Rapport hijackthis - Prob. Pub intempestive

Résolu
Cartman -  
 Cartman -
Bonjour,

Je vous explique un peu mon problème. J'ai le Résident Spybot qui m'alerte sur un changement de valeur d'un fichier registre, que je refuse. Je Fais une analyse avec spybot, il me trouve ceci: http://sites.estvideo.net/cartman/prob4.jpg .
Je fais par la suite une analyse avec Ad-aware, mais mal grès toutes ces analyses, le problèmes persiste, quand je rentre sous IE, j'ai des pages qui commencent à s'ouvrir sur des sites à la con :@. Je ne sais plus trop quoi faire là.
Je vous post donc le rapport hijackthis en espérant que vous pourrez m'aider.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47:18, on 14/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\SkillPowered\SkillPowered.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {80AEF493-335C-4D9C-A2BD-810CDFEC3257} - C:\Users\CaRTmaN\AppData\Local\Temp\fccyyyXN.dll
O2 - BHO: (no name) - {DE11CBEE-1CAA-48E2-9467-43114048871C} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O4 - Global Startup: SkillPowered.lnk = C:\Program Files\SkillPowered\SkillPowered.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
A voir également:

11 réponses

Réponse 1 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
qlt
désactive le tea timer de spybot car tu as dejà windos defender qui fais une analyse de ton ordi en temps réel

______________

relance hijakchtis, fais DO A SYSTEM SCAN ONLY puis FIX CHEKED ces lignes après les avoir seléctionnées

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {80AEF493-335C-4D9C-A2BD-810CDFEC3257} - C:\Users\CaRTmaN\AppData\Local\Temp\fccyyyXN.dll

_________________


Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.


Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

_______________________




télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Users\CaRTmaN\AppData\Local\Temp\fccyyyXN.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
0
Réponse 2 / 11
Cartman
 
Voici le Log de ComboFix.


ComboFix 08-05-12.1 - CaRTmaN 2008-05-14 15:23:00.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.1.1033.18.2205 [GMT 2:00]
Running from: E:\Téléchargements\KillBagle.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.

2008-05-14 15:19 . 2008-05-14 15:20 <REP> d-------- C:\327882R2FWJFW
2008-05-14 14:21 . 2008-05-14 14:21 <REP> d-------- C:\VundoFix Backups
2008-05-14 14:02 . 2008-05-14 14:02 <REP> d-------- C:\Program Files\Trend Micro
2008-05-13 15:49 . 2008-05-13 15:49 <REP> d-------- C:\Users\CaRTmaN\AppData\Roaming\ESET
2008-05-13 15:48 . 2008-05-13 15:48 <REP> d-------- C:\Users\All Users\ESET
2008-05-13 15:48 . 2008-05-13 15:48 <REP> d-------- C:\ProgramData\ESET
2008-05-13 15:48 . 2008-05-13 15:48 <REP> d-------- C:\Program Files\ESET
2008-05-13 01:46 . 2008-05-13 02:52 121 --a------ C:\Windows\bdagent.INI
2008-05-13 01:40 . 2008-05-13 02:53 <REP> d-------- C:\Program Files\BitDefender
2008-05-13 01:38 . 2008-05-13 02:12 <REP> d-------- C:\Program Files\Common Files\BitDefender
2008-04-28 12:32 . 2008-04-28 12:32 <REP> d-------- C:\Program Files\PDFCreator
2008-04-28 12:32 . 2005-10-15 12:32 196,608 --a------ C:\Windows\System32\pdfcmnnt.dll
2008-04-28 12:32 . 1998-07-13 01:08 141,312 --a------ C:\Windows\System32\MSCMCFR.DLL
2008-04-28 12:32 . 1998-06-24 00:00 137,000 --a------ C:\Windows\System32\MSMAPI32.OCX
2008-04-28 12:32 . 1998-07-06 00:00 23,552 --a------ C:\Windows\System32\MSMPIDE.DLL
2008-04-24 12:32 . 2008-04-24 12:32 <REP> d-------- C:\Program Files\VideoMach-4.0.4
2008-04-16 19:24 . 2007-11-14 15:18 553 --a------ C:\Windows\USetup.iss
2008-04-16 19:17 . 2008-03-05 18:07 520,192 --a------ C:\Windows\RtlExUpd.dll
2008-04-16 16:38 . 2008-03-18 15:31 98,304 --a------ C:\Windows\RTKAUDIOSERVICE.EXE
2008-04-16 16:37 . 2008-04-16 19:23 <REP> d-------- C:\Windows\System32\RTCOM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 13:35 --------- d-----w C:\Program Files\Steam
2008-05-14 11:25 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\FileZilla
2008-05-14 00:41 --------- d-----w C:\Program Files\Warcraft III
2008-05-13 22:30 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\GrabIt
2008-05-13 20:30 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\teamspeak2
2008-05-13 16:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-13 16:07 --------- d-----w C:\Program Files\Google
2008-05-13 13:44 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-05-13 03:21 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\uTorrent
2008-05-12 23:25 --------- d-----w C:\Program Files\CCleaner
2008-05-07 15:25 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-03 15:26 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\codeblocks
2008-04-21 11:08 --------- d-----w C:\Program Files\Ubisoft
2008-04-16 17:21 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-16 17:21 --------- d-----w C:\Program Files\Realtek
2008-04-10 15:33 --------- d-----w C:\ProgramData\NVIDIA
2008-04-09 11:17 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 04:46 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-06 21:51 86,016 ----a-w C:\Users\CaRTmaN\IDHWTSS1.dll
2008-03-30 23:13 --------- d-----w C:\Program Files\Badongo
2008-03-27 13:08 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-03-26 16:35 2,103,512 ----a-w C:\Windows\system32\drivers\RTKVHDA.sys
2008-03-26 14:40 30,208 ----a-w C:\Windows\System32\RtkCoInst.dll
2008-03-26 11:21 5,369,856 ----a-w C:\Windows\RtHDVCpl.exe
2008-03-20 06:44 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\Ubisoft
2008-03-20 06:44 --------- d-----w C:\ProgramData\Ubisoft
2008-03-18 14:59 --------- d-----w C:\ProgramData\EPSON
2008-03-18 00:44 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-18 00:40 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-17 11:44 --------- d-----w C:\ProgramData\Media Center Programs
2008-03-17 10:40 140,800 ----a-w C:\Windows\System32\FMAPO.dll
2008-03-16 22:59 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\Hamachi
2008-03-13 14:51 2,160,640 ----a-w C:\Windows\System32\RtkAPO.dll
2008-03-07 17:12 697,344 ----a-w C:\Windows\System32\RtkPgExt.dll
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-28 19:26 36,868 ----a-w C:\Users\CaRTmaN\PrtDLL.dll
2008-02-24 23:44 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-14 02:08 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:05 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 02:05 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 02:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:04 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 02:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:04 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 02:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 02:04 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2007-12-24 14:30 22,328 ----a-w C:\Users\CaRTmaN\AppData\Roaming\PnkBstrK.sys
2007-10-26 23:23 174 --sha-w C:\Program Files\desktop.ini
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A69AE3C-D08C-44A9-B6D1-9BF76A0EB115}]
C:\Users\CaRTmaN\AppData\Local\Temp\fccyyyXN.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE11CBEE-1CAA-48E2-9467-43114048871C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 05:22 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:32 2159104 C:\Windows\System32\oobefldr.dll]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 08:19 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 13:53 171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-27 01:16 1006264]
"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 14:44 36864]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-26 16:54 774168]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 17:22 1132056]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 13:21 5369856 C:\Windows\RtHDVCpl.exe]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-27 00:27:21 692224]
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-04-28 12:32:32 2641920]
SkillPowered.lnk - C:\Program Files\SkillPowered\SkillPowered.exe [2007-11-02 15:05:34 773120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
C:\Users\CaRTmaN\AppData\Local\Temp\fccyyyXN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-02-12 12:19 1050112 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Windows\system32\opnkjIxx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-02-12 12:23 1620480 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-17 12:29 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{322B8EB9-8DA1-4503-ADBD-4AE0CDF2F5B3}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
"UDP Query User{98D4844B-C5BA-4EA9-9237-04A27992E71E}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
"TCP Query User{0C7500D1-492B-49D5-8EEB-93A7FD0844AF}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{FD73FB20-9EB1-44BA-9AC9-D6A27181212C}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{A5CFEB0F-1B1A-4B9E-90F5-3E81D6E5BC06}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{DBB960E8-06F7-4276-951C-C1DD00B7A096}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{6C542E49-4033-4E9D-8CD7-74E146144598}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\day of defeat source\\hl2.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\day of defeat source\hl2.exe:hl2
"UDP Query User{403CDFDA-89E1-4A36-89B6-D7857371070A}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\day of defeat source\\hl2.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\day of defeat source\hl2.exe:hl2
"TCP Query User{70AC2161-4CB9-4A8C-A063-EBDD1B52F4D9}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{7EEA6CEC-0E95-4DBE-879A-9FF44583576B}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{2911BBEF-8EF0-435F-BB30-6F309ED2A28F}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{5D4797C9-E252-4F9E-87C1-18731295FC2D}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike\hl.exe:Half-Life Launcher
"{138C93DF-9906-457B-927E-AFE56D42B763}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{4ABB1922-CDC2-4D42-A582-534FD6CE28A2}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{EE2512F3-B0D6-43B8-9FF9-66B31976D55A}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{6FC3DC09-9572-435B-B4E0-005A19F7360C}E:\\téléchargements\\starcraft\\starcraft.exe"= UDP:E:\téléchargements\starcraft\starcraft.exe:StarCraft
"UDP Query User{7EDBE7F5-F2A4-4F67-8468-641C228BB0D1}E:\\téléchargements\\starcraft\\starcraft.exe"= TCP:E:\téléchargements\starcraft\starcraft.exe:StarCraft
"TCP Query User{E8398F5A-06E7-408B-97BE-1117B40F3C7A}C:\\program files\\steam\\steamapps\\common\\lost planet extreme condition\\lostplanetdx9.exe"= UDP:C:\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe:LostPlanetDX9
"UDP Query User{783AF0E2-8019-4593-B8E7-E8B2D205CE71}C:\\program files\\steam\\steamapps\\common\\lost planet extreme condition\\lostplanetdx9.exe"= TCP:C:\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe:LostPlanetDX9
"TCP Query User{ED2CF01E-3184-4B41-94C8-F94CA8A78ABA}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{438747B7-3C35-401F-8683-61FA9A32E184}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{E7B161AA-A9C3-4BB9-B5EA-5A50BBDEA9EA}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{1A8CCBB7-2A5C-4FFE-9AC9-F7C35FE90E51}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{08D024C1-6FE4-4960-9BA1-9B2F5C419CA0}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{42FBA114-73B7-4662-B56E-DE316576011C}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{EAEFB9F0-9097-48B6-9016-7437F330842B}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{D03D3817-F84E-432A-A565-7830B8186C13}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"TCP Query User{977A325B-EBFD-4289-B816-B0B7CBBE0A44}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\day of defeat source\\hl2.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\day of defeat source\hl2.exe:hl2
"UDP Query User{A3D018F5-65B2-4AD4-9B5A-7E93F24382C2}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\day of defeat source\\hl2.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\day of defeat source\hl2.exe:hl2
"{A4F5EC28-4A61-4D0D-9C63-F1ADA38D3ED0}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{25201F50-82B2-40F5-9EA1-30C686AA1CA3}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{47E46A54-63C7-4A56-B0D9-7BCB42FEDCBA}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{6C040893-612B-4D84-849B-280E3BB1268C}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{4BEC6F8D-E65A-407C-99A1-906F47821A7E}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{FA86F70E-AA69-4887-B8B9-B6D1C056973E}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{AABDA48E-9193-47B6-8DD1-88C951B066C7}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{FE30EF50-4FB9-428B-A1F1-2D1BBAE779F1}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{E8D1A8EE-FCDF-48BB-A2EE-E5C88C237698}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{CB7B0E8A-66DB-4219-BE5C-F78FBD9E7277}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"TCP Query User{9BB6FBC1-8583-4575-BECB-6644E3EC9DC9}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{45483AE5-D929-4BB4-A12B-3A32110755B3}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{AD34CEA3-8603-4D6C-A0ED-F36CE31D3E0C}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\day of defeat\\hl.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{1C9D9318-90E0-4076-9DCB-4DDCC316B73C}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\day of defeat\\hl.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\day of defeat\hl.exe:Half-Life Launcher
"{949A9E3E-F90A-4890-817A-C71FBAA8C670}"= UDP:C:\Windows\System32\lxbacoms.exe:Lexmark Communications System
"{1A8F4C35-4A63-449A-BEF1-CED94DB487CD}"= TCP:C:\Windows\System32\lxbacoms.exe:Lexmark Communications System
"TCP Query User{F13D3EB9-512A-49FD-9E2B-F198E2C6C080}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{221FAE2C-F77A-4497-BEC7-B6160AC7716C}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{D97F52DC-03EE-467F-AAE9-5603EC91A286}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike source\hl2.exe:hl2
"UDP Query User{3CB4DD9E-43B3-4EE4-A78A-D7A93024E966}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike source\hl2.exe:hl2
"{2ECC1BE4-CBDB-4044-95EA-0032E93341F5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{4BB67817-1401-424E-82F3-C441601530D1}C:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= UDP:C:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"UDP Query User{94B76162-B41A-4825-8008-D03201B7DD43}C:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= TCP:C:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"{347A7D64-F820-443F-8630-CA7E2BCDF702}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{208BC2F0-BA12-4A02-925A-A72BE5789BAF}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{A0502127-D4BA-43CB-8503-DD0A7214930B}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{BC9F0222-4F91-4B39-85BE-EFD2A09AD0EC}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{DFF55BD6-AF10-4E36-B23A-389F60688AB7}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{DBB6D89F-3D28-4C99-A551-84AB35729D31}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{28A2CA37-0860-43BF-8626-C06289C70B42}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{36F3CF0D-6846-485C-BC41-971E332F8984}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{F4E341D8-7AA6-4CAF-8D3F-C53504373502}C:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= UDP:C:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"UDP Query User{E36A5EF3-D925-4BAA-A207-F65A488D4C60}C:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= TCP:C:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"TCP Query User{D5B61009-BFD5-46C1-8E4B-75E0425DB2B1}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{14DF4CE9-9878-4D34-B813-D90294BE65F7}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{7B62470D-8166-47A5-A3BC-B95BBA7D6C33}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{815470E8-BA4C-463F-B5A1-0489F765CB62}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"TCP Query User{3B664F1A-6361-42C7-A444-4DF887424BA8}C:\\program files\\steam\\steamapps\\hirpheuss\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\hirpheuss\counter-strike source\hl2.exe:hl2
"UDP Query User{CC264FCB-2AC9-4BBE-B672-92EFA6A859ED}C:\\program files\\steam\\steamapps\\hirpheuss\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\hirpheuss\counter-strike source\hl2.exe:hl2
"TCP Query User{0AC1362C-4E73-49A9-9A03-986A64D2BB4F}C:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= UDP:C:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"UDP Query User{7F8CC2B9-9738-4D50-86E9-D0E2F84D9AB4}C:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= TCP:C:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"TCP Query User{25B67DCA-CD4C-4FDB-AD99-71C8402BCE33}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike source\hl2.exe:hl2
"UDP Query User{1270A57F-B783-46A7-A97C-7D211D24D7D3}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike source\hl2.exe:hl2
"TCP Query User{8C18C66F-59D1-499B-B3A6-9BA36223ED64}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{5A85B64D-C6AB-48E4-B462-84D27D4DEC9F}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{BAF81CDF-099C-4F83-A2E4-F8241B40CFF0}C:\\program files\\maple 11\\jre\\bin\\java.exe"= UDP:C:\program files\maple 11\jre\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{647E29DD-A212-4684-B18C-00277808EF36}C:\\program files\\maple 11\\jre\\bin\\java.exe"= TCP:C:\program files\maple 11\jre\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{4986FDF7-DECB-4C7A-B4C8-D865C32F21EE}C:\\program files\\maple 11\\jre\\bin\\maple.exe"= UDP:C:\program files\maple 11\jre\bin\maple.exe:Maple 11
"UDP Query User{9ABAC63F-979A-4265-AC76-A936ADD2CDE2}C:\\program files\\maple 11\\jre\\bin\\maple.exe"= TCP:C:\program files\maple 11\jre\bin\maple.exe:Maple 11
"TCP Query User{2AA6CE52-D97C-4BA1-85C7-59C805F82E31}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{2E870056-9B27-454E-A6F2-2FDE4258E449}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{0A24AE33-5CC0-445E-B129-DC0DF38396DF}C:\\program files\\ocean technology\\gg e-sports platform\\garena.exe"= UDP:C:\program files\ocean technology\gg e-sports platform\garena.exe:Garena
"UDP Query User{7DCCE0A1-3118-4EA2-B87B-925A9EA7F894}C:\\program files\\ocean technology\\gg e-sports platform\\garena.exe"= TCP:C:\program files\ocean technology\gg e-sports platform\garena.exe:Garena
"TCP Query User{1052DEB2-2967-4752-9170-152B21773D3C}E:\\téléchargements\\lfs_s2_dedi_y\\lfs.exe"= UDP:E:\téléchargements\lfs_s2_dedi_y\lfs.exe:LFS
"UDP Query User{E7017312-8A40-4A5F-BEE8-DAC30D52AF9E}E:\\téléchargements\\lfs_s2_dedi_y\\lfs.exe"= TCP:E:\téléchargements\lfs_s2_dedi_y\lfs.exe:LFS
"{690A9400-02E7-48C9-B150-06E77DDA2B04}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{DC19049C-E243-479A-A04C-D7E8AD34A163}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{1BF48578-BE30-4C30-87FA-AD1202C33A6B}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{F1B3CF5E-63E5-45A1-99E7-F599ADC91E2C}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{F43DE9B7-83CF-4CA6-9EAE-DB1D87ACB629}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{20A8EC03-D12B-456E-BABC-A24146446827}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{29575BC9-DA6B-446E-8486-8376C271F9EF}C:\\users\\cartman\\desktop\\anjougame\\steamdods\\gcf\\adng\\day of defeat source\\hl2.exe"= UDP:C:\users\cartman\desktop\anjougame\steamdods\gcf\adng\day of defeat source\hl2.exe:hl2.exe
"UDP Query User{B1D553D9-F432-4691-8342-543E3B01895D}C:\\users\\cartman\\desktop\\anjougame\\steamdods\\gcf\\adng\\day of defeat source\\hl2.exe"= TCP:C:\users\cartman\desktop\anjougame\steamdods\gcf\adng\day of defeat source\hl2.exe:hl2.exe
"TCP Query User{EE036E4E-126B-4474-B9B2-7B6A082486F3}C:\\program files\\ocean technology\\gg e-sports platform\\garena.exe"= UDP:C:\program files\ocean technology\gg e-sports platform\garena.exe:Garena
"UDP Query User{57A40C35-535D-43BF-B415-C89C75E41C3A}C:\\program files\\ocean technology\\gg e-sports platform\\garena.exe"= TCP:C:\program files\ocean technology\gg e-sports platform\garena.exe:Garena
"TCP Query User{5B5C46EF-4D17-4C30-A5AA-DFB2DE2D1BC4}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{6C4F1C85-E741-44DE-8BB8-B8433CFE7487}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{13D0DFAB-CC49-41F5-AE28-38C873E831E4}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{827A3BAF-94EC-41D0-9613-7EC31D78518E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{AEB1334D-83AA-41FF-8D70-E9F2EA54A454}C:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"UDP Query User{1660DD2C-A0DD-4A2D-835E-D4948761B1B4}C:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-04-05 00:00]
S3 gdrv;gdrv;C:\Windows\gdrv.sys [2007-10-27 03:15]
S3 n558;N558 Bluetooth USB Filter Driver;C:\Windows\system32\Drivers\n558.sys [2007-08-15 07:27]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-07 12:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5dcd12b-840b-11dc-bb63-806e6f6e6963}]
\shell\AutoRun\command - F:\Run.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 15:35:49
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\conime.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-05-14 15:39:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-14 13:39:24

Pre-Run: 28,761,067,520 octets libres
Post-Run: 27,615,084,544 octets libres

310 --- E O F --- 2008-05-12 01:01:27
0
Cartman
 
Et enfin celui de OTmoveIt

File/Folder C:\Users\CaRTmaN\AppData\Local\Temp\fccyyyXN.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05142008_154426
0
Réponse 3 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


File::
C:\Users\CaRTmaN\AppData\Local\Temp\fccyyyXN.dll


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A69AE3C-D08C-44A9-B6D1-9BF76A0EB115}]





Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 4 / 11
Cartman
 
Rapport de ComboFix:

ComboFix 08-05-12.1 - CaRTmaN 2008-05-14 15:54:04.2 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.1.1033.18.2277 [GMT 2:00]
Running from: E:\Téléchargements\KillBagle.exe
Command switches used :: C:\Users\CaRTmaN\Desktop\CFscript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\Users\CaRTmaN\AppData\Local\Temp\fccyyyXN.dll
.

((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 13:35 --------- d-----w C:\Program Files\Steam
2008-05-14 12:02 --------- d-----w C:\Program Files\Trend Micro
2008-05-14 11:25 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\FileZilla
2008-05-14 00:41 --------- d-----w C:\Program Files\Warcraft III
2008-05-13 22:30 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\GrabIt
2008-05-13 20:30 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\teamspeak2
2008-05-13 16:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-13 16:07 --------- d-----w C:\Program Files\Google
2008-05-13 13:49 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\ESET
2008-05-13 13:48 --------- d-----w C:\ProgramData\ESET
2008-05-13 13:48 --------- d-----w C:\Program Files\ESET
2008-05-13 13:44 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-05-13 03:21 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\uTorrent
2008-05-13 00:53 --------- d-----w C:\Program Files\BitDefender
2008-05-13 00:12 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-05-12 23:25 --------- d-----w C:\Program Files\CCleaner
2008-05-07 15:25 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-03 15:26 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\codeblocks
2008-04-28 10:32 --------- d-----w C:\Program Files\PDFCreator
2008-04-24 10:32 --------- d-----w C:\Program Files\VideoMach-4.0.4
2008-04-21 11:08 --------- d-----w C:\Program Files\Ubisoft
2008-04-16 17:21 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-16 17:21 --------- d-----w C:\Program Files\Realtek
2008-04-10 15:33 --------- d-----w C:\ProgramData\NVIDIA
2008-04-09 11:17 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 04:46 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-06 21:51 86,016 ----a-w C:\Users\CaRTmaN\IDHWTSS1.dll
2008-03-30 23:13 --------- d-----w C:\Program Files\Badongo
2008-03-27 13:08 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-03-26 16:35 2,103,512 ----a-w C:\Windows\system32\drivers\RTKVHDA.sys
2008-03-26 14:40 30,208 ----a-w C:\Windows\System32\RtkCoInst.dll
2008-03-26 11:21 5,369,856 ----a-w C:\Windows\RtHDVCpl.exe
2008-03-20 06:44 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\Ubisoft
2008-03-20 06:44 --------- d-----w C:\ProgramData\Ubisoft
2008-03-18 14:59 --------- d-----w C:\ProgramData\EPSON
2008-03-18 13:31 98,304 ----a-w C:\Windows\RTKAUDIOSERVICE.EXE
2008-03-18 00:44 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-18 00:40 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-17 11:44 --------- d-----w C:\ProgramData\Media Center Programs
2008-03-17 10:40 140,800 ----a-w C:\Windows\System32\FMAPO.dll
2008-03-16 22:59 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\Hamachi
2008-03-13 14:51 2,160,640 ----a-w C:\Windows\System32\RtkAPO.dll
2008-03-07 17:12 697,344 ----a-w C:\Windows\System32\RtkPgExt.dll
2008-03-05 16:07 520,192 ----a-w C:\Windows\RtlExUpd.dll
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-28 19:26 36,868 ----a-w C:\Users\CaRTmaN\PrtDLL.dll
2008-02-24 23:44 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-14 02:08 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:05 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 02:05 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 02:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:04 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 02:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:04 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 02:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 02:04 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2007-12-24 14:30 22,328 ----a-w C:\Users\CaRTmaN\AppData\Roaming\PnkBstrK.sys
2007-10-26 23:23 174 --sha-w C:\Program Files\desktop.ini
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-14_15.38.57.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-14 13:53:57 6,299,648 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
+ 2008-05-14 13:35:23 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-14 13:35:23 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-14 13:26:21 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-14 13:50:27 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-14 13:22:18 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-14 13:53:34 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-14 13:35:37 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-14 13:40:23 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-14 13:40:23 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-13 00:39:14 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-05-14 13:41:56 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-05-14 13:13:32 9,734 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-147353848-3988365038-4256195152-1000_UserData.bin
+ 2008-05-14 13:37:38 9,982 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-147353848-3988365038-4256195152-1000_UserData.bin
- 2008-05-14 13:13:32 80,308 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-14 13:37:38 80,528 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-12 23:42:47 28,454,786 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-05-14 13:41:52 28,473,857 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE11CBEE-1CAA-48E2-9467-43114048871C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 05:22 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:32 2159104 C:\Windows\System32\oobefldr.dll]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 08:19 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 13:53 171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-27 01:16 1006264]
"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 14:44 36864]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-26 16:54 774168]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 17:22 1132056]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 13:21 5369856 C:\Windows\RtHDVCpl.exe]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-27 00:27:21 692224]
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-04-28 12:32:32 2641920]
SkillPowered.lnk - C:\Program Files\SkillPowered\SkillPowered.exe [2007-11-02 15:05:34 773120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
C:\Users\CaRTmaN\AppData\Local\Temp\fccyyyXN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-02-12 12:19 1050112 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Windows\system32\opnkjIxx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-02-12 12:23 1620480 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-17 12:29 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{322B8EB9-8DA1-4503-ADBD-4AE0CDF2F5B3}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
"UDP Query User{98D4844B-C5BA-4EA9-9237-04A27992E71E}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
"TCP Query User{0C7500D1-492B-49D5-8EEB-93A7FD0844AF}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{FD73FB20-9EB1-44BA-9AC9-D6A27181212C}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{A5CFEB0F-1B1A-4B9E-90F5-3E81D6E5BC06}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{DBB960E8-06F7-4276-951C-C1DD00B7A096}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{6C542E49-4033-4E9D-8CD7-74E146144598}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\day of defeat source\\hl2.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\day of defeat source\hl2.exe:hl2
"UDP Query User{403CDFDA-89E1-4A36-89B6-D7857371070A}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\day of defeat source\\hl2.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\day of defeat source\hl2.exe:hl2
"TCP Query User{70AC2161-4CB9-4A8C-A063-EBDD1B52F4D9}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{7EEA6CEC-0E95-4DBE-879A-9FF44583576B}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{2911BBEF-8EF0-435F-BB30-6F309ED2A28F}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{5D4797C9-E252-4F9E-87C1-18731295FC2D}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike\hl.exe:Half-Life Launcher
"{138C93DF-9906-457B-927E-AFE56D42B763}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{4ABB1922-CDC2-4D42-A582-534FD6CE28A2}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{EE2512F3-B0D6-43B8-9FF9-66B31976D55A}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{6FC3DC09-9572-435B-B4E0-005A19F7360C}E:\\téléchargements\\starcraft\\starcraft.exe"= UDP:E:\téléchargements\starcraft\starcraft.exe:StarCraft
"UDP Query User{7EDBE7F5-F2A4-4F67-8468-641C228BB0D1}E:\\téléchargements\\starcraft\\starcraft.exe"= TCP:E:\téléchargements\starcraft\starcraft.exe:StarCraft
"TCP Query User{E8398F5A-06E7-408B-97BE-1117B40F3C7A}C:\\program files\\steam\\steamapps\\common\\lost planet extreme condition\\lostplanetdx9.exe"= UDP:C:\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe:LostPlanetDX9
"UDP Query User{783AF0E2-8019-4593-B8E7-E8B2D205CE71}C:\\program files\\steam\\steamapps\\common\\lost planet extreme condition\\lostplanetdx9.exe"= TCP:C:\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe:LostPlanetDX9
"TCP Query User{ED2CF01E-3184-4B41-94C8-F94CA8A78ABA}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{438747B7-3C35-401F-8683-61FA9A32E184}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{E7B161AA-A9C3-4BB9-B5EA-5A50BBDEA9EA}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{1A8CCBB7-2A5C-4FFE-9AC9-F7C35FE90E51}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{08D024C1-6FE4-4960-9BA1-9B2F5C419CA0}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{42FBA114-73B7-4662-B56E-DE316576011C}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{EAEFB9F0-9097-48B6-9016-7437F330842B}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{D03D3817-F84E-432A-A565-7830B8186C13}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"TCP Query User{977A325B-EBFD-4289-B816-B0B7CBBE0A44}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\day of defeat source\\hl2.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\day of defeat source\hl2.exe:hl2
"UDP Query User{A3D018F5-65B2-4AD4-9B5A-7E93F24382C2}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\day of defeat source\\hl2.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\day of defeat source\hl2.exe:hl2
"{A4F5EC28-4A61-4D0D-9C63-F1ADA38D3ED0}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{25201F50-82B2-40F5-9EA1-30C686AA1CA3}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{47E46A54-63C7-4A56-B0D9-7BCB42FEDCBA}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{6C040893-612B-4D84-849B-280E3BB1268C}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{4BEC6F8D-E65A-407C-99A1-906F47821A7E}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{FA86F70E-AA69-4887-B8B9-B6D1C056973E}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{AABDA48E-9193-47B6-8DD1-88C951B066C7}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{FE30EF50-4FB9-428B-A1F1-2D1BBAE779F1}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{E8D1A8EE-FCDF-48BB-A2EE-E5C88C237698}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{CB7B0E8A-66DB-4219-BE5C-F78FBD9E7277}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"TCP Query User{9BB6FBC1-8583-4575-BECB-6644E3EC9DC9}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{45483AE5-D929-4BB4-A12B-3A32110755B3}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{AD34CEA3-8603-4D6C-A0ED-F36CE31D3E0C}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\day of defeat\\hl.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{1C9D9318-90E0-4076-9DCB-4DDCC316B73C}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\day of defeat\\hl.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\day of defeat\hl.exe:Half-Life Launcher
"{949A9E3E-F90A-4890-817A-C71FBAA8C670}"= UDP:C:\Windows\System32\lxbacoms.exe:Lexmark Communications System
"{1A8F4C35-4A63-449A-BEF1-CED94DB487CD}"= TCP:C:\Windows\System32\lxbacoms.exe:Lexmark Communications System
"TCP Query User{F13D3EB9-512A-49FD-9E2B-F198E2C6C080}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{221FAE2C-F77A-4497-BEC7-B6160AC7716C}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{D97F52DC-03EE-467F-AAE9-5603EC91A286}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike source\hl2.exe:hl2
"UDP Query User{3CB4DD9E-43B3-4EE4-A78A-D7A93024E966}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike source\hl2.exe:hl2
"{2ECC1BE4-CBDB-4044-95EA-0032E93341F5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{4BB67817-1401-424E-82F3-C441601530D1}C:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= UDP:C:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"UDP Query User{94B76162-B41A-4825-8008-D03201B7DD43}C:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= TCP:C:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"{347A7D64-F820-443F-8630-CA7E2BCDF702}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{208BC2F0-BA12-4A02-925A-A72BE5789BAF}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{A0502127-D4BA-43CB-8503-DD0A7214930B}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{BC9F0222-4F91-4B39-85BE-EFD2A09AD0EC}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{DFF55BD6-AF10-4E36-B23A-389F60688AB7}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{DBB6D89F-3D28-4C99-A551-84AB35729D31}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{28A2CA37-0860-43BF-8626-C06289C70B42}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{36F3CF0D-6846-485C-BC41-971E332F8984}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{F4E341D8-7AA6-4CAF-8D3F-C53504373502}C:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= UDP:C:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"UDP Query User{E36A5EF3-D925-4BAA-A207-F65A488D4C60}C:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= TCP:C:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"TCP Query User{D5B61009-BFD5-46C1-8E4B-75E0425DB2B1}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{14DF4CE9-9878-4D34-B813-D90294BE65F7}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{7B62470D-8166-47A5-A3BC-B95BBA7D6C33}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{815470E8-BA4C-463F-B5A1-0489F765CB62}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"TCP Query User{3B664F1A-6361-42C7-A444-4DF887424BA8}C:\\program files\\steam\\steamapps\\hirpheuss\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\hirpheuss\counter-strike source\hl2.exe:hl2
"UDP Query User{CC264FCB-2AC9-4BBE-B672-92EFA6A859ED}C:\\program files\\steam\\steamapps\\hirpheuss\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\hirpheuss\counter-strike source\hl2.exe:hl2
"TCP Query User{0AC1362C-4E73-49A9-9A03-986A64D2BB4F}C:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= UDP:C:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"UDP Query User{7F8CC2B9-9738-4D50-86E9-D0E2F84D9AB4}C:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= TCP:C:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"TCP Query User{25B67DCA-CD4C-4FDB-AD99-71C8402BCE33}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike source\hl2.exe:hl2
"UDP Query User{1270A57F-B783-46A7-A97C-7D211D24D7D3}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike source\hl2.exe:hl2
"TCP Query User{8C18C66F-59D1-499B-B3A6-9BA36223ED64}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{5A85B64D-C6AB-48E4-B462-84D27D4DEC9F}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{BAF81CDF-099C-4F83-A2E4-F8241B40CFF0}C:\\program files\\maple 11\\jre\\bin\\java.exe"= UDP:C:\program files\maple 11\jre\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{647E29DD-A212-4684-B18C-00277808EF36}C:\\program files\\maple 11\\jre\\bin\\java.exe"= TCP:C:\program files\maple 11\jre\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{4986FDF7-DECB-4C7A-B4C8-D865C32F21EE}C:\\program files\\maple 11\\jre\\bin\\maple.exe"= UDP:C:\program files\maple 11\jre\bin\maple.exe:Maple 11
"UDP Query User{9ABAC63F-979A-4265-AC76-A936ADD2CDE2}C:\\program files\\maple 11\\jre\\bin\\maple.exe"= TCP:C:\program files\maple 11\jre\bin\maple.exe:Maple 11
"TCP Query User{2AA6CE52-D97C-4BA1-85C7-59C805F82E31}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{2E870056-9B27-454E-A6F2-2FDE4258E449}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{0A24AE33-5CC0-445E-B129-DC0DF38396DF}C:\\program files\\ocean technology\\gg e-sports platform\\garena.exe"= UDP:C:\program files\ocean technology\gg e-sports platform\garena.exe:Garena
"UDP Query User{7DCCE0A1-3118-4EA2-B87B-925A9EA7F894}C:\\program files\\ocean technology\\gg e-sports platform\\garena.exe"= TCP:C:\program files\ocean technology\gg e-sports platform\garena.exe:Garena
"TCP Query User{1052DEB2-2967-4752-9170-152B21773D3C}E:\\téléchargements\\lfs_s2_dedi_y\\lfs.exe"= UDP:E:\téléchargements\lfs_s2_dedi_y\lfs.exe:LFS
"UDP Query User{E7017312-8A40-4A5F-BEE8-DAC30D52AF9E}E:\\téléchargements\\lfs_s2_dedi_y\\lfs.exe"= TCP:E:\téléchargements\lfs_s2_dedi_y\lfs.exe:LFS
"{690A9400-02E7-48C9-B150-06E77DDA2B04}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{DC19049C-E243-479A-A04C-D7E8AD34A163}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{1BF48578-BE30-4C30-87FA-AD1202C33A6B}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{F1B3CF5E-63E5-45A1-99E7-F599ADC91E2C}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{F43DE9B7-83CF-4CA6-9EAE-DB1D87ACB629}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{20A8EC03-D12B-456E-BABC-A24146446827}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{29575BC9-DA6B-446E-8486-8376C271F9EF}C:\\users\\cartman\\desktop\\anjougame\\steamdods\\gcf\\adng\\day of defeat source\\hl2.exe"= UDP:C:\users\cartman\desktop\anjougame\steamdods\gcf\adng\day of defeat source\hl2.exe:hl2.exe
"UDP Query User{B1D553D9-F432-4691-8342-543E3B01895D}C:\\users\\cartman\\desktop\\anjougame\\steamdods\\gcf\\adng\\day of defeat source\\hl2.exe"= TCP:C:\users\cartman\desktop\anjougame\steamdods\gcf\adng\day of defeat source\hl2.exe:hl2.exe
"TCP Query User{EE036E4E-126B-4474-B9B2-7B6A082486F3}C:\\program files\\ocean technology\\gg e-sports platform\\garena.exe"= UDP:C:\program files\ocean technology\gg e-sports platform\garena.exe:Garena
"UDP Query User{57A40C35-535D-43BF-B415-C89C75E41C3A}C:\\program files\\ocean technology\\gg e-sports platform\\garena.exe"= TCP:C:\program files\ocean technology\gg e-sports platform\garena.exe:Garena
"TCP Query User{5B5C46EF-4D17-4C30-A5AA-DFB2DE2D1BC4}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{6C4F1C85-E741-44DE-8BB8-B8433CFE7487}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{13D0DFAB-CC49-41F5-AE28-38C873E831E4}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{827A3BAF-94EC-41D0-9613-7EC31D78518E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{AEB1334D-83AA-41FF-8D70-E9F2EA54A454}C:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"UDP Query User{1660DD2C-A0DD-4A2D-835E-D4948761B1B4}C:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-04-05 00:00]
S3 gdrv;gdrv;C:\Windows\gdrv.sys [2007-10-27 03:15]
S3 n558;N558 Bluetooth USB Filter Driver;C:\Windows\system32\Drivers\n558.sys [2007-08-15 07:27]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-07 12:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5dcd12b-840b-11dc-bb63-806e6f6e6963}]
\shell\AutoRun\command - F:\Run.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 15:55:29
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-14 15:56:23
ComboFix-quarantined-files.txt 2008-05-14 13:56:07
ComboFix2.txt 2008-05-14 13:39:41

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

303 --- E O F --- 2008-05-12 01:01:27


____________________________________

Nouveau rapport de Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:21, on 14/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {DE11CBEE-1CAA-48E2-9467-43114048871C} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O4 - Global Startup: SkillPowered.lnk = C:\Program Files\SkillPowered\SkillPowered.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


File::
C:\Users\CaRTmaN\AppData\Local\Temp\fccyyyXN.dll


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A69AE3C-D08C-44A9-B6D1-9BF76A0EB115}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]




Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

__________

scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

______________



colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr
0
Cartman
 
Log de ComboFix :


ComboFix 08-05-12.1 - CaRTmaN 2008-05-14 16:23:50.3 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.1.1033.18.2404 [GMT 2:00]
Running from: C:\Users\CaRTmaN\Desktop\KillBagle.exe
Command switches used :: C:\Users\CaRTmaN\Desktop\CFscript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\Users\CaRTmaN\AppData\Local\Temp\fccyyyXN.dll
.

((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.

2008-05-14 16:22 . 2008-05-14 16:22 <REP> d-------- C:\327882R2FWJFW
2008-05-14 15:44 . 2008-05-14 15:44 <REP> d-------- C:\_OTMoveIt
2008-05-14 14:21 . 2008-05-14 14:21 <REP> d-------- C:\VundoFix Backups
2008-05-14 14:02 . 2008-05-14 14:02 <REP> d-------- C:\Program Files\Trend Micro
2008-05-13 15:49 . 2008-05-13 15:49 <REP> d-------- C:\Users\CaRTmaN\AppData\Roaming\ESET
2008-05-13 15:48 . 2008-05-13 15:48 <REP> d-------- C:\Users\All Users\ESET
2008-05-13 15:48 . 2008-05-13 15:48 <REP> d-------- C:\ProgramData\ESET
2008-05-13 15:48 . 2008-05-13 15:48 <REP> d-------- C:\Program Files\ESET
2008-05-13 01:46 . 2008-05-13 02:52 121 --a------ C:\Windows\bdagent.INI
2008-05-13 01:40 . 2008-05-13 02:53 <REP> d-------- C:\Program Files\BitDefender
2008-05-13 01:38 . 2008-05-13 02:12 <REP> d-------- C:\Program Files\Common Files\BitDefender
2008-04-28 12:32 . 2008-04-28 12:32 <REP> d-------- C:\Program Files\PDFCreator
2008-04-28 12:32 . 2005-10-15 12:32 196,608 --a------ C:\Windows\System32\pdfcmnnt.dll
2008-04-28 12:32 . 1998-07-13 01:08 141,312 --a------ C:\Windows\System32\MSCMCFR.DLL
2008-04-28 12:32 . 1998-06-24 00:00 137,000 --a------ C:\Windows\System32\MSMAPI32.OCX
2008-04-28 12:32 . 1998-07-06 00:00 23,552 --a------ C:\Windows\System32\MSMPIDE.DLL
2008-04-24 12:32 . 2008-04-24 12:32 <REP> d-------- C:\Program Files\VideoMach-4.0.4
2008-04-16 19:24 . 2007-11-14 15:18 553 --a------ C:\Windows\USetup.iss
2008-04-16 19:17 . 2008-03-05 18:07 520,192 --a------ C:\Windows\RtlExUpd.dll
2008-04-16 16:38 . 2008-03-18 15:31 98,304 --a------ C:\Windows\RTKAUDIOSERVICE.EXE
2008-04-16 16:37 . 2008-04-16 19:23 <REP> d-------- C:\Windows\System32\RTCOM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 14:02 --------- d-----w C:\Program Files\Steam
2008-05-14 11:25 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\FileZilla
2008-05-14 00:41 --------- d-----w C:\Program Files\Warcraft III
2008-05-13 22:30 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\GrabIt
2008-05-13 20:30 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\teamspeak2
2008-05-13 16:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-13 16:07 --------- d-----w C:\Program Files\Google
2008-05-13 13:44 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-05-13 03:21 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\uTorrent
2008-05-12 23:25 --------- d-----w C:\Program Files\CCleaner
2008-05-07 15:25 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-03 15:26 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\codeblocks
2008-04-21 11:08 --------- d-----w C:\Program Files\Ubisoft
2008-04-16 17:21 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-16 17:21 --------- d-----w C:\Program Files\Realtek
2008-04-10 15:33 --------- d-----w C:\ProgramData\NVIDIA
2008-04-09 11:17 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 04:46 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-06 21:51 86,016 ----a-w C:\Users\CaRTmaN\IDHWTSS1.dll
2008-03-30 23:13 --------- d-----w C:\Program Files\Badongo
2008-03-27 13:08 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-03-26 16:35 2,103,512 ----a-w C:\Windows\system32\drivers\RTKVHDA.sys
2008-03-26 14:40 30,208 ----a-w C:\Windows\System32\RtkCoInst.dll
2008-03-26 11:21 5,369,856 ----a-w C:\Windows\RtHDVCpl.exe
2008-03-20 06:44 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\Ubisoft
2008-03-20 06:44 --------- d-----w C:\ProgramData\Ubisoft
2008-03-18 14:59 --------- d-----w C:\ProgramData\EPSON
2008-03-18 00:44 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-18 00:40 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-17 11:44 --------- d-----w C:\ProgramData\Media Center Programs
2008-03-17 10:40 140,800 ----a-w C:\Windows\System32\FMAPO.dll
2008-03-16 22:59 --------- d-----w C:\Users\CaRTmaN\AppData\Roaming\Hamachi
2008-03-13 14:51 2,160,640 ----a-w C:\Windows\System32\RtkAPO.dll
2008-03-07 17:12 697,344 ----a-w C:\Windows\System32\RtkPgExt.dll
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-28 19:26 36,868 ----a-w C:\Users\CaRTmaN\PrtDLL.dll
2008-02-24 23:44 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-14 02:08 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:05 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 02:05 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 02:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:04 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 02:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:04 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 02:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 02:04 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2007-12-24 14:30 22,328 ----a-w C:\Users\CaRTmaN\AppData\Roaming\PnkBstrK.sys
2007-10-26 23:23 174 --sha-w C:\Program Files\desktop.ini
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-14_15.38.57.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-14 13:35:22 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-14 14:02:04 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-14 14:02:05 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-14 14:02:05 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-14 13:26:21 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-14 14:17:10 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-14 13:35:37 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-14 14:02:57 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-14 14:02:57 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-14 13:22:18 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-14 14:22:53 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-14 13:35:37 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-14 14:02:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-14 14:02:52 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-13 00:39:14 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-05-14 14:01:00 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-05-14 13:13:32 9,734 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-147353848-3988365038-4256195152-1000_UserData.bin
+ 2008-05-14 14:03:55 10,014 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-147353848-3988365038-4256195152-1000_UserData.bin
- 2008-05-14 13:13:32 80,308 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-14 14:03:55 80,678 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-14 13:13:31 44,348 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-14 14:03:54 44,412 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-05-12 23:42:47 28,454,786 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-05-14 13:41:52 28,473,857 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE11CBEE-1CAA-48E2-9467-43114048871C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 05:22 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:32 2159104 C:\Windows\System32\oobefldr.dll]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 08:19 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 13:53 171464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-27 01:16 1006264]
"JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 14:44 36864]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-26 16:54 774168]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 17:22 1132056]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 13:21 5369856 C:\Windows\RtHDVCpl.exe]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-27 00:27:21 692224]
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-04-28 12:32:32 2641920]
SkillPowered.lnk - C:\Program Files\SkillPowered\SkillPowered.exe [2007-11-02 15:05:34 773120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
C:\Users\CaRTmaN\AppData\Local\Temp\fccyyyXN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-02-12 12:19 1050112 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Windows\system32\opnkjIxx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-02-12 12:23 1620480 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-17 12:29 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{322B8EB9-8DA1-4503-ADBD-4AE0CDF2F5B3}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
"UDP Query User{98D4844B-C5BA-4EA9-9237-04A27992E71E}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
"TCP Query User{0C7500D1-492B-49D5-8EEB-93A7FD0844AF}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{FD73FB20-9EB1-44BA-9AC9-D6A27181212C}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{A5CFEB0F-1B1A-4B9E-90F5-3E81D6E5BC06}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{DBB960E8-06F7-4276-951C-C1DD00B7A096}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{6C542E49-4033-4E9D-8CD7-74E146144598}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\day of defeat source\\hl2.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\day of defeat source\hl2.exe:hl2
"UDP Query User{403CDFDA-89E1-4A36-89B6-D7857371070A}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\day of defeat source\\hl2.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\day of defeat source\hl2.exe:hl2
"TCP Query User{70AC2161-4CB9-4A8C-A063-EBDD1B52F4D9}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{7EEA6CEC-0E95-4DBE-879A-9FF44583576B}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{2911BBEF-8EF0-435F-BB30-6F309ED2A28F}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{5D4797C9-E252-4F9E-87C1-18731295FC2D}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike\hl.exe:Half-Life Launcher
"{138C93DF-9906-457B-927E-AFE56D42B763}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{4ABB1922-CDC2-4D42-A582-534FD6CE28A2}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{EE2512F3-B0D6-43B8-9FF9-66B31976D55A}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{6FC3DC09-9572-435B-B4E0-005A19F7360C}E:\\téléchargements\\starcraft\\starcraft.exe"= UDP:E:\téléchargements\starcraft\starcraft.exe:StarCraft
"UDP Query User{7EDBE7F5-F2A4-4F67-8468-641C228BB0D1}E:\\téléchargements\\starcraft\\starcraft.exe"= TCP:E:\téléchargements\starcraft\starcraft.exe:StarCraft
"TCP Query User{E8398F5A-06E7-408B-97BE-1117B40F3C7A}C:\\program files\\steam\\steamapps\\common\\lost planet extreme condition\\lostplanetdx9.exe"= UDP:C:\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe:LostPlanetDX9
"UDP Query User{783AF0E2-8019-4593-B8E7-E8B2D205CE71}C:\\program files\\steam\\steamapps\\common\\lost planet extreme condition\\lostplanetdx9.exe"= TCP:C:\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe:LostPlanetDX9
"TCP Query User{ED2CF01E-3184-4B41-94C8-F94CA8A78ABA}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{438747B7-3C35-401F-8683-61FA9A32E184}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{E7B161AA-A9C3-4BB9-B5EA-5A50BBDEA9EA}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{1A8CCBB7-2A5C-4FFE-9AC9-F7C35FE90E51}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{08D024C1-6FE4-4960-9BA1-9B2F5C419CA0}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{42FBA114-73B7-4662-B56E-DE316576011C}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{EAEFB9F0-9097-48B6-9016-7437F330842B}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{D03D3817-F84E-432A-A565-7830B8186C13}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"TCP Query User{977A325B-EBFD-4289-B816-B0B7CBBE0A44}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\day of defeat source\\hl2.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\day of defeat source\hl2.exe:hl2
"UDP Query User{A3D018F5-65B2-4AD4-9B5A-7E93F24382C2}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\day of defeat source\\hl2.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\day of defeat source\hl2.exe:hl2
"{A4F5EC28-4A61-4D0D-9C63-F1ADA38D3ED0}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{25201F50-82B2-40F5-9EA1-30C686AA1CA3}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{47E46A54-63C7-4A56-B0D9-7BCB42FEDCBA}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{6C040893-612B-4D84-849B-280E3BB1268C}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{4BEC6F8D-E65A-407C-99A1-906F47821A7E}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{FA86F70E-AA69-4887-B8B9-B6D1C056973E}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{AABDA48E-9193-47B6-8DD1-88C951B066C7}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{FE30EF50-4FB9-428B-A1F1-2D1BBAE779F1}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{E8D1A8EE-FCDF-48BB-A2EE-E5C88C237698}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{CB7B0E8A-66DB-4219-BE5C-F78FBD9E7277}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"TCP Query User{9BB6FBC1-8583-4575-BECB-6644E3EC9DC9}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{45483AE5-D929-4BB4-A12B-3A32110755B3}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{AD34CEA3-8603-4D6C-A0ED-F36CE31D3E0C}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\day of defeat\\hl.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{1C9D9318-90E0-4076-9DCB-4DDCC316B73C}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\day of defeat\\hl.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\day of defeat\hl.exe:Half-Life Launcher
"{949A9E3E-F90A-4890-817A-C71FBAA8C670}"= UDP:C:\Windows\System32\lxbacoms.exe:Lexmark Communications System
"{1A8F4C35-4A63-449A-BEF1-CED94DB487CD}"= TCP:C:\Windows\System32\lxbacoms.exe:Lexmark Communications System
"TCP Query User{F13D3EB9-512A-49FD-9E2B-F198E2C6C080}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{221FAE2C-F77A-4497-BEC7-B6160AC7716C}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{D97F52DC-03EE-467F-AAE9-5603EC91A286}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike source\hl2.exe:hl2
"UDP Query User{3CB4DD9E-43B3-4EE4-A78A-D7A93024E966}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike source\hl2.exe:hl2
"{2ECC1BE4-CBDB-4044-95EA-0032E93341F5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{4BB67817-1401-424E-82F3-C441601530D1}C:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= UDP:C:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"UDP Query User{94B76162-B41A-4825-8008-D03201B7DD43}C:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= TCP:C:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008
"{347A7D64-F820-443F-8630-CA7E2BCDF702}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{208BC2F0-BA12-4A02-925A-A72BE5789BAF}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{A0502127-D4BA-43CB-8503-DD0A7214930B}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{BC9F0222-4F91-4B39-85BE-EFD2A09AD0EC}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{DFF55BD6-AF10-4E36-B23A-389F60688AB7}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{DBB6D89F-3D28-4C99-A551-84AB35729D31}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{28A2CA37-0860-43BF-8626-C06289C70B42}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{36F3CF0D-6846-485C-BC41-971E332F8984}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{F4E341D8-7AA6-4CAF-8D3F-C53504373502}C:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= UDP:C:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"UDP Query User{E36A5EF3-D925-4BAA-A207-F65A488D4C60}C:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= TCP:C:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"TCP Query User{D5B61009-BFD5-46C1-8E4B-75E0425DB2B1}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{14DF4CE9-9878-4D34-B813-D90294BE65F7}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{7B62470D-8166-47A5-A3BC-B95BBA7D6C33}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{815470E8-BA4C-463F-B5A1-0489F765CB62}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"TCP Query User{3B664F1A-6361-42C7-A444-4DF887424BA8}C:\\program files\\steam\\steamapps\\hirpheuss\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\hirpheuss\counter-strike source\hl2.exe:hl2
"UDP Query User{CC264FCB-2AC9-4BBE-B672-92EFA6A859ED}C:\\program files\\steam\\steamapps\\hirpheuss\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\hirpheuss\counter-strike source\hl2.exe:hl2
"TCP Query User{0AC1362C-4E73-49A9-9A03-986A64D2BB4F}C:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= UDP:C:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"UDP Query User{7F8CC2B9-9738-4D50-86E9-D0E2F84D9AB4}C:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= TCP:C:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"TCP Query User{25B67DCA-CD4C-4FDB-AD99-71C8402BCE33}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike source\hl2.exe:hl2
"UDP Query User{1270A57F-B783-46A7-A97C-7D211D24D7D3}C:\\program files\\steam\\steamapps\\marsu682003@hotmail.com\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\marsu682003@hotmail.com\counter-strike source\hl2.exe:hl2
"TCP Query User{8C18C66F-59D1-499B-B3A6-9BA36223ED64}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{5A85B64D-C6AB-48E4-B462-84D27D4DEC9F}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{BAF81CDF-099C-4F83-A2E4-F8241B40CFF0}C:\\program files\\maple 11\\jre\\bin\\java.exe"= UDP:C:\program files\maple 11\jre\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{647E29DD-A212-4684-B18C-00277808EF36}C:\\program files\\maple 11\\jre\\bin\\java.exe"= TCP:C:\program files\maple 11\jre\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{4986FDF7-DECB-4C7A-B4C8-D865C32F21EE}C:\\program files\\maple 11\\jre\\bin\\maple.exe"= UDP:C:\program files\maple 11\jre\bin\maple.exe:Maple 11
"UDP Query User{9ABAC63F-979A-4265-AC76-A936ADD2CDE2}C:\\program files\\maple 11\\jre\\bin\\maple.exe"= TCP:C:\program files\maple 11\jre\bin\maple.exe:Maple 11
"TCP Query User{2AA6CE52-D97C-4BA1-85C7-59C805F82E31}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{2E870056-9B27-454E-A6F2-2FDE4258E449}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{0A24AE33-5CC0-445E-B129-DC0DF38396DF}C:\\program files\\ocean technology\\gg e-sports platform\\garena.exe"= UDP:C:\program files\ocean technology\gg e-sports platform\garena.exe:Garena
"UDP Query User{7DCCE0A1-3118-4EA2-B87B-925A9EA7F894}C:\\program files\\ocean technology\\gg e-sports platform\\garena.exe"= TCP:C:\program files\ocean technology\gg e-sports platform\garena.exe:Garena
"TCP Query User{1052DEB2-2967-4752-9170-152B21773D3C}E:\\téléchargements\\lfs_s2_dedi_y\\lfs.exe"= UDP:E:\téléchargements\lfs_s2_dedi_y\lfs.exe:LFS
"UDP Query User{E7017312-8A40-4A5F-BEE8-DAC30D52AF9E}E:\\téléchargements\\lfs_s2_dedi_y\\lfs.exe"= TCP:E:\téléchargements\lfs_s2_dedi_y\lfs.exe:LFS
"{690A9400-02E7-48C9-B150-06E77DDA2B04}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{DC19049C-E243-479A-A04C-D7E8AD34A163}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{1BF48578-BE30-4C30-87FA-AD1202C33A6B}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{F1B3CF5E-63E5-45A1-99E7-F599ADC91E2C}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{F43DE9B7-83CF-4CA6-9EAE-DB1D87ACB629}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{20A8EC03-D12B-456E-BABC-A24146446827}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{29575BC9-DA6B-446E-8486-8376C271F9EF}C:\\users\\cartman\\desktop\\anjougame\\steamdods\\gcf\\adng\\day of defeat source\\hl2.exe"= UDP:C:\users\cartman\desktop\anjougame\steamdods\gcf\adng\day of defeat source\hl2.exe:hl2.exe
"UDP Query User{B1D553D9-F432-4691-8342-543E3B01895D}C:\\users\\cartman\\desktop\\anjougame\\steamdods\\gcf\\adng\\day of defeat source\\hl2.exe"= TCP:C:\users\cartman\desktop\anjougame\steamdods\gcf\adng\day of defeat source\hl2.exe:hl2.exe
"TCP Query User{EE036E4E-126B-4474-B9B2-7B6A082486F3}C:\\program files\\ocean technology\\gg e-sports platform\\garena.exe"= UDP:C:\program files\ocean technology\gg e-sports platform\garena.exe:Garena
"UDP Query User{57A40C35-535D-43BF-B415-C89C75E41C3A}C:\\program files\\ocean technology\\gg e-sports platform\\garena.exe"= TCP:C:\program files\ocean technology\gg e-sports platform\garena.exe:Garena
"TCP Query User{5B5C46EF-4D17-4C30-A5AA-DFB2DE2D1BC4}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{6C4F1C85-E741-44DE-8BB8-B8433CFE7487}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{13D0DFAB-CC49-41F5-AE28-38C873E831E4}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{827A3BAF-94EC-41D0-9613-7EC31D78518E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{AEB1334D-83AA-41FF-8D70-E9F2EA54A454}C:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"UDP Query User{1660DD2C-A0DD-4A2D-835E-D4948761B1B4}C:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:C:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-04-05 00:00]
S3 gdrv;gdrv;C:\Windows\gdrv.sys [2007-10-27 03:15]
S3 n558;N558 Bluetooth USB Filter Driver;C:\Windows\system32\Drivers\n558.sys [2007-08-15 07:27]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-07 12:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5dcd12b-840b-11dc-bb63-806e6f6e6963}]
\shell\AutoRun\command - F:\Run.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 16:25:37
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-14 16:26:16
ComboFix-quarantined-files.txt 2008-05-14 14:26:11
ComboFix2.txt 2008-05-14 13:56:23
ComboFix3.txt 2008-05-14 13:39:41

Pre-Run: 27,038,875,648 octets libres
Post-Run: 27,334,017,024 octets libres

320 --- E O F --- 2008-05-12 01:01:27
0
Cartman
 
Le log de Malwarebyte:

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 745

Type de recherche: Examen rapide
Eléments examinés: 33203
Temps écoulé: 2 minute(s), 17 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


__________________________________________

Je suis entrain de faire un scan via bitdefender.
0
Réponse 6 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok

encore des soucis avec spybot???




colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr
0
Réponse 7 / 11
Cartman
 
Ben je suis entrain de faire le scan avec bitdefender en ligne: www.bitdefender.fr/scan_fr/scan8/ie.html

"des soucis avec spybot" tu veux dire le TeaTime ou quand je fais l'analyse ?

Enfin j'ai pas encore réactiver le résident de spybot, et fait de nouvelle analyse avec spybot.
0
Réponse 8 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok

on verra apres le scan en ligne si tu as toujours ces signes:

""
J'ai le Résident Spybot qui m'alerte sur un changement de valeur d'un fichier registre, que je refuse. Je Fais une analyse avec spybot, il me trouve ceci: http://sites.estvideo.net/cartman/prob4.jpg . ""
0
Réponse 9 / 11
Cartman
 
Voilà pour le scan de Bitdefender:

BitDefender Online Scanner - Rapport virus en temps réel

Généré à: Wed, May 14, 2008 - 17:03:58

Info d'analyse:

Fichiers scannés 201818
Infectés Fichiers 2

Virus Détectés

Application.Crack.Stylexp.B 1

Backdoor.Pcclient.GV 1


_________________________________

Jai fait une analyse spybot, aucun mouchard détecter. Je reboot et je refais pour confirmé.
0
Réponse 10 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
tu aurais le rapport complet du scan en ligne pour voir les fichiers inféctés et les action effectueés!
0
Réponse 11 / 11
Cartman
 
Hum après reboot du pc:
L'analyse spybot me trouve ceci http://sites.estvideo.net/cartman/prob5.jpg (chose que je retrouve pas tout le temps, mais une fois sur deux quand je fais un scan ... qqchose qui revient même après correction du prob avec spybot).

Sinon je n'ai pas le log complet dsl :s de l'analyse bitdefender. J'en ai refait une après le reboot également et il n'a rien trouvé.

Serait-ce bon ? ou le prob soulevé dans ce post est encore autre chose?
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
Ouvrir un fichier .pub sans Publisher
baissaoui -
baissaoui -

0 réponse
écrire un rapport de travail
asi -
REGINALD -

3 réponses
Ouvrir document Publisher sans Publisher
Curtis Hayes -
Curtis Hayes -

7 réponses
lire un fichier .pub
xycoco -
Valou -

38 réponses