Pb infection trojan !! De l'aide svp[RESOLU]
Forum Sécurité - Virus : Pb infection trojan !! De l'aide svp[RESOLU]
re
Tu vas remplacer Avast! par Antivir, qui lui est un vrai antivirus, tu vas faire un scan avec et poster le rapport. 
Désinstalle correctement Avast!
Pour le remplacer par Antivir.
-->Tuto<--
Pourquoi changer ? : Avast! vs Antivir
pense aussi à désinstaller norton
Message édité par Sham_Rock le 27-02-2008 à 23:33:01
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
re
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcdbxv.dll,#1
O4 - HKLM\..\Run: [NI.UGA6PV_0001_N122M1202] "C:\Users\kiwi\Desktop\install_fr.exe"
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\kiwi\AppData\Local\Temp\xxwxv.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\kiwi\AppData\Local\Temp\gebbc.dll,#1
O4 - HKCU\..\Run: [BM3fcd1696] Rundll32.exe "C:\Users\kiwi\AppData\Local\Temp\unrhyihk.dll",s
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\kiwi\AppData\Local\Temp\gigjmlid.dll",run
O4 - HKCU\..\Run: [3cfe250a] rundll32.exe "C:\Users\kiwi\AppData\Local\Temp\bvjjhhvx.dll",b
Clique sur Fix checked (en bas à gauche)
Double-clic sur ComboFix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport
\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
ajoute un nouveau rapport Hijackthis.
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
ComboFix 08-02-25.3 - kiwi 2008-02-28 22:46:42.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.964 [GMT 1:00]
Endroit: C:\Users\kiwi\Desktop\ComboFix(2).exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DRV\Tuner\Yuan\Resources\_desktop.ini
C:\Windows\system32\x64
C:\Windows\system32\x64\csnp2uvc.dll
C:\Windows\system32\x64\rsnpvc64.dll
C:\Windows\system32\x64\sncduvc.sys
C:\Windows\system32\x64\snp2uvc.sys
C:\Windows\system32\x64\vsnpvc64.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-28 to 2008-02-28 ))))))))))))))))))))))))))))))))))))
.
2008-02-28 22:45 . 2008-02-28 22:48 <REP> d-------- C:\ComboFix(2)
2008-02-28 22:45 . 2006-11-02 10:44 320,000 --a------ C:\Windows\System32\kmd.exe
2008-02-28 08:48 . 2,145,394,688 C:\hiberfil.sys
2008-02-27 23:52 . 2008-02-27 23:52 <REP> d-------- C:\Users\All Users\Avira
2008-02-27 23:52 . 2008-02-27 23:52 <REP> d-------- C:\ProgramData\Avira
2008-02-27 23:52 . 2008-02-27 23:52 <REP> d-------- C:\Program Files\Avira
2008-02-27 23:52 . 2008-02-27 23:55 61,632 --a------ C:\Windows\System32\drivers\avipbb.sys
2008-02-27 23:52 . 2007-03-01 10:34 28,352 --a------ C:\Windows\System32\drivers\ssmdrv.sys
2008-02-27 22:41 . 2008-02-27 22:41 <REP> d-------- C:\_OTMoveIt
2008-02-26 23:03 . 2008-02-26 23:16 <REP> d-------- C:\Program Files\ProtectionAssuree
2008-02-26 21:49 . 2008-02-26 21:49 <REP> d-------- C:\VundoFix Backups
2008-02-26 20:36 . 2008-02-26 20:36 <REP> d-------- C:\Users\kiwi\AppData\Roaming\PC Tools
2008-02-26 20:36 . 2008-02-26 20:41 <REP> d-------- C:\Program Files\Spyware Doctor
2008-02-24 18:35 . 2008-02-24 18:35 319 --a------ C:\Windows\game.ini
2008-02-22 11:13 . 2008-02-22 11:13 <REP> dr-h----- C:\Users\kiwi\AppData\Roaming\SecuROM
2008-02-22 11:13 . 2008-02-22 11:13 <REP> d-------- C:\Users\All Users\Media Center Programs
2008-02-22 11:13 . 2008-02-22 11:13 <REP> d-------- C:\ProgramData\Media Center Programs
2008-02-22 11:02 . 2008-02-22 11:13 <REP> d-------- C:\Program Files\Tomb Raider - Anniversary
2008-02-20 09:55 . 2008-02-20 13:13 <REP> d-------- C:\Program Files\Battlefield Vietnam
2008-02-19 22:30 . 2008-02-28 00:13 <REP> d-------- C:\Users\kiwi\AppData\Roaming\uTorrent
2008-02-19 22:30 . 2008-02-21 00:04 <REP> d-------- C:\Program Files\uTorrent
2008-02-19 14:28 . 2008-02-19 14:28 <REP> d-------- C:\Program Files\Common Files\NSV
2008-02-19 11:23 . 2008-02-19 11:24 <REP> d-------- C:\Users\All Users\OrbNetworks
2008-02-19 11:23 . 2008-02-19 11:24 <REP> d-------- C:\ProgramData\OrbNetworks
2008-02-19 11:23 . 2008-02-19 11:24 <REP> d-------- C:\Program Files\Winamp Remote
2008-02-19 11:22 . 2008-02-26 18:40 <REP> d-------- C:\Users\kiwi\AppData\Roaming\Winamp
2008-02-19 11:22 . 2008-02-24 15:47 <REP> d-------- C:\Program Files\Winamp
2008-02-19 11:22 . 2007-03-08 00:51 1,628,920 --------- C:\Windows\System32\pxsfs.dll
2008-02-19 11:22 . 2007-03-08 00:51 547,576 --------- C:\Windows\System32\px.dll
2008-02-19 11:22 . 2007-03-08 00:51 510,712 --------- C:\Windows\System32\pxdrv.dll
2008-02-19 11:22 . 2007-03-08 00:51 379,640 --------- C:\Windows\System32\pxwave.dll
2008-02-19 11:22 . 2007-03-08 00:51 187,128 --------- C:\Windows\System32\pxmas.dll
2008-02-19 11:22 . 2007-03-08 00:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-02-19 11:22 . 2007-03-08 00:51 72,440 --------- C:\Windows\System32\pxhpinst.exe
2008-02-19 11:22 . 2007-03-08 00:51 64,760 --------- C:\Windows\System32\pxinsa64.exe
2008-02-19 11:22 . 2007-03-08 00:51 64,760 --------- C:\Windows\System32\pxcpya64.exe
2008-02-19 11:22 . 2007-03-08 00:51 39,672 --------- C:\Windows\System32\vxblock.dll
2008-02-16 01:00 . 2008-01-10 06:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-13 22:09 . 2008-02-13 22:09 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 22:09 . 2008-02-13 22:09 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 22:05 . 2008-02-13 22:05 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 22:01 . 2008-02-13 22:01 6,066,176 --a------ C:\Windows\System32\ieframe.dll
2008-02-08 11:44 . 2008-02-08 11:44 <REP> d-------- C:\watcom-1.3
2008-02-08 11:44 . 2008-02-08 11:44 155,648 --a------ C:\Windows\System32\WMIMPLEX.dll
2008-02-08 11:44 . 2008-02-08 11:44 36,864 --a------ C:\Windows\System32\maplec.dll
2008-02-07 20:15 . 2008-02-22 11:11 <REP> d-------- C:\Program Files\Maple 10
2008-02-07 20:13 . 2008-02-07 20:13 <REP> d--h----- C:\Users\kiwi\InstallAnywhere
2008-02-07 20:13 . 2008-02-08 11:44 <REP> d--h----- C:\Program Files\Zero G Registry
2008-02-03 16:18 . 2008-02-08 00:25 <REP> d--h----- C:\Users\kiwi\Zero G Registry
2008-02-03 15:31 . 2008-02-03 15:31 <REP> d-------- C:\Program Files\SWEP1R
2008-01-31 22:05 . 2008-01-31 22:17 <REP> d-------- C:\Program Files\MSN Messenger
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 20:10 27,240 ----a-w C:\Users\kiwi\AppData\Roaming\nvModes.dat
2008-02-28 07:48 2,459,320,320 --sha-w C:\pagefile.sys
2008-02-27 23:33 --------- d-----w C:\Program Files\Mozilla Firefox
2008-02-26 22:16 --------- d-----w C:\Program Files\Common Files
2008-02-26 21:51 --------- d-----w C:\Program Files\Microsoft Games
2008-02-26 21:49 --------- d---a-w C:\ProgramData\TEMP
2008-02-24 17:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-20 23:09 --------- d-----w C:\Program Files\Half-Life
2008-02-20 23:07 --------- d-----w C:\Program Files\Common Files\microsoft shared
2008-02-15 20:50 --------- d-----w C:\Users\kiwi\AppData\Roaming\BSplayer
2008-02-15 20:50 --------- d-----w C:\Program Files\Webteh
2008-02-13 21:16 --------- d-----w C:\Program Files\Internet Explorer
2008-02-13 21:05 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 21:01 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-04 23:09 18,214,008 ----a-w C:\Windows\System32\mrt.exe
2008-01-20 22:20 20 ---h--w C:\Users\All Users\PKP_DLec.DAT
2008-01-20 22:20 20 ---h--w C:\Users\All Users\PKP_DLds.DAT
2008-01-20 22:20 20 ---h--w C:\ProgramData\PKP_DLec.DAT
2008-01-20 22:20 20 ---h--w C:\ProgramData\PKP_DLds.DAT
2008-01-19 16:48 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-01-19 16:28 --------- d-----w C:\Program Files\THQ
2008-01-15 22:33 --------- d-----w C:\Program Files\Windows Mail
2008-01-15 22:21 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-15 22:21 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-15 22:21 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-15 22:21 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-15 17:08 --------- d-----w C:\Program Files\OrangeHSS
2008-01-15 17:00 --------- d-----w C:\Program Files\Common Files\France Telecom
2008-01-15 16:57 --------- d-----w C:\Program Files\Inventel
2008-01-13 09:33 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-01-13 09:13 --------- d-----w C:\Program Files\Alwil Software
2008-01-13 09:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-13 08:59 --------- d-----w C:\ProgramData\Symantec
2008-01-13 08:59 --------- d-----w C:\Program Files\Symantec
2008-01-06 13:18 --------- d-----w C:\Users\kiwi\AppData\Roaming\BSplayer Pro
2008-01-06 09:08 --------- d-----w C:\Program Files\Acer GameZone
2008-01-05 20:47 --------- d-----w C:\Program Files\URUSoft
2008-01-05 20:20 --------- d-----w C:\Users\kiwi\AppData\Roaming\Media Player Classic
2008-01-05 20:20 --------- d-----w C:\Program Files\Real Alternative
2008-01-05 20:20 --------- d-----w C:\Program Files\Media Player Classic
2008-01-01 22:31 --------- d-----w C:\Program Files\Common Files\Real
2007-12-16 10:22 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-16 10:21 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-16 10:21 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-02 12:06 174 --sha-w C:\Program Files\desktop.ini
2007-12-02 11:50 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-02 11:50 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-02 11:50 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-02 11:50 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-02 11:50 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-02 11:50 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-02 11:50 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-02 11:50 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-02 11:50 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-02 11:50 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-02 11:45 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-12-02 11:45 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-12-02 11:45 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-12-02 11:45 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-12-02 11:45 10,617,344 ----a-w C:\Windows\System32\wmp.dll
2007-12-02 11:42 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-12-02 11:36 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-12-02 11:33 750,080 ----a-w C:\Windows\System32\qmgr.dll
2007-12-02 11:18 80,896 ----a-w C:\Windows\System32\wudriver.dll
2007-12-02 11:18 549,720 ----a-w C:\Windows\System32\wuapi.dll
2007-12-02 11:18 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2007-12-02 11:18 43,352 ----a-w C:\Windows\System32\wups2.dll
2007-12-02 11:18 33,624 ----a-w C:\Windows\System32\wups.dll
2007-12-02 11:18 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2007-12-02 11:18 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2007-12-02 11:17 31,232 ----a-w C:\Windows\System32\wuapp.exe
2007-12-02 11:17 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2007-11-28 21:32 0 --sha-r C:\MSDOS.SYS
2007-11-28 21:32 0 --sha-r C:\IO.SYS
2007-11-27 12:56 0 ----a-w C:\Users\kiwi\AppData\Roaming\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-15 23:21 1232896]
"Acer Tour Reminder"="" []
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-19 21:13 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 21:02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-10 07:58 1006264]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [ ]
"Persistence"="C:\Windows\system32\igfxpers.exe" [ ]
"ALaunch"="C:\Acer\ALaunch\AlaunchClient.exe" [ ]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 04:06 4669440 C:\Windows\RtHDVCpl.exe]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 15:33 457216]
"Acer Tour"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 03:38 40048]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 16:39 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 16:39 8470528]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 16:39 81920]
"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 11:35 94208]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 10:15 752136]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 12:38 206952]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 12:00 174872]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 09:06 159744]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2006-12-12 19:16 90112]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"MSServer"="C:\Windows\system32\ddcdbxv.dll" [ ]
"NI.UGA6PV_0001_N122M1202"="C:\Users\kiwi\Desktop\install_fr.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-27 23:55 249896]
C:\Users\kiwi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-10 08:29:07 535336]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-12-01 16:37:00 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1ACDC690-E812-4BF4-8277-CADB310BB196}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe|Desc=Acer Arcade Deluxe
"{975C10A6-89E7-450F-8386-9F6BEC5992B5}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician|Desc=VideoMagician
"{4B2A96AC-90BB-469D-96F2-1E462E2F2103}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia|Desc=HomeMedia
"{CB0A5015-2744-4511-8C92-B47FF3948EAF}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe
V Wizard|Desc=DV Wizard
"{849D0299-7E5F-4D16-821F-6475DF1EFD43}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{25219AE5-C395-490A-927D-5917C456B162}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4501C1FC-2596-4C90-8279-68E71179C8F6}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exeVDivine|Desc=DVDivine
"{2FA21601-CB39-4331-866E-40BD0890B95E}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe
lay Movie|Desc=Play Movie
"{F2EDC553-44F9-4BB6-A65B-C619B0F9AA3D}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exelay Movie Resident Program|Desc=Play Movie Resident Program
"TCP Query User{A6A4212C-46B0-4D86-970A-F3910D1BB94F}C:\program files\ea games\battlefield 1942\bf1942.exe"= UDP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942|Desc=BF1942
"UDP Query User{5EAEB291-8EBC-4D14-B8B8-C77D87D262BA}C:\program files\ea games\battlefield 1942\bf1942.exe"= TCP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942|Desc=BF1942
"{8F085BA9-5D2D-4897-9877-B2FA31C2D599}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{55093EC2-D8D3-4822-9DA4-B72DAD44F255}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{BAF5D7E9-168C-43C9-858F-F1CF197816D4}D:\zeux\ea games\battlefield 1942\bf1942.exe"= UDP:\zeux\ea games\battlefield 1942\bf1942.exe:BF1942|Desc=BF1942
"UDP Query User{FAD46079-0209-4B7B-B626-39C5B1EEAE02}D:\zeux\ea games\battlefield 1942\bf1942.exe"= TCP:\zeux\ea games\battlefield 1942\bf1942.exe:BF1942|Desc=BF1942
"TCP Query User{6F4DAA97-F672-4F19-B86D-204D39D4899F}C:\program files\half-life\hl.exe"= UDP:C:\program files\half-life\hl.exe:Half-Life Launcher|Desc=Half-Life Launcher
"UDP Query User{DC22B9C5-FFDD-495D-ACF2-30B46ABDA4B0}C:\program files\half-life\hl.exe"= TCP:C:\program files\half-life\hl.exe:Half-Life Launcher|Desc=Half-Life Launcher
"TCP Query User{BE00F0D4-3FAE-4A7D-A8BE-6B656A70460C}C:\program files\zeux\ea games\battlefield 1942\bf1942.exe"= UDP:C:\program files\zeux\ea games\battlefield 1942\bf1942.exe:BF1942.exe|Desc=BF1942.exe
"UDP Query User{CBF43121-F86E-4320-B1EE-08CDC11EE37E}C:\program files\zeux\ea games\battlefield 1942\bf1942.exe"= TCP:C:\program files\zeux\ea games\battlefield 1942\bf1942.exe:BF1942.exe|Desc=BF1942.exe
"TCP Query User{7D5EF960-2B6A-4CBB-96AE-6341F33E063E}C:\program files\microsoft games\age of empires iii\age3.exe"= UDP:C:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3|Desc=Age of Empires 3
"UDP Query User{686C86A7-1E6C-4C14-AAA3-DC4EC99182CF}C:\program files\microsoft games\age of empires iii\age3.exe"= TCP:C:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3|Desc=Age of Empires 3
"TCP Query User{09F0331A-9ABD-44AA-9DA8-1393893DB856}C:\program files\microsoft games\age of mythology\aom.exe"= UDP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology|Desc=Age of Mythology
"UDP Query User{9AF36308-03DA-4D61-8274-83EA4EDF7808}C:\program files\microsoft games\age of mythology\aom.exe"= TCP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology|Desc=Age of Mythology
"TCP Query User{50EDF01D-9403-4B7F-9E1E-FAFE7936FC51}C:\program files\microsoft games\age of mythology\aom.exe"= UDP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology|Desc=Age of Mythology
"UDP Query User{7A23E977-D187-443F-B555-E3204516930B}C:\program files\microsoft games\age of mythology\aom.exe"= TCP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology|Desc=Age of Mythology
"TCP Query User{523F5FB3-25BB-4BBF-BEEC-12A8BAB4433B}C:\program files\vlc\vlc.exe"= UDP:C:\program files\vlc\vlc.exe:VLC media player|Desc=VLC media player
"UDP Query User{D2B897AE-D12E-4B1B-A7C4-376DD5172476}C:\program files\vlc\vlc.exe"= TCP:C:\program files\vlc\vlc.exe:VLC media player|Desc=VLC media player
"TCP Query User{AC4293CF-1E4C-456D-A5E9-D55C63712A8C}C:\program files\serious sam 2\bin\sam2.exe"= UDP:C:\program files\serious sam 2\bin\sam2.exe:Sam2.exe|Desc=Sam2.exe
"UDP Query User{EC032255-5EF0-4611-9104-203933CA76FA}C:\program files\serious sam 2\bin\sam2.exe"= TCP:C:\program files\serious sam 2\bin\sam2.exe:Sam2.exe|Desc=Sam2.exe
"{C90959AF-D439-456E-8496-3860C69C10B1}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{3FCEFF21-F74D-411D-B372-C43F7FCE0115}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{94C6498A-F8C8-4F2E-BD37-792B5D428340}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{CFC10431-EAAE-408C-85B7-2EA3A40C9FF4}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{BCA44E92-9BFE-4271-A95D-C136FECC7429}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"TCP Query User{3DC099DE-814E-43E1-9609-F9C45CD59831}C:\program files\maple 10\jre\bin\maple.exe"= UDP:C:\program files\maple 10\jre\bin\maple.exe:maple.exe|Desc=maple.exe
"UDP Query User{D4897CF7-A6AE-4C43-8D08-9C97649D572B}C:\program files\maple 10\jre\bin\maple.exe"= TCP:C:\program files\maple 10\jre\bin\maple.exe:maple.exe|Desc=maple.exe
"TCP Query User{4384103E-5D51-4047-AC17-D2A8EB49567B}C:\program files\maple 10\jre\bin\java.exe"= UDP:C:\program files\maple 10\jre\bin\java.exe:java.exe|Desc=java.exe
"UDP Query User{35BCA76C-1A64-458B-AAA1-360EAD1D3ECA}C:\program files\maple 10\jre\bin\java.exe"= TCP:C:\program files\maple 10\jre\bin\java.exe:java.exe|Desc=java.exe
"{7416B301-8C8D-457B-B1A2-78C24CA37C1D}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe
rb
"{5DC3E9FC-11BB-4E6F-BF06-47D5FACB7AD3}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exerb
"{2C4FEB05-7CB6-446B-85BC-63E15BF5F14A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exerbTray
"{61B18EFA-7FC9-4A53-A7FE-24A9E9A32E52}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exerbTray
"{E21A2B53-5B06-41EE-89ED-AD69C4B3534B}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exerbIR
"{877953C9-565A-4F33-8088-A31B1B3CB6AA}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exerbIR
"{588CA41F-43B8-451C-9FDA-317694063088}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exerb Stream Client
"{3B5E60F9-7143-479E-BFDC-0465156DD0BF}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exerb Stream Client
"TCP Query User{403D3CF1-7ECD-4823-8BE7-C6C238DB8F60}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent.exe|Desc=uTorrent.exe
"UDP Query User{FB498415-9528-46CB-8845-9B7F4CA76130}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent.exe|Desc=uTorrent.exe
"TCP Query User{8B23B94E-C4DF-4920-8886-5458D4DFFDE9}C:\program files\battlefield vietnam\bfvietnam.exe"= UDP:C:\program files\battlefield vietnam\bfvietnam.exe:BfVietnam.exe|Desc=BfVietnam.exe
"UDP Query User{34DDAE2E-4A7E-42C8-B0E8-4CE36B5CE142}C:\program files\battlefield vietnam\bfvietnam.exe"= TCP:C:\program files\battlefield vietnam\bfvietnam.exe:BfVietnam.exe|Desc=BfVietnam.exe
"TCP Query User{B59B58FF-A72E-4E34-870E-1A58D560BA5D}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent.exe|Desc=uTorrent.exe
"UDP Query User{ECC690B4-7BE7-4575-8E75-742BD9E43A46}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent.exe|Desc=uTorrent.exe
"TCP Query User{51949B8A-E8E6-4DE0-830F-04E74A9985E5}C:\program files\battlefield vietnam\bfvietnam_w32ded.exe"= UDP:C:\program files\battlefield vietnam\bfvietnam_w32ded.exe:bfvietnam_w32ded.exe|Desc=bfvietnam_w32ded.exe
"UDP Query User{CF1B6C2F-C85E-4800-82FF-108B6C0F0489}C:\program files\battlefield vietnam\bfvietnam_w32ded.exe"= TCP:C:\program files\battlefield vietnam\bfvietnam_w32ded.exe:bfvietnam_w32ded.exe|Desc=bfvietnam_w32ded.exe
"TCP Query User{A1FEA10D-FDBB-4D26-8685-52EC001174C4}C:\program files\zeux\ea games\battlefield 2\bf2_w32ded.exe"= UDP:C:\program files\zeux\ea games\battlefield 2\bf2_w32ded.exe:Bf2_w32ded.exe|Desc=Bf2_w32ded.exe
"UDP Query User{0CA215EA-006D-4412-BCFA-DBBEE55BDBD5}C:\program files\zeux\ea games\battlefield 2\bf2_w32ded.exe"= TCP:C:\program files\zeux\ea games\battlefield 2\bf2_w32ded.exe:Bf2_w32ded.exe|Desc=Bf2_w32ded.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 15:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 15:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 15:34]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 15:51]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 13:24]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 15:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 14:00]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 13:05]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 11:57]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 10:56]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 11:23]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 06:23]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 11:03]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 09:26]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-08-02 14:17]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 09:57]
S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 08:30]
S3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-29 23:45]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 21:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 21:46]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 15:47]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2540fd2d-b19e-11dc-91ac-c82d40bd5a1b}]
\shell\AutoRun\command - F:\Setup.exe
\shell\setup\command - F:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74833774-a6ec-11dc-b17a-e3a2a79b2d9e}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-27 22:48:31 C:\Windows\Tasks\User_Feed_Synchronization-{19BB1475-95D8-42A2-BBE3-6790E09093C7}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 22:48:30
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
VOila, par contre il ne m'a pas poser de question , je sais pas ce que je dois en penser ! Mais j'ai redémarrer et il y plus kun seul mess d'alerte au lieu de la 10 de tout a lheure !
