TDSS Trojan
Fermé
Fryct
-
14 juil. 2009 à 16:44
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 - 20 juil. 2009 à 09:49
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 - 20 juil. 2009 à 09:49
A voir également:
- TDSS Trojan
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Csrss.exe trojan - Forum Virus
- Trojan win32 - Forum Virus
- Csrss.exe : processus suspect/virus ? - Forum Virus
- Trojan agent ✓ - Forum Virus
56 réponses
loick22
Messages postés
297
Date d'inscription
samedi 27 juin 2009
Statut
Membre
Dernière intervention
15 mai 2010
20
14 juil. 2009 à 16:47
14 juil. 2009 à 16:47
si tu a rien d'inportent formate c'est le mieu tu va faire un grand menage
loick22
Messages postés
297
Date d'inscription
samedi 27 juin 2009
Statut
Membre
Dernière intervention
15 mai 2010
20
14 juil. 2009 à 19:28
14 juil. 2009 à 19:28
plus il touche au virus plus yan a
fix200
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
158
14 juil. 2009 à 16:47
14 juil. 2009 à 16:47
Salut :)
Beau topic pour travailler .
Attachez vos ceintures lol :
Si vous êtes sous Vista désactivez l'UAC
======================================================
>>>>>>>>>>>>>>>>>>>>>> /!\ Attention /!\ <<<<<<<<<<<<<<<<<<<<<<
======================================================
/!\ SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS /!\
_________________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================
============> A lire, Impératif <============
Télécharge ComboFix (de sUBs) sur ton bureau
AVANT d'utiliser ComboFix :
▶ /!\ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
▶ (!) Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection (!).
▶ Double clique sur Combofix.exe afin de le lancer (Sous Vista: Clique droit et choisir exécuter en tant qu'administrateur")
▶ Il va te demander d'installer le console de récupération , reconnecte toi juste le temps de la télécharger , ensuite coupe ta connexion internet .
* En cas de problèmes d'installation, Tuto
Sous XP
Sous Vista
▶ Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Ne touche a rien tant que le scan n'est pas fini /!\
▶ A la fin du scan , il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection , laisse le faire ....
▶ Après le redémarrage du PC, un rapport s'ouvrira dans le Bloc notes en fin d'analyse,
▶ Réactive toutes tes défenses , reviens sur le forum puis copie et colle le rapport dans ton a ta prochaine réponse
Note :
(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)
++
Beau topic pour travailler .
Attachez vos ceintures lol :
Si vous êtes sous Vista désactivez l'UAC
======================================================
>>>>>>>>>>>>>>>>>>>>>> /!\ Attention /!\ <<<<<<<<<<<<<<<<<<<<<<
======================================================
/!\ SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS /!\
_________________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================
============> A lire, Impératif <============
Télécharge ComboFix (de sUBs) sur ton bureau
AVANT d'utiliser ComboFix :
▶ /!\ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
▶ (!) Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection (!).
▶ Double clique sur Combofix.exe afin de le lancer (Sous Vista: Clique droit et choisir exécuter en tant qu'administrateur")
▶ Il va te demander d'installer le console de récupération , reconnecte toi juste le temps de la télécharger , ensuite coupe ta connexion internet .
* En cas de problèmes d'installation, Tuto
Sous XP
Sous Vista
▶ Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Ne touche a rien tant que le scan n'est pas fini /!\
▶ A la fin du scan , il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection , laisse le faire ....
▶ Après le redémarrage du PC, un rapport s'ouvrira dans le Bloc notes en fin d'analyse,
▶ Réactive toutes tes défenses , reviens sur le forum puis copie et colle le rapport dans ton a ta prochaine réponse
Note :
(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)
++
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
463
14 juil. 2009 à 21:18
14 juil. 2009 à 21:18
Salut,
nouvelle variante Tibs ... et combo passe au travers ! ... intéressant ....
pour suivre donc ...
;)
nouvelle variante Tibs ... et combo passe au travers ! ... intéressant ....
pour suivre donc ...
;)
jfkpresident
Messages postés
13408
Date d'inscription
lundi 3 septembre 2007
Statut
Contributeur sécurité
Dernière intervention
5 janvier 2015
1 175
15 juil. 2009 à 20:01
15 juil. 2009 à 20:01
Bonjour a tous ;
Peut etre aurait il du etre "renommé" avant ?
et combo passe au travers !
Peut etre aurait il du etre "renommé" avant ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
fix200
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
158
14 juil. 2009 à 16:49
14 juil. 2009 à 16:49
Bonjour ,
Ici le formatage c la dérinére option .
Fryct :
Fais ceci : > http://www.commentcamarche.net/forum/affich 13353816 tdss trojan?#1
++
Ici le formatage c la dérinére option .
Fryct :
Fais ceci : > http://www.commentcamarche.net/forum/affich 13353816 tdss trojan?#1
++
Merci pour l'aide, j'ai donc suivi les instructions mais ça ne semble pas avoir changé grand-chose. Je n'ai pas eu à rebooter (ce que j'ai quand même fait, en cas) et il est toujours là au redémarrage. Voici le rapport Combofix, où il y a d'ailleurs un certain Start1Driver.SYS. Serait-ce lui le coupable ?
------------
ComboFix 09-07-13.01 - Fryct 14/07/2009 17:07.5.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3583.2509 [GMT 2:00]
Running from: c:\users\Fryct\Desktop\ComboFix.exe
SP: AdwareBot *disabled* (Updated) {2BFC08CE-6B66-47D4-BA62-0A39887A0229}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.
2009-07-14 15:15 . 2009-07-14 15:15 -------- d-----w- c:\users\Fryct\AppData\Local\temp
2009-07-14 13:35 . 2009-07-14 13:35 -------- d-----w- c:\program files\Trend Micro
2009-07-14 11:56 . 2009-07-14 12:49 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-07-14 11:36 . 2009-03-14 04:48 5120 ----a-w- c:\windows\system32\drivers\Start1Driver.SYS
2009-07-14 09:45 . 2009-07-14 09:45 -------- d-----w- c:\progra~2\Simply Super Software
2009-07-13 22:27 . 2009-07-13 23:19 -------- d-----w- c:\windows\BDOSCAN8
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\users\Fryct\AppData\Roaming\Malwarebytes
2009-07-13 18:41 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-13 18:41 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 16:23 . 2009-07-13 16:23 -------- d---a-w- c:\program files\Common Files\Nero
2009-07-13 16:07 . 2009-07-13 16:07 -------- d-----w- c:\progra~2\SlySoft
2009-07-13 16:04 . 2009-07-13 16:04 -------- d-----w- c:\program files\SlySoft
2009-07-12 21:47 . 2009-07-12 22:17 -------- d-----w- c:\users\Fryct\AppData\Roaming\CyberLink
2009-07-12 21:47 . 2009-07-12 21:47 -------- d-----w- c:\users\Public\CyberLink
2009-07-12 21:44 . 2009-07-12 21:44 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-12 21:40 . 2009-07-12 22:07 -------- d-----w- c:\progra~2\CyberLink
2009-07-12 21:40 . 2008-05-14 12:48 29480 ------w- c:\windows\system32\msxml3a.dll
2009-07-12 21:39 . 2008-05-14 12:48 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-12 21:39 . 2009-07-13 16:15 -------- d-----w- c:\program files\CyberLink
2009-07-12 08:45 . 2009-07-12 08:45 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-12 08:45 . 2009-07-12 08:45 -------- d-----w- c:\windows\system32\AGEIA
2009-07-12 08:29 . 2009-07-12 08:29 -------- d-----w- c:\users\Fryct\{c904a8d4-a5d3-4d40-a799-60f6c462408a}
2009-07-12 08:29 . 2009-06-04 14:39 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-08 17:58 . 2005-07-25 09:59 28672 ----a-w- c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
2009-07-05 17:55 . 2008-04-16 12:13 65536 ----a-w- c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\doudehou@gmail.com\components\statusbarEx.dll
2009-07-05 00:33 . 2009-07-05 07:17 -------- d-----w- c:\users\Fryct\AppData\Roaming\IGN_DLM
2009-07-01 15:57 . 2009-07-01 15:57 0 ----a-w- c:\windows\nsreg.dat
2009-07-01 15:57 . 2009-07-01 15:57 -------- d-----w- c:\users\Fryct\AppData\Local\Mozilla
2009-06-20 09:48 . 2009-06-20 09:48 -------- d-----w- c:\users\Fryct\AppData\Local\ArmA 2
2009-06-20 09:47 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-06-20 09:47 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-06-20 09:47 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-06-20 09:47 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-06-20 09:35 . 2009-06-20 09:35 -------- d-----w- c:\program files\Bohemia Interactive
2009-06-17 19:46 . 2009-06-17 19:46 -------- d-----w- c:\users\Fryct\AppData\Local\Monte Cristo
2009-06-15 19:06 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-15 19:06 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-15 19:06 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-15 19:06 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-15 19:06 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-15 19:06 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 14:35 . 2006-11-02 15:48 716060 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-14 14:35 . 2006-11-02 15:48 144214 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-14 14:30 . 2008-07-24 14:48 -------- d-----w- c:\progra~2\NVIDIA
2009-07-14 14:30 . 2009-07-12 08:52 31966 ----a-w- c:\progra~2\nvModes.dat
2009-07-13 16:23 . 2008-07-24 17:11 -------- d-----w- c:\program files\Nero
2009-07-13 16:15 . 2008-07-25 22:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-13 14:56 . 2008-07-24 19:34 -------- d-----w- c:\program files\Steam
2009-07-12 21:47 . 2008-07-24 14:42 106240 ----a-w- c:\users\Fryct\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-12 21:38 . 2008-07-24 14:44 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-12 16:03 . 2008-09-25 15:16 -------- d-----w- c:\users\Fryct\AppData\Roaming\vlc
2009-07-12 08:45 . 2008-11-08 12:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 08:39 . 2008-07-24 14:41 2708 ----a-w- c:\users\Fryct\AppData\Local\d3d9caps.dat
2009-07-12 03:21 . 2008-07-26 17:11 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-11 20:42 . 2008-07-24 18:19 -------- d-----w- c:\users\Fryct\AppData\Roaming\MxBoost
2009-07-05 11:08 . 2008-07-24 19:34 -------- d-----w- c:\program files\Common Files\Steam
2009-07-05 09:32 . 2008-08-23 11:39 -------- d-----w- c:\program files\City of Heroes
2009-06-30 16:50 . 2008-07-26 21:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-23 12:11 . 2008-07-25 22:10 137888 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-23 12:11 . 2008-07-25 22:09 189288 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-22 11:51 . 2008-07-25 22:09 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-17 17:47 . 2009-05-09 10:38 -------- d-----w- c:\program files\Common Files\BioWare
2009-06-17 17:46 . 2008-07-26 15:49 -------- d-----w- c:\progra~2\Media Center Programs
2009-06-14 15:15 . 2009-06-13 13:26 -------- d-----w- c:\program files\Sony Online Entertainment
2009-06-11 18:46 . 2008-08-02 09:51 -------- d-----w- c:\progra~2\Steam
2009-06-11 18:46 . 2008-08-02 09:50 -------- d-----w- c:\progra~2\PopCap Games
2009-06-10 16:33 . 2009-06-10 16:33 9899296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-06-10 16:33 . 2009-06-10 16:33 989696 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 16:33 . 2009-06-10 16:33 7611904 ----a-w- c:\windows\system32\nvd3dum.dll
2009-06-10 16:33 . 2009-06-10 16:33 678432 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 16:33 . 2009-06-10 16:33 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 16:33 . 2009-06-10 16:33 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-06-10 16:33 . 2009-06-10 16:33 3148288 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-06-10 16:33 . 2009-06-10 16:33 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod155.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 16:33 . 2009-06-10 16:33 1317408 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 16:33 . 2009-06-10 16:33 10379264 ----a-w- c:\windows\system32\nvoglv32.dll
2009-06-10 09:19 . 2008-07-26 07:13 -------- d-----w- c:\progra~2\Microsoft Help
2009-06-10 06:35 . 2009-06-10 06:35 1505824 ----a-w- c:\windows\system32\nvcpluir.dll
2009-06-10 06:35 . 2009-06-10 06:35 1358368 ----a-w- c:\windows\system32\nvsvsr.dll
2009-06-10 06:35 . 2009-06-10 06:35 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-06-10 06:35 . 2009-06-10 06:35 1296928 ----a-w- c:\windows\system32\nvsvs.dll
2009-06-10 04:33 . 2009-06-10 04:33 244736 ----a-w- c:\windows\system32\nvStInst.exe
2009-06-10 04:33 . 2009-06-10 04:33 467968 ----a-w- c:\windows\system32\nvstlink.exe
2009-06-10 04:33 . 2009-06-10 04:33 3953152 ----a-w- c:\windows\system32\nvstwiz.exe
2009-06-10 04:33 . 2009-06-10 04:33 141824 ----a-w- c:\windows\system32\nvStereoApiI.dll
2009-06-10 04:33 . 2009-06-10 04:33 171520 ----a-w- c:\windows\system32\nvStereoApiI64.dll
2009-06-10 04:33 . 2009-06-10 04:33 232960 ----a-w- c:\windows\system32\nvSCPAPISvr.exe
2009-06-10 04:32 . 2009-06-10 04:32 257536 ----a-w- c:\windows\system32\nvSCPAPI.dll
2009-06-10 04:32 . 2009-06-10 04:32 301568 ----a-w- c:\windows\system32\nvSCPAPI64.dll
2009-06-10 04:32 . 2009-06-10 04:32 3293184 ----a-w- c:\windows\system32\nvstres.dll
2009-06-10 04:32 . 2009-06-10 04:32 5847 ----a-w- c:\windows\system32\oglstreg.reg
2009-06-10 04:31 . 2009-06-10 04:31 167424 ----a-w- c:\windows\system32\nvstreg.exe
2009-06-10 04:31 . 2009-06-10 04:31 1718272 ----a-w- c:\windows\system32\nvsttest.exe
2009-06-10 04:31 . 2009-06-10 04:31 1034752 ----a-w- c:\windows\system32\nvstview.exe
2009-06-10 04:31 . 2009-06-10 04:31 89088 ----a-w- c:\windows\system32\nvimage.dll
2009-06-10 04:29 . 2009-06-10 04:29 1656 ----a-w- c:\windows\system32\nvstdef.reg
2009-06-08 17:01 . 2008-07-31 19:40 -------- d-----w- c:\progra~2\TrackMania
2009-06-07 08:52 . 2009-06-07 08:52 10134 ----a-r- c:\users\Fryct\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-07 08:52 . 2009-06-07 08:52 -------- d-----w- c:\program files\Microsoft WSE
2009-06-06 16:12 . 2008-07-26 15:36 -------- d-----w- c:\program files\Electronic Arts
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-28 15:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-28 15:07 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-28 10:55 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-05-21 20:49 . 2009-05-10 10:46 -------- d-----w- c:\program files\rFactor
2009-05-10 19:21 . 2009-05-10 19:21 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-05-09 05:50 . 2009-06-10 09:09 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 09:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-04-28 07:55 . 2009-04-28 07:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-23 12:15 . 2009-06-10 09:07 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-10 09:07 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-21 11:39 . 2009-06-10 09:07 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-24 15:27 . 2009-07-01 15:56 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-03-08 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-01 215552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-17 6793760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632]
c:\users\Fryct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-7-26 3581680]
c:\users\Fryct\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-7-26 3581680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):84,f2,65,d2,a6,df,c9,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3017709691-804468469-1464511852-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{101D2057-1C16-420A-906F-E3C44D627292}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D8383F2A-5385-46A6-8BFA-1E8EE34798EE}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{6E1B9AAE-98B5-427D-B821-B6378835474B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{189A5AF6-EAEC-4117-A744-187E90D5BB2B}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{CD5DA0EC-732B-48A3-9546-F11402E8B70A}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E53F93DE-736E-4106-8758-65DC804075E1}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{12AD7443-1084-433B-BBE6-FCFE92D07171}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2114042D-FBB9-43F2-91CA-7792702A75A7}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{9E808409-3B11-427C-B17B-16688660CDB3}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{DB5EF49C-23F0-4508-9FA9-987ED80E18D5}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{F5958A01-E278-4574-8ADE-A23ACB4F8E3F}"= UDP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"{DEE2E5F3-2040-40D0-9F92-A22BAA14AFAB}"= TCP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"{61843F1F-BF99-4E05-A217-F92B4A1ADB2D}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{8F0E10BD-8BAC-47CB-8B46-33A2A948205F}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{FDAFF9FE-B8B7-4CAB-BC25-EE0CBD4CCA80}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{22E23C74-7242-4685-A4FB-7F6BC351EE28}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{FF9A2C3C-0D16-4FDC-9040-D1B3EF3A4226}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{4B8BEBA6-80B0-45BA-8867-B013CF2ECA79}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{530425C9-0F63-416B-8B84-99A437E8B0EE}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{BD1AED9B-66F7-42D5-973F-3CD6CFB018DA}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{3BCB6A29-7AE3-4304-96F3-AC616D14D646}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{87C52663-2039-479C-A0FF-537DBE081EB7}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{CF4F955D-6822-44C2-A772-F2A680F83C59}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{1E4DB4E0-6A3D-4C28-BE8F-968F93B9F3A6}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{83E8973F-F3CD-43C0-915F-3FAAB66F24F5}"= UDP:c:\program files\Steam\steamapps\common\trackmania united\TmForever.exe:TrackMania United Forever
"{F200D435-B063-4BD4-94F2-8B6077F964BD}"= TCP:c:\program files\Steam\steamapps\common\trackmania united\TmForever.exe:TrackMania United Forever
"{9CA93B90-7E0A-4464-AAB7-B3E6B9B7E073}"= UDP:c:\program files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:TrackMania United Forever
"{E9D5835A-8BEA-4041-9D8D-92D840EF0E44}"= TCP:c:\program files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:TrackMania United Forever
"{9C0C5B0E-354D-4175-AD3E-ED9B251DCAD7}"= UDP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{11FD57B5-4A28-422E-BBA6-C19BF9D10C75}"= TCP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{80126E6C-8F0B-4004-B875-22A334D4027D}"= UDP:c:\program files\Steam\steamapps\common\titan quest\help.htm:Titan Quest
"{16B4B97C-6E57-4785-8D80-E61248DB0C25}"= TCP:c:\program files\Steam\steamapps\common\titan quest\help.htm:Titan Quest
"{AA1C9932-7B6F-4730-A8C0-07735C9805C8}"= UDP:c:\program files\Steam\steamapps\common\titan quest immortal throne\Tqit.exe:Titan Quest: Immortal Throne
"{5C44A1D4-E9C3-4F6B-BF09-6043D5245191}"= TCP:c:\program files\Steam\steamapps\common\titan quest immortal throne\Tqit.exe:Titan Quest: Immortal Throne
"{5EC5A276-4BE0-4A72-83ED-CB8C045D8591}"= UDP:c:\program files\Steam\steamapps\common\titan quest immortal throne\help.htm:Titan Quest: Immortal Throne
"{C0C74C27-C2F3-4596-A503-FB8E26C42C0B}"= TCP:c:\program files\Steam\steamapps\common\titan quest immortal throne\help.htm:Titan Quest: Immortal Throne
"{D9775FD4-3FBC-4949-A6D7-D99BB24C5399}"= UDP:c:\program files\Steam\steamapps\common\trials 2 second edition\launcher.exe:Trials 2: Second Edition
"{623BC05D-93B6-4A0B-8BA1-A0AE2DCF9726}"= TCP:c:\program files\Steam\steamapps\common\trials 2 second edition\launcher.exe:Trials 2: Second Edition
"{FDD7CF1D-6AF2-49D8-B1C9-7D0809E19FC8}"= UDP:c:\program files\Steam\steamapps\common\x3 terran conflict\X3TC.exe:X3: Terran Conflict
"{BD3053F5-FDC1-43C8-BF0E-935CA6B28362}"= TCP:c:\program files\Steam\steamapps\common\x3 terran conflict\X3TC.exe:X3: Terran Conflict
"{4CDD6878-4548-4EDE-81AC-F80B359CC549}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{EBD9DF36-8BAD-4688-B9BF-C5DADF31DF0A}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{7A378ADA-706A-46AB-B1C7-3C681500BC39}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7F3CCEF5-BFDB-4BE7-804D-1F6857DBC07A}"= UDP:c:\program files\Steam\steamapps\common\the last remnant\Binaries\TLR.exe:The Last Remnant
"{17B89F98-B2E3-4FF6-AD6A-F24030AB0DB0}"= TCP:c:\program files\Steam\steamapps\common\the last remnant\Binaries\TLR.exe:The Last Remnant
"{95213D48-9D1E-430A-81B7-5942AAE3A917}"= UDP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{53E6152D-9FDE-4D0E-8EF3-89988CC311E8}"= TCP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{29733425-D2A2-49DA-8466-51BECA6B482A}"= UDP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{DA9C1B56-1DDD-4212-80FA-FD98ABFC3125}"= TCP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{A9CF6801-94F7-444C-A1C3-5FB9445E1552}"= UDP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{F37BC531-42A8-46F0-9D50-748A3F01B289}"= TCP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{39F3C5BA-DD85-45F9-BED7-CB02F7757781}"= UDP:c:\program files\Steam\steamapps\common\peggle deluxe\Peggle.exe:Peggle Deluxe
"{61190302-9076-4F54-BD68-845C1174C736}"= TCP:c:\program files\Steam\steamapps\common\peggle deluxe\Peggle.exe:Peggle Deluxe
"{A1957312-D880-4A9C-BA63-3C6A9D12269C}"= UDP:c:\program files\Steam\steamapps\common\peggle nights\PeggleNights.exe:Peggle Nights
"{0A14D283-CB35-4278-874E-EBC2D28EB7C2}"= TCP:c:\program files\Steam\steamapps\common\peggle nights\PeggleNights.exe:Peggle Nights
"{61D72F24-DC12-46D3-A73A-E0CF6A809B04}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Opposing Fronts
"{8E3A8E66-68CD-49E6-B98F-AE95E4CB9F2E}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Opposing Fronts
"{6CBF54B0-1EFE-4A20-BDDE-53B4152E5C3E}"= UDP:c:\program files\Steam\steamapps\common\prototype\prototypef.exe:Prototype
"{216C3479-379E-4B80-824B-BC6A4F5351BD}"= TCP:c:\program files\Steam\steamapps\common\prototype\prototypef.exe:Prototype
"{62B3ED5F-D096-41C1-AE37-F7EB12D7B748}"= UDP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{595778B3-1656-449D-8B09-8379B7F66E54}"= TCP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{800EA7D6-2A21-42A5-9C20-AB68008B708F}"= UDP:c:\program files\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe:Shadowgrounds
"{84D0B703-303F-46C5-A146-9BF8BCCBE6D4}"= TCP:c:\program files\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe:Shadowgrounds
"{B19F27EF-32AF-44C6-8BD3-3B9D208CDE43}"= UDP:c:\program files\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe:Shadowgrounds
"{FCDF5311-1CC7-40BE-8872-DAB61223EDAC}"= TCP:c:\program files\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe:Shadowgrounds
"{DD27ABE2-A9D8-44D5-AB6F-E7CB46A5F269}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{DB624513-F49B-4FD8-9A60-E63BC63232E9}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{9F6C31A3-4A02-4596-B9FE-ABA70F81E714}"= UDP:d:\streetfighteriv\StreetFighterIV.exe:STREET FIGHTER IV
"{FCB9D426-12A3-47B5-AADB-B7FB05A70FDE}"= TCP:d:\streetfighteriv\StreetFighterIV.exe:STREET FIGHTER IV
"{6AE9B028-EC14-439A-92D0-A765243722B6}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{24145960-6301-4880-83DA-E154F76347BC}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{C2A6EA39-0D9A-4CBE-9999-F80B8064C4D7}"= UDP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{C6C881ED-5ACB-4197-8B6C-A57910CCB895}"= TCP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{458616C4-2F77-4590-946B-E26323046FB5}"= UDP:c:\program files\Steam\steamapps\common\trine\trine_launcher.exe:Trine
"{538E8070-ED91-4ACA-A245-33A0679DEEC7}"= TCP:c:\program files\Steam\steamapps\common\trine\trine_launcher.exe:Trine
"{90618E61-22A7-4EDC-9A38-593985B9C439}"= UDP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor
"{82ED241A-ACB0-4BAC-A15B-6652A8D97643}"= TCP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Persona\\Persona.exe"= c:\program files\Persona\Persona.exe:*:Enabled:Persona
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [19/03/2009 11:44 107256]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [01/10/2008 16:44 20384]
R1 Start1Driver;Start1Driver;c:\windows\System32\drivers\Start1Driver.SYS [14/07/2009 13:36 5120]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [19/03/2009 11:44 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [19/03/2009 11:45 93312]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [10/06/2009 06:33 232960]
R3 LycoFltr;Lycosa Keyboard;c:\windows\System32\drivers\Lycosa.sys [18/01/2008 06:43 16128]
S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\System32\drivers\AGUx86.sys [08/10/2007 09:53 892416]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNIMP50.sys [16/11/2006 14:36 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNISP50.sys [16/11/2006 14:36 20480]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [29/02/2008 02:07 942080]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\System32\drivers\WN111v2v.sys [30/09/2008 03:20 449536]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F6E42294-30F1-D27F-2FEE-DEC4CBE77B09}]
C:\Windows:system.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: dogsoftheseas.com
Trusted Zone: dogsoftheseas.com\realm01
Trusted Zone: dogsoftheseas.com\www
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
FF - component: c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\doudehou@gmail.com\components\statusbarEx.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npsoestb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 17:15
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(6008)
geyekrpahvfrqw.dll 10000000 36864 \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
c:\program files\Stardock\Object Desktop\DeskScapes\deskscape.dll
c:\progra~1\Stardock\OBJECT~2\DESKSC~1\DesktopControlPanel.dll
c:\program files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
.
Completion time: 2009-07-14 17:18
ComboFix-quarantined-files.txt 2009-07-14 17:18
Pre-Run: 68 574 527 488 octets libres
Post-Run: 68 861 390 848 octets libres
------------
ComboFix 09-07-13.01 - Fryct 14/07/2009 17:07.5.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3583.2509 [GMT 2:00]
Running from: c:\users\Fryct\Desktop\ComboFix.exe
SP: AdwareBot *disabled* (Updated) {2BFC08CE-6B66-47D4-BA62-0A39887A0229}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.
2009-07-14 15:15 . 2009-07-14 15:15 -------- d-----w- c:\users\Fryct\AppData\Local\temp
2009-07-14 13:35 . 2009-07-14 13:35 -------- d-----w- c:\program files\Trend Micro
2009-07-14 11:56 . 2009-07-14 12:49 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-07-14 11:36 . 2009-03-14 04:48 5120 ----a-w- c:\windows\system32\drivers\Start1Driver.SYS
2009-07-14 09:45 . 2009-07-14 09:45 -------- d-----w- c:\progra~2\Simply Super Software
2009-07-13 22:27 . 2009-07-13 23:19 -------- d-----w- c:\windows\BDOSCAN8
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\users\Fryct\AppData\Roaming\Malwarebytes
2009-07-13 18:41 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-13 18:41 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 16:23 . 2009-07-13 16:23 -------- d---a-w- c:\program files\Common Files\Nero
2009-07-13 16:07 . 2009-07-13 16:07 -------- d-----w- c:\progra~2\SlySoft
2009-07-13 16:04 . 2009-07-13 16:04 -------- d-----w- c:\program files\SlySoft
2009-07-12 21:47 . 2009-07-12 22:17 -------- d-----w- c:\users\Fryct\AppData\Roaming\CyberLink
2009-07-12 21:47 . 2009-07-12 21:47 -------- d-----w- c:\users\Public\CyberLink
2009-07-12 21:44 . 2009-07-12 21:44 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-12 21:40 . 2009-07-12 22:07 -------- d-----w- c:\progra~2\CyberLink
2009-07-12 21:40 . 2008-05-14 12:48 29480 ------w- c:\windows\system32\msxml3a.dll
2009-07-12 21:39 . 2008-05-14 12:48 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-12 21:39 . 2009-07-13 16:15 -------- d-----w- c:\program files\CyberLink
2009-07-12 08:45 . 2009-07-12 08:45 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-12 08:45 . 2009-07-12 08:45 -------- d-----w- c:\windows\system32\AGEIA
2009-07-12 08:29 . 2009-07-12 08:29 -------- d-----w- c:\users\Fryct\{c904a8d4-a5d3-4d40-a799-60f6c462408a}
2009-07-12 08:29 . 2009-06-04 14:39 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-08 17:58 . 2005-07-25 09:59 28672 ----a-w- c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
2009-07-05 17:55 . 2008-04-16 12:13 65536 ----a-w- c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\doudehou@gmail.com\components\statusbarEx.dll
2009-07-05 00:33 . 2009-07-05 07:17 -------- d-----w- c:\users\Fryct\AppData\Roaming\IGN_DLM
2009-07-01 15:57 . 2009-07-01 15:57 0 ----a-w- c:\windows\nsreg.dat
2009-07-01 15:57 . 2009-07-01 15:57 -------- d-----w- c:\users\Fryct\AppData\Local\Mozilla
2009-06-20 09:48 . 2009-06-20 09:48 -------- d-----w- c:\users\Fryct\AppData\Local\ArmA 2
2009-06-20 09:47 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-06-20 09:47 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-06-20 09:47 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-06-20 09:47 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-06-20 09:35 . 2009-06-20 09:35 -------- d-----w- c:\program files\Bohemia Interactive
2009-06-17 19:46 . 2009-06-17 19:46 -------- d-----w- c:\users\Fryct\AppData\Local\Monte Cristo
2009-06-15 19:06 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-15 19:06 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-15 19:06 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-15 19:06 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-15 19:06 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-15 19:06 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 14:35 . 2006-11-02 15:48 716060 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-14 14:35 . 2006-11-02 15:48 144214 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-14 14:30 . 2008-07-24 14:48 -------- d-----w- c:\progra~2\NVIDIA
2009-07-14 14:30 . 2009-07-12 08:52 31966 ----a-w- c:\progra~2\nvModes.dat
2009-07-13 16:23 . 2008-07-24 17:11 -------- d-----w- c:\program files\Nero
2009-07-13 16:15 . 2008-07-25 22:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-13 14:56 . 2008-07-24 19:34 -------- d-----w- c:\program files\Steam
2009-07-12 21:47 . 2008-07-24 14:42 106240 ----a-w- c:\users\Fryct\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-12 21:38 . 2008-07-24 14:44 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-12 16:03 . 2008-09-25 15:16 -------- d-----w- c:\users\Fryct\AppData\Roaming\vlc
2009-07-12 08:45 . 2008-11-08 12:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 08:39 . 2008-07-24 14:41 2708 ----a-w- c:\users\Fryct\AppData\Local\d3d9caps.dat
2009-07-12 03:21 . 2008-07-26 17:11 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-11 20:42 . 2008-07-24 18:19 -------- d-----w- c:\users\Fryct\AppData\Roaming\MxBoost
2009-07-05 11:08 . 2008-07-24 19:34 -------- d-----w- c:\program files\Common Files\Steam
2009-07-05 09:32 . 2008-08-23 11:39 -------- d-----w- c:\program files\City of Heroes
2009-06-30 16:50 . 2008-07-26 21:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-23 12:11 . 2008-07-25 22:10 137888 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-23 12:11 . 2008-07-25 22:09 189288 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-22 11:51 . 2008-07-25 22:09 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-17 17:47 . 2009-05-09 10:38 -------- d-----w- c:\program files\Common Files\BioWare
2009-06-17 17:46 . 2008-07-26 15:49 -------- d-----w- c:\progra~2\Media Center Programs
2009-06-14 15:15 . 2009-06-13 13:26 -------- d-----w- c:\program files\Sony Online Entertainment
2009-06-11 18:46 . 2008-08-02 09:51 -------- d-----w- c:\progra~2\Steam
2009-06-11 18:46 . 2008-08-02 09:50 -------- d-----w- c:\progra~2\PopCap Games
2009-06-10 16:33 . 2009-06-10 16:33 9899296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-06-10 16:33 . 2009-06-10 16:33 989696 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 16:33 . 2009-06-10 16:33 7611904 ----a-w- c:\windows\system32\nvd3dum.dll
2009-06-10 16:33 . 2009-06-10 16:33 678432 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 16:33 . 2009-06-10 16:33 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 16:33 . 2009-06-10 16:33 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-06-10 16:33 . 2009-06-10 16:33 3148288 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-06-10 16:33 . 2009-06-10 16:33 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod155.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 16:33 . 2009-06-10 16:33 1317408 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 16:33 . 2009-06-10 16:33 10379264 ----a-w- c:\windows\system32\nvoglv32.dll
2009-06-10 09:19 . 2008-07-26 07:13 -------- d-----w- c:\progra~2\Microsoft Help
2009-06-10 06:35 . 2009-06-10 06:35 1505824 ----a-w- c:\windows\system32\nvcpluir.dll
2009-06-10 06:35 . 2009-06-10 06:35 1358368 ----a-w- c:\windows\system32\nvsvsr.dll
2009-06-10 06:35 . 2009-06-10 06:35 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-06-10 06:35 . 2009-06-10 06:35 1296928 ----a-w- c:\windows\system32\nvsvs.dll
2009-06-10 04:33 . 2009-06-10 04:33 244736 ----a-w- c:\windows\system32\nvStInst.exe
2009-06-10 04:33 . 2009-06-10 04:33 467968 ----a-w- c:\windows\system32\nvstlink.exe
2009-06-10 04:33 . 2009-06-10 04:33 3953152 ----a-w- c:\windows\system32\nvstwiz.exe
2009-06-10 04:33 . 2009-06-10 04:33 141824 ----a-w- c:\windows\system32\nvStereoApiI.dll
2009-06-10 04:33 . 2009-06-10 04:33 171520 ----a-w- c:\windows\system32\nvStereoApiI64.dll
2009-06-10 04:33 . 2009-06-10 04:33 232960 ----a-w- c:\windows\system32\nvSCPAPISvr.exe
2009-06-10 04:32 . 2009-06-10 04:32 257536 ----a-w- c:\windows\system32\nvSCPAPI.dll
2009-06-10 04:32 . 2009-06-10 04:32 301568 ----a-w- c:\windows\system32\nvSCPAPI64.dll
2009-06-10 04:32 . 2009-06-10 04:32 3293184 ----a-w- c:\windows\system32\nvstres.dll
2009-06-10 04:32 . 2009-06-10 04:32 5847 ----a-w- c:\windows\system32\oglstreg.reg
2009-06-10 04:31 . 2009-06-10 04:31 167424 ----a-w- c:\windows\system32\nvstreg.exe
2009-06-10 04:31 . 2009-06-10 04:31 1718272 ----a-w- c:\windows\system32\nvsttest.exe
2009-06-10 04:31 . 2009-06-10 04:31 1034752 ----a-w- c:\windows\system32\nvstview.exe
2009-06-10 04:31 . 2009-06-10 04:31 89088 ----a-w- c:\windows\system32\nvimage.dll
2009-06-10 04:29 . 2009-06-10 04:29 1656 ----a-w- c:\windows\system32\nvstdef.reg
2009-06-08 17:01 . 2008-07-31 19:40 -------- d-----w- c:\progra~2\TrackMania
2009-06-07 08:52 . 2009-06-07 08:52 10134 ----a-r- c:\users\Fryct\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-07 08:52 . 2009-06-07 08:52 -------- d-----w- c:\program files\Microsoft WSE
2009-06-06 16:12 . 2008-07-26 15:36 -------- d-----w- c:\program files\Electronic Arts
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-28 15:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-28 15:07 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-28 10:55 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-05-21 20:49 . 2009-05-10 10:46 -------- d-----w- c:\program files\rFactor
2009-05-10 19:21 . 2009-05-10 19:21 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-05-09 05:50 . 2009-06-10 09:09 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 09:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-04-28 07:55 . 2009-04-28 07:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-23 12:15 . 2009-06-10 09:07 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-10 09:07 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-21 11:39 . 2009-06-10 09:07 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-24 15:27 . 2009-07-01 15:56 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-03-08 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-01 215552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-17 6793760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632]
c:\users\Fryct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-7-26 3581680]
c:\users\Fryct\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-7-26 3581680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):84,f2,65,d2,a6,df,c9,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3017709691-804468469-1464511852-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{101D2057-1C16-420A-906F-E3C44D627292}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D8383F2A-5385-46A6-8BFA-1E8EE34798EE}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{6E1B9AAE-98B5-427D-B821-B6378835474B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{189A5AF6-EAEC-4117-A744-187E90D5BB2B}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{CD5DA0EC-732B-48A3-9546-F11402E8B70A}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E53F93DE-736E-4106-8758-65DC804075E1}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{12AD7443-1084-433B-BBE6-FCFE92D07171}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2114042D-FBB9-43F2-91CA-7792702A75A7}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{9E808409-3B11-427C-B17B-16688660CDB3}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{DB5EF49C-23F0-4508-9FA9-987ED80E18D5}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{F5958A01-E278-4574-8ADE-A23ACB4F8E3F}"= UDP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"{DEE2E5F3-2040-40D0-9F92-A22BAA14AFAB}"= TCP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"{61843F1F-BF99-4E05-A217-F92B4A1ADB2D}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{8F0E10BD-8BAC-47CB-8B46-33A2A948205F}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{FDAFF9FE-B8B7-4CAB-BC25-EE0CBD4CCA80}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{22E23C74-7242-4685-A4FB-7F6BC351EE28}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{FF9A2C3C-0D16-4FDC-9040-D1B3EF3A4226}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{4B8BEBA6-80B0-45BA-8867-B013CF2ECA79}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{530425C9-0F63-416B-8B84-99A437E8B0EE}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{BD1AED9B-66F7-42D5-973F-3CD6CFB018DA}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{3BCB6A29-7AE3-4304-96F3-AC616D14D646}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{87C52663-2039-479C-A0FF-537DBE081EB7}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{CF4F955D-6822-44C2-A772-F2A680F83C59}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{1E4DB4E0-6A3D-4C28-BE8F-968F93B9F3A6}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{83E8973F-F3CD-43C0-915F-3FAAB66F24F5}"= UDP:c:\program files\Steam\steamapps\common\trackmania united\TmForever.exe:TrackMania United Forever
"{F200D435-B063-4BD4-94F2-8B6077F964BD}"= TCP:c:\program files\Steam\steamapps\common\trackmania united\TmForever.exe:TrackMania United Forever
"{9CA93B90-7E0A-4464-AAB7-B3E6B9B7E073}"= UDP:c:\program files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:TrackMania United Forever
"{E9D5835A-8BEA-4041-9D8D-92D840EF0E44}"= TCP:c:\program files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:TrackMania United Forever
"{9C0C5B0E-354D-4175-AD3E-ED9B251DCAD7}"= UDP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{11FD57B5-4A28-422E-BBA6-C19BF9D10C75}"= TCP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{80126E6C-8F0B-4004-B875-22A334D4027D}"= UDP:c:\program files\Steam\steamapps\common\titan quest\help.htm:Titan Quest
"{16B4B97C-6E57-4785-8D80-E61248DB0C25}"= TCP:c:\program files\Steam\steamapps\common\titan quest\help.htm:Titan Quest
"{AA1C9932-7B6F-4730-A8C0-07735C9805C8}"= UDP:c:\program files\Steam\steamapps\common\titan quest immortal throne\Tqit.exe:Titan Quest: Immortal Throne
"{5C44A1D4-E9C3-4F6B-BF09-6043D5245191}"= TCP:c:\program files\Steam\steamapps\common\titan quest immortal throne\Tqit.exe:Titan Quest: Immortal Throne
"{5EC5A276-4BE0-4A72-83ED-CB8C045D8591}"= UDP:c:\program files\Steam\steamapps\common\titan quest immortal throne\help.htm:Titan Quest: Immortal Throne
"{C0C74C27-C2F3-4596-A503-FB8E26C42C0B}"= TCP:c:\program files\Steam\steamapps\common\titan quest immortal throne\help.htm:Titan Quest: Immortal Throne
"{D9775FD4-3FBC-4949-A6D7-D99BB24C5399}"= UDP:c:\program files\Steam\steamapps\common\trials 2 second edition\launcher.exe:Trials 2: Second Edition
"{623BC05D-93B6-4A0B-8BA1-A0AE2DCF9726}"= TCP:c:\program files\Steam\steamapps\common\trials 2 second edition\launcher.exe:Trials 2: Second Edition
"{FDD7CF1D-6AF2-49D8-B1C9-7D0809E19FC8}"= UDP:c:\program files\Steam\steamapps\common\x3 terran conflict\X3TC.exe:X3: Terran Conflict
"{BD3053F5-FDC1-43C8-BF0E-935CA6B28362}"= TCP:c:\program files\Steam\steamapps\common\x3 terran conflict\X3TC.exe:X3: Terran Conflict
"{4CDD6878-4548-4EDE-81AC-F80B359CC549}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{EBD9DF36-8BAD-4688-B9BF-C5DADF31DF0A}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{7A378ADA-706A-46AB-B1C7-3C681500BC39}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7F3CCEF5-BFDB-4BE7-804D-1F6857DBC07A}"= UDP:c:\program files\Steam\steamapps\common\the last remnant\Binaries\TLR.exe:The Last Remnant
"{17B89F98-B2E3-4FF6-AD6A-F24030AB0DB0}"= TCP:c:\program files\Steam\steamapps\common\the last remnant\Binaries\TLR.exe:The Last Remnant
"{95213D48-9D1E-430A-81B7-5942AAE3A917}"= UDP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{53E6152D-9FDE-4D0E-8EF3-89988CC311E8}"= TCP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{29733425-D2A2-49DA-8466-51BECA6B482A}"= UDP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{DA9C1B56-1DDD-4212-80FA-FD98ABFC3125}"= TCP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{A9CF6801-94F7-444C-A1C3-5FB9445E1552}"= UDP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{F37BC531-42A8-46F0-9D50-748A3F01B289}"= TCP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{39F3C5BA-DD85-45F9-BED7-CB02F7757781}"= UDP:c:\program files\Steam\steamapps\common\peggle deluxe\Peggle.exe:Peggle Deluxe
"{61190302-9076-4F54-BD68-845C1174C736}"= TCP:c:\program files\Steam\steamapps\common\peggle deluxe\Peggle.exe:Peggle Deluxe
"{A1957312-D880-4A9C-BA63-3C6A9D12269C}"= UDP:c:\program files\Steam\steamapps\common\peggle nights\PeggleNights.exe:Peggle Nights
"{0A14D283-CB35-4278-874E-EBC2D28EB7C2}"= TCP:c:\program files\Steam\steamapps\common\peggle nights\PeggleNights.exe:Peggle Nights
"{61D72F24-DC12-46D3-A73A-E0CF6A809B04}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Opposing Fronts
"{8E3A8E66-68CD-49E6-B98F-AE95E4CB9F2E}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Opposing Fronts
"{6CBF54B0-1EFE-4A20-BDDE-53B4152E5C3E}"= UDP:c:\program files\Steam\steamapps\common\prototype\prototypef.exe:Prototype
"{216C3479-379E-4B80-824B-BC6A4F5351BD}"= TCP:c:\program files\Steam\steamapps\common\prototype\prototypef.exe:Prototype
"{62B3ED5F-D096-41C1-AE37-F7EB12D7B748}"= UDP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{595778B3-1656-449D-8B09-8379B7F66E54}"= TCP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{800EA7D6-2A21-42A5-9C20-AB68008B708F}"= UDP:c:\program files\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe:Shadowgrounds
"{84D0B703-303F-46C5-A146-9BF8BCCBE6D4}"= TCP:c:\program files\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe:Shadowgrounds
"{B19F27EF-32AF-44C6-8BD3-3B9D208CDE43}"= UDP:c:\program files\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe:Shadowgrounds
"{FCDF5311-1CC7-40BE-8872-DAB61223EDAC}"= TCP:c:\program files\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe:Shadowgrounds
"{DD27ABE2-A9D8-44D5-AB6F-E7CB46A5F269}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{DB624513-F49B-4FD8-9A60-E63BC63232E9}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{9F6C31A3-4A02-4596-B9FE-ABA70F81E714}"= UDP:d:\streetfighteriv\StreetFighterIV.exe:STREET FIGHTER IV
"{FCB9D426-12A3-47B5-AADB-B7FB05A70FDE}"= TCP:d:\streetfighteriv\StreetFighterIV.exe:STREET FIGHTER IV
"{6AE9B028-EC14-439A-92D0-A765243722B6}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{24145960-6301-4880-83DA-E154F76347BC}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{C2A6EA39-0D9A-4CBE-9999-F80B8064C4D7}"= UDP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{C6C881ED-5ACB-4197-8B6C-A57910CCB895}"= TCP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{458616C4-2F77-4590-946B-E26323046FB5}"= UDP:c:\program files\Steam\steamapps\common\trine\trine_launcher.exe:Trine
"{538E8070-ED91-4ACA-A245-33A0679DEEC7}"= TCP:c:\program files\Steam\steamapps\common\trine\trine_launcher.exe:Trine
"{90618E61-22A7-4EDC-9A38-593985B9C439}"= UDP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor
"{82ED241A-ACB0-4BAC-A15B-6652A8D97643}"= TCP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Persona\\Persona.exe"= c:\program files\Persona\Persona.exe:*:Enabled:Persona
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [19/03/2009 11:44 107256]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [01/10/2008 16:44 20384]
R1 Start1Driver;Start1Driver;c:\windows\System32\drivers\Start1Driver.SYS [14/07/2009 13:36 5120]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [19/03/2009 11:44 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [19/03/2009 11:45 93312]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [10/06/2009 06:33 232960]
R3 LycoFltr;Lycosa Keyboard;c:\windows\System32\drivers\Lycosa.sys [18/01/2008 06:43 16128]
S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\System32\drivers\AGUx86.sys [08/10/2007 09:53 892416]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNIMP50.sys [16/11/2006 14:36 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNISP50.sys [16/11/2006 14:36 20480]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [29/02/2008 02:07 942080]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\System32\drivers\WN111v2v.sys [30/09/2008 03:20 449536]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F6E42294-30F1-D27F-2FEE-DEC4CBE77B09}]
C:\Windows:system.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: dogsoftheseas.com
Trusted Zone: dogsoftheseas.com\realm01
Trusted Zone: dogsoftheseas.com\www
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
FF - component: c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\doudehou@gmail.com\components\statusbarEx.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npsoestb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 17:15
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(6008)
geyekrpahvfrqw.dll 10000000 36864 \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
c:\program files\Stardock\Object Desktop\DeskScapes\deskscape.dll
c:\progra~1\Stardock\OBJECT~2\DESKSC~1\DesktopControlPanel.dll
c:\program files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
.
Completion time: 2009-07-14 17:18
ComboFix-quarantined-files.txt 2009-07-14 17:18
Pre-Run: 68 574 527 488 octets libres
Post-Run: 68 861 390 848 octets libres
fix200
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
158
14 juil. 2009 à 17:41
14 juil. 2009 à 17:41
Tu es Malheureusement infecté par une nouvelle variante de TDSS ...
Copie le texte ci-dessous :
File::
c:\users\Fryct\AppData\Local\d3d9caps.dat
Driver::
nProtect GameGuard Service
- Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Sauvegarde ce fichier sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt
Ensuite :
===>> Lance Malwarebyte's
▶ Sous l'onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression"
▶ Fais une mise a jour (onglet mises a jours)
* Clique maintenant sur l'onglet recherche et coche la case : "exécuter un examen rapide".
▶ Puis clic sur "rechercher".
▶ Laisse le scanner le PC...
▶ Si des éléments on été trouvés --> clic sur "afficher les résultats", puis sur supprimer la sélection. afin de détruire les éléments infectés.
▶ Si il t'es demandé de redémarrer --> clic sur "YES".
▶ A la fin un rapport va s'ouvrir; sauvegarde le de manière a le retrouver en vu de le poster sur le forum.
▶ Copie et colle le rapport S.T.P.
** Note: les rapport sont aussi rangé dans l'onglet Rapport/Log
A+
Copie le texte ci-dessous :
File::
c:\users\Fryct\AppData\Local\d3d9caps.dat
Driver::
nProtect GameGuard Service
- Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Sauvegarde ce fichier sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt
Ensuite :
===>> Lance Malwarebyte's
▶ Sous l'onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression"
▶ Fais une mise a jour (onglet mises a jours)
* Clique maintenant sur l'onglet recherche et coche la case : "exécuter un examen rapide".
▶ Puis clic sur "rechercher".
▶ Laisse le scanner le PC...
▶ Si des éléments on été trouvés --> clic sur "afficher les résultats", puis sur supprimer la sélection. afin de détruire les éléments infectés.
▶ Si il t'es demandé de redémarrer --> clic sur "YES".
▶ A la fin un rapport va s'ouvrir; sauvegarde le de manière a le retrouver en vu de le poster sur le forum.
▶ Copie et colle le rapport S.T.P.
** Note: les rapport sont aussi rangé dans l'onglet Rapport/Log
A+
Ca n'a hélas pas marché, il est toujours là. Voici le rapport de ComboFix et de Malwarebyte:
ComboFix 09-07-13.01 - Fryct 14/07/2009 17:57.6.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3583.2562 [GMT 2:00]
Running from: c:\users\Fryct\Desktop\ComboFix.exe
Command switches used :: c:\users\Fryct\Desktop\CFScript.txt
SP: AdwareBot *disabled* (Updated) {2BFC08CE-6B66-47D4-BA62-0A39887A0229}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
FILE ::
"c:\users\Fryct\AppData\Local\d3d9caps.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Fryct\AppData\Local\d3d9caps.dat
.
((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.
2009-07-14 16:04 . 2009-07-14 16:04 -------- d-----w- c:\users\Fryct\AppData\Local\temp
2009-07-14 13:35 . 2009-07-14 13:35 -------- d-----w- c:\program files\Trend Micro
2009-07-14 11:56 . 2009-07-14 12:49 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-07-14 11:36 . 2009-03-14 04:48 5120 ----a-w- c:\windows\system32\drivers\Start1Driver.SYS
2009-07-14 09:45 . 2009-07-14 09:45 -------- d-----w- c:\progra~2\Simply Super Software
2009-07-13 22:27 . 2009-07-13 23:19 -------- d-----w- c:\windows\BDOSCAN8
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\users\Fryct\AppData\Roaming\Malwarebytes
2009-07-13 18:41 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-13 18:41 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 16:23 . 2009-07-13 16:23 -------- d---a-w- c:\program files\Common Files\Nero
2009-07-13 16:07 . 2009-07-13 16:07 -------- d-----w- c:\progra~2\SlySoft
2009-07-13 16:04 . 2009-07-13 16:04 -------- d-----w- c:\program files\SlySoft
2009-07-12 21:47 . 2009-07-12 22:17 -------- d-----w- c:\users\Fryct\AppData\Roaming\CyberLink
2009-07-12 21:47 . 2009-07-12 21:47 -------- d-----w- c:\users\Public\CyberLink
2009-07-12 21:44 . 2009-07-12 21:44 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-12 21:40 . 2009-07-12 22:07 -------- d-----w- c:\progra~2\CyberLink
2009-07-12 21:40 . 2008-05-14 12:48 29480 ------w- c:\windows\system32\msxml3a.dll
2009-07-12 21:39 . 2008-05-14 12:48 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-12 21:39 . 2009-07-13 16:15 -------- d-----w- c:\program files\CyberLink
2009-07-12 08:45 . 2009-07-12 08:45 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-12 08:45 . 2009-07-12 08:45 -------- d-----w- c:\windows\system32\AGEIA
2009-07-12 08:29 . 2009-07-12 08:29 -------- d-----w- c:\users\Fryct\{c904a8d4-a5d3-4d40-a799-60f6c462408a}
2009-07-12 08:29 . 2009-06-04 14:39 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-08 17:58 . 2005-07-25 09:59 28672 ----a-w- c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
2009-07-05 17:55 . 2008-04-16 12:13 65536 ----a-w- c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\doudehou@gmail.com\components\statusbarEx.dll
2009-07-05 00:33 . 2009-07-05 07:17 -------- d-----w- c:\users\Fryct\AppData\Roaming\IGN_DLM
2009-07-01 15:57 . 2009-07-01 15:57 0 ----a-w- c:\windows\nsreg.dat
2009-07-01 15:57 . 2009-07-01 15:57 -------- d-----w- c:\users\Fryct\AppData\Local\Mozilla
2009-06-20 09:48 . 2009-06-20 09:48 -------- d-----w- c:\users\Fryct\AppData\Local\ArmA 2
2009-06-20 09:47 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-06-20 09:47 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-06-20 09:47 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-06-20 09:47 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-06-20 09:35 . 2009-06-20 09:35 -------- d-----w- c:\program files\Bohemia Interactive
2009-06-17 19:46 . 2009-06-17 19:46 -------- d-----w- c:\users\Fryct\AppData\Local\Monte Cristo
2009-06-15 19:06 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-15 19:06 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-15 19:06 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-15 19:06 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-15 19:06 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-15 19:06 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 15:53 . 2006-11-02 15:48 716060 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-14 15:53 . 2006-11-02 15:48 144214 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-14 15:49 . 2009-07-12 08:52 31966 ----a-w- c:\progra~2\nvModes.dat
2009-07-14 15:49 . 2008-07-24 14:48 -------- d-----w- c:\progra~2\NVIDIA
2009-07-13 16:23 . 2008-07-24 17:11 -------- d-----w- c:\program files\Nero
2009-07-13 16:15 . 2008-07-25 22:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-13 14:56 . 2008-07-24 19:34 -------- d-----w- c:\program files\Steam
2009-07-12 21:47 . 2008-07-24 14:42 106240 ----a-w- c:\users\Fryct\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-12 21:38 . 2008-07-24 14:44 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-12 16:03 . 2008-09-25 15:16 -------- d-----w- c:\users\Fryct\AppData\Roaming\vlc
2009-07-12 08:45 . 2008-11-08 12:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 03:21 . 2008-07-26 17:11 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-11 20:42 . 2008-07-24 18:19 -------- d-----w- c:\users\Fryct\AppData\Roaming\MxBoost
2009-07-05 11:08 . 2008-07-24 19:34 -------- d-----w- c:\program files\Common Files\Steam
2009-07-05 09:32 . 2008-08-23 11:39 -------- d-----w- c:\program files\City of Heroes
2009-06-30 16:50 . 2008-07-26 21:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-23 12:11 . 2008-07-25 22:10 137888 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-23 12:11 . 2008-07-25 22:09 189288 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-22 11:51 . 2008-07-25 22:09 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-17 17:47 . 2009-05-09 10:38 -------- d-----w- c:\program files\Common Files\BioWare
2009-06-17 17:46 . 2008-07-26 15:49 -------- d-----w- c:\progra~2\Media Center Programs
2009-06-14 15:15 . 2009-06-13 13:26 -------- d-----w- c:\program files\Sony Online Entertainment
2009-06-11 18:46 . 2008-08-02 09:51 -------- d-----w- c:\progra~2\Steam
2009-06-11 18:46 . 2008-08-02 09:50 -------- d-----w- c:\progra~2\PopCap Games
2009-06-10 16:33 . 2009-06-10 16:33 9899296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-06-10 16:33 . 2009-06-10 16:33 989696 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 16:33 . 2009-06-10 16:33 7611904 ----a-w- c:\windows\system32\nvd3dum.dll
2009-06-10 16:33 . 2009-06-10 16:33 678432 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 16:33 . 2009-06-10 16:33 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 16:33 . 2009-06-10 16:33 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-06-10 16:33 . 2009-06-10 16:33 3148288 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-06-10 16:33 . 2009-06-10 16:33 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod155.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 16:33 . 2009-06-10 16:33 1317408 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 16:33 . 2009-06-10 16:33 10379264 ----a-w- c:\windows\system32\nvoglv32.dll
2009-06-10 09:19 . 2008-07-26 07:13 -------- d-----w- c:\progra~2\Microsoft Help
2009-06-10 06:35 . 2009-06-10 06:35 1505824 ----a-w- c:\windows\system32\nvcpluir.dll
2009-06-10 06:35 . 2009-06-10 06:35 1358368 ----a-w- c:\windows\system32\nvsvsr.dll
2009-06-10 06:35 . 2009-06-10 06:35 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-06-10 06:35 . 2009-06-10 06:35 1296928 ----a-w- c:\windows\system32\nvsvs.dll
2009-06-10 04:33 . 2009-06-10 04:33 244736 ----a-w- c:\windows\system32\nvStInst.exe
2009-06-10 04:33 . 2009-06-10 04:33 467968 ----a-w- c:\windows\system32\nvstlink.exe
2009-06-10 04:33 . 2009-06-10 04:33 3953152 ----a-w- c:\windows\system32\nvstwiz.exe
2009-06-10 04:33 . 2009-06-10 04:33 141824 ----a-w- c:\windows\system32\nvStereoApiI.dll
2009-06-10 04:33 . 2009-06-10 04:33 171520 ----a-w- c:\windows\system32\nvStereoApiI64.dll
2009-06-10 04:33 . 2009-06-10 04:33 232960 ----a-w- c:\windows\system32\nvSCPAPISvr.exe
2009-06-10 04:32 . 2009-06-10 04:32 257536 ----a-w- c:\windows\system32\nvSCPAPI.dll
2009-06-10 04:32 . 2009-06-10 04:32 301568 ----a-w- c:\windows\system32\nvSCPAPI64.dll
2009-06-10 04:32 . 2009-06-10 04:32 3293184 ----a-w- c:\windows\system32\nvstres.dll
2009-06-10 04:32 . 2009-06-10 04:32 5847 ----a-w- c:\windows\system32\oglstreg.reg
2009-06-10 04:31 . 2009-06-10 04:31 167424 ----a-w- c:\windows\system32\nvstreg.exe
2009-06-10 04:31 . 2009-06-10 04:31 1718272 ----a-w- c:\windows\system32\nvsttest.exe
2009-06-10 04:31 . 2009-06-10 04:31 1034752 ----a-w- c:\windows\system32\nvstview.exe
2009-06-10 04:31 . 2009-06-10 04:31 89088 ----a-w- c:\windows\system32\nvimage.dll
2009-06-10 04:29 . 2009-06-10 04:29 1656 ----a-w- c:\windows\system32\nvstdef.reg
2009-06-08 17:01 . 2008-07-31 19:40 -------- d-----w- c:\progra~2\TrackMania
2009-06-07 08:52 . 2009-06-07 08:52 10134 ----a-r- c:\users\Fryct\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-07 08:52 . 2009-06-07 08:52 -------- d-----w- c:\program files\Microsoft WSE
2009-06-06 16:12 . 2008-07-26 15:36 -------- d-----w- c:\program files\Electronic Arts
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-28 15:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-28 15:07 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-28 10:55 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-05-21 20:49 . 2009-05-10 10:46 -------- d-----w- c:\program files\rFactor
2009-05-10 19:21 . 2009-05-10 19:21 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-05-09 05:50 . 2009-06-10 09:09 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 09:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-04-28 07:55 . 2009-04-28 07:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-23 12:15 . 2009-06-10 09:07 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-10 09:07 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-21 11:39 . 2009-06-10 09:07 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-24 15:27 . 2009-07-01 15:56 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-14_15.15.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-24 14:49 . 2009-07-14 15:51 33988 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-14 15:51 74672 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:02 . 2009-07-14 14:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-07-14 15:49 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-07-14 15:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-07-14 14:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-07-14 14:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2009-07-14 15:49 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-24 14:43 . 2009-07-14 15:51 7836 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3017709691-804468469-1464511852-1000_UserData.bin
- 2008-07-24 14:43 . 2009-07-14 14:32 7836 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3017709691-804468469-1464511852-1000_UserData.bin
- 2009-07-14 14:30 . 2009-07-14 14:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-14 15:49 . 2009-07-14 15:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-14 15:49 . 2009-07-14 15:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 14:30 . 2009-07-14 14:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-07-14 15:53 628288 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-14 14:35 628288 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-14 15:53 117790 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-07-14 14:35 117790 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-03-08 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-01 215552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-17 6793760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632]
c:\users\Fryct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-7-26 3581680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):84,f2,65,d2,a6,df,c9,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3017709691-804468469-1464511852-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{101D2057-1C16-420A-906F-E3C44D627292}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D8383F2A-5385-46A6-8BFA-1E8EE34798EE}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{6E1B9AAE-98B5-427D-B821-B6378835474B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{189A5AF6-EAEC-4117-A744-187E90D5BB2B}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{CD5DA0EC-732B-48A3-9546-F11402E8B70A}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E53F93DE-736E-4106-8758-65DC804075E1}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{12AD7443-1084-433B-BBE6-FCFE92D07171}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2114042D-FBB9-43F2-91CA-7792702A75A7}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{9E808409-3B11-427C-B17B-16688660CDB3}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{DB5EF49C-23F0-4508-9FA9-987ED80E18D5}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{F5958A01-E278-4574-8ADE-A23ACB4F8E3F}"= UDP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"{DEE2E5F3-2040-40D0-9F92-A22BAA14AFAB}"= TCP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"{61843F1F-BF99-4E05-A217-F92B4A1ADB2D}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{8F0E10BD-8BAC-47CB-8B46-33A2A948205F}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{FDAFF9FE-B8B7-4CAB-BC25-EE0CBD4CCA80}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{22E23C74-7242-4685-A4FB-7F6BC351EE28}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{FF9A2C3C-0D16-4FDC-9040-D1B3EF3A4226}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{4B8BEBA6-80B0-45BA-8867-B013CF2ECA79}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{530425C9-0F63-416B-8B84-99A437E8B0EE}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{BD1AED9B-66F7-42D5-973F-3CD6CFB018DA}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{3BCB6A29-7AE3-4304-96F3-AC616D14D646}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{87C52663-2039-479C-A0FF-537DBE081EB7}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{CF4F955D-6822-44C2-A772-F2A680F83C59}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{1E4DB4E0-6A3D-4C28-BE8F-968F93B9F3A6}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{83E8973F-F3CD-43C0-915F-3FAAB66F24F5}"= UDP:c:\program files\Steam\steamapps\common\trackmania united\TmForever.exe:TrackMania United Forever
"{F200D435-B063-4BD4-94F2-8B6077F964BD}"= TCP:c:\program files\Steam\steamapps\common\trackmania united\TmForever.exe:TrackMania United Forever
"{9CA93B90-7E0A-4464-AAB7-B3E6B9B7E073}"= UDP:c:\program files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:TrackMania United Forever
"{E9D5835A-8BEA-4041-9D8D-92D840EF0E44}"= TCP:c:\program files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:TrackMania United Forever
"{9C0C5B0E-354D-4175-AD3E-ED9B251DCAD7}"= UDP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{11FD57B5-4A28-422E-BBA6-C19BF9D10C75}"= TCP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{80126E6C-8F0B-4004-B875-22A334D4027D}"= UDP:c:\program files\Steam\steamapps\common\titan quest\help.htm:Titan Quest
"{16B4B97C-6E57-4785-8D80-E61248DB0C25}"= TCP:c:\program files\Steam\steamapps\common\titan quest\help.htm:Titan Quest
"{AA1C9932-7B6F-4730-A8C0-07735C9805C8}"= UDP:c:\program files\Steam\steamapps\common\titan quest immortal throne\Tqit.exe:Titan Quest: Immortal Throne
"{5C44A1D4-E9C3-4F6B-BF09-6043D5245191}"= TCP:c:\program files\Steam\steamapps\common\titan quest immortal throne\Tqit.exe:Titan Quest: Immortal Throne
"{5EC5A276-4BE0-4A72-83ED-CB8C045D8591}"= UDP:c:\program files\Steam\steamapps\common\titan quest immortal throne\help.htm:Titan Quest: Immortal Throne
"{C0C74C27-C2F3-4596-A503-FB8E26C42C0B}"= TCP:c:\program files\Steam\steamapps\common\titan quest immortal throne\help.htm:Titan Quest: Immortal Throne
"{D9775FD4-3FBC-4949-A6D7-D99BB24C5399}"= UDP:c:\program files\Steam\steamapps\common\trials 2 second edition\launcher.exe:Trials 2: Second Edition
"{623BC05D-93B6-4A0B-8BA1-A0AE2DCF9726}"= TCP:c:\program files\Steam\steamapps\common\trials 2 second edition\launcher.exe:Trials 2: Second Edition
"{FDD7CF1D-6AF2-49D8-B1C9-7D0809E19FC8}"= UDP:c:\program files\Steam\steamapps\common\x3 terran conflict\X3TC.exe:X3: Terran Conflict
"{BD3053F5-FDC1-43C8-BF0E-935CA6B28362}"= TCP:c:\program files\Steam\steamapps\common\x3 terran conflict\X3TC.exe:X3: Terran Conflict
"{4CDD6878-4548-4EDE-81AC-F80B359CC549}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{EBD9DF36-8BAD-4688-B9BF-C5DADF31DF0A}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{7A378ADA-706A-46AB-B1C7-3C681500BC39}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7F3CCEF5-BFDB-4BE7-804D-1F6857DBC07A}"= UDP:c:\program files\Steam\steamapps\common\the last remnant\Binaries\TLR.exe:The Last Remnant
"{17B89F98-B2E3-4FF6-AD6A-F24030AB0DB0}"= TCP:c:\program files\Steam\steamapps\common\the last remnant\Binaries\TLR.exe:The Last Remnant
"{95213D48-9D1E-430A-81B7-5942AAE3A917}"= UDP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{53E6152D-9FDE-4D0E-8EF3-89988CC311E8}"= TCP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{29733425-D2A2-49DA-8466-51BECA6B482A}"= UDP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{DA9C1B56-1DDD-4212-80FA-FD98ABFC3125}"= TCP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{A9CF6801-94F7-444C-A1C3-5FB9445E1552}"= UDP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{F37BC531-42A8-46F0-9D50-748A3F01B289}"= TCP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{39F3C5BA-DD85-45F9-BED7-CB02F7757781}"= UDP:c:\program files\Steam\steamapps\common\peggle deluxe\Peggle.exe:Peggle Deluxe
"{61190302-9076-4F54-BD68-845C1174C736}"= TCP:c:\program files\Steam\steamapps\common\peggle deluxe\Peggle.exe:Peggle Deluxe
"{A1957312-D880-4A9C-BA63-3C6A9D12269C}"= UDP:c:\program files\Steam\steamapps\common\peggle nights\PeggleNights.exe:Peggle Nights
"{0A14D283-CB35-4278-874E-EBC2D28EB7C2}"= TCP:c:\program files\Steam\steamapps\common\peggle nights\PeggleNights.exe:Peggle Nights
"{61D72F24-DC12-46D3-A73A-E0CF6A809B04}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Opposing Fronts
"{8E3A8E66-68CD-49E6-B98F-AE95E4CB9F2E}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Opposing Fronts
"{6CBF54B0-1EFE-4A20-BDDE-53B4152E5C3E}"= UDP:c:\program files\Steam\steamapps\common\prototype\prototypef.exe:Prototype
"{216C3479-379E-4B80-824B-BC6A4F5351BD}"= TCP:c:\program files\Steam\steamapps\common\prototype\prototypef.exe:Prototype
"{62B3ED5F-D096-41C1-AE37-F7EB12D7B748}"= UDP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{595778B3-1656-449D-8B09-8379B7F66E54}"= TCP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{800EA7D6-2A21-42A5-9C20-AB68008B708F}"= UDP:c:\program files\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe:Shadowgrounds
"{84D0B703-303F-46C5-A146-9BF8BCCBE6D4}"= TCP:c:\program files\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe:Shadowgrounds
"{B19F27EF-32AF-44C6-8BD3-3B9D208CDE43}"= UDP:c:\program files\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe:Shadowgrounds
"{FCDF5311-1CC7-40BE-8872-DAB61223EDAC}"= TCP:c:\program files\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe:Shadowgrounds
"{DD27ABE2-A9D8-44D5-AB6F-E7CB46A5F269}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{DB624513-F49B-4FD8-9A60-E63BC63232E9}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{9F6C31A3-4A02-4596-B9FE-ABA70F81E714}"= UDP:d:\streetfighteriv\StreetFighterIV.exe:STREET FIGHTER IV
"{FCB9D426-12A3-47B5-AADB-B7FB05A70FDE}"= TCP:d:\streetfighteriv\StreetFighterIV.exe:STREET FIGHTER IV
"{6AE9B028-EC14-439A-92D0-A765243722B6}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{24145960-6301-4880-83DA-E154F76347BC}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{C2A6EA39-0D9A-4CBE-9999-F80B8064C4D7}"= UDP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{C6C881ED-5ACB-4197-8B6C-A57910CCB895}"= TCP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{458616C4-2F77-4590-946B-E26323046FB5}"= UDP:c:\program files\Steam\steamapps\common\trine\trine_launcher.exe:Trine
"{538E8070-ED91-4ACA-A245-33A0679DEEC7}"= TCP:c:\program files\Steam\steamapps\common\trine\trine_launcher.exe:Trine
"{90618E61-22A7-4EDC-9A38-593985B9C439}"= UDP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor
"{82ED241A-ACB0-4BAC-A15B-6652A8D97643}"= TCP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Persona\\Persona.exe"= c:\program files\Persona\Persona.exe:*:Enabled:Persona
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [19/03/2009 11:44 107256]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [01/10/2008 16:44 20384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [19/03/2009 11:44 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [19/03/2009 11:45 93312]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [10/06/2009 06:33 232960]
R3 LycoFltr;Lycosa Keyboard;c:\windows\System32\drivers\Lycosa.sys [18/01/2008 06:43 16128]
S1 Start1Driver;Start1Driver;c:\windows\System32\drivers\Start1Driver.SYS [14/07/2009 13:36 5120]
S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\System32\drivers\AGUx86.sys [08/10/2007 09:53 892416]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNIMP50.sys [16/11/2006 14:36 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNISP50.sys [16/11/2006 14:36 20480]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [29/02/2008 02:07 942080]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\System32\drivers\WN111v2v.sys [30/09/2008 03:20 449536]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F6E42294-30F1-D27F-2FEE-DEC4CBE77B09}]
C:\Windows:system.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: dogsoftheseas.com
Trusted Zone: dogsoftheseas.com\realm01
Trusted Zone: dogsoftheseas.com\www
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
FF - component: c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\doudehou@gmail.com\components\statusbarEx.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npsoestb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 18:04
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
Completion time: 2009-07-14 18:07
ComboFix-quarantined-files.txt 2009-07-14 16:07
ComboFix2.txt 2009-07-14 15:18
Pre-Run: 68 896 911 360 octets libres
Post-Run: 68 887 498 752 octets libres
---
Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2427
Windows 6.0.6002 Service Pack 2
14/07/2009 18:17:07
mbam-log-2009-07-14 (18-17-07).txt
Type de recherche: Examen rapide
Eléments examinés: 79606
Temps écoulé: 2 minute(s), 18 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
\\?\globalroot\systemroot\System32\geyekrpahvfrqw.dll (Trojan.TDSS) -> Delete on reboot.
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
\\?\globalroot\systemroot\System32\geyekrpahvfrqw.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
ComboFix 09-07-13.01 - Fryct 14/07/2009 17:57.6.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3583.2562 [GMT 2:00]
Running from: c:\users\Fryct\Desktop\ComboFix.exe
Command switches used :: c:\users\Fryct\Desktop\CFScript.txt
SP: AdwareBot *disabled* (Updated) {2BFC08CE-6B66-47D4-BA62-0A39887A0229}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
FILE ::
"c:\users\Fryct\AppData\Local\d3d9caps.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Fryct\AppData\Local\d3d9caps.dat
.
((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.
2009-07-14 16:04 . 2009-07-14 16:04 -------- d-----w- c:\users\Fryct\AppData\Local\temp
2009-07-14 13:35 . 2009-07-14 13:35 -------- d-----w- c:\program files\Trend Micro
2009-07-14 11:56 . 2009-07-14 12:49 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-07-14 11:36 . 2009-03-14 04:48 5120 ----a-w- c:\windows\system32\drivers\Start1Driver.SYS
2009-07-14 09:45 . 2009-07-14 09:45 -------- d-----w- c:\progra~2\Simply Super Software
2009-07-13 22:27 . 2009-07-13 23:19 -------- d-----w- c:\windows\BDOSCAN8
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\users\Fryct\AppData\Roaming\Malwarebytes
2009-07-13 18:41 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-13 18:41 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 16:23 . 2009-07-13 16:23 -------- d---a-w- c:\program files\Common Files\Nero
2009-07-13 16:07 . 2009-07-13 16:07 -------- d-----w- c:\progra~2\SlySoft
2009-07-13 16:04 . 2009-07-13 16:04 -------- d-----w- c:\program files\SlySoft
2009-07-12 21:47 . 2009-07-12 22:17 -------- d-----w- c:\users\Fryct\AppData\Roaming\CyberLink
2009-07-12 21:47 . 2009-07-12 21:47 -------- d-----w- c:\users\Public\CyberLink
2009-07-12 21:44 . 2009-07-12 21:44 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-12 21:40 . 2009-07-12 22:07 -------- d-----w- c:\progra~2\CyberLink
2009-07-12 21:40 . 2008-05-14 12:48 29480 ------w- c:\windows\system32\msxml3a.dll
2009-07-12 21:39 . 2008-05-14 12:48 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-12 21:39 . 2009-07-13 16:15 -------- d-----w- c:\program files\CyberLink
2009-07-12 08:45 . 2009-07-12 08:45 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-12 08:45 . 2009-07-12 08:45 -------- d-----w- c:\windows\system32\AGEIA
2009-07-12 08:29 . 2009-07-12 08:29 -------- d-----w- c:\users\Fryct\{c904a8d4-a5d3-4d40-a799-60f6c462408a}
2009-07-12 08:29 . 2009-06-04 14:39 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-08 17:58 . 2005-07-25 09:59 28672 ----a-w- c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
2009-07-05 17:55 . 2008-04-16 12:13 65536 ----a-w- c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\doudehou@gmail.com\components\statusbarEx.dll
2009-07-05 00:33 . 2009-07-05 07:17 -------- d-----w- c:\users\Fryct\AppData\Roaming\IGN_DLM
2009-07-01 15:57 . 2009-07-01 15:57 0 ----a-w- c:\windows\nsreg.dat
2009-07-01 15:57 . 2009-07-01 15:57 -------- d-----w- c:\users\Fryct\AppData\Local\Mozilla
2009-06-20 09:48 . 2009-06-20 09:48 -------- d-----w- c:\users\Fryct\AppData\Local\ArmA 2
2009-06-20 09:47 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-06-20 09:47 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-06-20 09:47 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-06-20 09:47 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-06-20 09:35 . 2009-06-20 09:35 -------- d-----w- c:\program files\Bohemia Interactive
2009-06-17 19:46 . 2009-06-17 19:46 -------- d-----w- c:\users\Fryct\AppData\Local\Monte Cristo
2009-06-15 19:06 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-15 19:06 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-15 19:06 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-15 19:06 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-15 19:06 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-15 19:06 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 15:53 . 2006-11-02 15:48 716060 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-14 15:53 . 2006-11-02 15:48 144214 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-14 15:49 . 2009-07-12 08:52 31966 ----a-w- c:\progra~2\nvModes.dat
2009-07-14 15:49 . 2008-07-24 14:48 -------- d-----w- c:\progra~2\NVIDIA
2009-07-13 16:23 . 2008-07-24 17:11 -------- d-----w- c:\program files\Nero
2009-07-13 16:15 . 2008-07-25 22:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-13 14:56 . 2008-07-24 19:34 -------- d-----w- c:\program files\Steam
2009-07-12 21:47 . 2008-07-24 14:42 106240 ----a-w- c:\users\Fryct\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-12 21:38 . 2008-07-24 14:44 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-12 16:03 . 2008-09-25 15:16 -------- d-----w- c:\users\Fryct\AppData\Roaming\vlc
2009-07-12 08:45 . 2008-11-08 12:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 03:21 . 2008-07-26 17:11 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-11 20:42 . 2008-07-24 18:19 -------- d-----w- c:\users\Fryct\AppData\Roaming\MxBoost
2009-07-05 11:08 . 2008-07-24 19:34 -------- d-----w- c:\program files\Common Files\Steam
2009-07-05 09:32 . 2008-08-23 11:39 -------- d-----w- c:\program files\City of Heroes
2009-06-30 16:50 . 2008-07-26 21:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-23 12:11 . 2008-07-25 22:10 137888 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-23 12:11 . 2008-07-25 22:09 189288 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-22 11:51 . 2008-07-25 22:09 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-17 17:47 . 2009-05-09 10:38 -------- d-----w- c:\program files\Common Files\BioWare
2009-06-17 17:46 . 2008-07-26 15:49 -------- d-----w- c:\progra~2\Media Center Programs
2009-06-14 15:15 . 2009-06-13 13:26 -------- d-----w- c:\program files\Sony Online Entertainment
2009-06-11 18:46 . 2008-08-02 09:51 -------- d-----w- c:\progra~2\Steam
2009-06-11 18:46 . 2008-08-02 09:50 -------- d-----w- c:\progra~2\PopCap Games
2009-06-10 16:33 . 2009-06-10 16:33 9899296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-06-10 16:33 . 2009-06-10 16:33 989696 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 16:33 . 2009-06-10 16:33 7611904 ----a-w- c:\windows\system32\nvd3dum.dll
2009-06-10 16:33 . 2009-06-10 16:33 678432 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 16:33 . 2009-06-10 16:33 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 16:33 . 2009-06-10 16:33 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-06-10 16:33 . 2009-06-10 16:33 3148288 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-06-10 16:33 . 2009-06-10 16:33 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod155.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 16:33 . 2009-06-10 16:33 1317408 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 16:33 . 2009-06-10 16:33 10379264 ----a-w- c:\windows\system32\nvoglv32.dll
2009-06-10 09:19 . 2008-07-26 07:13 -------- d-----w- c:\progra~2\Microsoft Help
2009-06-10 06:35 . 2009-06-10 06:35 1505824 ----a-w- c:\windows\system32\nvcpluir.dll
2009-06-10 06:35 . 2009-06-10 06:35 1358368 ----a-w- c:\windows\system32\nvsvsr.dll
2009-06-10 06:35 . 2009-06-10 06:35 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-06-10 06:35 . 2009-06-10 06:35 1296928 ----a-w- c:\windows\system32\nvsvs.dll
2009-06-10 04:33 . 2009-06-10 04:33 244736 ----a-w- c:\windows\system32\nvStInst.exe
2009-06-10 04:33 . 2009-06-10 04:33 467968 ----a-w- c:\windows\system32\nvstlink.exe
2009-06-10 04:33 . 2009-06-10 04:33 3953152 ----a-w- c:\windows\system32\nvstwiz.exe
2009-06-10 04:33 . 2009-06-10 04:33 141824 ----a-w- c:\windows\system32\nvStereoApiI.dll
2009-06-10 04:33 . 2009-06-10 04:33 171520 ----a-w- c:\windows\system32\nvStereoApiI64.dll
2009-06-10 04:33 . 2009-06-10 04:33 232960 ----a-w- c:\windows\system32\nvSCPAPISvr.exe
2009-06-10 04:32 . 2009-06-10 04:32 257536 ----a-w- c:\windows\system32\nvSCPAPI.dll
2009-06-10 04:32 . 2009-06-10 04:32 301568 ----a-w- c:\windows\system32\nvSCPAPI64.dll
2009-06-10 04:32 . 2009-06-10 04:32 3293184 ----a-w- c:\windows\system32\nvstres.dll
2009-06-10 04:32 . 2009-06-10 04:32 5847 ----a-w- c:\windows\system32\oglstreg.reg
2009-06-10 04:31 . 2009-06-10 04:31 167424 ----a-w- c:\windows\system32\nvstreg.exe
2009-06-10 04:31 . 2009-06-10 04:31 1718272 ----a-w- c:\windows\system32\nvsttest.exe
2009-06-10 04:31 . 2009-06-10 04:31 1034752 ----a-w- c:\windows\system32\nvstview.exe
2009-06-10 04:31 . 2009-06-10 04:31 89088 ----a-w- c:\windows\system32\nvimage.dll
2009-06-10 04:29 . 2009-06-10 04:29 1656 ----a-w- c:\windows\system32\nvstdef.reg
2009-06-08 17:01 . 2008-07-31 19:40 -------- d-----w- c:\progra~2\TrackMania
2009-06-07 08:52 . 2009-06-07 08:52 10134 ----a-r- c:\users\Fryct\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-07 08:52 . 2009-06-07 08:52 -------- d-----w- c:\program files\Microsoft WSE
2009-06-06 16:12 . 2008-07-26 15:36 -------- d-----w- c:\program files\Electronic Arts
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-28 15:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-28 15:07 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-28 10:55 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-05-21 20:49 . 2009-05-10 10:46 -------- d-----w- c:\program files\rFactor
2009-05-10 19:21 . 2009-05-10 19:21 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-05-09 05:50 . 2009-06-10 09:09 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 09:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-04-28 07:55 . 2009-04-28 07:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-23 12:15 . 2009-06-10 09:07 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-10 09:07 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-21 11:39 . 2009-06-10 09:07 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-24 15:27 . 2009-07-01 15:56 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-14_15.15.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-24 14:49 . 2009-07-14 15:51 33988 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-14 15:51 74672 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:02 . 2009-07-14 14:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-07-14 15:49 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-07-14 15:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-07-14 14:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-07-14 14:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2009-07-14 15:49 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-24 14:43 . 2009-07-14 15:51 7836 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3017709691-804468469-1464511852-1000_UserData.bin
- 2008-07-24 14:43 . 2009-07-14 14:32 7836 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3017709691-804468469-1464511852-1000_UserData.bin
- 2009-07-14 14:30 . 2009-07-14 14:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-14 15:49 . 2009-07-14 15:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-14 15:49 . 2009-07-14 15:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 14:30 . 2009-07-14 14:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-07-14 15:53 628288 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-14 14:35 628288 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-14 15:53 117790 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-07-14 14:35 117790 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-03-08 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-01 215552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-17 6793760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632]
c:\users\Fryct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-7-26 3581680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):84,f2,65,d2,a6,df,c9,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3017709691-804468469-1464511852-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{101D2057-1C16-420A-906F-E3C44D627292}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D8383F2A-5385-46A6-8BFA-1E8EE34798EE}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{6E1B9AAE-98B5-427D-B821-B6378835474B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{189A5AF6-EAEC-4117-A744-187E90D5BB2B}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{CD5DA0EC-732B-48A3-9546-F11402E8B70A}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E53F93DE-736E-4106-8758-65DC804075E1}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{12AD7443-1084-433B-BBE6-FCFE92D07171}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2114042D-FBB9-43F2-91CA-7792702A75A7}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{9E808409-3B11-427C-B17B-16688660CDB3}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{DB5EF49C-23F0-4508-9FA9-987ED80E18D5}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{F5958A01-E278-4574-8ADE-A23ACB4F8E3F}"= UDP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"{DEE2E5F3-2040-40D0-9F92-A22BAA14AFAB}"= TCP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"{61843F1F-BF99-4E05-A217-F92B4A1ADB2D}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{8F0E10BD-8BAC-47CB-8B46-33A2A948205F}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{FDAFF9FE-B8B7-4CAB-BC25-EE0CBD4CCA80}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{22E23C74-7242-4685-A4FB-7F6BC351EE28}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{FF9A2C3C-0D16-4FDC-9040-D1B3EF3A4226}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{4B8BEBA6-80B0-45BA-8867-B013CF2ECA79}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{530425C9-0F63-416B-8B84-99A437E8B0EE}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{BD1AED9B-66F7-42D5-973F-3CD6CFB018DA}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{3BCB6A29-7AE3-4304-96F3-AC616D14D646}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{87C52663-2039-479C-A0FF-537DBE081EB7}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{CF4F955D-6822-44C2-A772-F2A680F83C59}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{1E4DB4E0-6A3D-4C28-BE8F-968F93B9F3A6}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{83E8973F-F3CD-43C0-915F-3FAAB66F24F5}"= UDP:c:\program files\Steam\steamapps\common\trackmania united\TmForever.exe:TrackMania United Forever
"{F200D435-B063-4BD4-94F2-8B6077F964BD}"= TCP:c:\program files\Steam\steamapps\common\trackmania united\TmForever.exe:TrackMania United Forever
"{9CA93B90-7E0A-4464-AAB7-B3E6B9B7E073}"= UDP:c:\program files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:TrackMania United Forever
"{E9D5835A-8BEA-4041-9D8D-92D840EF0E44}"= TCP:c:\program files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:TrackMania United Forever
"{9C0C5B0E-354D-4175-AD3E-ED9B251DCAD7}"= UDP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{11FD57B5-4A28-422E-BBA6-C19BF9D10C75}"= TCP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{80126E6C-8F0B-4004-B875-22A334D4027D}"= UDP:c:\program files\Steam\steamapps\common\titan quest\help.htm:Titan Quest
"{16B4B97C-6E57-4785-8D80-E61248DB0C25}"= TCP:c:\program files\Steam\steamapps\common\titan quest\help.htm:Titan Quest
"{AA1C9932-7B6F-4730-A8C0-07735C9805C8}"= UDP:c:\program files\Steam\steamapps\common\titan quest immortal throne\Tqit.exe:Titan Quest: Immortal Throne
"{5C44A1D4-E9C3-4F6B-BF09-6043D5245191}"= TCP:c:\program files\Steam\steamapps\common\titan quest immortal throne\Tqit.exe:Titan Quest: Immortal Throne
"{5EC5A276-4BE0-4A72-83ED-CB8C045D8591}"= UDP:c:\program files\Steam\steamapps\common\titan quest immortal throne\help.htm:Titan Quest: Immortal Throne
"{C0C74C27-C2F3-4596-A503-FB8E26C42C0B}"= TCP:c:\program files\Steam\steamapps\common\titan quest immortal throne\help.htm:Titan Quest: Immortal Throne
"{D9775FD4-3FBC-4949-A6D7-D99BB24C5399}"= UDP:c:\program files\Steam\steamapps\common\trials 2 second edition\launcher.exe:Trials 2: Second Edition
"{623BC05D-93B6-4A0B-8BA1-A0AE2DCF9726}"= TCP:c:\program files\Steam\steamapps\common\trials 2 second edition\launcher.exe:Trials 2: Second Edition
"{FDD7CF1D-6AF2-49D8-B1C9-7D0809E19FC8}"= UDP:c:\program files\Steam\steamapps\common\x3 terran conflict\X3TC.exe:X3: Terran Conflict
"{BD3053F5-FDC1-43C8-BF0E-935CA6B28362}"= TCP:c:\program files\Steam\steamapps\common\x3 terran conflict\X3TC.exe:X3: Terran Conflict
"{4CDD6878-4548-4EDE-81AC-F80B359CC549}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{EBD9DF36-8BAD-4688-B9BF-C5DADF31DF0A}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{7A378ADA-706A-46AB-B1C7-3C681500BC39}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7F3CCEF5-BFDB-4BE7-804D-1F6857DBC07A}"= UDP:c:\program files\Steam\steamapps\common\the last remnant\Binaries\TLR.exe:The Last Remnant
"{17B89F98-B2E3-4FF6-AD6A-F24030AB0DB0}"= TCP:c:\program files\Steam\steamapps\common\the last remnant\Binaries\TLR.exe:The Last Remnant
"{95213D48-9D1E-430A-81B7-5942AAE3A917}"= UDP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{53E6152D-9FDE-4D0E-8EF3-89988CC311E8}"= TCP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{29733425-D2A2-49DA-8466-51BECA6B482A}"= UDP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{DA9C1B56-1DDD-4212-80FA-FD98ABFC3125}"= TCP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{A9CF6801-94F7-444C-A1C3-5FB9445E1552}"= UDP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{F37BC531-42A8-46F0-9D50-748A3F01B289}"= TCP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{39F3C5BA-DD85-45F9-BED7-CB02F7757781}"= UDP:c:\program files\Steam\steamapps\common\peggle deluxe\Peggle.exe:Peggle Deluxe
"{61190302-9076-4F54-BD68-845C1174C736}"= TCP:c:\program files\Steam\steamapps\common\peggle deluxe\Peggle.exe:Peggle Deluxe
"{A1957312-D880-4A9C-BA63-3C6A9D12269C}"= UDP:c:\program files\Steam\steamapps\common\peggle nights\PeggleNights.exe:Peggle Nights
"{0A14D283-CB35-4278-874E-EBC2D28EB7C2}"= TCP:c:\program files\Steam\steamapps\common\peggle nights\PeggleNights.exe:Peggle Nights
"{61D72F24-DC12-46D3-A73A-E0CF6A809B04}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Opposing Fronts
"{8E3A8E66-68CD-49E6-B98F-AE95E4CB9F2E}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Opposing Fronts
"{6CBF54B0-1EFE-4A20-BDDE-53B4152E5C3E}"= UDP:c:\program files\Steam\steamapps\common\prototype\prototypef.exe:Prototype
"{216C3479-379E-4B80-824B-BC6A4F5351BD}"= TCP:c:\program files\Steam\steamapps\common\prototype\prototypef.exe:Prototype
"{62B3ED5F-D096-41C1-AE37-F7EB12D7B748}"= UDP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{595778B3-1656-449D-8B09-8379B7F66E54}"= TCP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{800EA7D6-2A21-42A5-9C20-AB68008B708F}"= UDP:c:\program files\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe:Shadowgrounds
"{84D0B703-303F-46C5-A146-9BF8BCCBE6D4}"= TCP:c:\program files\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe:Shadowgrounds
"{B19F27EF-32AF-44C6-8BD3-3B9D208CDE43}"= UDP:c:\program files\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe:Shadowgrounds
"{FCDF5311-1CC7-40BE-8872-DAB61223EDAC}"= TCP:c:\program files\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe:Shadowgrounds
"{DD27ABE2-A9D8-44D5-AB6F-E7CB46A5F269}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{DB624513-F49B-4FD8-9A60-E63BC63232E9}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{9F6C31A3-4A02-4596-B9FE-ABA70F81E714}"= UDP:d:\streetfighteriv\StreetFighterIV.exe:STREET FIGHTER IV
"{FCB9D426-12A3-47B5-AADB-B7FB05A70FDE}"= TCP:d:\streetfighteriv\StreetFighterIV.exe:STREET FIGHTER IV
"{6AE9B028-EC14-439A-92D0-A765243722B6}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{24145960-6301-4880-83DA-E154F76347BC}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{C2A6EA39-0D9A-4CBE-9999-F80B8064C4D7}"= UDP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{C6C881ED-5ACB-4197-8B6C-A57910CCB895}"= TCP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{458616C4-2F77-4590-946B-E26323046FB5}"= UDP:c:\program files\Steam\steamapps\common\trine\trine_launcher.exe:Trine
"{538E8070-ED91-4ACA-A245-33A0679DEEC7}"= TCP:c:\program files\Steam\steamapps\common\trine\trine_launcher.exe:Trine
"{90618E61-22A7-4EDC-9A38-593985B9C439}"= UDP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor
"{82ED241A-ACB0-4BAC-A15B-6652A8D97643}"= TCP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Persona\\Persona.exe"= c:\program files\Persona\Persona.exe:*:Enabled:Persona
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [19/03/2009 11:44 107256]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [01/10/2008 16:44 20384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [19/03/2009 11:44 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [19/03/2009 11:45 93312]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [10/06/2009 06:33 232960]
R3 LycoFltr;Lycosa Keyboard;c:\windows\System32\drivers\Lycosa.sys [18/01/2008 06:43 16128]
S1 Start1Driver;Start1Driver;c:\windows\System32\drivers\Start1Driver.SYS [14/07/2009 13:36 5120]
S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\System32\drivers\AGUx86.sys [08/10/2007 09:53 892416]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNIMP50.sys [16/11/2006 14:36 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNISP50.sys [16/11/2006 14:36 20480]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [29/02/2008 02:07 942080]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\System32\drivers\WN111v2v.sys [30/09/2008 03:20 449536]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F6E42294-30F1-D27F-2FEE-DEC4CBE77B09}]
C:\Windows:system.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: dogsoftheseas.com
Trusted Zone: dogsoftheseas.com\realm01
Trusted Zone: dogsoftheseas.com\www
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
FF - component: c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\doudehou@gmail.com\components\statusbarEx.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npsoestb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 18:04
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
Completion time: 2009-07-14 18:07
ComboFix-quarantined-files.txt 2009-07-14 16:07
ComboFix2.txt 2009-07-14 15:18
Pre-Run: 68 896 911 360 octets libres
Post-Run: 68 887 498 752 octets libres
---
Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2427
Windows 6.0.6002 Service Pack 2
14/07/2009 18:17:07
mbam-log-2009-07-14 (18-17-07).txt
Type de recherche: Examen rapide
Eléments examinés: 79606
Temps écoulé: 2 minute(s), 18 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
\\?\globalroot\systemroot\System32\geyekrpahvfrqw.dll (Trojan.TDSS) -> Delete on reboot.
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
\\?\globalroot\systemroot\System32\geyekrpahvfrqw.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
fix200
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
158
14 juil. 2009 à 20:00
14 juil. 2009 à 20:00
@ loick22
ARRÊTE DE POLLUER LE TOPIC !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! , CAR IL VAS PAS FORMATER !!!
@ Fryct
Télécharge Gmer (by Przemyslaw Gmerek)
▶ Dézippe gmer ,cliques sur l'onglet rootkit,lances le scan, des lignes rouges vont apparaitre.
* Les lignes rouges indiquent la présence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans démarrer ,puis ouvres le bloc note,vas dans édition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
Ensuite
▶ sur les lignes rouge:
Services: Clique droit puis delete service
Process: Clique droit puis kill process
Adl ,file: Clique droit puis delete files
Ensuite :
Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.
▶ Double-clique sur RSIT.exe afin de lancer RSIT.
▶ Clique sur Continue à l'écran " Disclaimer of warranty ".
▶ Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
▶ Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
=> Poste le contenu de log.txt (qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
Note : Les deux rapports sont également sauvegardés %systemdrive%\rsit ou C:\rsit
A+
ARRÊTE DE POLLUER LE TOPIC !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! , CAR IL VAS PAS FORMATER !!!
@ Fryct
Télécharge Gmer (by Przemyslaw Gmerek)
▶ Dézippe gmer ,cliques sur l'onglet rootkit,lances le scan, des lignes rouges vont apparaitre.
* Les lignes rouges indiquent la présence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans démarrer ,puis ouvres le bloc note,vas dans édition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
Ensuite
▶ sur les lignes rouge:
Services: Clique droit puis delete service
Process: Clique droit puis kill process
Adl ,file: Clique droit puis delete files
Ensuite :
Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.
▶ Double-clique sur RSIT.exe afin de lancer RSIT.
▶ Clique sur Continue à l'écran " Disclaimer of warranty ".
▶ Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
▶ Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
=> Poste le contenu de log.txt (qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
Note : Les deux rapports sont également sauvegardés %systemdrive%\rsit ou C:\rsit
A+
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
14 juil. 2009 à 20:34
14 juil. 2009 à 20:34
oick22 au lieu de venir dire n'importe quoi sur les sujet tu ferais mieux de faire des recherches pour toi , comme dit le dicton " toutes charités bien ordonner commence par soit même " http://www.commentcamarche.net/forum/affich 13090634 ecran hs
Voici le log.txt de rsit:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Fryct at 2009-07-14 20:38:39
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 65 GB (23%) free of 286 GB
Total RAM: 3583 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:42, on 14/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Fryct\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Fryct.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O15 - Trusted Zone: http://realm01.dogsoftheseas.com
O15 - Trusted Zone: http://www.dogsoftheseas.com
O15 - Trusted Zone: http://*.dogsoftheseas.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by Fryct at 2009-07-14 20:38:39
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 65 GB (23%) free of 286 GB
Total RAM: 3583 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:42, on 14/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Fryct\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Fryct.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O15 - Trusted Zone: http://realm01.dogsoftheseas.com
O15 - Trusted Zone: http://www.dogsoftheseas.com
O15 - Trusted Zone: http://*.dogsoftheseas.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe
Puis info.txt de rsit toujours :
info.txt logfile of random's system information tool 1.06 2009-07-14 20:38:43
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware-->"C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{5D2398DF-3022-4820-93BA-F1175FBEA9CA}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{4BDB76C6-902E-41D5-9064-68768E02886B}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{80FD3971-8482-49C8-BA8C-B6464A15882F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Video Encoder-->MsiExec.exe /I{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{6E08CE13-C2AB-4749-9335-5900B958929E}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}
Adobe Reader 9.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Adobe Setup-->MsiExec.exe /I{1628F6BD-5ED1-4FD1-B90F-C106AF4E00F0}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player-->MsiExec.exe /X{211E8730-5681-49ED-BC6A-78C9F88E95F5}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Ajouter ou supprimer Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\b5d5789539ea1f004a4defceea74312\Setup.exe
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArmA 2 Uninstall-->C:\Program files\Bohemia Interactive\ArmA 2\UnInstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
BattleForge™-->MsiExec.exe /X{C580908C-B3BA-4C19-BD60-16F02F272201}
Building & Co-->C:\Program Files\Elektrogames\Building&Co\uninstall.exe
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
Canon MP610 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series /L0x000c
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Company of Heroes-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4560
Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DAMN NFO Viewer Setup-->MsiExec.exe /I{D5DE2E28-2BA1-4CF8-A4C5-D3D2AE0A9E38}
Darkest Hour-->"C:\Program Files\Steam\steam.exe" steam://uninstall/1280
Demigod-->"C:\Program Files\Stardock Games\Demigod\UninstHelper.exe" /autouninstall dem
DeskScapes-->C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\INSTALL.LOG
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Evochron Legends-->"D:\EvochronLegends\unins000.exe"
Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x40c -removeonly
FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
Football Manager Live-->"C:\Program Files\Sports Interactive\Football Manager Live\uninstall.exe"
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free Realms Installer-->C:\Program Files\Sony Online Entertainment\uninst.exe
Futuremark SystemInfo-->C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe -runfromtemp -l0x0009 -removeonly
GalCiv II - Ultimate Edition-->"C:\Program Files\Stardock Games\GalCiv2Ultimate\UninstHelper.exe" /autouninstall galciv2ul
Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Gobliiins 4-->"C:\Program Files\Snowball Studios\Gobliiins 4\unins000.exe"
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x040c -removeonly
Graphical Enhancement Resources 2.5-->C:\Program Files\Mount&Blade\uninstall_commonres_pack.exe
Graphical Enhancement Textures 2.5-->C:\Program Files\Mount&Blade\uninstall_texture_pack.exe
GTA IV Realism Mod - Windows Vista 1.00-->C:\Program Files\Rockstar Games\GTA IV Realism Mod v1.0\Uninstall.exe
GUILD WARS-->"C:\Program Files\GUILD WARS\Gw.exe" -uninstall
HashTab 1.14 for x32-->C:\Program Files\HashTab Shell Extension\uninst.exe
HD Tach version 3-->"C:\Program Files\Simpli Software\HD Tach\unins000.exe"
HeroStats-->C:\Program Files\HeroStats\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLSW v1.3.0.7-->"C:\Program Files\HLSW\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hybrid Downloader 1,0,2,6-->C:\Program Files\Persona\uninst.exe
IGN Download Manager 2.3.3-->C:\Program Files\IGN\Download Manager\uninst.exe
Impulse-->"C:\ProgramData\{181AD827-020A-4331-AF8B-7A6AD3EC7FA3}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE
Impulse-->C:\ProgramData\{181AD827-020A-4331-AF8B-7A6AD3EC7FA3}\Impulse_setup.exe
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Management Engine Interface-->C:\Windows\system32\heciudlg.exe -uninstall
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Lame ACM MP3 Codec-->C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\Windows\INF\LameACM.inf
Launchpad Enhanced-->MsiExec.exe /I{BAA11826-70EF-4E44-9E97-8476793E022F}
Les Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x040c -removeonly
Magic Button-->C:\Windows\WindowsMobile\Magic Button\Uninstall.exe Magic Button
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maxthon2 Browser (remove only)-->C:\Users\Fryct\AppData\Roaming\Maxthon2\MaxthonUINST.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mids' Hero/Villain Designer-->D:\coh\Mids Hero Designer\Uninstall.exe
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mount&Blade-->C:\Program Files\Mount&Blade\uninstall.exe
Mozilla Firefox (3.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NewsLeecher v3.9 Final-->"C:\Program Files\NewsLeecher\unins000.exe"
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
NVIDIA Stereoscopic 3D Driver-->C:\Windows\system32\nvStInst.exe /uninstall /ask
ObjectDock Plus-->C:\PROGRA~1\Stardock\OBJECT~1\objectdock.exe /uninstall
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pangya (Ntreev USA)-->C:\Program Files\Pangya\uninstall.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Peggle Deluxe-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3480
Peggle Nights-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3540
PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Prototype-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10150
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Quake Live Internet Explorer Plugin-->MsiExec.exe /I{A98BEA7A-5F50-45C9-AB8C-751BBBC661C6}
QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RangeMax Wireless-N USB Adapter WN111v2-->C:\Program Files\InstallShield Installation Information\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\setup.exe -runfromtemp -l0x0409
Rapid PHP 2008 v9.0-->"C:\Program Files\Rapid PHP 2008\unins000.exe"
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Red Orchestra-->"C:\Program Files\Steam\steam.exe" steam://uninstall/1200
rFactor (remove only)-->"C:\Program Files\rFactor\Uninstall.exe"
Ri4m v5.0.1d-->C:\Program Files\Ripp-it_AM\Ri4m_Uninstal.exe
Ripp-It Codec Pack v 4.2.6-->C:\Program Files\Ripp-It Codec Pack\uninst.exe
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x040c -removeonly
Savage 2 - A Tortured Soul-->C:\Program Files\Savage 2 - A Tortured Soul\uninstall.exe
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Shadowgrounds-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2500
Sins of a Solar Empire-->"C:\Program Files\Stardock Games\Sins of a Solar Empire\UninstHelper.exe" /autouninstall sin
Skin-->C:\Windows\WindowsMobile\Skin\Uninstall.exe Skin
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x040c -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
STREET FIGHTER IV-->MsiExec.exe /X{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Last Remnant-->"C:\Program Files\Steam\steam.exe" steam://uninstall/23310
Titan Quest: Immortal Throne-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4550
Titan Quest-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4540
TrackMania United Forever-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7200
Trine-->"C:\Program Files\Steam\steam.exe" steam://uninstall/35700
Unreal Tournament 3-->"C:\Program Files\Steam\steam.exe" steam://uninstall/13210
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
X Plugin Manager 2.20 BETA 6-->'C:\Program Files\X Plugin Manager\Uninstall.exe'
X3 ModManager-->"D:\X3 ModManager\Uninstall.exe"
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
======Security center information======
AS: Lavasoft Ad-Watch Live! (disabled)
AS: Windows Defender
AS: AdwareBot (disabled)
======System event log======
Computer Name: PC-de-Fryct
Event Code: 7026
Message: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
i8042prt
Record Number: 27502
Source Name: Service Control Manager
Time Written: 20080919075549.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Fryct
Event Code: 4227
Message: TCP/IP n’a pas pu établir une connexion sortante car le point de terminaison local sélectionné a été récemment utilisé pour se connecter au même point de terminaison distant. Cette erreur se produit généralement lorsque les connexions sortantes sont ouvertes et fermées à un débit élevé, provoquant l’utilisation de tous les ports locaux disponibles et obligeant TCP/IP à réutiliser un port local pour une connexion sortante. Pour réduire le risque d’altération des données, la norme TCP/IP exige qu’un laps de temps minimal s’écoule entre des connexions successives d’un point de terminaison local à un point de terminaison distant.
Record Number: 27441
Source Name: Tcpip
Time Written: 20080919075432.658846-000
Event Type: Avertissement
User:
Computer Name: PC-de-Fryct
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 27437
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20080919075407.435538-000
Event Type: Erreur
User:
Computer Name: PC-de-Fryct
Event Code: 1002
Message: Le bail de l'adresse IP 192.168.0.5 pour la carte réseau dont l'adresse réseau est 0016E685A094 a été refusé par le serveur DHCP 192.168.0.250 (celui-ci a envoyé un message DHCPNACK).
Record Number: 27423
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20080919075407.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Fryct
Event Code: 1003
Message:
Record Number: 27422
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20080919075407.000000-000
Event Type: Avertissement
User:
=====Application event log=====
Computer Name: PC-de-Fryct
Event Code: 6004
Message: Échec de l’abonné aux notifications Winlogon <TrustedInstaller> lors d’un événement de notification critique.
Record Number: 149
Source Name: Microsoft-Windows-Winlogon
Time Written: 20080724150454.000000-000
Event Type: Avertissement
User:
Computer Name: PC-de-Fryct
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.
DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3017709691-804468469-1464511852-1000:
Process 512 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3017709691-804468469-1464511852-1000
Record Number: 62
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080724144642.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-de-Fryct
Event Code: 63
Message: Le fournisseur WmiPerfClass a été inscrit dans l’espace de noms Windows Management Instrumentation root\cimv2, afin d’utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s’il ne représente pas correctement les demandes utilisateur.
Record Number: 55
Source Name: Microsoft-Windows-WMI
Time Written: 20080724144357.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-de-Fryct
Event Code: 63
Message: Le fournisseur WmiPerfClass a été inscrit dans l’espace de noms Windows Management Instrumentation root\cimv2, afin d’utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s’il ne représente pas correctement les demandes utilisateur.
Record Number: 54
Source Name: Microsoft-Windows-WMI
Time Written: 20080724144357.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-de-Fryct
Event Code: 1008
Message: Le service Windows Search tente de supprimer l’ancien catalogue.
Record Number: 23
Source Name: Microsoft-Windows-Search
Time Written: 20080724143957.000000-000
Event Type: Avertissement
User:
=====Security event log=====
Computer Name: PC-de-Fryct
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-Fryct$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost
Informations sur le processus :
ID du processus : 0x29c
Nom du processus : C:\Windows\System32\services.exe
Informations sur le réseau :
Adresse du réseau : -
Port : -
Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 8915
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080820130510.039476-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-Fryct
Event Code: 5032
Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.
Code d’erreur : 2
Record Number: 8914
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080820130509.758244-000
Event Type: Échec de l'audit
User:
Computer Name: PC-de-Fryct
Event Code: 5032
Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.
Code d’erreur : 2
Record Number: 8913
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080820130506.554326-000
Event Type: Échec de l'audit
User:
Computer Name: PC-de-Fryct
Event Code: 5024
Message: Le démarrage du service Pare-feu Windows s’est correctement déroulé.
Record Number: 8912
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080820130501.884618-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-Fryct
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.
Sujet :
ID de sécurité : S-1-0-0
Nom du compte : -
Domaine du compte : -
ID d’ouverture de session : 0x0
Type d’ouverture de session : 3
Nouvelle ouverture de session :
ID de sécurité : S-1-5-7
Nom du compte : ANONYMOUS LOGON
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x22c39
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Informations sur le processus :
ID du processus : 0x0
Nom du processus : -
Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -
Informations détaillées sur l’authentification :
Processus d’ouverture de session : NtLmSsp
Package d’authentification : NTLM
Services en transit : -
Nom du package (NTLM uniquement) : NTLM V1
Longueur de la clé : 0
Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.
Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.
Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).
Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.
Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.
Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 8911
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080820130500.728442-000
Event Type: Succès de l'audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\DivX Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-07-14 20:38:43
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware-->"C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{5D2398DF-3022-4820-93BA-F1175FBEA9CA}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{4BDB76C6-902E-41D5-9064-68768E02886B}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{80FD3971-8482-49C8-BA8C-B6464A15882F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Video Encoder-->MsiExec.exe /I{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{6E08CE13-C2AB-4749-9335-5900B958929E}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}
Adobe Reader 9.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Adobe Setup-->MsiExec.exe /I{1628F6BD-5ED1-4FD1-B90F-C106AF4E00F0}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player-->MsiExec.exe /X{211E8730-5681-49ED-BC6A-78C9F88E95F5}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Ajouter ou supprimer Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\b5d5789539ea1f004a4defceea74312\Setup.exe
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArmA 2 Uninstall-->C:\Program files\Bohemia Interactive\ArmA 2\UnInstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
BattleForge™-->MsiExec.exe /X{C580908C-B3BA-4C19-BD60-16F02F272201}
Building & Co-->C:\Program Files\Elektrogames\Building&Co\uninstall.exe
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
Canon MP610 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series /L0x000c
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Company of Heroes-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4560
Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DAMN NFO Viewer Setup-->MsiExec.exe /I{D5DE2E28-2BA1-4CF8-A4C5-D3D2AE0A9E38}
Darkest Hour-->"C:\Program Files\Steam\steam.exe" steam://uninstall/1280
Demigod-->"C:\Program Files\Stardock Games\Demigod\UninstHelper.exe" /autouninstall dem
DeskScapes-->C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\INSTALL.LOG
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Evochron Legends-->"D:\EvochronLegends\unins000.exe"
Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x40c -removeonly
FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
Football Manager Live-->"C:\Program Files\Sports Interactive\Football Manager Live\uninstall.exe"
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free Realms Installer-->C:\Program Files\Sony Online Entertainment\uninst.exe
Futuremark SystemInfo-->C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe -runfromtemp -l0x0009 -removeonly
GalCiv II - Ultimate Edition-->"C:\Program Files\Stardock Games\GalCiv2Ultimate\UninstHelper.exe" /autouninstall galciv2ul
Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Gobliiins 4-->"C:\Program Files\Snowball Studios\Gobliiins 4\unins000.exe"
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x040c -removeonly
Graphical Enhancement Resources 2.5-->C:\Program Files\Mount&Blade\uninstall_commonres_pack.exe
Graphical Enhancement Textures 2.5-->C:\Program Files\Mount&Blade\uninstall_texture_pack.exe
GTA IV Realism Mod - Windows Vista 1.00-->C:\Program Files\Rockstar Games\GTA IV Realism Mod v1.0\Uninstall.exe
GUILD WARS-->"C:\Program Files\GUILD WARS\Gw.exe" -uninstall
HashTab 1.14 for x32-->C:\Program Files\HashTab Shell Extension\uninst.exe
HD Tach version 3-->"C:\Program Files\Simpli Software\HD Tach\unins000.exe"
HeroStats-->C:\Program Files\HeroStats\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLSW v1.3.0.7-->"C:\Program Files\HLSW\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hybrid Downloader 1,0,2,6-->C:\Program Files\Persona\uninst.exe
IGN Download Manager 2.3.3-->C:\Program Files\IGN\Download Manager\uninst.exe
Impulse-->"C:\ProgramData\{181AD827-020A-4331-AF8B-7A6AD3EC7FA3}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE
Impulse-->C:\ProgramData\{181AD827-020A-4331-AF8B-7A6AD3EC7FA3}\Impulse_setup.exe
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Management Engine Interface-->C:\Windows\system32\heciudlg.exe -uninstall
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Lame ACM MP3 Codec-->C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\Windows\INF\LameACM.inf
Launchpad Enhanced-->MsiExec.exe /I{BAA11826-70EF-4E44-9E97-8476793E022F}
Les Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x040c -removeonly
Magic Button-->C:\Windows\WindowsMobile\Magic Button\Uninstall.exe Magic Button
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maxthon2 Browser (remove only)-->C:\Users\Fryct\AppData\Roaming\Maxthon2\MaxthonUINST.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mids' Hero/Villain Designer-->D:\coh\Mids Hero Designer\Uninstall.exe
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mount&Blade-->C:\Program Files\Mount&Blade\uninstall.exe
Mozilla Firefox (3.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NewsLeecher v3.9 Final-->"C:\Program Files\NewsLeecher\unins000.exe"
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
NVIDIA Stereoscopic 3D Driver-->C:\Windows\system32\nvStInst.exe /uninstall /ask
ObjectDock Plus-->C:\PROGRA~1\Stardock\OBJECT~1\objectdock.exe /uninstall
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pangya (Ntreev USA)-->C:\Program Files\Pangya\uninstall.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Peggle Deluxe-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3480
Peggle Nights-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3540
PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Prototype-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10150
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Quake Live Internet Explorer Plugin-->MsiExec.exe /I{A98BEA7A-5F50-45C9-AB8C-751BBBC661C6}
QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RangeMax Wireless-N USB Adapter WN111v2-->C:\Program Files\InstallShield Installation Information\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\setup.exe -runfromtemp -l0x0409
Rapid PHP 2008 v9.0-->"C:\Program Files\Rapid PHP 2008\unins000.exe"
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Red Orchestra-->"C:\Program Files\Steam\steam.exe" steam://uninstall/1200
rFactor (remove only)-->"C:\Program Files\rFactor\Uninstall.exe"
Ri4m v5.0.1d-->C:\Program Files\Ripp-it_AM\Ri4m_Uninstal.exe
Ripp-It Codec Pack v 4.2.6-->C:\Program Files\Ripp-It Codec Pack\uninst.exe
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x040c -removeonly
Savage 2 - A Tortured Soul-->C:\Program Files\Savage 2 - A Tortured Soul\uninstall.exe
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Shadowgrounds-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2500
Sins of a Solar Empire-->"C:\Program Files\Stardock Games\Sins of a Solar Empire\UninstHelper.exe" /autouninstall sin
Skin-->C:\Windows\WindowsMobile\Skin\Uninstall.exe Skin
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x040c -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
STREET FIGHTER IV-->MsiExec.exe /X{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Last Remnant-->"C:\Program Files\Steam\steam.exe" steam://uninstall/23310
Titan Quest: Immortal Throne-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4550
Titan Quest-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4540
TrackMania United Forever-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7200
Trine-->"C:\Program Files\Steam\steam.exe" steam://uninstall/35700
Unreal Tournament 3-->"C:\Program Files\Steam\steam.exe" steam://uninstall/13210
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
X Plugin Manager 2.20 BETA 6-->'C:\Program Files\X Plugin Manager\Uninstall.exe'
X3 ModManager-->"D:\X3 ModManager\Uninstall.exe"
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
======Security center information======
AS: Lavasoft Ad-Watch Live! (disabled)
AS: Windows Defender
AS: AdwareBot (disabled)
======System event log======
Computer Name: PC-de-Fryct
Event Code: 7026
Message: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
i8042prt
Record Number: 27502
Source Name: Service Control Manager
Time Written: 20080919075549.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Fryct
Event Code: 4227
Message: TCP/IP n’a pas pu établir une connexion sortante car le point de terminaison local sélectionné a été récemment utilisé pour se connecter au même point de terminaison distant. Cette erreur se produit généralement lorsque les connexions sortantes sont ouvertes et fermées à un débit élevé, provoquant l’utilisation de tous les ports locaux disponibles et obligeant TCP/IP à réutiliser un port local pour une connexion sortante. Pour réduire le risque d’altération des données, la norme TCP/IP exige qu’un laps de temps minimal s’écoule entre des connexions successives d’un point de terminaison local à un point de terminaison distant.
Record Number: 27441
Source Name: Tcpip
Time Written: 20080919075432.658846-000
Event Type: Avertissement
User:
Computer Name: PC-de-Fryct
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 27437
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20080919075407.435538-000
Event Type: Erreur
User:
Computer Name: PC-de-Fryct
Event Code: 1002
Message: Le bail de l'adresse IP 192.168.0.5 pour la carte réseau dont l'adresse réseau est 0016E685A094 a été refusé par le serveur DHCP 192.168.0.250 (celui-ci a envoyé un message DHCPNACK).
Record Number: 27423
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20080919075407.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Fryct
Event Code: 1003
Message:
Record Number: 27422
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20080919075407.000000-000
Event Type: Avertissement
User:
=====Application event log=====
Computer Name: PC-de-Fryct
Event Code: 6004
Message: Échec de l’abonné aux notifications Winlogon <TrustedInstaller> lors d’un événement de notification critique.
Record Number: 149
Source Name: Microsoft-Windows-Winlogon
Time Written: 20080724150454.000000-000
Event Type: Avertissement
User:
Computer Name: PC-de-Fryct
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.
DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3017709691-804468469-1464511852-1000:
Process 512 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3017709691-804468469-1464511852-1000
Record Number: 62
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080724144642.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-de-Fryct
Event Code: 63
Message: Le fournisseur WmiPerfClass a été inscrit dans l’espace de noms Windows Management Instrumentation root\cimv2, afin d’utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s’il ne représente pas correctement les demandes utilisateur.
Record Number: 55
Source Name: Microsoft-Windows-WMI
Time Written: 20080724144357.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-de-Fryct
Event Code: 63
Message: Le fournisseur WmiPerfClass a été inscrit dans l’espace de noms Windows Management Instrumentation root\cimv2, afin d’utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s’il ne représente pas correctement les demandes utilisateur.
Record Number: 54
Source Name: Microsoft-Windows-WMI
Time Written: 20080724144357.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-de-Fryct
Event Code: 1008
Message: Le service Windows Search tente de supprimer l’ancien catalogue.
Record Number: 23
Source Name: Microsoft-Windows-Search
Time Written: 20080724143957.000000-000
Event Type: Avertissement
User:
=====Security event log=====
Computer Name: PC-de-Fryct
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-Fryct$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost
Informations sur le processus :
ID du processus : 0x29c
Nom du processus : C:\Windows\System32\services.exe
Informations sur le réseau :
Adresse du réseau : -
Port : -
Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 8915
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080820130510.039476-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-Fryct
Event Code: 5032
Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.
Code d’erreur : 2
Record Number: 8914
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080820130509.758244-000
Event Type: Échec de l'audit
User:
Computer Name: PC-de-Fryct
Event Code: 5032
Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.
Code d’erreur : 2
Record Number: 8913
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080820130506.554326-000
Event Type: Échec de l'audit
User:
Computer Name: PC-de-Fryct
Event Code: 5024
Message: Le démarrage du service Pare-feu Windows s’est correctement déroulé.
Record Number: 8912
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080820130501.884618-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-Fryct
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.
Sujet :
ID de sécurité : S-1-0-0
Nom du compte : -
Domaine du compte : -
ID d’ouverture de session : 0x0
Type d’ouverture de session : 3
Nouvelle ouverture de session :
ID de sécurité : S-1-5-7
Nom du compte : ANONYMOUS LOGON
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x22c39
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Informations sur le processus :
ID du processus : 0x0
Nom du processus : -
Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -
Informations détaillées sur l’authentification :
Processus d’ouverture de session : NtLmSsp
Package d’authentification : NTLM
Services en transit : -
Nom du package (NTLM uniquement) : NTLM V1
Longueur de la clé : 0
Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.
Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.
Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).
Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.
Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.
Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 8911
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080820130500.728442-000
Event Type: Succès de l'audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\DivX Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0
-----------------EOF-----------------
loick22
Messages postés
297
Date d'inscription
samedi 27 juin 2009
Statut
Membre
Dernière intervention
15 mai 2010
20
14 juil. 2009 à 21:39
14 juil. 2009 à 21:39
je tais rien demander
fix200
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
158
14 juil. 2009 à 21:09
14 juil. 2009 à 21:09
Fais Gmer , puis mets a jour Malwarebyte's , fais un scan rapide vire ce qu'il a trouvé et colle le rapport accompagné d'un nouveau scan RSIT .
@+
@+
fix200
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
158
14 juil. 2009 à 21:20
14 juil. 2009 à 21:20
Salut sKe :)
On verra comment ça va se passer ... je pense qu'on va refaire Combo , p'tetre une nouvelle Maj :)
@+
On verra comment ça va se passer ... je pense qu'on va refaire Combo , p'tetre une nouvelle Maj :)
@+
Voici le rapport de Gmer. Pour Malware, il est déjà à jour, je dois quand même recommencer?
GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-07-14 20:57:10 Windows 6.0.6002 Service Pack 2 ---- System - GMER 1.0.15 ---- Code 87414E38 ZwEnumerateKey Code 87459258 ZwFlushInstructionCache Code 874ABE5E ZwSaveKey Code 8740EDCE ZwSaveKeyEx Code 874AC285 IofCallDriver Code 8746686E IofCompleteRequest ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!IofCallDriver 8248E912 5 Bytes JMP 874AC28A .text ntkrnlpa.exe!IofCompleteRequest 8248E97F 5 Bytes JMP 87466873 PAGE ntkrnlpa.exe!ZwFlushInstructionCache 825F9EF5 5 Bytes JMP 8745925C PAGE ntkrnlpa.exe!ZwEnumerateKey 826470BA 5 Bytes JMP 87414E3C PAGE ntkrnlpa.exe!ZwSaveKey 8269C969 5 Bytes JMP 874ABE62 PAGE ntkrnlpa.exe!ZwSaveKeyEx 8269CB07 5 Bytes JMP 8740EDD2 ? C:\Windows\System32\Drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. .text USBPORT.SYS!DllUnload 903CB41B 5 Bytes JMP 86DA0960 ? System32\Drivers\auh3lmqz.SYS Le chemin d'accès spécifié est introuvable. ! ? system32\drivers\mmxvua.sys Le chemin d'accès spécifié est introuvable. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\taskeng.exe[504] ntdll.dll!LdrLoadDll 77579390 5 Bytes JMP 000D000A .text C:\Windows\system32\lsm.exe[692] ntdll.dll!LdrLoadDll 77579390 5 Bytes JMP 0023000A .text C:\Windows\system32\winlogon.exe[872] ntdll.dll!LdrLoadDll 77579390 5 Bytes JMP 0007000A .text C:\Windows\system32\nvvsvc.exe[948] ntdll.dll!LdrLoadDll 77579390 5 Bytes JMP 003A000A .text C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrLoadDll 77579390 5 Bytes JMP 007F000A .text ... .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2260] kernel32.dll!SetUnhandledExceptionFilter 76B8A84F 4 Bytes [C2, 04, 00, 00] .text C:\Windows\System32\nvSCPAPISvr.exe[2536] ntdll.dll!LdrLoadDll 77579390 5 Bytes JMP 0024000A .text C:\Windows\system32\svchost.exe[2584] ntdll.dll!LdrLoadDll 77579390 5 Bytes JMP 000B000A .text C:\Windows\System32\svchost.exe[2648] ntdll.dll!LdrLoadDll 77579390 5 Bytes JMP 0019000A .text C:\Windows\system32\SearchIndexer.exe[2748] ntdll.dll!LdrLoadDll 77579390 5 Bytes JMP 0031000A .text C:\Program Files\Windows Defender\MSASCui.exe[2924] ntdll.dll!LdrLoadDll 77579390 5 Bytes JMP 001A000A .text ... .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] kernel32.dll!FindResourceExA 76B82575 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] kernel32.dll!FindResourceA 76B82653 5 Bytes JMP 28001CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] kernel32.dll!CreateEventA 76BA44C0 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] kernel32.dll!LockResource 76BA68DF 5 Bytes JMP 28001F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] kernel32.dll!FindResourceExW 76BA69FD 7 Bytes JMP 28001C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] kernel32.dll!LoadResource 76BA6ADB 7 Bytes JMP 28001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] kernel32.dll!FindResourceW 76BA7FA1 5 Bytes JMP 28001BE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] kernel32.dll!SizeofResource 76BA7FBF 7 Bytes JMP 28001EE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] ADVAPI32.dll!CryptDeriveKey 776BFCAE 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] ADVAPI32.dll!CryptDecrypt 776BFE91 7 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] USER32.dll!CreateDialogParamW 76D172A2 5 Bytes JMP 28006120 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] USER32.dll!SetWindowPlacement 76D17963 5 Bytes JMP 28005EA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] USER32.dll!SetWindowRgn 76D1A221 7 Bytes JMP 28005FE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] USER32.dll!LoadImageW 76D1C9E5 5 Bytes JMP 28006770 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] USER32.dll!LoadIconW 76D1DA9F 5 Bytes JMP 28006960 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] USER32.dll!CreateWindowExW 76D21305 5 Bytes JMP 28003CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] USER32.dll!GetWindowLongW 76D2F8BF 7 Bytes JMP 28006B00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] USER32.dll!PeekMessageW 76D3045A 5 Bytes JMP 280046C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] USER32.dll!TrackPopupMenuEx 76D40CE7 5 Bytes JMP 28004FA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] USER32.dll!MessageBoxIndirectW 76D6D5D3 5 Bytes JMP 28006310 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] WS2_32.dll!closesocket 76DB330C 5 Bytes JMP 2800BB90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] WS2_32.dll!recv 76DB343A 5 Bytes JMP 2800B3B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] WS2_32.dll!WSASend 76DB4496 5 Bytes JMP 2800B950 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] WS2_32.dll!send 76DB659B 5 Bytes JMP 2800B770 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] WS2_32.dll!WSARecv 76DB8400 5 Bytes JMP 2800B550 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] SHELL32.dll!Shell_NotifyIconW 75F28626 5 Bytes JMP 28003440 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] ole32.dll!CoRegisterClassObject 77227DB6 5 Bytes JMP 28002360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] ole32.dll!CoCreateInstance 77269EA6 5 Bytes JMP 28002600 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] ole32.dll!CoInitializeEx 7726AD63 5 Bytes JMP 28002260 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] WININET.dll!InternetReadFile 76A8654B 5 Bytes JMP 2800A3B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] WININET.dll!InternetCloseHandle 76A89088 5 Bytes JMP 2800A560 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] WININET.dll!HttpOpenRequestA 76A8D5E8 5 Bytes JMP 2800A220 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] WININET.dll!HttpSendRequestA 76A9EEB9 5 Bytes JMP 2800A490 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Media Player\wmpnscfg.exe[3328] ntdll.dll!LdrLoadDll 77579390 5 Bytes JMP 0064000A .text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[3388] ntdll.dll!LdrLoadDll 77579390 5 Bytes JMP 002E000A .text C:\Program Files\Windows Sidebar\sidebar.exe[3660] ntdll.dll!LdrLoadDll 77579390 5 Bytes JMP 0030000A .text C:\Users\Fryct\Desktop\gmer.exe[3916] ntdll.dll!LdrLoadDll 77579390 5 Bytes JMP 0037000A .text C:\Windows\System32\notepad.exe[4220] ntdll.dll!LdrLoadDll 77579390 5 Bytes JMP 001F000A .text ... ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806925FE] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80691AB4] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80692728] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [80691B7C] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [80691BFA] \SystemRoot\System32\Drivers\sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7441A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [743F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [743CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7444CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [743EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 852E51E8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \Driver\volmgr \Device\VolMgrControl 852E21E8 Device \Driver\usbuhci \Device\USBPDO-0 86D4C720 Device \Driver\usbuhci \Device\USBPDO-1 86D4C720 Device \Driver\usbehci \Device\USBPDO-2 86D3F980 Device \Driver\usbuhci \Device\USBPDO-3 86D4C720 Device \Driver\usbuhci \Device\USBPDO-4 86D4C720 Device \Driver\usbuhci \Device\USBPDO-5 86D4C720 Device \Driver\USBSTOR \Device\00000063 8736C720 Device \Driver\usbehci \Device\USBPDO-6 86D3F980 Device \Driver\volmgr \Device\HarddiskVolume1 852E21E8 Device \Driver\USBSTOR \Device\00000064 8736C720 Device \Driver\volmgr \Device\HarddiskVolume2 852E21E8 Device \Driver\USBSTOR \Device\00000065 8736C720 Device \Driver\volmgr \Device\HarddiskVolume3 852E21E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2 852E41E8 Device \Driver\atapi \Device\Ide\IdePort0 852E41E8 Device \Driver\atapi \Device\Ide\IdePort1 852E41E8 Device \Driver\atapi \Device\Ide\IdeDeviceP5T1L0-7 852E41E8 Device \Driver\atapi \Device\Ide\IdePort2 852E41E8 Device \Driver\atapi \Device\Ide\IdePort3 852E41E8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-8 852E41E8 Device \Driver\atapi \Device\Ide\IdePort4 852E41E8 Device \Driver\atapi \Device\Ide\IdePort5 852E41E8 Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-1 852E41E8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 852E41E8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-9 852E41E8 Device \Driver\USBSTOR \Device\00000066 8736C720 Device \Driver\volmgr \Device\HarddiskVolume4 852E21E8 Device \Driver\USBSTOR \Device\00000067 8736C720 Device \Driver\netbt \Device\NetBt_Wins_Export 8745B730 Device \Driver\PCI_NTPNP8180 \Device\0000004d sptd.sys Device \Driver\iScsiPrt \Device\RaidPort0 86D5C918 Device \Driver\usbuhci \Device\USBFDO-0 86D4C720 Device \Driver\usbuhci \Device\USBFDO-1 86D4C720 Device \Driver\usbehci \Device\USBFDO-2 86D3F980 Device \Driver\usbuhci \Device\USBFDO-3 86D4C720 Device \Driver\netbt \Device\NetBT_Tcpip_{A6BFDA14-3364-4DE6-B8EA-B1D70258E143} 8745B730 Device \Driver\usbuhci \Device\USBFDO-4 86D4C720 Device \Driver\usbuhci \Device\USBFDO-5 86D4C720 Device \Driver\usbehci \Device\USBFDO-6 86D3F980 Device \Driver\auh3lmqz \Device\Scsi\auh3lmqz1 86D5A980 ---- Threads - GMER 1.0.15 ---- Thread System [4:412] 875E6790 ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\System32\alg.exe [336] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\taskeng.exe [504] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\wininit.exe [624] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\services.exe [672] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\lsass.exe [684] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\lsm.exe [692] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [848] 0x016C0000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\winlogon.exe [872] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\nvvsvc.exe [948] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [976] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1048] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1120] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1188] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1224] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1344] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\SLsvc.exe [1408] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\nvvsvc.exe [1448] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1476] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1600] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\Explorer.EXE [1740] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\Dwm.exe [1848] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\System32\spoolsv.exe [1932] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1956] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\taskeng.exe [2148] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\wbem\unsecapp.exe [2220] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2260] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [2360] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\PnkBstrA.exe [2424] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [2508] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\System32\nvSCPAPISvr.exe [2536] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [2584] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [2648] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\SearchIndexer.exe [2748] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\Windows Defender\MSASCui.exe [2924] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\wbem\wmiprvse.exe [2940] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\WindowsMobile\wmdc.exe [2956] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2972] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\NOTEPAD.EXE [3008] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\System32\mobsync.exe [3076] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [3132] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\Windows Sidebar\sidebar.exe [3228] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\WUDFHost.exe [3256] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3300] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\Windows Media Player\wmpnscfg.exe [3328] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [3388] 0x002C0000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [3548] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\Windows Sidebar\sidebar.exe [3660] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Users\Fryct\Desktop\gmer.exe [3916] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\Windows Live\Contacts\wlcomm.exe [4020] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\System32\notepad.exe [4220] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\DllHost.exe [4764] 0x10000000 Library \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [5092] 0x002E0000 ---- EOF - GMER 1.0.15 ----
fix200
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
158
14 juil. 2009 à 21:49
14 juil. 2009 à 21:49
@ loick22
ARRÊTE DE POLLUER LE TOPIC !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
@ Fryct
Fais ça
A+
ARRÊTE DE POLLUER LE TOPIC !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
@ Fryct
Fais ça
A+
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
463
14 juil. 2009 à 21:56
14 juil. 2009 à 21:56
re,
GMER est fait > http://www.commentcamarche.net/forum/affich 13353816 tdss trojan#27
et je pense que MBAM n'y fera que dalle ...
si tu le permets , j'aimerai lui faire faire une manipe ... puis-je ?
GMER est fait > http://www.commentcamarche.net/forum/affich 13353816 tdss trojan#27
et je pense que MBAM n'y fera que dalle ...
si tu le permets , j'aimerai lui faire faire une manipe ... puis-je ?
fix200
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
158
14 juil. 2009 à 21:59
14 juil. 2009 à 21:59
Salut ,
Tu as bien supprimé les lignes rouges ?
Sinon supprime les et continue avec sKe69 .
A+ , et merci à sKe69 pour le soutien :)
Tu as bien supprimé les lignes rouges ?
Sinon supprime les et continue avec sKe69 .
A+ , et merci à sKe69 pour le soutien :)
Effectivement, MBAM n'a rien fait. Je retente RSIT ?
Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2429
Windows 6.0.6002 Service Pack 2
14/07/2009 21:54:47
mbam-log-2009-07-14 (21-54-47).txt
Type de recherche: Examen rapide
Eléments examinés: 79781
Temps écoulé: 2 minute(s), 10 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
\\?\globalroot\systemroot\System32\geyekrpahvfrqw.dll (Trojan.TDSS) -> Delete on reboot.
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
\\?\globalroot\systemroot\System32\geyekrpahvfrqw.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2429
Windows 6.0.6002 Service Pack 2
14/07/2009 21:54:47
mbam-log-2009-07-14 (21-54-47).txt
Type de recherche: Examen rapide
Eléments examinés: 79781
Temps écoulé: 2 minute(s), 10 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
\\?\globalroot\systemroot\System32\geyekrpahvfrqw.dll (Trojan.TDSS) -> Delete on reboot.
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
\\?\globalroot\systemroot\System32\geyekrpahvfrqw.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
fix200
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
158
14 juil. 2009 à 22:01
14 juil. 2009 à 22:01
fix200
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
158
14 juil. 2009 à 22:09
14 juil. 2009 à 22:09
Bon ne supprime pas .
J'ai une manip a te proposer , mais continue avec sKe69 , il est plus doué que moi ;)
@+ :)
J'ai une manip a te proposer , mais continue avec sKe69 , il est plus doué que moi ;)
@+ :)
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
463
14 juil. 2009 à 22:18
14 juil. 2009 à 22:18
Merci fix200 ...
Fryct,
fais ceci stp :
Télécharge OAD ( par !aur3n7) : http://sosvirus.changelog.fr/OAD.exe
----> Enregistre le sur ton bureau .
Double clique sur l'icone OAD pour le lancer
- nom du fichier à rechercher :
-->tape ou fais un copier coller de : geyekrpahvfrqw
- Type de recherche : sélectionne l'option 6 puis valide ["entrée"]
OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.
Note : suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient ...
->Sauvegarde ce rapport sur ton Bureau et fais un copier / coller de celui-ci dans ta prochaine réponse ...
Fryct,
fais ceci stp :
Télécharge OAD ( par !aur3n7) : http://sosvirus.changelog.fr/OAD.exe
----> Enregistre le sur ton bureau .
Double clique sur l'icone OAD pour le lancer
- nom du fichier à rechercher :
-->tape ou fais un copier coller de : geyekrpahvfrqw
- Type de recherche : sélectionne l'option 6 puis valide ["entrée"]
OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.
Note : suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient ...
->Sauvegarde ce rapport sur ton Bureau et fais un copier / coller de celui-ci dans ta prochaine réponse ...
Rien trouvé apparemment.
14/07/2009 ---- 22:23:47,09
----------------------------------
§§§§§§ [geyekrpahvfrqw] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
Aucune entrée détectée
*******************
[Fichier]
*******************
*********************
[Même date]
*********************
Aucun fichier créé à la même date détecté
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
14/07/2009 ---- 22:23:47,09
----------------------------------
§§§§§§ [geyekrpahvfrqw] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
Aucune entrée détectée
*******************
[Fichier]
*******************
*********************
[Même date]
*********************
Aucun fichier créé à la même date détecté
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
fix200
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
158
14 juil. 2009 à 22:54
14 juil. 2009 à 22:54
Salut essai avec sa et attends que ske vient :
geyekrpahvfrqw.dll
++
geyekrpahvfrqw.dll
++
fix200
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
158
14 juil. 2009 à 23:07
14 juil. 2009 à 23:07
Salut,
EDIT : => redémarre ton PC
Fais une MAJ Malwarebyte , un scan rapide pour verifer , et supprime ce qu'il trouve et colle le rapport .
Puis redemare ton PC.
A demain .
EDIT : => redémarre ton PC
Fais une MAJ Malwarebyte , un scan rapide pour verifer , et supprime ce qu'il trouve et colle le rapport .
Puis redemare ton PC.
A demain .
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
463
14 juil. 2009 à 23:11
14 juil. 2009 à 23:11
bon ...
fait ceci :
1- Avoir accès aux fichiers cachés :
Va dans Menu Démarrer->panneau de config.("affichage classique")-> Options des dossiers
--> vas sur l'onglet " Affichage " .
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valide la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )
2- Rends toi sur ce site :
https://www.virustotal.com/gui/
Copies ce qui suit et colles le dans l'espace pour la recherche ( ou clique sur "parcourir" et va jusqu'au fichier demandé ) :
c:\windows\System32\drivers\epfwwfpr.sys
Clique sur Send File ( = " Envoyer le fichier " ).
Un rapport va s'élaborer ligne à ligne.
Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta prochaine réponse ...
( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )
Fais de même pour :
c:\windows\System32\drivers\Start1Driver.SYS
C:\Windows:system.exe
Poste moi donc ces 3 rapports ( surtout le début avec le listing des AV , et en précisant bien au début de chacuns à quel fichier ils correspondent ) et attends la suite ...
fait ceci :
1- Avoir accès aux fichiers cachés :
Va dans Menu Démarrer->panneau de config.("affichage classique")-> Options des dossiers
--> vas sur l'onglet " Affichage " .
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valide la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )
2- Rends toi sur ce site :
https://www.virustotal.com/gui/
Copies ce qui suit et colles le dans l'espace pour la recherche ( ou clique sur "parcourir" et va jusqu'au fichier demandé ) :
c:\windows\System32\drivers\epfwwfpr.sys
Clique sur Send File ( = " Envoyer le fichier " ).
Un rapport va s'élaborer ligne à ligne.
Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta prochaine réponse ...
( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )
Fais de même pour :
c:\windows\System32\drivers\Start1Driver.SYS
C:\Windows:system.exe
Poste moi donc ces 3 rapports ( surtout le début avec le listing des AV , et en précisant bien au début de chacuns à quel fichier ils correspondent ) et attends la suite ...
Fichier epfwwfpr.sys reçu le 2009.07.14 21:26:53 (UTC)
Situation actuelle: terminé
Résultat: 0/41 (0%)
Rien n'a été trouvé par les AV.
Information additionnelle
File size: 93312 bytes
MD5...: 32102f2c07182523b1390c2d9341e397
SHA1..: df7308a8c8dbc76c5091ee82d791a9a66f0d64e1
SHA256: 5ecf8602182f291406c5af50f275356a97fdf64d8234500c4d47c4ef0f35ed80
ssdeep: 1536:ASBkWdfFBZmEnvMYwNA+W5Xu2eBdwTXaFmv02MPf1hRW:BkWhNmEnvqq7u2
e/cXaC02Mk
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x16005
timedatestamp.....: 0x49c21e3f (Thu Mar 19 10:28:15 2009)
machinetype.......: 0x14c (I386)
( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x10d92 0x10e00 6.54 86e4a3b7d65f9d0070a3ec2a5c18485c
.rdata 0x12000 0xef4 0x1000 6.64 0f835a1160effbd62342806aa68baf97
.data 0x13000 0x10c0 0x1000 7.15 721f939a70cb443997623972983186a4
.edata 0x15000 0x72 0x200 1.38 0bcbc7c62b49820559448abe298d55fb
INIT 0x16000 0xb7e 0xc00 5.40 7d890d41912302c30c9223e0b56c30b6
.rsrc 0x17000 0x428 0x600 2.52 35c51b795ca79fb6ec19bf183a3aac3a
.reloc 0x18000 0x9da 0xa00 4.72 b96d12b953ca3c1fd69c6f2d8202d660
( 4 imports )
> ntoskrnl.exe: RtlInitUnicodeString, ZwClose, ZwQueryDirectoryFile, ZwOpenFile, _wcsnicmp, wcsncmp, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, ZwQueryInformationProcess, ZwOpenProcess, ZwDeviceIoControlFile, ProbeForWrite, ProbeForRead, ExGetPreviousMode, _aulldiv, _allmul, ZwQuerySystemInformation, KeWaitForSingleObject, ZwSetInformationFile, KeDelayExecutionThread, ZwReadFile, ZwQueryInformationFile, ZwOpenKey, ZwCreateFile, ZwQueryValueKey, isdigit, isspace, _purecall, ExDeleteNPagedLookasideList, ExInitializeNPagedLookasideList, KeSetEvent, IoFreeMdl, MmBuildMdlForNonPagedPool, IoAllocateMdl, KeInsertQueueDpc, KeInitializeDpc, ExEventObjectType, _wcsicmp, _allshr, sprintf, qsort, KdDebuggerNotPresent, KdDebuggerEnabled, PsGetCurrentProcessId, MmUnlockPages, MmProbeAndLockPages, IofCompleteRequest, IoDeleteDevice, IoCreateSymbolicLink, IoCreateDevice, KeTickCount, KeBugCheckEx, RtlUnwind, ExAllocatePoolWithTag, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, ExFreePoolWithTag, RtlVolumeDeviceToDosName, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, MmSystemRangeStart, ObReferenceObjectByHandle, KeStackAttachProcess, KeUnstackDetachProcess, ObfDereferenceObject, memset, toupper, wcschr, memcpy, memmove, mbstowcs, strstr, wcsncpy, strncpy, ExInterlockedPushEntrySList, RtlCopyUnicodeString, ExInterlockedPopEntrySList
> HAL.dll: KfAcquireSpinLock, KeGetCurrentIrql, KfReleaseSpinLock
> NDIS.SYS: NdisFreeGenericObject, NdisAllocateNetBufferListPool, NdisAllocateGenericObject, NdisAdvanceNetBufferDataStart, NdisGetDataBuffer, NdisRetreatNetBufferDataStart, NdisFreeNetBufferListPool
> fwpkclnt.sys: FwpsAllocateNetBufferAndNetBufferList0, FwpsStreamInjectAsync0, FwpsFreeNetBufferList0, FwpsCopyStreamDataToBuffer0, FwpmTransactionAbort0, FwpsFlowRemoveContext0, FwpsFreeCloneNetBufferList0, FwpsInjectionHandleCreate0, FwpsInjectionHandleDestroy0, FwpmTransactionCommit0, FwpmFilterAdd0, FwpmTransactionBegin0, FwpsInjectTransportReceiveAsync0, FwpsCalloutUnregisterById0, FwpmCalloutAdd0, FwpmSubLayerAdd0, FwpsCalloutRegister0, FwpmEngineOpen0, FwpmEngineClose0, FwpsCloneStreamData0, FwpsFlowAssociateContext0
( 2 exports )
_PsGetThreadId@4, _PsGetThreadProcessId@4
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Situation actuelle: terminé
Résultat: 0/41 (0%)
Rien n'a été trouvé par les AV.
Information additionnelle
File size: 93312 bytes
MD5...: 32102f2c07182523b1390c2d9341e397
SHA1..: df7308a8c8dbc76c5091ee82d791a9a66f0d64e1
SHA256: 5ecf8602182f291406c5af50f275356a97fdf64d8234500c4d47c4ef0f35ed80
ssdeep: 1536:ASBkWdfFBZmEnvMYwNA+W5Xu2eBdwTXaFmv02MPf1hRW:BkWhNmEnvqq7u2
e/cXaC02Mk
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x16005
timedatestamp.....: 0x49c21e3f (Thu Mar 19 10:28:15 2009)
machinetype.......: 0x14c (I386)
( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x10d92 0x10e00 6.54 86e4a3b7d65f9d0070a3ec2a5c18485c
.rdata 0x12000 0xef4 0x1000 6.64 0f835a1160effbd62342806aa68baf97
.data 0x13000 0x10c0 0x1000 7.15 721f939a70cb443997623972983186a4
.edata 0x15000 0x72 0x200 1.38 0bcbc7c62b49820559448abe298d55fb
INIT 0x16000 0xb7e 0xc00 5.40 7d890d41912302c30c9223e0b56c30b6
.rsrc 0x17000 0x428 0x600 2.52 35c51b795ca79fb6ec19bf183a3aac3a
.reloc 0x18000 0x9da 0xa00 4.72 b96d12b953ca3c1fd69c6f2d8202d660
( 4 imports )
> ntoskrnl.exe: RtlInitUnicodeString, ZwClose, ZwQueryDirectoryFile, ZwOpenFile, _wcsnicmp, wcsncmp, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, ZwQueryInformationProcess, ZwOpenProcess, ZwDeviceIoControlFile, ProbeForWrite, ProbeForRead, ExGetPreviousMode, _aulldiv, _allmul, ZwQuerySystemInformation, KeWaitForSingleObject, ZwSetInformationFile, KeDelayExecutionThread, ZwReadFile, ZwQueryInformationFile, ZwOpenKey, ZwCreateFile, ZwQueryValueKey, isdigit, isspace, _purecall, ExDeleteNPagedLookasideList, ExInitializeNPagedLookasideList, KeSetEvent, IoFreeMdl, MmBuildMdlForNonPagedPool, IoAllocateMdl, KeInsertQueueDpc, KeInitializeDpc, ExEventObjectType, _wcsicmp, _allshr, sprintf, qsort, KdDebuggerNotPresent, KdDebuggerEnabled, PsGetCurrentProcessId, MmUnlockPages, MmProbeAndLockPages, IofCompleteRequest, IoDeleteDevice, IoCreateSymbolicLink, IoCreateDevice, KeTickCount, KeBugCheckEx, RtlUnwind, ExAllocatePoolWithTag, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, ExFreePoolWithTag, RtlVolumeDeviceToDosName, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, MmSystemRangeStart, ObReferenceObjectByHandle, KeStackAttachProcess, KeUnstackDetachProcess, ObfDereferenceObject, memset, toupper, wcschr, memcpy, memmove, mbstowcs, strstr, wcsncpy, strncpy, ExInterlockedPushEntrySList, RtlCopyUnicodeString, ExInterlockedPopEntrySList
> HAL.dll: KfAcquireSpinLock, KeGetCurrentIrql, KfReleaseSpinLock
> NDIS.SYS: NdisFreeGenericObject, NdisAllocateNetBufferListPool, NdisAllocateGenericObject, NdisAdvanceNetBufferDataStart, NdisGetDataBuffer, NdisRetreatNetBufferDataStart, NdisFreeNetBufferListPool
> fwpkclnt.sys: FwpsAllocateNetBufferAndNetBufferList0, FwpsStreamInjectAsync0, FwpsFreeNetBufferList0, FwpsCopyStreamDataToBuffer0, FwpmTransactionAbort0, FwpsFlowRemoveContext0, FwpsFreeCloneNetBufferList0, FwpsInjectionHandleCreate0, FwpsInjectionHandleDestroy0, FwpmTransactionCommit0, FwpmFilterAdd0, FwpmTransactionBegin0, FwpsInjectTransportReceiveAsync0, FwpsCalloutUnregisterById0, FwpmCalloutAdd0, FwpmSubLayerAdd0, FwpsCalloutRegister0, FwpmEngineOpen0, FwpmEngineClose0, FwpsCloneStreamData0, FwpsFlowAssociateContext0
( 2 exports )
_PsGetThreadId@4, _PsGetThreadProcessId@4
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Fichier Start1Driver.SYS reçu le 2009.07.14 21:32:28 (UTC)
Situation actuelle: terminé
Résultat: 0/41 (0%)
Rien n'a été trouvé par les AV.
Information additionnelle
File size: 5120 bytes
MD5...: 6caddaf4119aaad4b4df4a14aa6da95a
SHA1..: 1b14cb9a7cef29a02f7a654464a15c13c18ea2cc
SHA256: 1db0e4f2cf03655106aaa5e24451a8a0179247007ea3b44594c4cbb888ff2f28
ssdeep: 48:iRJ+8NOJcVGrtz9ClIS/BxAcTKcXKeIRu9Veq9YnWj3gWDAz79:2+8N8cVGr1
9CPZ2RcXoIlQK3gWEH
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1160
timedatestamp.....: 0x49bbb5b8 (Sat Mar 14 13:48:40 2009)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x300 0x400 4.71 be9c0c99f665a1d050fc76d71005b1f1
.rdata 0x2000 0xfa 0x200 1.86 fed7f8af10b38b9bbf3c6b7c61335c44
.data 0x3000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
INIT 0x4000 0x11c 0x200 3.05 103ef14d788110e84ba0fd2062d1cb48
.rsrc 0x5000 0x400 0x400 3.23 45081760262a39a5984995f93dd8885d
.reloc 0x6000 0x3fa 0x400 0.38 0811e21de198b2a3eb99e66280ed139e
( 1 imports )
> ntoskrnl.exe: ZwSetInformationFile, ZwClose, ZwCreateFile, IofCompleteRequest, IoCreateDevice, ExFreePool, ExAllocatePoolWithTag, ZwEnumerateValueKey, ZwOpenKey, RtlInitUnicodeString
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Situation actuelle: terminé
Résultat: 0/41 (0%)
Rien n'a été trouvé par les AV.
Information additionnelle
File size: 5120 bytes
MD5...: 6caddaf4119aaad4b4df4a14aa6da95a
SHA1..: 1b14cb9a7cef29a02f7a654464a15c13c18ea2cc
SHA256: 1db0e4f2cf03655106aaa5e24451a8a0179247007ea3b44594c4cbb888ff2f28
ssdeep: 48:iRJ+8NOJcVGrtz9ClIS/BxAcTKcXKeIRu9Veq9YnWj3gWDAz79:2+8N8cVGr1
9CPZ2RcXoIlQK3gWEH
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1160
timedatestamp.....: 0x49bbb5b8 (Sat Mar 14 13:48:40 2009)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x300 0x400 4.71 be9c0c99f665a1d050fc76d71005b1f1
.rdata 0x2000 0xfa 0x200 1.86 fed7f8af10b38b9bbf3c6b7c61335c44
.data 0x3000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
INIT 0x4000 0x11c 0x200 3.05 103ef14d788110e84ba0fd2062d1cb48
.rsrc 0x5000 0x400 0x400 3.23 45081760262a39a5984995f93dd8885d
.reloc 0x6000 0x3fa 0x400 0.38 0811e21de198b2a3eb99e66280ed139e
( 1 imports )
> ntoskrnl.exe: ZwSetInformationFile, ZwClose, ZwCreateFile, IofCompleteRequest, IoCreateDevice, ExFreePool, ExAllocatePoolWithTag, ZwEnumerateValueKey, ZwOpenKey, RtlInitUnicodeString
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-