming\Turbine
2008-05-03 13:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-26 17:19 --------- d-----w C:\Program Files\PhotoFiltre
2008-04-19 05:19 --------- d-----w C:\ProgramData\NVIDIA
2008-04-18 15:44 --------- d-----w C:\ProgramData\InstallShield
2008-04-18 15:39 --------- d-----w C:\Program Files\Gpotato.eu
2008-04-18 15:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-14 23:08 --------- d-----w C:\Users\Yann\AppData\Roaming\Apple Computer
2008-04-14 23:08 --------- d-----w C:\Program Files\iTunes
2008-04-14 23:08 --------- d-----w C:\Program Files\iPod
2008-04-14 23:07 --------- d-----w C:\ProgramData\Apple Computer
2008-04-14 23:07 --------- d-----w C:\Program Files\QuickTime
2008-04-14 23:06 --------- d-----w C:\Program Files\Apple Software Update
2008-04-14 23:05 --------- d-----w C:\ProgramData\Apple
2008-04-14 23:05 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-14 21:26 --------- d-----w C:\Program Files\Veoh Networks
2008-04-02 18:46 --------- d-----w C:\Program Files\MIKSOFT
2008-03-02 02:13 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-02 02:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-02 02:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-02 02:07 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-02 02:07 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-02 02:07 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-02 02:06 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-02 02:06 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-02 02:06 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-02 02:06 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-03-02 02:06 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-02 02:06 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-02 02:06 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-03-02 02:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-20 00:21 22,328 ----a-w C:\Users\Yann\AppData\Roaming\PnkBstrK.sys
2007-08-30 10:18 174 --sha-w C:\Program Files\desktop.ini
2007-07-22 13:25 32 ----a-r C:\Users\All Users\hash.dat
2007-07-22 13:25 32 ----a-r C:\ProgramData\hash.dat
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:01 1232896]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 12:23 1271032]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-27 17:33 171448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 06:57 2494464]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"blue online"="C:\ProgramData\Bib bold bold.8u5urz" [2008-05-23 16:19 335888]
"MODE FREE BIRD SURF"="C:\ProgramData\POLL TEST VC.p9qw1ut" [2008-05-23 16:20 40976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2006-11-09 12:45 549376]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-11-09 13:10 1126400]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{8C1FDE97-1986-41DA-BF82-D9702F26D632}C:\\program files\\world of warcraft\\wow-2.0.3-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.0.3-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{243E6670-221F-42FE-B07D-AC015F986985}C:\\program files\\world of warcraft\\wow-2.0.3-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.0.3-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{09E24B04-96ED-4E4B-A502-1CF8FE255DBD}C:\\program files\\world of warcraft\\wow-1.12.0-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.0-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{805164A2-6031-451F-B450-A55723D407A1}C:\\program files\\world of warcraft\\wow-1.12.0-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.0-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{01BDCDD8-328D-4E87-9229-48DF7ABFBEC9}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-frfr-patch-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-frfr-patch-downloader.exe:Blizzard Downloader
"UDP Query User{4D60A0AB-C56B-4BAA-9181-9B7327847CE5}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-frfr-patch-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-frfr-patch-downloader.exe:Blizzard Downloader
"TCP Query User{8CFEB43A-5085-4B01-8FD0-B2B69D384013}C:\\program files\\world of warcraft\\wow-2.0.3.6299-to-2.0.10.6448-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.10.6448-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{14A3723D-4897-4A4F-ADCC-5ABE49D7F904}C:\\program files\\world of warcraft\\wow-2.0.3.6299-to-2.0.10.6448-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.10.6448-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{29B68D22-4A77-4127-8527-1B7D4BEB6037}C:\\program files\\steam\\steamapps\\venatio\\day of defeat source\\hl2.exe"= UDP:C:\program files\steam\steamapps\venatio\day of defeat source\hl2.exe:hl2
"UDP Query User{BD866E44-1C57-4895-81C0-17D43A7E9A64}C:\\program files\\steam\\steamapps\\venatio\\day of defeat source\\hl2.exe"= TCP:C:\program files\steam\steamapps\venatio\day of defeat source\hl2.exe:hl2
"{96933BB0-8762-468A-93B3-8606E54E3F1E}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{64D731ED-F000-4498-8D6C-C805C161A670}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"TCP Query User{256DBA96-2671-429B-93B1-DA561D64690B}C:\\program files\\world of warcraft\\wow-2.0.10.6448-to-2.0.12.6546-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.0.10.6448-to-2.0.12.6546-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{CA663BD7-E332-48AC-8A88-3BCDD0231A01}C:\\program files\\world of warcraft\\wow-2.0.10.6448-to-2.0.12.6546-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.0.10.6448-to-2.0.12.6546-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{3CB8C4E8-F514-4EB9-9656-A3C990518E1E}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{5226A56D-B5F4-43EB-9C8B-374CF41D805A}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{B0EBE8E1-CB7D-483D-B108-7133144915E4}C:\\program files\\steam\\steamapps\\venatio\\half-life\\hl.exe"= UDP:C:\program files\steam\steamapps\venatio\half-life\hl.exe:Half-Life Launcher
"UDP Query User{B3F1F46E-89A3-4A57-8F97-196E88978237}C:\\program files\\steam\\steamapps\\venatio\\half-life\\hl.exe"= TCP:C:\program files\steam\steamapps\venatio\half-life\hl.exe:Half-Life Launcher
"TCP Query User{3AD14D7B-843A-4814-BCA9-98C7F236ED46}C:\\program files\\steam\\steamapps\\venatio\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\steam\steamapps\venatio\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{59366A0B-AC08-4BF4-B5CB-5BBB4B4FE4D4}C:\\program files\\steam\\steamapps\\venatio\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\steam\steamapps\venatio\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{FFF8C09A-6C02-4501-A0EF-1AA979722FDA}C:\\stubinstaller.exe"= UDP:C:\stubinstaller.exe:LimeWire swarmed installer
"UDP Query User{7882538A-42B8-4061-83FA-9C06510FDDCB}C:\\stubinstaller.exe"= TCP:C:\stubinstaller.exe:LimeWire swarmed installer
"{032252A5-D58E-48A0-B813-E1FBD5F5FF09}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{895B9E9A-019D-446B-AE3D-781BFE0388F3}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{AA22095C-684F-4C93-B0A0-1F2F5719656B}C:\\program files\\steam\\steamapps\\venatio\\dedicated server\\hlds.exe"= UDP:C:\program files\steam\steamapps\venatio\dedicated server\hlds.exe:HLDS Launcher
"UDP Query User{DAD5C41E-83D2-41BA-9D69-8E5B6C7A6B4A}C:\\program files\\steam\\steamapps\\venatio\\dedicated server\\hlds.exe"= TCP:C:\program files\steam\steamapps\venatio\dedicated server\hlds.exe:HLDS Launcher
"TCP Query User{3AD92C2B-2FF6-4371-A932-CA2C6A0C636B}C:\\program files\\hlsw\\hlsw.exe"= UDP:C:\program files\hlsw\hlsw.exe:hlsw
"UDP Query User{2A1D03D0-CA04-4DE8-8C11-ABF7E790960D}C:\\program files\\hlsw\\hlsw.exe"= TCP:C:\program files\hlsw\hlsw.exe:hlsw
"TCP Query User{EC875458-59F7-4034-AA11-9E75BCC86083}C:\\program files\\steam\\steamapps\\venatio\\team fortress classic\\hl.exe"= UDP:C:\program files\steam\steamapps\venatio\team fortress classic\hl.exe:Half-Life Launcher
"UDP Query User{4210B803-19BA-4969-9B9E-195A3386FE41}C:\\program files\\steam\\steamapps\\venatio\\team fortress classic\\hl.exe"= TCP:C:\program files\steam\steamapps\venatio\team fortress classic\hl.exe:Half-Life Launcher
"TCP Query User{0A6D7B6F-5DA8-4550-AC62-C226D99A0B20}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{54D20B77-A8CE-44BF-89FE-9A1704185F31}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{E4A3F52F-F544-4E6F-9268-69D1ACCCE284}C:\\program files\\world of warcraft\\wow-2.0.12.6546-to-2.1.0.6692-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.0.12.6546-to-2.1.0.6692-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{57FB2CE1-C7F0-4FF4-B31E-416E7C516FDA}C:\\program files\\world of warcraft\\wow-2.0.12.6546-to-2.1.0.6692-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.0.12.6546-to-2.1.0.6692-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{9C2D5EC7-14E8-4A86-ABB7-17A43501A591}C:\\program files\\world of warcraft\\wow-2.1.0.6692-to-2.1.0.6729-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.1.0.6692-to-2.1.0.6729-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{EBF1405B-D612-4FA9-9BFE-23F600C1381A}C:\\program files\\world of warcraft\\wow-2.1.0.6692-to-2.1.0.6729-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.1.0.6692-to-2.1.0.6729-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{57898633-D0A5-408E-B871-000B21B30864}C:\\program files\\world of warcraft\\wow-2.1.0.6729-to-2.1.1.6739-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.1.0.6729-to-2.1.1.6739-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{510F0BC2-E2A8-491C-9532-F6A6CFE6A06F}C:\\program files\\world of warcraft\\wow-2.1.0.6729-to-2.1.1.6739-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.1.0.6729-to-2.1.1.6739-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{429F2D1D-D5C1-4B77-94CB-3953521ED2C8}C:\\program files\\steam\\steamapps\\venatio\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\venatio\counter-strike source\hl2.exe:hl2
"UDP Query User{DCB79CC0-37FF-4A2B-9393-215B97613734}C:\\program files\\steam\\steamapps\\venatio\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\venatio\counter-strike source\hl2.exe:hl2
"TCP Query User{7CD2502D-C855-4011-AF62-88B61CB819D3}C:\\program files\\world of warcraft\\wow-2.1.1.6739-to-2.1.2.6803-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{3402231E-DE65-4345-9BF2-4A915BE94266}C:\\program files\\world of warcraft\\wow-2.1.1.6739-to-2.1.2.6803-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{E8611673-E043-4801-A88A-43D1A4972DD9}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5F937D8D-2792-453A-A492-7007CD26974C}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{BB01BADA-14C7-4535-9681-8113B24DB1D0}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando
"UDP Query User{ABFEE489-FF99-47B5-8D34-547A3F332A40}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando
"TCP Query User{9CB81A23-D466-4665-8DA3-C6544B3B57BB}C:\\users\\yann\\appdata\\local\\temp\\is-0j7f8.tmp\\is-hb5l5.tmp"= UDP:C:\users\yann\appdata\local\temp\is-0j7f8.tmp\is-hb5l5.tmp:is-hb5l5.tmp
"UDP Query User{EB0392A5-9770-4D86-BBC3-F34EB1415BA3}C:\\users\\yann\\appdata\\local\\temp\\is-0j7f8.tmp\\is-hb5l5.tmp"= TCP:C:\users\yann\appdata\local\temp\is-0j7f8.tmp\is-hb5l5.tmp:is-hb5l5.tmp
"{3FCE26E2-0A6B-4B87-85C8-DDE41879B738}"= UDP:C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe:Serv-U FTP Server
"{73F86A78-8EEF-41B9-BBD2-7BACC5DB252B}"= TCP:C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe:Serv-U FTP Server
"TCP Query User{A1C8F081-5063-49E4-837F-CEDEE83B8D47}C:\\program files\\world of warcraft\\wow-2.1.2.6803-to-2.1.3.6898-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{BF6F327D-4913-4077-A199-BA1E73E2E88A}C:\\program files\\world of warcraft\\wow-2.1.2.6803-to-2.1.3.6898-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{8C8AD44E-35C2-4A45-A8F9-BC3451C52FC5}C:\\program files\\hlsw\\hlsw.exe"= UDP:C:\program files\hlsw\hlsw.exe:hlsw
"UDP Query User{08858B3C-8EE7-4DAB-898D-CF7526F042AA}C:\\program files\\hlsw\\hlsw.exe"= TCP:C:\program files\hlsw\hlsw.exe:hlsw
"TCP Query User{DC93FEF9-5737-46A5-AA22-2B3B4DD9474B}C:\\program files\\steam\\steamapps\\venatio\\day of defeat source\\hl2.exe"= UDP:C:\program files\steam\steamapps\venatio\day of defeat source\hl2.exe:hl2
"UDP Query User{B8CCF89F-2D03-45F0-BB13-1A947A25543B}C:\\program files\\steam\\steamapps\\venatio\\day of defeat source\\hl2.exe"= TCP:C:\program files\steam\steamapps\venatio\day of defeat source\hl2.exe:hl2
"TCP Query User{E587727E-DB12-46AB-9B61-1C71BE7AC085}C:\\program files\\electronic arts\\battlefield 2142\\bf2142pace.exe"= UDP:C:\program files\electronic arts\battlefield 2142\bf2142pace.exe:BF2142Pace
"UDP Query User{BCD11334-2898-4A0F-A951-D6E3F212C412}C:\\program files\\electronic arts\\battlefield 2142\\bf2142pace.exe"= TCP:C:\program files\electronic arts\battlefield 2142\bf2142pace.exe:BF2142Pace
"TCP Query User{9527288B-9C8C-4540-A779-1B6736346CAA}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{44D0C332-8A16-4C80-B1A2-012AE77D4E41}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{CCCFB69A-CEEB-4BB0-8379-516AACB21882}C:\\program files\\electronic arts\\battlefield 2142\\bf2142pace.exe"= UDP:C:\program files\electronic arts\battlefield 2142\bf2142pace.exe:BF2142Pace
"UDP Query User{FD087185-6AE8-429E-A752-EB61F897AE88}C:\\program files\\electronic arts\\battlefield 2142\\bf2142pace.exe"= TCP:C:\program files\electronic arts\battlefield 2142\bf2142pace.exe:BF2142Pace
"TCP Query User{A7AD3723-B6DA-48FD-9198-B91D4AA49C8F}C:\\program files\\steam\\steamapps\\venatio\\day of defeat\\hl.exe"= UDP:C:\program files\steam\steamapps\venatio\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{F410BADF-56AA-4F2E-BFDD-3BD33E4C7950}C:\\program files\\steam\\steamapps\\venatio\\day of defeat\\hl.exe"= TCP:C:\program files\steam\steamapps\venatio\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{6DB8DEBD-EE64-4A37-91E8-EBFB39C4067D}C:\\program files\\world of warcraft\\wow-2.1.3.6898-to-2.2.0.7272-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{E80CA3EC-31B7-45E6-9DDD-48150FA48565}C:\\program files\\world of warcraft\\wow-2.1.3.6898-to-2.2.0.7272-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{D6A70649-8ECA-4074-956F-7DF53FCFD5E7}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{73086070-56B4-4808-90D7-3F8C4EACC98D}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{E0840C32-7955-417F-969E-473C0823430F}C:\\program files\\world of warcraft\\wow-2.2.0.7272-to-2.2.2.7318-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{56B7E64C-94D8-4F8A-857A-10817DE9A9CD}C:\\program files\\world of warcraft\\wow-2.2.0.7272-to-2.2.2.7318-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{7FFFE9F2-EBB2-4132-A1E2-E4200A4169F4}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
"UDP Query User{A564220B-4396-4668-AAE9-22D930F33299}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
"TCP Query User{C414DA61-EB34-45F0-AF25-653B99D795CC}C:\\program files\\world of warcraft\\wow-2.2.2.7318-to-2.2.3.7359-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{76A1220B-F515-4900-8A09-4C99833D85DC}C:\\program files\\world of warcraft\\wow-2.2.2.7318-to-2.2.3.7359-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{9BFFD30F-199E-430D-9FA1-63DDC14C5D33}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{A9600260-E17D-4FE2-ABCB-2CB08D310813}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{D5E5F7E4-D77F-4F97-8A19-201514B0899A}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{D3102B72-0B2A-4D79-B985-DA9E5DE9D5B2}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"{E2CD49F3-0BE5-461F-A285-584B61CF92F5}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{28D9A0F2-EA01-4741-885A-02CDDAD108EB}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{A1B0FF32-AC7D-40E6-AB44-214F22D6CF13}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E0F66024-1BD7-4DD3-8DF8-D5B6C6CC6A90}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{725EC9C1-4B53-4EA3-9DDA-2FC823C1D675}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{5A85A3B4-6D44-4505-B716-5D7AB77BF219}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{67993E90-569D-498B-B439-284C94A7CE1D}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{302B645A-4514-4F5B-9D4B-FA1C479C532C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{82AFF952-CC26-44B4-8ED8-4E83D8C7B938}C:\\program files\\media player classic\\mplayerc.exe"= UDP:C:\program files\media player classic\mplayerc.exe:Media Player Classic
"UDP Query User{67FCAD52-0B5D-4D1F-80AA-67739AFF3DA8}C:\\program files\\media player classic\\mplayerc.exe"= TCP:C:\program files\media player classic\mplayerc.exe:Media Player Classic
"TCP Query User{14DAC6BD-3474-4034-9BCB-719A4C329182}C:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{5EAE56FC-7CBD-447E-BB15-3F471017C5FB}C:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-frfr-downloader.exe:Blizzard Downloader
"{38E3F035-AAE3-4E47-9DF7-1B4B66F0B30C}"= UDP:C:\Program Files\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{E8321947-7EB7-40F5-8F37-2AE734F78C58}"= TCP:C:\Program Files\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{03888830-63D0-4F61-9560-F2E6644EB4D8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{EB4A061C-546E-47D3-859E-E978E85AD6A5}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{AF745E15-25C7-4DC4-8208-F9DC25FBAE60}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"{DF13DE40-D043-41DA-A7BC-5D13518E5586}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EBC155A4-079C-4F9A-A7E0-402CACD1FA9B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{80206635-2039-49F3-884F-E6814D978C88}C:\\program files\\goa\\gunbound\\gunbound.gme"= UDP:C:\program files\goa\gunbound\gunbound.gme:GunBound
"UDP Query User{8500E7CA-C919-48D4-B71F-AB28B3C29D02}C:\\program files\\goa\\gunbound\\gunbound.gme"= TCP:C:\program files\goa\gunbound\gunbound.gme:GunBound
"{C5A3494F-0F3B-412E-8F61-5720F39F35CC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{98D9CD58-6978-458E-B5AD-9B0F99C83865}C:\\program files\\gears of war\\binaries\\wargame-g4wlive.exe"= UDP:C:\program files\gears of war\binaries\wargame-g4wlive.exe:Gears Of War
"UDP Query User{1D45AA43-6E1E-4DF4-9EB4-5E96BDF7F0EE}C:\\program files\\gears of war\\binaries\\wargame-g4wlive.exe"= TCP:C:\program files\gears of war\binaries\wargame-g4wlive.exe:Gears Of War
"TCP Query User{5526E62D-B6C7-4609-B5A5-DEA84219D4F2}C:\\program files\\thq\\dawn of war\\w40k.exe"= UDP:C:\program files\thq\dawn of war\w40k.exe:W40K
"UDP Query User{61621875-4E96-4ED6-9A20-626572095372}C:\\program files\\thq\\dawn of war\\w40k.exe"= TCP:C:\program files\thq\dawn of war\w40k.exe:W40K
"TCP Query User{7907356D-86C6-4796-9CB2-31A7EF995F20}C:\\typsoft ftp server\\ftpserv.exe"= UDP:C:\typsoft ftp server\ftpserv.exe:TYPSoft FTP Server
"UDP Query User{23926C39-EB5B-4B96-A15A-2A0AD42B3D1B}C:\\typsoft ftp server\\ftpserv.exe"= TCP:C:\typsoft ftp server\ftpserv.exe:TYPSoft FTP Server
"{785CAFDD-E15F-4CEF-9E74-59BDE2911664}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6D23A8DE-61AE-43B0-B80A-2D97BA3C28A9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{38E58FFB-C274-4559-BCCB-6CC723C94ECB}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{220194A5-BBA4-454C-82F0-F011F58B77CD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{6FB90D75-9C54-4F83-8988-1C367C4A368C}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{FBE82FE9-9AA8-4654-9DA9-A1A89EE3D435}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{B98634D1-BF49-4BCA-8F9A-5B48A943D8FA}C:\\program files\\codemasters\\le seigneur des anneaux online\\lotroclient.exe"= UDP:C:\program files\codemasters\le seigneur des anneaux online\lotroclient.exe:lotroclient
"UDP Query User{BCEB9BDF-DD97-4E48-BD7D-A15915D14F80}C:\\program files\\codemasters\\le seigneur des anneaux online\\lotroclient.exe"= TCP:C:\program files\codemasters\le seigneur des anneaux online\lotroclient.exe:lotroclient
"{99E16FA9-6B76-49D5-8D5A-38F2E45705ED}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{46B42DAB-C738-474C-97B9-A4DBC1654D9C}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{94EC46BD-BE07-4E0D-B518-769602A1A47E}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{291D29D5-0355-4DCD-BD8A-C8FF9DAE6B7D}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{A86A87EA-BE52-41EB-BBF2-A24DF968B0A0}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{F18542EF-3D50-4E74-BB0E-ACF8110DA7C6}C:\\program files\\bitdownload\\bitdownload.exe"= UDP:C:\program files\bitdownload\bitdownload.exe:BitDownload
"UDP Query User{6A8109B1-5927-4EAB-9F67-FA140D0E05C2}C:\\program files\\bitdownload\\bitdownload.exe"= TCP:C:\program files\bitdownload\bitdownload.exe:BitDownload

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-03-30 13:32]
R3 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-03-09 14:29]
R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 09:30]
S3 Asushwio;Asushwio;C:\Windows\system32\drivers\Asushwio.sys [2004-04-27 17:26]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-08 21:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{648785cc-10da-11dc-93f6-0018f3eaf202}]
\shell\Auto\command - G:\vcxfupngp.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\vcxfupngp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e08081c-fd7c-11db-866e-0018f3eaf202}]
\shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d73f24a7-ddfe-11db-aba8-806e6f6e6963}]
\shell\AutoRun\command - D:\setup.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-27 23:27:51 C:\Windows\Tasks\RtlVistaStart.job"
- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
"2008-05-27 21:26:13 C:\Windows\Tasks\User_Feed_Synchronization-{36E2899C-3F4C-4F92-B1BE-FA5C5F3BA3E7}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 02:12:49
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

C:\Users\Yann\AppData\Local\Temp\~DFAF01.tmp 65536 bytes
C:\Users\Yann\AppData\Local\Temp\~DFAF76.tmp 512 bytes
C:\Users\Yann\AppData\Local\Temp\~DFB0DC.tmp 16384 bytes
C:\Users\Yann\AppData\Local\Temp\~DFB0E4.tmp 512 bytes

Scan terminé avec succès
Les fichiers cachés: 4

**************************************************************************
.
Temps d'accomplissement: 2008-05-28 2:13:49
ComboFix-quarantined-files.txt 2008-05-28 00:13:41

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

276 --- E O F --- 2008-05-21 10:35:39

Malheuresemnt c'est incompréhensible pour moi.

Que doije faire ?
A voir également:

33 réponses

  • 1
  • 2
Réponse 1 / 33
Utilisateur anonyme
 
Télécharge HijackThis ici :

-> https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Post le rapport généré ici stp...
1
Réponse 2 / 33
Utilisateur anonyme
 
ok réouvre clean et passe l option 2

Ensuite envoi le rapport clean + un rapport hijackthis fais apres passage clean option 2 ST

Et dis moi comment va le pc ... pubs ??
1
Réponse 3 / 33
docsteph Messages postés 9506 Statut Membre 1 118
 
reponse :

http://www.commentcamarche.net/faq/sujet 5996 comment bloquer les fenetres cid

cdt
0
Réponse 4 / 33
Utilisateur anonyme
 
salut

lopxp ne marche pas sous vista .............
0
docsteph Messages postés 9506 Statut Membre 1 118
 
c'est pour ça qu'il faut le faire en manuel (comme expliqué) faut adapter un peu mais la logique est la même

cdt
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 33
Utilisateur anonyme
 
JE PENSE D EXPERIENCE QUE CHIQUITINE A RAISON
0
Réponse 6 / 33
Venatio Messages postés 13 Statut Membre
 
rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:40:50, on 28/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Yann\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [blue online] "C:\ProgramData\Bib bold bold.8u5urz"
O4 - HKCU\..\Run: [MODE FREE BIRD SURF] "C:\ProgramData\POLL TEST VC.p9qw1ut"
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.2.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
0
Réponse 7 / 33
Utilisateur anonyme
 
Copie le texte ci-dessous :

File::
G:\vcxfupngp.exe
C:\ProgramData\Bib bold bold.8u5urz
C:\ProgramData\POLL TEST VC.p9qw1ut

Folder::
C:\ProgramData\POLL TEST VC
C:\ProgramData\Bib bold bold

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{648785­cc-10da-11dc-93f6-0018f3eaf202}]
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d73f24­a7-ddfe-11db-aba8-806e6f6e6963}]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.
0
Réponse 8 / 33
Venatio Messages postés 13 Statut Membre
 
alors alors voila le rapport combofix :

ComboFix 08-05-27.4 - Yann 2008-05-28 11:31:29.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1132 [GMT 2:00]
Endroit: C:\Users\Yann\Desktop\ComboFix.exe
Command switches used :: C:\Users\Yann\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\ProgramData\Bib bold bold.8u5urz
C:\ProgramData\POLL TEST VC.p9qw1ut
G:\vcxfupngp.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Bib bold bold.8u5urz
C:\ProgramData\POLL TEST VC.p9qw1ut

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 23:43 --------- d-----w C:\Program Files\eMule
2008-05-27 23:39 --------- d-----w C:\Program Files\Steam
2008-05-24 11:52 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-05-23 14:26 --------- d-----w C:\Users\Yann\AppData\Roaming\uTorrent
2008-05-23 14:20 --------- d-----w C:\ProgramData\site link test
2008-05-23 14:20 --------- d-----w C:\ProgramData\beep axis mode free
2008-05-21 23:46 --------- d-----w C:\Users\Yann\AppData\Roaming\mIRC
2008-05-19 15:54 --------- d-----w C:\Users\Yann\AppData\Roaming\AVSMedia
2008-05-19 09:43 --------- d-----w C:\Program Files\World of Warcraft
2008-05-17 07:18 --------- d-----w C:\Program Files\Codemasters
2008-05-16 19:31 --------- d-----w C:\Program Files\mIRC
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 18:27 --------- d-----w C:\Program Files\Windows Live
2008-05-15 18:22 --------- d-----w C:\ProgramData\WLInstaller
2008-05-14 00:59 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 00:59 --------- d-----w C:\Program Files\Windows Mail
2008-05-10 13:09 --------- d-----w C:\ProgramData\Media Center Programs
2008-05-10 12:44 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-09 21:34 --------- d-----w C:\Users\Yann\AppData\Roaming\Turbine
2008-05-03 13:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-26 17:19 --------- d-----w C:\Program Files\PhotoFiltre
2008-04-19 05:19 --------- d-----w C:\ProgramData\NVIDIA
2008-04-18 15:44 --------- d-----w C:\ProgramData\InstallShield
2008-04-18 15:39 --------- d-----w C:\Program Files\Gpotato.eu
2008-04-18 15:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-14 23:08 --------- d-----w C:\Users\Yann\AppData\Roaming\Apple Computer
2008-04-14 23:08 --------- d-----w C:\Program Files\iTunes
2008-04-14 23:08 --------- d-----w C:\Program Files\iPod
2008-04-14 23:07 --------- d-----w C:\ProgramData\Apple Computer
2008-04-14 23:07 --------- d-----w C:\Program Files\QuickTime
2008-04-14 23:06 --------- d-----w C:\Program Files\Apple Software Update
2008-04-14 23:05 --------- d-----w C:\ProgramData\Apple
2008-04-14 23:05 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-14 21:26 --------- d-----w C:\Program Files\Veoh Networks
2008-04-02 18:46 --------- d-----w C:\Program Files\MIKSOFT
2008-03-02 02:13 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-02 02:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-02 02:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-02 02:07 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-02 02:07 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-02 02:07 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-02 02:06 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-02 02:06 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-02 02:06 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-02 02:06 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-03-02 02:06 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-02 02:06 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-02 02:06 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-03-02 02:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-20 00:21 22,328 ----a-w C:\Users\Yann\AppData\Roaming\PnkBstrK.sys
2007-08-30 10:18 174 --sha-w C:\Program Files\desktop.ini
2007-07-22 13:25 32 ----a-r C:\Users\All Users\hash.dat
2007-07-22 13:25 32 ----a-r C:\ProgramData\hash.dat
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-28_ 2.13.27,29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 00:03:08 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-28 07:30:43 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-28 00:03:08 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-28 07:30:43 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-28 00:03:08 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-28 07:30:43 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:01 1232896]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 12:23 1271032]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-27 17:33 171448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 06:57 2494464]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"blue online"="C:\ProgramData\Bib bold bold.8u5urz" [ ]
"MODE FREE BIRD SURF"="C:\ProgramData\POLL TEST VC.p9qw1ut" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2006-11-09 12:45 549376]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-11-09 13:10 1126400]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{8C1FDE97-1986-41DA-BF82-D9702F26D632}C:\\program files\\world of warcraft\\wow-2.0.3-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.0.3-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{243E6670-221F-42FE-B07D-AC015F986985}C:\\program files\\world of warcraft\\wow-2.0.3-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.0.3-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{09E24B04-96ED-4E4B-A502-1CF8FE255DBD}C:\\program files\\world of warcraft\\wow-1.12.0-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.0-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{805164A2-6031-451F-B450-A55723D407A1}C:\\program files\\world of warcraft\\wow-1.12.0-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.0-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{01BDCDD8-328D-4E87-9229-48DF7ABFBEC9}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-frfr-patch-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-frfr-patch-downloader.exe:Blizzard Downloader
"UDP Query User{4D60A0AB-C56B-4BAA-9181-9B7327847CE5}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-frfr-patch-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-frfr-patch-downloader.exe:Blizzard Downloader
"TCP Query User{8CFEB43A-5085-4B01-8FD0-B2B69D384013}C:\\program files\\world of warcraft\\wow-2.0.3.6299-to-2.0.10.6448-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.10.6448-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{14A3723D-4897-4A4F-ADCC-5ABE49D7F904}C:\\program files\\world of warcraft\\wow-2.0.3.6299-to-2.0.10.6448-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.10.6448-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{29B68D22-4A77-4127-8527-1B7D4BEB6037}C:\\program files\\steam\\steamapps\\venatio\\day of defeat source\\hl2.exe"= UDP:C:\program files\steam\steamapps\venatio\day of defeat source\hl2.exe:hl2
"UDP Query User{BD866E44-1C57-4895-81C0-17D43A7E9A64}C:\\program files\\steam\\steamapps\\venatio\\day of defeat source\\hl2.exe"= TCP:C:\program files\steam\steamapps\venatio\day of defeat source\hl2.exe:hl2
"{96933BB0-8762-468A-93B3-8606E54E3F1E}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{64D731ED-F000-4498-8D6C-C805C161A670}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"TCP Query User{256DBA96-2671-429B-93B1-DA561D64690B}C:\\program files\\world of warcraft\\wow-2.0.10.6448-to-2.0.12.6546-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.0.10.6448-to-2.0.12.6546-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{CA663BD7-E332-48AC-8A88-3BCDD0231A01}C:\\program files\\world of warcraft\\wow-2.0.10.6448-to-2.0.12.6546-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.0.10.6448-to-2.0.12.6546-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{3CB8C4E8-F514-4EB9-9656-A3C990518E1E}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{5226A56D-B5F4-43EB-9C8B-374CF41D805A}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{B0EBE8E1-CB7D-483D-B108-7133144915E4}C:\\program files\\steam\\steamapps\\venatio\\half-life\\hl.exe"= UDP:C:\program files\steam\steamapps\venatio\half-life\hl.exe:Half-Life Launcher
"UDP Query User{B3F1F46E-89A3-4A57-8F97-196E88978237}C:\\program files\\steam\\steamapps\\venatio\\half-life\\hl.exe"= TCP:C:\program files\steam\steamapps\venatio\half-life\hl.exe:Half-Life Launcher
"TCP Query User{3AD14D7B-843A-4814-BCA9-98C7F236ED46}C:\\program files\\steam\\steamapps\\venatio\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\steam\steamapps\venatio\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{59366A0B-AC08-4BF4-B5CB-5BBB4B4FE4D4}C:\\program files\\steam\\steamapps\\venatio\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\steam\steamapps\venatio\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{FFF8C09A-6C02-4501-A0EF-1AA979722FDA}C:\\stubinstaller.exe"= UDP:C:\stubinstaller.exe:LimeWire swarmed installer
"UDP Query User{7882538A-42B8-4061-83FA-9C06510FDDCB}C:\\stubinstaller.exe"= TCP:C:\stubinstaller.exe:LimeWire swarmed installer
"{032252A5-D58E-48A0-B813-E1FBD5F5FF09}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{895B9E9A-019D-446B-AE3D-781BFE0388F3}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{AA22095C-684F-4C93-B0A0-1F2F5719656B}C:\\program files\\steam\\steamapps\\venatio\\dedicated server\\hlds.exe"= UDP:C:\program files\steam\steamapps\venatio\dedicated server\hlds.exe:HLDS Launcher
"UDP Query User{DAD5C41E-83D2-41BA-9D69-8E5B6C7A6B4A}C:\\program files\\steam\\steamapps\\venatio\\dedicated server\\hlds.exe"= TCP:C:\program files\steam\steamapps\venatio\dedicated server\hlds.exe:HLDS Launcher
"TCP Query User{3AD92C2B-2FF6-4371-A932-CA2C6A0C636B}C:\\program files\\hlsw\\hlsw.exe"= UDP:C:\program files\hlsw\hlsw.exe:hlsw
"UDP Query User{2A1D03D0-CA04-4DE8-8C11-ABF7E790960D}C:\\program files\\hlsw\\hlsw.exe"= TCP:C:\program files\hlsw\hlsw.exe:hlsw
"TCP Query User{EC875458-59F7-4034-AA11-9E75BCC86083}C:\\program files\\steam\\steamapps\\venatio\\team fortress classic\\hl.exe"= UDP:C:\program files\steam\steamapps\venatio\team fortress classic\hl.exe:Half-Life Launcher
"UDP Query User{4210B803-19BA-4969-9B9E-195A3386FE41}C:\\program files\\steam\\steamapps\\venatio\\team fortress classic\\hl.exe"= TCP:C:\program files\steam\steamapps\venatio\team fortress classic\hl.exe:Half-Life Launcher
"TCP Query User{0A6D7B6F-5DA8-4550-AC62-C226D99A0B20}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{54D20B77-A8CE-44BF-89FE-9A1704185F31}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{E4A3F52F-F544-4E6F-9268-69D1ACCCE284}C:\\program files\\world of warcraft\\wow-2.0.12.6546-to-2.1.0.6692-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.0.12.6546-to-2.1.0.6692-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{57FB2CE1-C7F0-4FF4-B31E-416E7C516FDA}C:\\program files\\world of warcraft\\wow-2.0.12.6546-to-2.1.0.6692-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.0.12.6546-to-2.1.0.6692-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{9C2D5EC7-14E8-4A86-ABB7-17A43501A591}C:\\program files\\world of warcraft\\wow-2.1.0.6692-to-2.1.0.6729-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.1.0.6692-to-2.1.0.6729-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{EBF1405B-D612-4FA9-9BFE-23F600C1381A}C:\\program files\\world of warcraft\\wow-2.1.0.6692-to-2.1.0.6729-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.1.0.6692-to-2.1.0.6729-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{57898633-D0A5-408E-B871-000B21B30864}C:\\program files\\world of warcraft\\wow-2.1.0.6729-to-2.1.1.6739-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.1.0.6729-to-2.1.1.6739-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{510F0BC2-E2A8-491C-9532-F6A6CFE6A06F}C:\\program files\\world of warcraft\\wow-2.1.0.6729-to-2.1.1.6739-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.1.0.6729-to-2.1.1.6739-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{429F2D1D-D5C1-4B77-94CB-3953521ED2C8}C:\\program files\\steam\\steamapps\\venatio\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\venatio\counter-strike source\hl2.exe:hl2
"UDP Query User{DCB79CC0-37FF-4A2B-9393-215B97613734}C:\\program files\\steam\\steamapps\\venatio\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\venatio\counter-strike source\hl2.exe:hl2
"TCP Query User{7CD2502D-C855-4011-AF62-88B61CB819D3}C:\\program files\\world of warcraft\\wow-2.1.1.6739-to-2.1.2.6803-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{3402231E-DE65-4345-9BF2-4A915BE94266}C:\\program files\\world of warcraft\\wow-2.1.1.6739-to-2.1.2.6803-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.1.1.6739-to-2.1.2.6803-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{E8611673-E043-4801-A88A-43D1A4972DD9}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5F937D8D-2792-453A-A492-7007CD26974C}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{BB01BADA-14C7-4535-9681-8113B24DB1D0}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando
"UDP Query User{ABFEE489-FF99-47B5-8D34-547A3F332A40}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando
"TCP Query User{9CB81A23-D466-4665-8DA3-C6544B3B57BB}C:\\users\\yann\\appdata\\local\\temp\\is-0j7f8.tmp\\is-hb5l5.tmp"= UDP:C:\users\yann\appdata\local\temp\is-0j7f8.tmp\is-hb5l5.tmp:is-hb5l5.tmp
"UDP Query User{EB0392A5-9770-4D86-BBC3-F34EB1415BA3}C:\\users\\yann\\appdata\\local\\temp\\is-0j7f8.tmp\\is-hb5l5.tmp"= TCP:C:\users\yann\appdata\local\temp\is-0j7f8.tmp\is-hb5l5.tmp:is-hb5l5.tmp
"{3FCE26E2-0A6B-4B87-85C8-DDE41879B738}"= UDP:C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe:Serv-U FTP Server
"{73F86A78-8EEF-41B9-BBD2-7BACC5DB252B}"= TCP:C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe:Serv-U FTP Server
"TCP Query User{A1C8F081-5063-49E4-837F-CEDEE83B8D47}C:\\program files\\world of warcraft\\wow-2.1.2.6803-to-2.1.3.6898-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{BF6F327D-4913-4077-A199-BA1E73E2E88A}C:\\program files\\world of warcraft\\wow-2.1.2.6803-to-2.1.3.6898-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{8C8AD44E-35C2-4A45-A8F9-BC3451C52FC5}C:\\program files\\hlsw\\hlsw.exe"= UDP:C:\program files\hlsw\hlsw.exe:hlsw
"UDP Query User{08858B3C-8EE7-4DAB-898D-CF7526F042AA}C:\\program files\\hlsw\\hlsw.exe"= TCP:C:\program files\hlsw\hlsw.exe:hlsw
"TCP Query User{DC93FEF9-5737-46A5-AA22-2B3B4DD9474B}C:\\program files\\steam\\steamapps\\venatio\\day of defeat source\\hl2.exe"= UDP:C:\program files\steam\steamapps\venatio\day of defeat source\hl2.exe:hl2
"UDP Query User{B8CCF89F-2D03-45F0-BB13-1A947A25543B}C:\\program files\\steam\\steamapps\\venatio\\day of defeat source\\hl2.exe"= TCP:C:\program files\steam\steamapps\venatio\day of defeat source\hl2.exe:hl2
"TCP Query User{E587727E-DB12-46AB-9B61-1C71BE7AC085}C:\\program files\\electronic arts\\battlefield 2142\\bf2142pace.exe"= UDP:C:\program files\electronic arts\battlefield 2142\bf2142pace.exe:BF2142Pace
"UDP Query User{BCD11334-2898-4A0F-A951-D6E3F212C412}C:\\program files\\electronic arts\\battlefield 2142\\bf2142pace.exe"= TCP:C:\program files\electronic arts\battlefield 2142\bf2142pace.exe:BF2142Pace
"TCP Query User{9527288B-9C8C-4540-A779-1B6736346CAA}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{44D0C332-8A16-4C80-B1A2-012AE77D4E41}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{CCCFB69A-CEEB-4BB0-8379-516AACB21882}C:\\program files\\electronic arts\\battlefield 2142\\bf2142pace.exe"= UDP:C:\program files\electronic arts\battlefield 2142\bf2142pace.exe:BF2142Pace
"UDP Query User{FD087185-6AE8-429E-A752-EB61F897AE88}C:\\program files\\electronic arts\\battlefield 2142\\bf2142pace.exe"= TCP:C:\program files\electronic arts\battlefield 2142\bf2142pace.exe:BF2142Pace
"TCP Query User{A7AD3723-B6DA-48FD-9198-B91D4AA49C8F}C:\\program files\\steam\\steamapps\\venatio\\day of defeat\\hl.exe"= UDP:C:\program files\steam\steamapps\venatio\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{F410BADF-56AA-4F2E-BFDD-3BD33E4C7950}C:\\program files\\steam\\steamapps\\venatio\\day of defeat\\hl.exe"= TCP:C:\program files\steam\steamapps\venatio\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{6DB8DEBD-EE64-4A37-91E8-EBFB39C4067D}C:\\program files\\world of warcraft\\wow-2.1.3.6898-to-2.2.0.7272-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{E80CA3EC-31B7-45E6-9DDD-48150FA48565}C:\\program files\\world of warcraft\\wow-2.1.3.6898-to-2.2.0.7272-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.1.3.6898-to-2.2.0.7272-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{D6A70649-8ECA-4074-956F-7DF53FCFD5E7}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{73086070-56B4-4808-90D7-3F8C4EACC98D}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{E0840C32-7955-417F-969E-473C0823430F}C:\\program files\\world of warcraft\\wow-2.2.0.7272-to-2.2.2.7318-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{56B7E64C-94D8-4F8A-857A-10817DE9A9CD}C:\\program files\\world of warcraft\\wow-2.2.0.7272-to-2.2.2.7318-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{7FFFE9F2-EBB2-4132-A1E2-E4200A4169F4}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
"UDP Query User{A564220B-4396-4668-AAE9-22D930F33299}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
"TCP Query User{C414DA61-EB34-45F0-AF25-653B99D795CC}C:\\program files\\world of warcraft\\wow-2.2.2.7318-to-2.2.3.7359-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{76A1220B-F515-4900-8A09-4C99833D85DC}C:\\program files\\world of warcraft\\wow-2.2.2.7318-to-2.2.3.7359-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{9BFFD30F-199E-430D-9FA1-63DDC14C5D33}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{A9600260-E17D-4FE2-ABCB-2CB08D310813}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{D5E5F7E4-D77F-4F97-8A19-201514B0899A}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{D3102B72-0B2A-4D79-B985-DA9E5DE9D5B2}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"{E2CD49F3-0BE5-461F-A285-584B61CF92F5}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{28D9A0F2-EA01-4741-885A-02CDDAD108EB}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{A1B0FF32-AC7D-40E6-AB44-214F22D6CF13}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E0F66024-1BD7-4DD3-8DF8-D5B6C6CC6A90}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{725EC9C1-4B53-4EA3-9DDA-2FC823C1D675}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{5A85A3B4-6D44-4505-B716-5D7AB77BF219}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{67993E90-569D-498B-B439-284C94A7CE1D}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{302B645A-4514-4F5B-9D4B-FA1C479C532C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{82AFF952-CC26-44B4-8ED8-4E83D8C7B938}C:\\program files\\media player classic\\mplayerc.exe"= UDP:C:\program files\media player classic\mplayerc.exe:Media Player Classic
"UDP Query User{67FCAD52-0B5D-4D1F-80AA-67739AFF3DA8}C:\\program files\\media player classic\\mplayerc.exe"= TCP:C:\program files\media player classic\mplayerc.exe:Media Player Classic
"TCP Query User{14DAC6BD-3474-4034-9BCB-719A4C329182}C:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-frfr-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{5EAE56FC-7CBD-447E-BB15-3F471017C5FB}C:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-frfr-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-frfr-downloader.exe:Blizzard Downloader
"{38E3F035-AAE3-4E47-9DF7-1B4B66F0B30C}"= UDP:C:\Program Files\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{E8321947-7EB7-40F5-8F37-2AE734F78C58}"= TCP:C:\Program Files\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{03888830-63D0-4F61-9560-F2E6644EB4D8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{EB4A061C-546E-47D3-859E-E978E85AD6A5}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{AF745E15-25C7-4DC4-8208-F9DC25FBAE60}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"{DF13DE40-D043-41DA-A7BC-5D13518E5586}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EBC155A4-079C-4F9A-A7E0-402CACD1FA9B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{80206635-2039-49F3-884F-E6814D978C88}C:\\program files\\goa\\gunbound\\gunbound.gme"= UDP:C:\program files\goa\gunbound\gunbound.gme:GunBound
"UDP Query User{8500E7CA-C919-48D4-B71F-AB28B3C29D02}C:\\program files\\goa\\gunbound\\gunbound.gme"= TCP:C:\program files\goa\gunbound\gunbound.gme:GunBound
"{C5A3494F-0F3B-412E-8F61-5720F39F35CC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{98D9CD58-6978-458E-B5AD-9B0F99C83865}C:\\program files\\gears of war\\binaries\\wargame-g4wlive.exe"= UDP:C:\program files\gears of war\binaries\wargame-g4wlive.exe:Gears Of War
"UDP Query User{1D45AA43-6E1E-4DF4-9EB4-5E96BDF7F0EE}C:\\program files\\gears of war\\binaries\\wargame-g4wlive.exe"= TCP:C:\program files\gears of war\binaries\wargame-g4wlive.exe:Gears Of War
"TCP Query User{5526E62D-B6C7-4609-B5A5-DEA84219D4F2}C:\\program files\\thq\\dawn of war\\w40k.exe"= UDP:C:\program files\thq\dawn of war\w40k.exe:W40K
"UDP Query User{61621875-4E96-4ED6-9A20-626572095372}C:\\program files\\thq\\dawn of war\\w40k.exe"= TCP:C:\program files\thq\dawn of war\w40k.exe:W40K
"TCP Query User{7907356D-86C6-4796-9CB2-31A7EF995F20}C:\\typsoft ftp server\\ftpserv.exe"= UDP:C:\typsoft ftp server\ftpserv.exe:TYPSoft FTP Server
"UDP Query User{23926C39-EB5B-4B96-A15A-2A0AD42B3D1B}C:\\typsoft ftp server\\ftpserv.exe"= TCP:C:\typsoft ftp server\ftpserv.exe:TYPSoft FTP Server
"{785CAFDD-E15F-4CEF-9E74-59BDE2911664}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6D23A8DE-61AE-43B0-B80A-2D97BA3C28A9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{38E58FFB-C274-4559-BCCB-6CC723C94ECB}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{220194A5-BBA4-454C-82F0-F011F58B77CD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{6FB90D75-9C54-4F83-8988-1C367C4A368C}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{FBE82FE9-9AA8-4654-9DA9-A1A89EE3D435}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{B98634D1-BF49-4BCA-8F9A-5B48A943D8FA}C:\\program files\\codemasters\\le seigneur des anneaux online\\lotroclient.exe"= UDP:C:\program files\codemasters\le seigneur des anneaux online\lotroclient.exe:lotroclient
"UDP Query User{BCEB9BDF-DD97-4E48-BD7D-A15915D14F80}C:\\program files\\codemasters\\le seigneur des anneaux online\\lotroclient.exe"= TCP:C:\program files\codemasters\le seigneur des anneaux online\lotroclient.exe:lotroclient
"{99E16FA9-6B76-49D5-8D5A-38F2E45705ED}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{46B42DAB-C738-474C-97B9-A4DBC1654D9C}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{94EC46BD-BE07-4E0D-B518-769602A1A47E}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{291D29D5-0355-4DCD-BD8A-C8FF9DAE6B7D}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{A86A87EA-BE52-41EB-BBF2-A24DF968B0A0}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{F18542EF-3D50-4E74-BB0E-ACF8110DA7C6}C:\\program files\\bitdownload\\bitdownload.exe"= UDP:C:\program files\bitdownload\bitdownload.exe:BitDownload
"UDP Query User{6A8109B1-5927-4EAB-9F67-FA140D0E05C2}C:\\program files\\bitdownload\\bitdownload.exe"= TCP:C:\program files\bitdownload\bitdownload.exe:BitDownload

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-03-30 13:32]
R3 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-03-09 14:29]
R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 09:30]
S3 Asushwio;Asushwio;C:\Windows\system32\drivers\Asushwio.sys [2004-04-27 17:26]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-08 21:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{648785cc-10da-11dc-93f6-0018f3eaf202}]
\shell\Auto\command - G:\vcxfupngp.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\vcxfupngp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e08081c-fd7c-11db-866e-0018f3eaf202}]
\shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d73f24a7-ddfe-11db-aba8-806e6f6e6963}]
\shell\AutoRun\command - D:\setup.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-27 23:27:51 C:\Windows\Tasks\RtlVistaStart.job"
- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
"2008-05-27 21:26:13 C:\Windows\Tasks\User_Feed_Synchronization-{36E2899C-3F4C-4F92-B1BE-FA5C5F3BA3E7}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 11:32:53
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-28 11:33:48
ComboFix-quarantined-files.txt 2008-05-28 09:33:40
ComboFix2.txt 2008-05-28 00:13:49

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

288 --- E O F --- 2008-05-21 10:35:39

et voila le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:46, on 28/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\System32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Yann\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [blue online] "C:\ProgramData\Bib bold bold.8u5urz"
O4 - HKCU\..\Run: [MODE FREE BIRD SURF] "C:\ProgramData\POLL TEST VC.p9qw1ut"
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.2.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
0
Réponse 9 / 33
Utilisateur anonyme
 
Telecharge malwarebytes

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.
0
Réponse 10 / 33
Venatio Messages postés 13 Statut Membre
 
rapport si join :

alwarebytes' Anti-Malware 1.12
Version de la base de données: 793

Type de recherche: Examen complet (C:\|)
Eléments examinés: 162961
Temps écoulé: 38 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhenU (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Users\Yann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhenU (Adware.WhenUSave) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Save\ffext.mod (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\store.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhenU\Customer Support.lnk (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhenU\Uninstall Instructions.lnk (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Users\Yann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhenU\Learn More About WhenU Save.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Users\Yann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Users\Yann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhenU\WhenU.com Website.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
0
Réponse 11 / 33
Utilisateur anonyme
 
Réouvre malewarebyte
va sur quarantaine
supprime tout

Télécharge clean.zip, de Malekal
http://www.malekal.com/download/clean.zip

comment l'utiliser
Tuto
http://mickael.barroux.free.fr/securite/clean.php

(1) Dézippe-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.

(2) Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd

une fenêtre noire va apparaître pendant un instant, laisse la ouverte.

(3) Choisis l'option 1 puis patiente
Poste le rapport obtenu

pour retrouver le rapport : double clique sur > C > double clique sur " rapport_clean txt.
et copie/colle le sur ta prochaine réponse .

Ne passe pas à l'option 2 sans notre avis !
0
Réponse 12 / 33
Venatio Messages postés 13 Statut Membre
 
alwarebytes' Anti-Malware 1.12
Version de la base de données: 793

Type de recherche: Examen complet (C:\|)
Eléments examinés: 162961
Temps écoulé: 38 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhenU (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Users\Yann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhenU (Adware.WhenUSave) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Save\ffext.mod (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\store.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhenU\Customer Support.lnk (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhenU\Uninstall Instructions.lnk (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Users\Yann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhenU\Learn More About WhenU Save.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Users\Yann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Users\Yann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhenU\WhenU.com Website.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
0
Réponse 13 / 33
Venatio Messages postés 13 Statut Membre
 
oups dsl j ai poster 2 fois le meme rapport
0
Réponse 14 / 33
Utilisateur anonyme
 
cf post 11
0
Réponse 15 / 33
titemary
 
j'ai eu le meme probleme sous vista avec msn live et je l'ai résolu en supprimant les sponsors de msn dans panneau de conf ajout et suppression supprimer les sponsors
a+
titemary
0
Réponse 16 / 33
Venatio Messages postés 13 Statut Membre
 
bon ben ca n'arrive pas a créer de rapport :(
0
Réponse 17 / 33
Venatio Messages postés 13 Statut Membre
 
ca me fait bien le scan et tout et tout mais une fois arriver sur le bloc note j ai un message d'erreur
0
Réponse 18 / 33
Venatio Messages postés 13 Statut Membre
 
plus de pub pour le moment
0
Réponse 19 / 33
Utilisateur anonyme
 
ok cf post 18
0
Réponse 20 / 33
Venatio Messages postés 13 Statut Membre
 
bon e me le rapport hijackthis seulement parce que je narrive pas a avoir non plus le rapport de l option 2 de cleaner

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:04:07, on 28/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Yann\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [blue online] "C:\ProgramData\Bib bold bold.8u5urz"
O4 - HKCU\..\Run: [MODE FREE BIRD SURF] "C:\ProgramData\POLL TEST VC.p9qw1ut"
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.2.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
0

Discussions similaires

Encore les CiD
doudoudim -
doudoudim -

18 réponses
j'ai perdu mon mot de passe sous vista
gregos -
Samy -

9 réponses
Télécharger Windows 7 gratuitement pour remplacer Vista
VIX91 -
Malekal_morte- -

8 réponses
télécharger windows 7 gratuit pr remplacer windows vista edition
danv -
Marc -

5 réponses
Installer Windows 7 en "écrasant" Windows Vista
jackson461 -
madmyke -

2 réponses