Téléchargement
illégal
Posez votre question Signaler

TDSS Trojan

Fryct - Dernière réponse le 20 juil. 2009 à 09:49
Bonjour,
J'ai choppé un méchant trojan apparemment, trojan qui jusqu'ici semble impossible à éradiquer définitivement.. J'avais une dizaine d'occurrences du trojan qui ont été supprimées par mon anti-virus (nod32), il ne m'en reste maintenant plus qu'une, sûrement le parent.
J'ai essayé avec bon nombre de logiciels, sans succès. Même détecté et annoncé comme supprimé au reboot, le trojan est toujours là au redémarrage.
Je copie/colle les rapports Hijackthis et Malwarebytes' Anti-Malware (qui le trouve bien mais qui n'arrive pas à l'effacer définitivement). Merci à tous ceux qui pourront m'aider, je commence à désespérer là :)
---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:07, on 14/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O15 - Trusted Zone: http://realm01.dogsoftheseas.com
O15 - Trusted Zone: http://www.dogsoftheseas.com
O15 - Trusted Zone: http://*.dogsoftheseas.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe
Lire la suite 

TDSS Trojan »

86 réponses
Réponse
+1
moins plus
fix200 3100Messages postés 28 décembre 2008Date d'inscription 7 février 2011Dernière intervention 14 juil. 2009 à 16:47
Salut :)

Beau topic pour travailler .


Attachez vos ceintures lol :



Si vous êtes sous Vista désactivez l'UAC


======================================================
>>>>>>>>>>>>>>>>>>>>>> /!\ Attention /!\ <<<<<<<<<<<<<<<<<<<<<<
======================================================


/!\ SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS /!\


_________________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================

============> A lire, Impératif <============


Télécharge ComboFix (de sUBs) sur ton bureau


AVANT d'utiliser ComboFix :

/!\ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
(!) Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection (!).


▶ Double clique sur Combofix.exe afin de le lancer (Sous Vista: Clique droit et choisir exécuter en tant qu'administrateur")

▶ Il va te demander d'installer le console de récupération , reconnecte toi juste le temps de la télécharger , ensuite coupe ta connexion internet .

* En cas de problèmes d'installation, Tuto
Sous XP
Sous Vista

▶ Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Ne touche a rien tant que le scan n'est pas fini /!\

▶ A la fin du scan , il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection , laisse le faire ....


▶ Après le redémarrage du PC, un rapport s'ouvrira dans le Bloc notes en fin d'analyse,

▶ Réactive toutes tes défenses , reviens sur le forum puis copie et colle le rapport dans ton a ta prochaine réponse


Note :
(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)


++

Ajouter un commentaire
Ajouter un commentaire
Réponse
+5
moins plus
loick22 315Messages postés 27 juin 2009Date d'inscription 15 mai 2010Dernière intervention 14 juil. 2009 à 16:47
si tu a rien d'inportent formate c'est le mieu tu va faire un grand menage

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
fix200 3100Messages postés 28 décembre 2008Date d'inscription 7 février 2011Dernière intervention 14 juil. 2009 à 16:49
Bonjour ,

Ici le formatage c la dérinére option .

Fryct :
Fais ceci : > http://www.commentcamarche.net/forum/affich 13353816 tdss trojan?#1

++

Ajouter un commentaire
Fryct - 14 juil. 2009 à 17:32
Merci pour l'aide, j'ai donc suivi les instructions mais ça ne semble pas avoir changé grand-chose. Je n'ai pas eu à rebooter (ce que j'ai quand même fait, en cas) et il est toujours là au redémarrage. Voici le rapport Combofix, où il y a d'ailleurs un certain Start1Driver.SYS. Serait-ce lui le coupable ?

------------

ComboFix 09-07-13.01 - Fryct 14/07/2009 17:07.5.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3583.2509 [GMT 2:00]
Running from: c:\users\Fryct\Desktop\ComboFix.exe
SP: AdwareBot *disabled* (Updated) {2BFC08CE-6B66-47D4-BA62-0A39887A0229}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-14 15:15 . 2009-07-14 15:15 -------- d-----w- c:\users\Fryct\AppData\Local\temp
2009-07-14 13:35 . 2009-07-14 13:35 -------- d-----w- c:\program files\Trend Micro
2009-07-14 11:56 . 2009-07-14 12:49 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-07-14 11:36 . 2009-03-14 04:48 5120 ----a-w- c:\windows\system32\drivers\Start1Driver.SYS
2009-07-14 09:45 . 2009-07-14 09:45 -------- d-----w- c:\progra~2\Simply Super Software
2009-07-13 22:27 . 2009-07-13 23:19 -------- d-----w- c:\windows\BDOSCAN8
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\users\Fryct\AppData\Roaming\Malwarebytes
2009-07-13 18:41 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-13 18:41 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 16:23 . 2009-07-13 16:23 -------- d---a-w- c:\program files\Common Files\Nero
2009-07-13 16:07 . 2009-07-13 16:07 -------- d-----w- c:\progra~2\SlySoft
2009-07-13 16:04 . 2009-07-13 16:04 -------- d-----w- c:\program files\SlySoft
2009-07-12 21:47 . 2009-07-12 22:17 -------- d-----w- c:\users\Fryct\AppData\Roaming\CyberLink
2009-07-12 21:47 . 2009-07-12 21:47 -------- d-----w- c:\users\Public\CyberLink
2009-07-12 21:44 . 2009-07-12 21:44 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-12 21:40 . 2009-07-12 22:07 -------- d-----w- c:\progra~2\CyberLink
2009-07-12 21:40 . 2008-05-14 12:48 29480 ------w- c:\windows\system32\msxml3a.dll
2009-07-12 21:39 . 2008-05-14 12:48 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-12 21:39 . 2009-07-13 16:15 -------- d-----w- c:\program files\CyberLink
2009-07-12 08:45 . 2009-07-12 08:45 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-12 08:45 . 2009-07-12 08:45 -------- d-----w- c:\windows\system32\AGEIA
2009-07-12 08:29 . 2009-07-12 08:29 -------- d-----w- c:\users\Fryct\{c904a8d4-a5d3-4d40-a799-60f6c462408a}
2009-07-12 08:29 . 2009-06-04 14:39 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-08 17:58 . 2005-07-25 09:59 28672 ----a-w- c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
2009-07-05 17:55 . 2008-04-16 12:13 65536 ----a-w- c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\doudehou@gmail.com\components\statusbarEx.dll
2009-07-05 00:33 . 2009-07-05 07:17 -------- d-----w- c:\users\Fryct\AppData\Roaming\IGN_DLM
2009-07-01 15:57 . 2009-07-01 15:57 0 ----a-w- c:\windows\nsreg.dat
2009-07-01 15:57 . 2009-07-01 15:57 -------- d-----w- c:\users\Fryct\AppData\Local\Mozilla
2009-06-20 09:48 . 2009-06-20 09:48 -------- d-----w- c:\users\Fryct\AppData\Local\ArmA 2
2009-06-20 09:47 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-06-20 09:47 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-06-20 09:47 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-06-20 09:47 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-06-20 09:35 . 2009-06-20 09:35 -------- d-----w- c:\program files\Bohemia Interactive
2009-06-17 19:46 . 2009-06-17 19:46 -------- d-----w- c:\users\Fryct\AppData\Local\Monte Cristo
2009-06-15 19:06 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-15 19:06 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-15 19:06 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-15 19:06 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-15 19:06 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-15 19:06 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 14:35 . 2006-11-02 15:48 716060 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-14 14:35 . 2006-11-02 15:48 144214 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-14 14:30 . 2008-07-24 14:48 -------- d-----w- c:\progra~2\NVIDIA
2009-07-14 14:30 . 2009-07-12 08:52 31966 ----a-w- c:\progra~2\nvModes.dat
2009-07-13 16:23 . 2008-07-24 17:11 -------- d-----w- c:\program files\Nero
2009-07-13 16:15 . 2008-07-25 22:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-13 14:56 . 2008-07-24 19:34 -------- d-----w- c:\program files\Steam
2009-07-12 21:47 . 2008-07-24 14:42 106240 ----a-w- c:\users\Fryct\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-12 21:38 . 2008-07-24 14:44 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-12 16:03 . 2008-09-25 15:16 -------- d-----w- c:\users\Fryct\AppData\Roaming\vlc
2009-07-12 08:45 . 2008-11-08 12:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 08:39 . 2008-07-24 14:41 2708 ----a-w- c:\users\Fryct\AppData\Local\d3d9caps.dat
2009-07-12 03:21 . 2008-07-26 17:11 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-11 20:42 . 2008-07-24 18:19 -------- d-----w- c:\users\Fryct\AppData\Roaming\MxBoost
2009-07-05 11:08 . 2008-07-24 19:34 -------- d-----w- c:\program files\Common Files\Steam
2009-07-05 09:32 . 2008-08-23 11:39 -------- d-----w- c:\program files\City of Heroes
2009-06-30 16:50 . 2008-07-26 21:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-23 12:11 . 2008-07-25 22:10 137888 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-23 12:11 . 2008-07-25 22:09 189288 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-22 11:51 . 2008-07-25 22:09 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-17 17:47 . 2009-05-09 10:38 -------- d-----w- c:\program files\Common Files\BioWare
2009-06-17 17:46 . 2008-07-26 15:49 -------- d-----w- c:\progra~2\Media Center Programs
2009-06-14 15:15 . 2009-06-13 13:26 -------- d-----w- c:\program files\Sony Online Entertainment
2009-06-11 18:46 . 2008-08-02 09:51 -------- d-----w- c:\progra~2\Steam
2009-06-11 18:46 . 2008-08-02 09:50 -------- d-----w- c:\progra~2\PopCap Games
2009-06-10 16:33 . 2009-06-10 16:33 9899296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-06-10 16:33 . 2009-06-10 16:33 989696 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 16:33 . 2009-06-10 16:33 7611904 ----a-w- c:\windows\system32\nvd3dum.dll
2009-06-10 16:33 . 2009-06-10 16:33 678432 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 16:33 . 2009-06-10 16:33 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 16:33 . 2009-06-10 16:33 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-06-10 16:33 . 2009-06-10 16:33 3148288 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-06-10 16:33 . 2009-06-10 16:33 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod155.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 16:33 . 2009-06-10 16:33 1317408 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 16:33 . 2009-06-10 16:33 10379264 ----a-w- c:\windows\system32\nvoglv32.dll
2009-06-10 09:19 . 2008-07-26 07:13 -------- d-----w- c:\progra~2\Microsoft Help
2009-06-10 06:35 . 2009-06-10 06:35 1505824 ----a-w- c:\windows\system32\nvcpluir.dll
2009-06-10 06:35 . 2009-06-10 06:35 1358368 ----a-w- c:\windows\system32\nvsvsr.dll
2009-06-10 06:35 . 2009-06-10 06:35 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-06-10 06:35 . 2009-06-10 06:35 1296928 ----a-w- c:\windows\system32\nvsvs.dll
2009-06-10 04:33 . 2009-06-10 04:33 244736 ----a-w- c:\windows\system32\nvStInst.exe
2009-06-10 04:33 . 2009-06-10 04:33 467968 ----a-w- c:\windows\system32\nvstlink.exe
2009-06-10 04:33 . 2009-06-10 04:33 3953152 ----a-w- c:\windows\system32\nvstwiz.exe
2009-06-10 04:33 . 2009-06-10 04:33 141824 ----a-w- c:\windows\system32\nvStereoApiI.dll
2009-06-10 04:33 . 2009-06-10 04:33 171520 ----a-w- c:\windows\system32\nvStereoApiI64.dll
2009-06-10 04:33 . 2009-06-10 04:33 232960 ----a-w- c:\windows\system32\nvSCPAPISvr.exe
2009-06-10 04:32 . 2009-06-10 04:32 257536 ----a-w- c:\windows\system32\nvSCPAPI.dll
2009-06-10 04:32 . 2009-06-10 04:32 301568 ----a-w- c:\windows\system32\nvSCPAPI64.dll
2009-06-10 04:32 . 2009-06-10 04:32 3293184 ----a-w- c:\windows\system32\nvstres.dll
2009-06-10 04:32 . 2009-06-10 04:32 5847 ----a-w- c:\windows\system32\oglstreg.reg
2009-06-10 04:31 . 2009-06-10 04:31 167424 ----a-w- c:\windows\system32\nvstreg.exe
2009-06-10 04:31 . 2009-06-10 04:31 1718272 ----a-w- c:\windows\system32\nvsttest.exe
2009-06-10 04:31 . 2009-06-10 04:31 1034752 ----a-w- c:\windows\system32\nvstview.exe
2009-06-10 04:31 . 2009-06-10 04:31 89088 ----a-w- c:\windows\system32\nvimage.dll
2009-06-10 04:29 . 2009-06-10 04:29 1656 ----a-w- c:\windows\system32\nvstdef.reg
2009-06-08 17:01 . 2008-07-31 19:40 -------- d-----w- c:\progra~2\TrackMania
2009-06-07 08:52 . 2009-06-07 08:52 10134 ----a-r- c:\users\Fryct\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-07 08:52 . 2009-06-07 08:52 -------- d-----w- c:\program files\Microsoft WSE
2009-06-06 16:12 . 2008-07-26 15:36 -------- d-----w- c:\program files\Electronic Arts
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-28 15:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-28 15:07 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-28 10:55 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-05-21 20:49 . 2009-05-10 10:46 -------- d-----w- c:\program files\rFactor
2009-05-10 19:21 . 2009-05-10 19:21 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-05-09 05:50 . 2009-06-10 09:09 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 09:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-04-28 07:55 . 2009-04-28 07:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-23 12:15 . 2009-06-10 09:07 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-10 09:07 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-21 11:39 . 2009-06-10 09:07 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-24 15:27 . 2009-07-01 15:56 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-03-08 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-01 215552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-17 6793760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632]

c:\users\Fryct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-7-26 3581680]

c:\users\Fryct\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-7-26 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):84,f2,65,d2,a6,df,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3017709691-804468469-1464511852-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{101D2057-1C16-420A-906F-E3C44D627292}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D8383F2A-5385-46A6-8BFA-1E8EE34798EE}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{6E1B9AAE-98B5-427D-B821-B6378835474B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{189A5AF6-EAEC-4117-A744-187E90D5BB2B}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{CD5DA0EC-732B-48A3-9546-F11402E8B70A}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E53F93DE-736E-4106-8758-65DC804075E1}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{12AD7443-1084-433B-BBE6-FCFE92D07171}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2114042D-FBB9-43F2-91CA-7792702A75A7}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{9E808409-3B11-427C-B17B-16688660CDB3}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{DB5EF49C-23F0-4508-9FA9-987ED80E18D5}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{F5958A01-E278-4574-8ADE-A23ACB4F8E3F}"= UDP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"{DEE2E5F3-2040-40D0-9F92-A22BAA14AFAB}"= TCP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"{61843F1F-BF99-4E05-A217-F92B4A1ADB2D}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{8F0E10BD-8BAC-47CB-8B46-33A2A948205F}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{FDAFF9FE-B8B7-4CAB-BC25-EE0CBD4CCA80}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{22E23C74-7242-4685-A4FB-7F6BC351EE28}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{FF9A2C3C-0D16-4FDC-9040-D1B3EF3A4226}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{4B8BEBA6-80B0-45BA-8867-B013CF2ECA79}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{530425C9-0F63-416B-8B84-99A437E8B0EE}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{BD1AED9B-66F7-42D5-973F-3CD6CFB018DA}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{3BCB6A29-7AE3-4304-96F3-AC616D14D646}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{87C52663-2039-479C-A0FF-537DBE081EB7}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{CF4F955D-6822-44C2-A772-F2A680F83C59}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{1E4DB4E0-6A3D-4C28-BE8F-968F93B9F3A6}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{83E8973F-F3CD-43C0-915F-3FAAB66F24F5}"= UDP:c:\program files\Steam\steamapps\common\trackmania united\TmForever.exe:TrackMania United Forever
"{F200D435-B063-4BD4-94F2-8B6077F964BD}"= TCP:c:\program files\Steam\steamapps\common\trackmania united\TmForever.exe:TrackMania United Forever
"{9CA93B90-7E0A-4464-AAB7-B3E6B9B7E073}"= UDP:c:\program files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:TrackMania United Forever
"{E9D5835A-8BEA-4041-9D8D-92D840EF0E44}"= TCP:c:\program files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:TrackMania United Forever
"{9C0C5B0E-354D-4175-AD3E-ED9B251DCAD7}"= UDP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{11FD57B5-4A28-422E-BBA6-C19BF9D10C75}"= TCP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{80126E6C-8F0B-4004-B875-22A334D4027D}"= UDP:c:\program files\Steam\steamapps\common\titan quest\help.htm:Titan Quest
"{16B4B97C-6E57-4785-8D80-E61248DB0C25}"= TCP:c:\program files\Steam\steamapps\common\titan quest\help.htm:Titan Quest
"{AA1C9932-7B6F-4730-A8C0-07735C9805C8}"= UDP:c:\program files\Steam\steamapps\common\titan quest immortal throne\Tqit.exe:Titan Quest: Immortal Throne
"{5C44A1D4-E9C3-4F6B-BF09-6043D5245191}"= TCP:c:\program files\Steam\steamapps\common\titan quest immortal throne\Tqit.exe:Titan Quest: Immortal Throne
"{5EC5A276-4BE0-4A72-83ED-CB8C045D8591}"= UDP:c:\program files\Steam\steamapps\common\titan quest immortal throne\help.htm:Titan Quest: Immortal Throne
"{C0C74C27-C2F3-4596-A503-FB8E26C42C0B}"= TCP:c:\program files\Steam\steamapps\common\titan quest immortal throne\help.htm:Titan Quest: Immortal Throne
"{D9775FD4-3FBC-4949-A6D7-D99BB24C5399}"= UDP:c:\program files\Steam\steamapps\common\trials 2 second edition\launcher.exe:Trials 2: Second Edition
"{623BC05D-93B6-4A0B-8BA1-A0AE2DCF9726}"= TCP:c:\program files\Steam\steamapps\common\trials 2 second edition\launcher.exe:Trials 2: Second Edition
"{FDD7CF1D-6AF2-49D8-B1C9-7D0809E19FC8}"= UDP:c:\program files\Steam\steamapps\common\x3 terran conflict\X3TC.exe:X3: Terran Conflict
"{BD3053F5-FDC1-43C8-BF0E-935CA6B28362}"= TCP:c:\program files\Steam\steamapps\common\x3 terran conflict\X3TC.exe:X3: Terran Conflict
"{4CDD6878-4548-4EDE-81AC-F80B359CC549}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{EBD9DF36-8BAD-4688-B9BF-C5DADF31DF0A}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{7A378ADA-706A-46AB-B1C7-3C681500BC39}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7F3CCEF5-BFDB-4BE7-804D-1F6857DBC07A}"= UDP:c:\program files\Steam\steamapps\common\the last remnant\Binaries\TLR.exe:The Last Remnant
"{17B89F98-B2E3-4FF6-AD6A-F24030AB0DB0}"= TCP:c:\program files\Steam\steamapps\common\the last remnant\Binaries\TLR.exe:The Last Remnant
"{95213D48-9D1E-430A-81B7-5942AAE3A917}"= UDP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{53E6152D-9FDE-4D0E-8EF3-89988CC311E8}"= TCP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{29733425-D2A2-49DA-8466-51BECA6B482A}"= UDP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{DA9C1B56-1DDD-4212-80FA-FD98ABFC3125}"= TCP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{A9CF6801-94F7-444C-A1C3-5FB9445E1552}"= UDP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{F37BC531-42A8-46F0-9D50-748A3F01B289}"= TCP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{39F3C5BA-DD85-45F9-BED7-CB02F7757781}"= UDP:c:\program files\Steam\steamapps\common\peggle deluxe\Peggle.exe:Peggle Deluxe
"{61190302-9076-4F54-BD68-845C1174C736}"= TCP:c:\program files\Steam\steamapps\common\peggle deluxe\Peggle.exe:Peggle Deluxe
"{A1957312-D880-4A9C-BA63-3C6A9D12269C}"= UDP:c:\program files\Steam\steamapps\common\peggle nights\PeggleNights.exe:Peggle Nights
"{0A14D283-CB35-4278-874E-EBC2D28EB7C2}"= TCP:c:\program files\Steam\steamapps\common\peggle nights\PeggleNights.exe:Peggle Nights
"{61D72F24-DC12-46D3-A73A-E0CF6A809B04}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Opposing Fronts
"{8E3A8E66-68CD-49E6-B98F-AE95E4CB9F2E}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Opposing Fronts
"{6CBF54B0-1EFE-4A20-BDDE-53B4152E5C3E}"= UDP:c:\program files\Steam\steamapps\common\prototype\prototypef.exe:Prototype
"{216C3479-379E-4B80-824B-BC6A4F5351BD}"= TCP:c:\program files\Steam\steamapps\common\prototype\prototypef.exe:Prototype
"{62B3ED5F-D096-41C1-AE37-F7EB12D7B748}"= UDP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{595778B3-1656-449D-8B09-8379B7F66E54}"= TCP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{800EA7D6-2A21-42A5-9C20-AB68008B708F}"= UDP:c:\program files\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe:Shadowgrounds
"{84D0B703-303F-46C5-A146-9BF8BCCBE6D4}"= TCP:c:\program files\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe:Shadowgrounds
"{B19F27EF-32AF-44C6-8BD3-3B9D208CDE43}"= UDP:c:\program files\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe:Shadowgrounds
"{FCDF5311-1CC7-40BE-8872-DAB61223EDAC}"= TCP:c:\program files\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe:Shadowgrounds
"{DD27ABE2-A9D8-44D5-AB6F-E7CB46A5F269}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{DB624513-F49B-4FD8-9A60-E63BC63232E9}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{9F6C31A3-4A02-4596-B9FE-ABA70F81E714}"= UDP:d:\streetfighteriv\StreetFighterIV.exe:STREET FIGHTER IV
"{FCB9D426-12A3-47B5-AADB-B7FB05A70FDE}"= TCP:d:\streetfighteriv\StreetFighterIV.exe:STREET FIGHTER IV
"{6AE9B028-EC14-439A-92D0-A765243722B6}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{24145960-6301-4880-83DA-E154F76347BC}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{C2A6EA39-0D9A-4CBE-9999-F80B8064C4D7}"= UDP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{C6C881ED-5ACB-4197-8B6C-A57910CCB895}"= TCP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{458616C4-2F77-4590-946B-E26323046FB5}"= UDP:c:\program files\Steam\steamapps\common\trine\trine_launcher.exe:Trine
"{538E8070-ED91-4ACA-A245-33A0679DEEC7}"= TCP:c:\program files\Steam\steamapps\common\trine\trine_launcher.exe:Trine
"{90618E61-22A7-4EDC-9A38-593985B9C439}"= UDP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor
"{82ED241A-ACB0-4BAC-A15B-6652A8D97643}"= TCP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Persona\\Persona.exe"= c:\program files\Persona\Persona.exe:*:Enabled:Persona

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [19/03/2009 11:44 107256]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [01/10/2008 16:44 20384]
R1 Start1Driver;Start1Driver;c:\windows\System32\drivers\Start1Driver.SYS [14/07/2009 13:36 5120]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [19/03/2009 11:44 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [19/03/2009 11:45 93312]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [10/06/2009 06:33 232960]
R3 LycoFltr;Lycosa Keyboard;c:\windows\System32\drivers\Lycosa.sys [18/01/2008 06:43 16128]
S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\System32\drivers\AGUx86.sys [08/10/2007 09:53 892416]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNIMP50.sys [16/11/2006 14:36 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNISP50.sys [16/11/2006 14:36 20480]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [29/02/2008 02:07 942080]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\System32\drivers\WN111v2v.sys [30/09/2008 03:20 449536]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F6E42294-30F1-D27F-2FEE-DEC4CBE77B09}]
C:\Windows:system.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: dogsoftheseas.com
Trusted Zone: dogsoftheseas.com\realm01
Trusted Zone: dogsoftheseas.com\www
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
FF - component: c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\doudehou@gmail.com\components\statusbarEx.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npsoestb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 17:15
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6008)
geyekrpahvfrqw.dll 10000000 36864 \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
c:\program files\Stardock\Object Desktop\DeskScapes\deskscape.dll
c:\progra~1\Stardock\OBJECT~2\DESKSC~1\DesktopControlPanel.dll
c:\program files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
.
Completion time: 2009-07-14 17:18
ComboFix-quarantined-files.txt 2009-07-14 17:18

Pre-Run: 68 574 527 488 octets libres
Post-Run: 68 861 390 848 octets libres
Ajouter un commentaire
Réponse
+0
moins plus
fix200 3100Messages postés 28 décembre 2008Date d'inscription 7 février 2011Dernière intervention 14 juil. 2009 à 17:41
Tu es Malheureusement infecté par une nouvelle variante de TDSS ...




Copie le texte ci-dessous :


File::
c:\users\Fryct\AppData\Local\d3d9caps.da­t

Driver::
nProtect GameGuard Service


- Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)

- Sauvegarde ce fichier sous le nom de CFScript.txt

- Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt

Ensuite :

===>> Lance Malwarebyte's

▶ Sous l'onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression"

▶ Fais une mise a jour (onglet mises a jours)

* Clique maintenant sur l'onglet recherche et coche la case : "exécuter un examen rapide".

▶ Puis clic sur "rechercher".

▶ Laisse le scanner le PC...

▶ Si des éléments on été trouvés --> clic sur "afficher les résultats", puis sur supprimer la sélection. afin de détruire les éléments infectés.

▶ Si il t'es demandé de redémarrer --> clic sur "YES".

▶ A la fin un rapport va s'ouvrir; sauvegarde le de manière a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport S.T.P.

** Note: les rapport sont aussi rangé dans l'onglet Rapport/Log

A+

Ajouter un commentaire
Fryct - 14 juil. 2009 à 18:27
Ca n'a hélas pas marché, il est toujours là. Voici le rapport de ComboFix et de Malwarebyte:


ComboFix 09-07-13.01 - Fryct 14/07/2009 17:57.6.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3583.2562 [GMT 2:00]
Running from: c:\users\Fryct\Desktop\ComboFix.exe
Command switches used :: c:\users\Fryct\Desktop\CFScript.txt
SP: AdwareBot *disabled* (Updated) {2BFC08CE-6B66-47D4-BA62-0A39887A0229}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\users\Fryct\AppData\Local\d3d9caps.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Fryct\AppData\Local\d3d9caps.dat

.
((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-14 16:04 . 2009-07-14 16:04 -------- d-----w- c:\users\Fryct\AppData\Local\temp
2009-07-14 13:35 . 2009-07-14 13:35 -------- d-----w- c:\program files\Trend Micro
2009-07-14 11:56 . 2009-07-14 12:49 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-07-14 11:36 . 2009-03-14 04:48 5120 ----a-w- c:\windows\system32\drivers\Start1Driver.SYS
2009-07-14 09:45 . 2009-07-14 09:45 -------- d-----w- c:\progra~2\Simply Super Software
2009-07-13 22:27 . 2009-07-13 23:19 -------- d-----w- c:\windows\BDOSCAN8
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\users\Fryct\AppData\Roaming\Malwarebytes
2009-07-13 18:41 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-13 18:41 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 16:23 . 2009-07-13 16:23 -------- d---a-w- c:\program files\Common Files\Nero
2009-07-13 16:07 . 2009-07-13 16:07 -------- d-----w- c:\progra~2\SlySoft
2009-07-13 16:04 . 2009-07-13 16:04 -------- d-----w- c:\program files\SlySoft
2009-07-12 21:47 . 2009-07-12 22:17 -------- d-----w- c:\users\Fryct\AppData\Roaming\CyberLink
2009-07-12 21:47 . 2009-07-12 21:47 -------- d-----w- c:\users\Public\CyberLink
2009-07-12 21:44 . 2009-07-12 21:44 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-12 21:40 . 2009-07-12 22:07 -------- d-----w- c:\progra~2\CyberLink
2009-07-12 21:40 . 2008-05-14 12:48 29480 ------w- c:\windows\system32\msxml3a.dll
2009-07-12 21:39 . 2008-05-14 12:48 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-12 21:39 . 2009-07-13 16:15 -------- d-----w- c:\program files\CyberLink
2009-07-12 08:45 . 2009-07-12 08:45 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-12 08:45 . 2009-07-12 08:45 -------- d-----w- c:\windows\system32\AGEIA
2009-07-12 08:29 . 2009-07-12 08:29 -------- d-----w- c:\users\Fryct\{c904a8d4-a5d3-4d40-a799-60f6c462408a}
2009-07-12 08:29 . 2009-06-04 14:39 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-08 17:58 . 2005-07-25 09:59 28672 ----a-w- c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
2009-07-05 17:55 . 2008-04-16 12:13 65536 ----a-w- c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\doudehou@gmail.com\components\statusbarEx.dll
2009-07-05 00:33 . 2009-07-05 07:17 -------- d-----w- c:\users\Fryct\AppData\Roaming\IGN_DLM
2009-07-01 15:57 . 2009-07-01 15:57 0 ----a-w- c:\windows\nsreg.dat
2009-07-01 15:57 . 2009-07-01 15:57 -------- d-----w- c:\users\Fryct\AppData\Local\Mozilla
2009-06-20 09:48 . 2009-06-20 09:48 -------- d-----w- c:\users\Fryct\AppData\Local\ArmA 2
2009-06-20 09:47 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-06-20 09:47 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-06-20 09:47 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-06-20 09:47 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-06-20 09:35 . 2009-06-20 09:35 -------- d-----w- c:\program files\Bohemia Interactive
2009-06-17 19:46 . 2009-06-17 19:46 -------- d-----w- c:\users\Fryct\AppData\Local\Monte Cristo
2009-06-15 19:06 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-15 19:06 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-15 19:06 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-15 19:06 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-15 19:06 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-15 19:06 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 15:53 . 2006-11-02 15:48 716060 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-14 15:53 . 2006-11-02 15:48 144214 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-14 15:49 . 2009-07-12 08:52 31966 ----a-w- c:\progra~2\nvModes.dat
2009-07-14 15:49 . 2008-07-24 14:48 -------- d-----w- c:\progra~2\NVIDIA
2009-07-13 16:23 . 2008-07-24 17:11 -------- d-----w- c:\program files\Nero
2009-07-13 16:15 . 2008-07-25 22:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-13 14:56 . 2008-07-24 19:34 -------- d-----w- c:\program files\Steam
2009-07-12 21:47 . 2008-07-24 14:42 106240 ----a-w- c:\users\Fryct\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-12 21:38 . 2008-07-24 14:44 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-12 16:03 . 2008-09-25 15:16 -------- d-----w- c:\users\Fryct\AppData\Roaming\vlc
2009-07-12 08:45 . 2008-11-08 12:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 03:21 . 2008-07-26 17:11 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-11 20:42 . 2008-07-24 18:19 -------- d-----w- c:\users\Fryct\AppData\Roaming\MxBoost
2009-07-05 11:08 . 2008-07-24 19:34 -------- d-----w- c:\program files\Common Files\Steam
2009-07-05 09:32 . 2008-08-23 11:39 -------- d-----w- c:\program files\City of Heroes
2009-06-30 16:50 . 2008-07-26 21:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-23 12:11 . 2008-07-25 22:10 137888 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-23 12:11 . 2008-07-25 22:09 189288 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-22 11:51 . 2008-07-25 22:09 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-17 17:47 . 2009-05-09 10:38 -------- d-----w- c:\program files\Common Files\BioWare
2009-06-17 17:46 . 2008-07-26 15:49 -------- d-----w- c:\progra~2\Media Center Programs
2009-06-14 15:15 . 2009-06-13 13:26 -------- d-----w- c:\program files\Sony Online Entertainment
2009-06-11 18:46 . 2008-08-02 09:51 -------- d-----w- c:\progra~2\Steam
2009-06-11 18:46 . 2008-08-02 09:50 -------- d-----w- c:\progra~2\PopCap Games
2009-06-10 16:33 . 2009-06-10 16:33 9899296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-06-10 16:33 . 2009-06-10 16:33 989696 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 16:33 . 2009-06-10 16:33 7611904 ----a-w- c:\windows\system32\nvd3dum.dll
2009-06-10 16:33 . 2009-06-10 16:33 678432 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 16:33 . 2009-06-10 16:33 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 16:33 . 2009-06-10 16:33 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-06-10 16:33 . 2009-06-10 16:33 3148288 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-06-10 16:33 . 2009-06-10 16:33 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod155.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 16:33 . 2009-06-10 16:33 1317408 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 16:33 . 2009-06-10 16:33 10379264 ----a-w- c:\windows\system32\nvoglv32.dll
2009-06-10 09:19 . 2008-07-26 07:13 -------- d-----w- c:\progra~2\Microsoft Help
2009-06-10 06:35 . 2009-06-10 06:35 1505824 ----a-w- c:\windows\system32\nvcpluir.dll
2009-06-10 06:35 . 2009-06-10 06:35 1358368 ----a-w- c:\windows\system32\nvsvsr.dll
2009-06-10 06:35 . 2009-06-10 06:35 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-06-10 06:35 . 2009-06-10 06:35 1296928 ----a-w- c:\windows\system32\nvsvs.dll
2009-06-10 04:33 . 2009-06-10 04:33 244736 ----a-w- c:\windows\system32\nvStInst.exe
2009-06-10 04:33 . 2009-06-10 04:33 467968 ----a-w- c:\windows\system32\nvstlink.exe
2009-06-10 04:33 . 2009-06-10 04:33 3953152 ----a-w- c:\windows\system32\nvstwiz.exe
2009-06-10 04:33 . 2009-06-10 04:33 141824 ----a-w- c:\windows\system32\nvStereoApiI.dll
2009-06-10 04:33 . 2009-06-10 04:33 171520 ----a-w- c:\windows\system32\nvStereoApiI64.dll
2009-06-10 04:33 . 2009-06-10 04:33 232960 ----a-w- c:\windows\system32\nvSCPAPISvr.exe
2009-06-10 04:32 . 2009-06-10 04:32 257536 ----a-w- c:\windows\system32\nvSCPAPI.dll
2009-06-10 04:32 . 2009-06-10 04:32 301568 ----a-w- c:\windows\system32\nvSCPAPI64.dll
2009-06-10 04:32 . 2009-06-10 04:32 3293184 ----a-w- c:\windows\system32\nvstres.dll
2009-06-10 04:32 . 2009-06-10 04:32 5847 ----a-w- c:\windows\system32\oglstreg.reg
2009-06-10 04:31 . 2009-06-10 04:31 167424 ----a-w- c:\windows\system32\nvstreg.exe
2009-06-10 04:31 . 2009-06-10 04:31 1718272 ----a-w- c:\windows\system32\nvsttest.exe
2009-06-10 04:31 . 2009-06-10 04:31 1034752 ----a-w- c:\windows\system32\nvstview.exe
2009-06-10 04:31 . 2009-06-10 04:31 89088 ----a-w- c:\windows\system32\nvimage.dll
2009-06-10 04:29 . 2009-06-10 04:29 1656 ----a-w- c:\windows\system32\nvstdef.reg
2009-06-08 17:01 . 2008-07-31 19:40 -------- d-----w- c:\progra~2\TrackMania
2009-06-07 08:52 . 2009-06-07 08:52 10134 ----a-r- c:\users\Fryct\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-07 08:52 . 2009-06-07 08:52 -------- d-----w- c:\program files\Microsoft WSE
2009-06-06 16:12 . 2008-07-26 15:36 -------- d-----w- c:\program files\Electronic Arts
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-28 15:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-28 15:07 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-28 10:55 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-05-21 20:49 . 2009-05-10 10:46 -------- d-----w- c:\program files\rFactor
2009-05-10 19:21 . 2009-05-10 19:21 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-05-09 05:50 . 2009-06-10 09:09 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 09:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-04-28 07:55 . 2009-04-28 07:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-23 12:15 . 2009-06-10 09:07 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-10 09:07 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-21 11:39 . 2009-06-10 09:07 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-24 15:27 . 2009-07-01 15:56 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-14_15.15.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-24 14:49 . 2009-07-14 15:51 33988 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-14 15:51 74672 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:02 . 2009-07-14 14:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-07-14 15:49 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-07-14 15:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-07-14 14:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-07-14 14:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2009-07-14 15:49 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-24 14:43 . 2009-07-14 15:51 7836 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3017709691-804468469-1464511852-1000_UserData.bin
- 2008-07-24 14:43 . 2009-07-14 14:32 7836 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3017709691-804468469-1464511852-1000_UserData.bin
- 2009-07-14 14:30 . 2009-07-14 14:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-14 15:49 . 2009-07-14 15:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-14 15:49 . 2009-07-14 15:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 14:30 . 2009-07-14 14:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-07-14 15:53 628288 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-14 14:35 628288 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-14 15:53 117790 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-07-14 14:35 117790 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-03-08 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-01 215552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-17 6793760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632]

c:\users\Fryct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-7-26 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):84,f2,65,d2,a6,df,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3017709691-804468469-1464511852-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{101D2057-1C16-420A-906F-E3C44D627292}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D8383F2A-5385-46A6-8BFA-1E8EE34798EE}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{6E1B9AAE-98B5-427D-B821-B6378835474B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{189A5AF6-EAEC-4117-A744-187E90D5BB2B}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{CD5DA0EC-732B-48A3-9546-F11402E8B70A}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E53F93DE-736E-4106-8758-65DC804075E1}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{12AD7443-1084-433B-BBE6-FCFE92D07171}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2114042D-FBB9-43F2-91CA-7792702A75A7}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{9E808409-3B11-427C-B17B-16688660CDB3}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{DB5EF49C-23F0-4508-9FA9-987ED80E18D5}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{F5958A01-E278-4574-8ADE-A23ACB4F8E3F}"= UDP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"{DEE2E5F3-2040-40D0-9F92-A22BAA14AFAB}"= TCP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"{61843F1F-BF99-4E05-A217-F92B4A1ADB2D}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{8F0E10BD-8BAC-47CB-8B46-33A2A948205F}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{FDAFF9FE-B8B7-4CAB-BC25-EE0CBD4CCA80}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{22E23C74-7242-4685-A4FB-7F6BC351EE28}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{FF9A2C3C-0D16-4FDC-9040-D1B3EF3A4226}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{4B8BEBA6-80B0-45BA-8867-B013CF2ECA79}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{530425C9-0F63-416B-8B84-99A437E8B0EE}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{BD1AED9B-66F7-42D5-973F-3CD6CFB018DA}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{3BCB6A29-7AE3-4304-96F3-AC616D14D646}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{87C52663-2039-479C-A0FF-537DBE081EB7}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{CF4F955D-6822-44C2-A772-F2A680F83C59}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{1E4DB4E0-6A3D-4C28-BE8F-968F93B9F3A6}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{83E8973F-F3CD-43C0-915F-3FAAB66F24F5}"= UDP:c:\program files\Steam\steamapps\common\trackmania united\TmForever.exe:TrackMania United Forever
"{F200D435-B063-4BD4-94F2-8B6077F964BD}"= TCP:c:\program files\Steam\steamapps\common\trackmania united\TmForever.exe:TrackMania United Forever
"{9CA93B90-7E0A-4464-AAB7-B3E6B9B7E073}"= UDP:c:\program files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:TrackMania United Forever
"{E9D5835A-8BEA-4041-9D8D-92D840EF0E44}"= TCP:c:\program files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:TrackMania United Forever
"{9C0C5B0E-354D-4175-AD3E-ED9B251DCAD7}"= UDP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{11FD57B5-4A28-422E-BBA6-C19BF9D10C75}"= TCP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{80126E6C-8F0B-4004-B875-22A334D4027D}"= UDP:c:\program files\Steam\steamapps\common\titan quest\help.htm:Titan Quest
"{16B4B97C-6E57-4785-8D80-E61248DB0C25}"= TCP:c:\program files\Steam\steamapps\common\titan quest\help.htm:Titan Quest
"{AA1C9932-7B6F-4730-A8C0-07735C9805C8}"= UDP:c:\program files\Steam\steamapps\common\titan quest immortal throne\Tqit.exe:Titan Quest: Immortal Throne
"{5C44A1D4-E9C3-4F6B-BF09-6043D5245191}"= TCP:c:\program files\Steam\steamapps\common\titan quest immortal throne\Tqit.exe:Titan Quest: Immortal Throne
"{5EC5A276-4BE0-4A72-83ED-CB8C045D8591}"= UDP:c:\program files\Steam\steamapps\common\titan quest immortal throne\help.htm:Titan Quest: Immortal Throne
"{C0C74C27-C2F3-4596-A503-FB8E26C42C0B}"= TCP:c:\program files\Steam\steamapps\common\titan quest immortal throne\help.htm:Titan Quest: Immortal Throne
"{D9775FD4-3FBC-4949-A6D7-D99BB24C5399}"= UDP:c:\program files\Steam\steamapps\common\trials 2 second edition\launcher.exe:Trials 2: Second Edition
"{623BC05D-93B6-4A0B-8BA1-A0AE2DCF9726}"= TCP:c:\program files\Steam\steamapps\common\trials 2 second edition\launcher.exe:Trials 2: Second Edition
"{FDD7CF1D-6AF2-49D8-B1C9-7D0809E19FC8}"= UDP:c:\program files\Steam\steamapps\common\x3 terran conflict\X3TC.exe:X3: Terran Conflict
"{BD3053F5-FDC1-43C8-BF0E-935CA6B28362}"= TCP:c:\program files\Steam\steamapps\common\x3 terran conflict\X3TC.exe:X3: Terran Conflict
"{4CDD6878-4548-4EDE-81AC-F80B359CC549}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{EBD9DF36-8BAD-4688-B9BF-C5DADF31DF0A}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{7A378ADA-706A-46AB-B1C7-3C681500BC39}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7F3CCEF5-BFDB-4BE7-804D-1F6857DBC07A}"= UDP:c:\program files\Steam\steamapps\common\the last remnant\Binaries\TLR.exe:The Last Remnant
"{17B89F98-B2E3-4FF6-AD6A-F24030AB0DB0}"= TCP:c:\program files\Steam\steamapps\common\the last remnant\Binaries\TLR.exe:The Last Remnant
"{95213D48-9D1E-430A-81B7-5942AAE3A917}"= UDP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{53E6152D-9FDE-4D0E-8EF3-89988CC311E8}"= TCP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{29733425-D2A2-49DA-8466-51BECA6B482A}"= UDP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{DA9C1B56-1DDD-4212-80FA-FD98ABFC3125}"= TCP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{A9CF6801-94F7-444C-A1C3-5FB9445E1552}"= UDP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{F37BC531-42A8-46F0-9D50-748A3F01B289}"= TCP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{39F3C5BA-DD85-45F9-BED7-CB02F7757781}"= UDP:c:\program files\Steam\steamapps\common\peggle deluxe\Peggle.exe:Peggle Deluxe
"{61190302-9076-4F54-BD68-845C1174C736}"= TCP:c:\program files\Steam\steamapps\common\peggle deluxe\Peggle.exe:Peggle Deluxe
"{A1957312-D880-4A9C-BA63-3C6A9D12269C}"= UDP:c:\program files\Steam\steamapps\common\peggle nights\PeggleNights.exe:Peggle Nights
"{0A14D283-CB35-4278-874E-EBC2D28EB7C2}"= TCP:c:\program files\Steam\steamapps\common\peggle nights\PeggleNights.exe:Peggle Nights
"{61D72F24-DC12-46D3-A73A-E0CF6A809B04}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Opposing Fronts
"{8E3A8E66-68CD-49E6-B98F-AE95E4CB9F2E}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Opposing Fronts
"{6CBF54B0-1EFE-4A20-BDDE-53B4152E5C3E}"= UDP:c:\program files\Steam\steamapps\common\prototype\prototypef.exe:Prototype
"{216C3479-379E-4B80-824B-BC6A4F5351BD}"= TCP:c:\program files\Steam\steamapps\common\prototype\prototypef.exe:Prototype
"{62B3ED5F-D096-41C1-AE37-F7EB12D7B748}"= UDP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{595778B3-1656-449D-8B09-8379B7F66E54}"= TCP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{800EA7D6-2A21-42A5-9C20-AB68008B708F}"= UDP:c:\program files\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe:Shadowgrounds
"{84D0B703-303F-46C5-A146-9BF8BCCBE6D4}"= TCP:c:\program files\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe:Shadowgrounds
"{B19F27EF-32AF-44C6-8BD3-3B9D208CDE43}"= UDP:c:\program files\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe:Shadowgrounds
"{FCDF5311-1CC7-40BE-8872-DAB61223EDAC}"= TCP:c:\program files\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe:Shadowgrounds
"{DD27ABE2-A9D8-44D5-AB6F-E7CB46A5F269}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{DB624513-F49B-4FD8-9A60-E63BC63232E9}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{9F6C31A3-4A02-4596-B9FE-ABA70F81E714}"= UDP:d:\streetfighteriv\StreetFighterIV.exe:STREET FIGHTER IV
"{FCB9D426-12A3-47B5-AADB-B7FB05A70FDE}"= TCP:d:\streetfighteriv\StreetFighterIV.exe:STREET FIGHTER IV
"{6AE9B028-EC14-439A-92D0-A765243722B6}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{24145960-6301-4880-83DA-E154F76347BC}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{C2A6EA39-0D9A-4CBE-9999-F80B8064C4D7}"= UDP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{C6C881ED-5ACB-4197-8B6C-A57910CCB895}"= TCP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{458616C4-2F77-4590-946B-E26323046FB5}"= UDP:c:\program files\Steam\steamapps\common\trine\trine_launcher.exe:Trine
"{538E8070-ED91-4ACA-A245-33A0679DEEC7}"= TCP:c:\program files\Steam\steamapps\common\trine\trine_launcher.exe:Trine
"{90618E61-22A7-4EDC-9A38-593985B9C439}"= UDP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor
"{82ED241A-ACB0-4BAC-A15B-6652A8D97643}"= TCP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Persona\\Persona.exe"= c:\program files\Persona\Persona.exe:*:Enabled:Persona

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [19/03/2009 11:44 107256]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [01/10/2008 16:44 20384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [19/03/2009 11:44 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [19/03/2009 11:45 93312]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [10/06/2009 06:33 232960]
R3 LycoFltr;Lycosa Keyboard;c:\windows\System32\drivers\Lycosa.sys [18/01/2008 06:43 16128]
S1 Start1Driver;Start1Driver;c:\windows\System32\drivers\Start1Driver.SYS [14/07/2009 13:36 5120]
S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\System32\drivers\AGUx86.sys [08/10/2007 09:53 892416]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNIMP50.sys [16/11/2006 14:36 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNISP50.sys [16/11/2006 14:36 20480]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [29/02/2008 02:07 942080]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\System32\drivers\WN111v2v.sys [30/09/2008 03:20 449536]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F6E42294-30F1-D27F-2FEE-DEC4CBE77B09}]
C:\Windows:system.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: dogsoftheseas.com
Trusted Zone: dogsoftheseas.com\realm01
Trusted Zone: dogsoftheseas.com\www
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
FF - component: c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\doudehou@gmail.com\components\statusbarEx.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npsoestb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 18:04
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2009-07-14 18:07
ComboFix-quarantined-files.txt 2009-07-14 16:07
ComboFix2.txt 2009-07-14 15:18

Pre-Run: 68 896 911 360 octets libres
Post-Run: 68 887 498 752 octets libres

---
Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2427
Windows 6.0.6002 Service Pack 2

14/07/2009 18:17:07
mbam-log-2009-07-14 (18-17-07).txt

Type de recherche: Examen rapide
Eléments examinés: 79606
Temps écoulé: 2 minute(s), 18 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
\\?\globalroot\systemroot\System32\geyekrpahvfrqw.dll (Trojan.TDSS) -> Delete on reboot.

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
\\?\globalroot\systemroot\System32\geyekrpahvfrqw.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
Ajouter un commentaire
Réponse
+5
moins plus
loick22 315Messages postés 27 juin 2009Date d'inscription 15 mai 2010Dernière intervention 14 juil. 2009 à 19:28
plus il touche au virus plus yan a

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
fix200 3100Messages postés 28 décembre 2008Date d'inscription 7 février 2011Dernière intervention 14 juil. 2009 à 20:00
@ loick22

ARRÊTE DE POLLUER LE TOPIC !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! , CAR IL VAS PAS FORMATER !!!

@ Fryct

Télécharge Gmer (by Przemyslaw Gmerek)

▶ Dézippe gmer ,cliques sur l'onglet rootkit,lances le scan, des lignes rouges vont apparaitre.

* Les lignes rouges indiquent la présence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans démarrer ,puis ouvres le bloc note,vas dans édition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

Ensuite

▶ sur les lignes rouge:

Services: Clique droit puis delete service
Process: Clique droit puis kill process
Adl ,file: Clique droit puis delete files


Ensuite :

Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.

▶ Double-clique sur RSIT.exe afin de lancer RSIT.

▶ Clique sur Continue à l'écran " Disclaimer of warranty ".

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.


▶ Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

=> Poste le contenu de log.txt (qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés %systemdrive%\rsit ou C:\rsit

A+


Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
jacques.gache 16454Messages postés 13 novembre 2007Date d'inscription 14 février 2012Dernière intervention 14 juil. 2009 à 20:34
oick22 au lieu de venir dire n'importe quoi sur les sujet tu ferais mieux de faire des recherches pour toi , comme dit le dicton " toutes charités bien ordonner commence par soit même " http://www.commentcamarche.net/forum/affich 13090634 ecran hs

Ajouter un commentaire
Fryct - 14 juil. 2009 à 21:07
Voici le log.txt de rsit:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Fryct at 2009-07-14 20:38:39
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 65 GB (23%) free of 286 GB
Total RAM: 3583 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:42, on 14/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Fryct\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Fryct.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O15 - Trusted Zone: http://realm01.dogsoftheseas.com
O15 - Trusted Zone: http://www.dogsoftheseas.com
O15 - Trusted Zone: http://*.dogsoftheseas.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe
Fryct - 14 juil. 2009 à 21:08
Puis info.txt de rsit toujours :

info.txt logfile of random's system information tool 1.06 2009-07-14 20:38:43

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware-->"C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{5D2398DF-3022-4820-93BA-F1175FBEA9CA}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{4BDB76C6-902E-41D5-9064-68768E02886B}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{80FD3971-8482-49C8-BA8C-B6464A15882F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Video Encoder-->MsiExec.exe /I{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{6E08CE13-C2AB-4749-9335-5900B958929E}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}
Adobe Reader 9.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Adobe Setup-->MsiExec.exe /I{1628F6BD-5ED1-4FD1-B90F-C106AF4E00F0}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player-->MsiExec.exe /X{211E8730-5681-49ED-BC6A-78C9F88E95F5}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Ajouter ou supprimer Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\b5d5789539ea1f004a4defceea74312\Setup.exe
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArmA 2 Uninstall-->C:\Program files\Bohemia Interactive\ArmA 2\UnInstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
BattleForge™-->MsiExec.exe /X{C580908C-B3BA-4C19-BD60-16F02F272201}
Building & Co-->C:\Program Files\Elektrogames\Building&Co\uninstall.exe
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
Canon MP610 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series /L0x000c
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Company of Heroes-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4560
Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DAMN NFO Viewer Setup-->MsiExec.exe /I{D5DE2E28-2BA1-4CF8-A4C5-D3D2AE0A9E38}
Darkest Hour-->"C:\Program Files\Steam\steam.exe" steam://uninstall/1280
Demigod-->"C:\Program Files\Stardock Games\Demigod\UninstHelper.exe" /autouninstall dem
DeskScapes-->C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\INSTALL.LOG
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Evochron Legends-->"D:\EvochronLegends\unins000.exe"
Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x40c -removeonly
FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
Football Manager Live-->"C:\Program Files\Sports Interactive\Football Manager Live\uninstall.exe"
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free Realms Installer-->C:\Program Files\Sony Online Entertainment\uninst.exe
Futuremark SystemInfo-->C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe -runfromtemp -l0x0009 -removeonly
GalCiv II - Ultimate Edition-->"C:\Program Files\Stardock Games\GalCiv2Ultimate\UninstHelper.exe" /autouninstall galciv2ul
Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Gobliiins 4-->"C:\Program Files\Snowball Studios\Gobliiins 4\unins000.exe"
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x040c -removeonly
Graphical Enhancement Resources 2.5-->C:\Program Files\Mount&Blade\uninstall_commonres_pack.exe
Graphical Enhancement Textures 2.5-->C:\Program Files\Mount&Blade\uninstall_texture_pack.exe
GTA IV Realism Mod - Windows Vista 1.00-->C:\Program Files\Rockstar Games\GTA IV Realism Mod v1.0\Uninstall.exe
GUILD WARS-->"C:\Program Files\GUILD WARS\Gw.exe" -uninstall
HashTab 1.14 for x32-->C:\Program Files\HashTab Shell Extension\uninst.exe
HD Tach version 3-->"C:\Program Files\Simpli Software\HD Tach\unins000.exe"
HeroStats-->C:\Program Files\HeroStats\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLSW v1.3.0.7-->"C:\Program Files\HLSW\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hybrid Downloader 1,0,2,6-->C:\Program Files\Persona\uninst.exe
IGN Download Manager 2.3.3-->C:\Program Files\IGN\Download Manager\uninst.exe
Impulse-->"C:\ProgramData\{181AD827-020A-4331-AF8B-7A6AD3EC7FA3}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE
Impulse-->C:\ProgramData\{181AD827-020A-4331-AF8B-7A6AD3EC7FA3}\Impulse_setup.exe
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Management Engine Interface-->C:\Windows\system32\heciudlg.exe -uninstall
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Lame ACM MP3 Codec-->C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\Windows\INF\LameACM.inf
Launchpad Enhanced-->MsiExec.exe /I{BAA11826-70EF-4E44-9E97-8476793E022F}
Les Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x040c -removeonly
Magic Button-->C:\Windows\WindowsMobile\Magic Button\Uninstall.exe Magic Button
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maxthon2 Browser (remove only)-->C:\Users\Fryct\AppData\Roaming\Maxthon2\MaxthonUINST.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mids' Hero/Villain Designer-->D:\coh\Mids Hero Designer\Uninstall.exe
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mount&Blade-->C:\Program Files\Mount&Blade\uninstall.exe
Mozilla Firefox (3.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NewsLeecher v3.9 Final-->"C:\Program Files\NewsLeecher\unins000.exe"
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
NVIDIA Stereoscopic 3D Driver-->C:\Windows\system32\nvStInst.exe /uninstall /ask
ObjectDock Plus-->C:\PROGRA~1\Stardock\OBJECT~1\objectdock.exe /uninstall
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pangya (Ntreev USA)-->C:\Program Files\Pangya\uninstall.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Peggle Deluxe-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3480
Peggle Nights-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3540
PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Prototype-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10150
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Quake Live Internet Explorer Plugin-->MsiExec.exe /I{A98BEA7A-5F50-45C9-AB8C-751BBBC661C6}
QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RangeMax Wireless-N USB Adapter WN111v2-->C:\Program Files\InstallShield Installation Information\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\setup.exe -runfromtemp -l0x0409
Rapid PHP 2008 v9.0-->"C:\Program Files\Rapid PHP 2008\unins000.exe"
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Red Orchestra-->"C:\Program Files\Steam\steam.exe" steam://uninstall/1200
rFactor (remove only)-->"C:\Program Files\rFactor\Uninstall.exe"
Ri4m v5.0.1d-->C:\Program Files\Ripp-it_AM\Ri4m_Uninstal.exe
Ripp-It Codec Pack v 4.2.6-->C:\Program Files\Ripp-It Codec Pack\uninst.exe
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x040c -removeonly
Savage 2 - A Tortured Soul-->C:\Program Files\Savage 2 - A Tortured Soul\uninstall.exe
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Shadowgrounds-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2500
Sins of a Solar Empire-->"C:\Program Files\Stardock Games\Sins of a Solar Empire\UninstHelper.exe" /autouninstall sin
Skin-->C:\Windows\WindowsMobile\Skin\Uninstall.exe Skin
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x040c -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
STREET FIGHTER IV-->MsiExec.exe /X{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Last Remnant-->"C:\Program Files\Steam\steam.exe" steam://uninstall/23310
Titan Quest: Immortal Throne-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4550
Titan Quest-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4540
TrackMania United Forever-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7200
Trine-->"C:\Program Files\Steam\steam.exe" steam://uninstall/35700
Unreal Tournament 3-->"C:\Program Files\Steam\steam.exe" steam://uninstall/13210
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
X Plugin Manager 2.20 BETA 6-->'C:\Program Files\X Plugin Manager\Uninstall.exe'
X3 ModManager-->"D:\X3 ModManager\Uninstall.exe"
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Security center information======

AS: Lavasoft Ad-Watch Live! (disabled)
AS: Windows Defender
AS: AdwareBot (disabled)

======System event log======

Computer Name: PC-de-Fryct
Event Code: 7026
Message: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
i8042prt
Record Number: 27502
Source Name: Service Control Manager
Time Written: 20080919075549.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Fryct
Event Code: 4227
Message: TCP/IP n’a pas pu établir une connexion sortante car le point de terminaison local sélectionné a été récemment utilisé pour se connecter au même point de terminaison distant. Cette erreur se produit généralement lorsque les connexions sortantes sont ouvertes et fermées à un débit élevé, provoquant l’utilisation de tous les ports locaux disponibles et obligeant TCP/IP à réutiliser un port local pour une connexion sortante. Pour réduire le risque d’altération des données, la norme TCP/IP exige qu’un laps de temps minimal s’écoule entre des connexions successives d’un point de terminaison local à un point de terminaison distant.
Record Number: 27441
Source Name: Tcpip
Time Written: 20080919075432.658846-000
Event Type: Avertissement
User:

Computer Name: PC-de-Fryct
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 27437
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20080919075407.435538-000
Event Type: Erreur
User:

Computer Name: PC-de-Fryct
Event Code: 1002
Message: Le bail de l'adresse IP 192.168.0.5 pour la carte réseau dont l'adresse réseau est 0016E685A094 a été refusé par le serveur DHCP 192.168.0.250 (celui-ci a envoyé un message DHCPNACK).
Record Number: 27423
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20080919075407.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Fryct
Event Code: 1003
Message:
Record Number: 27422
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20080919075407.000000-000
Event Type: Avertissement
User:

=====Application event log=====

Computer Name: PC-de-Fryct
Event Code: 6004
Message: Échec de l’abonné aux notifications Winlogon <TrustedInstaller> lors d’un événement de notification critique.
Record Number: 149
Source Name: Microsoft-Windows-Winlogon
Time Written: 20080724150454.000000-000
Event Type: Avertissement
User:

Computer Name: PC-de-Fryct
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3017709691-804468469-1464511852-1000:
Process 512 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3017709691-804468469-1464511852-1000

Record Number: 62
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080724144642.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Fryct
Event Code: 63
Message: Le fournisseur WmiPerfClass a été inscrit dans l’espace de noms Windows Management Instrumentation root\cimv2, afin d’utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s’il ne représente pas correctement les demandes utilisateur.
Record Number: 55
Source Name: Microsoft-Windows-WMI
Time Written: 20080724144357.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Fryct
Event Code: 63
Message: Le fournisseur WmiPerfClass a été inscrit dans l’espace de noms Windows Management Instrumentation root\cimv2, afin d’utiliser le compte LocalSystem. Ce compte bénéficie de privilèges et le fournisseur peut provoquer une violation de sécurité s’il ne représente pas correctement les demandes utilisateur.
Record Number: 54
Source Name: Microsoft-Windows-WMI
Time Written: 20080724144357.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Fryct
Event Code: 1008
Message: Le service Windows Search tente de supprimer l’ancien catalogue.

Record Number: 23
Source Name: Microsoft-Windows-Search
Time Written: 20080724143957.000000-000
Event Type: Avertissement
User:

=====Security event log=====

Computer Name: PC-de-Fryct
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-Fryct$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x29c
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Adresse du réseau : -
Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 8915
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080820130510.039476-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Fryct
Event Code: 5032
Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.

Code d’erreur : 2
Record Number: 8914
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080820130509.758244-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-Fryct
Event Code: 5032
Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.

Code d’erreur : 2
Record Number: 8913
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080820130506.554326-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-Fryct
Event Code: 5024
Message: Le démarrage du service Pare-feu Windows s’est correctement déroulé.
Record Number: 8912
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080820130501.884618-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Fryct
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-0-0
Nom du compte : -
Domaine du compte : -
ID d’ouverture de session : 0x0

Type d’ouverture de session : 3

Nouvelle ouverture de session :
ID de sécurité : S-1-5-7
Nom du compte : ANONYMOUS LOGON
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x22c39
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x0
Nom du processus : -

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : NtLmSsp
Package d’authentification : NTLM
Services en transit : -
Nom du package (NTLM uniquement) : NTLM V1
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 8911
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080820130500.728442-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\DivX Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0

-----------------EOF-----------------
loick22 - 14 juil. 2009 à 21:39
je tais rien demander
Ajouter un commentaire
Réponse
+0
moins plus
fix200 3100Messages postés 28 décembre 2008Date d'inscription 7 février 2011Dernière intervention 14 juil. 2009 à 21:09
Fais Gmer , puis mets a jour Malwarebyte's , fais un scan rapide vire ce qu'il a trouvé et colle le rapport accompagné d'un nouveau scan RSIT .


@+

Ajouter un commentaire
Ajouter un commentaire
Réponse
+1
moins plus
sKe69 21343Messages postés 15 mars 2008Date d'inscription 20 mai 2011Dernière intervention 14 juil. 2009 à 21:18
Salut,


nouvelle variante Tibs ... et combo passe au travers ! ... intéressant ....


pour suivre donc ...

;)

Ajouter un commentaire
jfkpresident - 15 juil. 2009 à 20:01
Bonjour a tous ; 

et combo passe au travers !


Peut etre aurait il du etre "renommé" avant ?
Ajouter un commentaire
Réponse
+0
moins plus
fix200 3100Messages postés 28 décembre 2008Date d'inscription 7 février 2011Dernière intervention 14 juil. 2009 à 21:20
Salut sKe :)

On verra comment ça va se passer ... je pense qu'on va refaire Combo , p'tetre une nouvelle Maj :)



@+

Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
Fryct 14 juil. 2009 à 21:33
Voici le rapport de Gmer. Pour Malware, il est déjà à jour, je dois quand même recommencer? 

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-14 20:57:10
Windows 6.0.6002 Service Pack 2


---- System - GMER 1.0.15 ----

Code            87414E38                                                                                                                              ZwEnumerateKey
Code            87459258                                                                                                                              ZwFlushInstructionCache
Code            874ABE5E                                                                                                                              ZwSaveKey
Code            8740EDCE                                                                                                                              ZwSaveKeyEx
Code            874AC285                                                                                                                              IofCallDriver
Code            8746686E                                                                                                                              IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!IofCallDriver                                                                                                            8248E912 5 Bytes  JMP 874AC28A 
.text           ntkrnlpa.exe!IofCompleteRequest                                                                                                       8248E97F 5 Bytes  JMP 87466873 
PAGE            ntkrnlpa.exe!ZwFlushInstructionCache                                                                                                  825F9EF5 5 Bytes  JMP 8745925C 
PAGE            ntkrnlpa.exe!ZwEnumerateKey                                                                                                           826470BA 5 Bytes  JMP 87414E3C 
PAGE            ntkrnlpa.exe!ZwSaveKey                                                                                                                8269C969 5 Bytes  JMP 874ABE62 
PAGE            ntkrnlpa.exe!ZwSaveKeyEx                                                                                                              8269CB07 5 Bytes  JMP 8740EDD2 
?               C:\Windows\System32\Drivers\sptd.sys                                                                                                  Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text           USBPORT.SYS!DllUnload                                                                                                                 903CB41B 5 Bytes  JMP 86DA0960 
?               System32\Drivers\auh3lmqz.SYS                                                                                                         Le chemin d'accès spécifié est introuvable. !
?               system32\drivers\mmxvua.sys                                                                                                           Le chemin d'accès spécifié est introuvable. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\taskeng.exe[504] ntdll.dll!LdrLoadDll                                                                             77579390 5 Bytes  JMP 000D000A 
.text           C:\Windows\system32\lsm.exe[692] ntdll.dll!LdrLoadDll                                                                                 77579390 5 Bytes  JMP 0023000A 
.text           C:\Windows\system32\winlogon.exe[872] ntdll.dll!LdrLoadDll                                                                            77579390 5 Bytes  JMP 0007000A 
.text           C:\Windows\system32\nvvsvc.exe[948] ntdll.dll!LdrLoadDll                                                                              77579390 5 Bytes  JMP 003A000A 
.text           C:\Windows\System32\svchost.exe[1048] ntdll.dll!LdrLoadDll                                                                            77579390 5 Bytes  JMP 007F000A 
.text           ...                                                                                                                                   
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2260] kernel32.dll!SetUnhandledExceptionFilter                                    76B8A84F 4 Bytes  [C2, 04, 00, 00]
.text           C:\Windows\System32\nvSCPAPISvr.exe[2536] ntdll.dll!LdrLoadDll                                                                        77579390 5 Bytes  JMP 0024000A 
.text           C:\Windows\system32\svchost.exe[2584] ntdll.dll!LdrLoadDll                                                                            77579390 5 Bytes  JMP 000B000A 
.text           C:\Windows\System32\svchost.exe[2648] ntdll.dll!LdrLoadDll                                                                            77579390 5 Bytes  JMP 0019000A 
.text           C:\Windows\system32\SearchIndexer.exe[2748] ntdll.dll!LdrLoadDll                                                                      77579390 5 Bytes  JMP 0031000A 
.text           C:\Program Files\Windows Defender\MSASCui.exe[2924] ntdll.dll!LdrLoadDll                                                              77579390 5 Bytes  JMP 001A000A 
.text           ...                                                                                                                                   
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] kernel32.dll!FindResourceExA                                                76B82575 7 Bytes  JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] kernel32.dll!FindResourceA                                                  76B82653 5 Bytes  JMP 28001CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] kernel32.dll!CreateEventA                                                   76BA44C0 5 Bytes  JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] kernel32.dll!LockResource                                                   76BA68DF 5 Bytes  JMP 28001F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] kernel32.dll!FindResourceExW                                                76BA69FD 7 Bytes  JMP 28001C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] kernel32.dll!LoadResource                                                   76BA6ADB 7 Bytes  JMP 28001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] kernel32.dll!FindResourceW                                                  76BA7FA1 5 Bytes  JMP 28001BE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] kernel32.dll!SizeofResource                                                 76BA7FBF 7 Bytes  JMP 28001EE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] ADVAPI32.dll!CryptDeriveKey                                                 776BFCAE 7 Bytes  JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] ADVAPI32.dll!CryptDecrypt                                                   776BFE91 7 Bytes  JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] USER32.dll!CreateDialogParamW                                               76D172A2 5 Bytes  JMP 28006120 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] USER32.dll!SetWindowPlacement                                               76D17963 5 Bytes  JMP 28005EA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] USER32.dll!SetWindowRgn                                                     76D1A221 7 Bytes  JMP 28005FE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] USER32.dll!LoadImageW                                                       76D1C9E5 5 Bytes  JMP 28006770 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] USER32.dll!LoadIconW                                                        76D1DA9F 5 Bytes  JMP 28006960 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] USER32.dll!CreateWindowExW                                                  76D21305 5 Bytes  JMP 28003CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] USER32.dll!GetWindowLongW                                                   76D2F8BF 7 Bytes  JMP 28006B00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] USER32.dll!PeekMessageW                                                     76D3045A 5 Bytes  JMP 280046C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] USER32.dll!TrackPopupMenuEx                                                 76D40CE7 5 Bytes  JMP 28004FA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] USER32.dll!MessageBoxIndirectW                                              76D6D5D3 5 Bytes  JMP 28006310 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] WS2_32.dll!closesocket                                                      76DB330C 5 Bytes  JMP 2800BB90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] WS2_32.dll!recv                                                             76DB343A 5 Bytes  JMP 2800B3B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] WS2_32.dll!WSASend                                                          76DB4496 5 Bytes  JMP 2800B950 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] WS2_32.dll!send                                                             76DB659B 5 Bytes  JMP 2800B770 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] WS2_32.dll!WSARecv                                                          76DB8400 5 Bytes  JMP 2800B550 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] SHELL32.dll!Shell_NotifyIconW                                               75F28626 5 Bytes  JMP 28003440 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] ole32.dll!CoRegisterClassObject                                             77227DB6 5 Bytes  JMP 28002360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] ole32.dll!CoCreateInstance                                                  77269EA6 5 Bytes  JMP 28002600 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] ole32.dll!CoInitializeEx                                                    7726AD63 5 Bytes  JMP 28002260 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] WININET.dll!InternetReadFile                                                76A8654B 5 Bytes  JMP 2800A3B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] WININET.dll!InternetCloseHandle                                             76A89088 5 Bytes  JMP 2800A560 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] WININET.dll!HttpOpenRequestA                                                76A8D5E8 5 Bytes  JMP 2800A220 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3300] WININET.dll!HttpSendRequestA                                                76A9EEB9 5 Bytes  JMP 2800A490 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[3328] ntdll.dll!LdrLoadDll                                                         77579390 5 Bytes  JMP 0064000A 
.text           C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[3388] ntdll.dll!LdrLoadDll                                                        77579390 5 Bytes  JMP 002E000A 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3660] ntdll.dll!LdrLoadDll                                                               77579390 5 Bytes  JMP 0030000A 
.text           C:\Users\Fryct\Desktop\gmer.exe[3916] ntdll.dll!LdrLoadDll                                                                           77579390 5 Bytes  JMP 0037000A 
.text           C:\Windows\System32\notepad.exe[4220] ntdll.dll!LdrLoadDll                                                                            77579390 5 Bytes  JMP 001F000A 
.text           ...                                                                                                                                   

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                             [806925FE] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                              [80691AB4] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                      [80692728] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                                             [80691B7C] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                       [80691BFA] \SystemRoot\System32\Drivers\sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                 [743C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                  [7441A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                              [743CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                        [743BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                  [743C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                               [743BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                   [743F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                      [743CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                              [743BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                               [743BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                [743B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                        [7444CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                           [743EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                              [743BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                        [743B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                       [743B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                          [743C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                852E51E8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                eamon.sys (Amon monitor/ESET)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                                  852E21E8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                                      86D4C720
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                                      86D4C720
Device          \Driver\usbehci \Device\USBPDO-2                                                                                                      86D3F980
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                                      86D4C720
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                                      86D4C720
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                                      86D4C720
Device          \Driver\USBSTOR \Device\00000063                                                                                                      8736C720
Device          \Driver\usbehci \Device\USBPDO-6                                                                                                      86D3F980
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                                852E21E8
Device          \Driver\USBSTOR \Device\00000064                                                                                                      8736C720
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                                852E21E8
Device          \Driver\USBSTOR \Device\00000065                                                                                                      8736C720
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                                                852E21E8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-2                                                                                           852E41E8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                    852E41E8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                    852E41E8
Device          \Driver\atapi \Device\Ide\IdeDeviceP5T1L0-7                                                                                           852E41E8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                                    852E41E8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                                    852E41E8
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-8                                                                                           852E41E8
Device          \Driver\atapi \Device\Ide\IdePort4                                                                                                    852E41E8
Device          \Driver\atapi \Device\Ide\IdePort5                                                                                                    852E41E8
Device          \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-1                                                                                           852E41E8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5                                                                                           852E41E8
Device          \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-9                                                                                           852E41E8
Device          \Driver\USBSTOR \Device\00000066                                                                                                      8736C720
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                                                852E21E8
Device          \Driver\USBSTOR \Device\00000067                                                                                                      8736C720
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                                               8745B730
Device          \Driver\PCI_NTPNP8180 \Device\0000004d                                                                                                sptd.sys
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                                                    86D5C918
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                                      86D4C720
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                                      86D4C720
Device          \Driver\usbehci \Device\USBFDO-2                                                                                                      86D3F980
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                                      86D4C720
Device          \Driver\netbt \Device\NetBT_Tcpip_{A6BFDA14-3364-4DE6-B8EA-B1D70258E143}                                                              8745B730
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                                      86D4C720
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                                      86D4C720
Device          \Driver\usbehci \Device\USBFDO-6                                                                                                      86D3F980
Device          \Driver\auh3lmqz \Device\Scsi\auh3lmqz1                                                                                               86D5A980

---- Threads - GMER 1.0.15 ----

Thread          System [4:412]                                                                                                                        875E6790
---- Processes - GMER 1.0.15 ----

Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\System32\alg.exe [336]                           0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\taskeng.exe [504]                       0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\wininit.exe [624]                       0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\services.exe [672]                      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\lsass.exe [684]                         0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\lsm.exe [692]                           0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [848]                       0x016C0000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\winlogon.exe [872]                      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\nvvsvc.exe [948]                        0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [976]                       0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1048]                      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1120]                      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1188]                      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1224]                      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1344]                      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\SLsvc.exe [1408]                        0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\nvvsvc.exe [1448]                       0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1476]                      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1600]                      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\Explorer.EXE [1740]                              0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\Dwm.exe [1848]                          0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\System32\spoolsv.exe [1932]                      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1956]                      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\taskeng.exe [2148]                      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\wbem\unsecapp.exe [2220]                0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2260]  0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [2360]                      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\PnkBstrA.exe [2424]                     0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [2508]                      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\System32\nvSCPAPISvr.exe [2536]                  0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [2584]                      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [2648]                      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\SearchIndexer.exe [2748]                0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\Windows Defender\MSASCui.exe [2924]        0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\wbem\wmiprvse.exe [2940]                0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\WindowsMobile\wmdc.exe [2956]                    0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2972]  0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\NOTEPAD.EXE [3008]                      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\System32\mobsync.exe [3076]                      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [3132]      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\Windows Sidebar\sidebar.exe [3228]         0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\WUDFHost.exe [3256]                     0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3300]  0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\Windows Media Player\wmpnscfg.exe [3328]   0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [3388]  0x002C0000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [3548]   0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\Windows Sidebar\sidebar.exe [3660]         0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Users\Fryct\Desktop\gmer.exe [3916]                     0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\Windows Live\Contacts\wlcomm.exe [4020]    0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\System32\notepad.exe [4220]                      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Windows\system32\DllHost.exe [4764]                      0x10000000                                                                                                                                                           
Library         \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [5092]         0x002E0000                                                                                                                                                           

---- EOF - GMER 1.0.15 ----

Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
fix200 3100Messages postés 28 décembre 2008Date d'inscription 7 février 2011Dernière intervention 14 juil. 2009 à 21:49
@ loick22

ARRÊTE DE POLLUER LE TOPIC !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

@ Fryct

Fais ça


A+

Ajouter un commentaire
sKe69 - 14 juil. 2009 à 21:56
re,

GMER est fait > http://www.commentcamarche.net/forum/affich 13353816 tdss trojan#27


et je pense que MBAM n'y fera que dalle ...


si tu le permets , j'aimerai lui faire faire une manipe ... puis-je ?

Ajouter un commentaire
Réponse
+0
moins plus
fix200 3100Messages postés 28 décembre 2008Date d'inscription 7 février 2011Dernière intervention 14 juil. 2009 à 21:59
Salut ,

Tu as bien supprimé les lignes rouges ?

Sinon supprime les et continue avec sKe69 .


A+ , et merci à sKe69 pour le soutien :)


Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
Fryct 14 juil. 2009 à 22:00
Effectivement, MBAM n'a rien fait. Je retente RSIT ?

Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2429
Windows 6.0.6002 Service Pack 2

14/07/2009 21:54:47
mbam-log-2009-07-14 (21-54-47).txt

Type de recherche: Examen rapide
Eléments examinés: 79781
Temps écoulé: 2 minute(s), 10 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
\\?\globalroot\systemroot\System32\geyekrpahvfrqw.dll (Trojan.TDSS) -> Delete on reboot.

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
\\?\globalroot\systemroot\System32\geyekrpahvfrqw.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
fix200 3100Messages postés 28 décembre 2008Date d'inscription 7 février 2011Dernière intervention 14 juil. 2009 à 22:01
Non fait ça : > http://www.commentcamarche.net/forum/affich 13353816 tdss trojan?page=2#33

Ajouter un commentaire
Fryct - 14 juil. 2009 à 22:08
J'ai tenté de supprimer les lignes rouges mais il y a des processus "infectés" qui se relancent aussitôt une fois kill, comme Explorer.exe et qui sont immédiatement infectés lorsqu'ils se relancent.
Ajouter un commentaire
Réponse
+0
moins plus
fix200 3100Messages postés 28 décembre 2008Date d'inscription 7 février 2011Dernière intervention 14 juil. 2009 à 22:09
Bon ne supprime pas .

J'ai une manip a te proposer , mais continue avec sKe69 , il est plus doué que moi ;)


@+ :)

Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
sKe69 21343Messages postés 15 mars 2008Date d'inscription 20 mai 2011Dernière intervention 14 juil. 2009 à 22:18
Merci fix200 ...


Fryct,


fais ceci stp :

Télécharge OAD ( par !aur3n7) : http://sosvirus.changelog.fr/OAD.exe
----> Enregistre le sur ton bureau .

Double clique sur l'icone OAD pour le lancer

- nom du fichier à rechercher :
-->tape ou fais un copier coller de : geyekrpahvfrqw

- Type de recherche : sélectionne l'option 6 puis valide ["entrée"]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.

Note : suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient ...

->Sauvegarde ce rapport sur ton Bureau et fais un copier / coller de celui-ci dans ta prochaine réponse ...


Ajouter un commentaire
Fryct - 14 juil. 2009 à 22:38
Rien trouvé apparemment.


14/07/2009 ---- 22:23:47,09

----------------------------------
§§§§§§ [geyekrpahvfrqw] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************



*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
Ajouter un commentaire
Réponse
+0
moins plus
fix200 3100Messages postés 28 décembre 2008Date d'inscription 7 février 2011Dernière intervention 14 juil. 2009 à 22:54
Salut essai avec sa et attends que ske vient :

geyekrpahvfrqw.dll

++

Ajouter un commentaire
Fryct - 14 juil. 2009 à 22:57
Même résultat, il ne trouve rien.
Ajouter un commentaire
Réponse
+0
moins plus
fix200 3100Messages postés 28 décembre 2008Date d'inscription 7 février 2011Dernière intervention 14 juil. 2009 à 23:07
Salut,

EDIT : => redémarre ton PC

Fais une MAJ Malwarebyte , un scan rapide pour verifer , et supprime ce qu'il trouve et colle le rapport .

Puis redemare ton PC.

A demain .

Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
sKe69 21343Messages postés 15 mars 2008Date d'inscription 20 mai 2011Dernière intervention 14 juil. 2009 à 23:11
bon ...


fait ceci :


1- Avoir accès aux fichiers cachés :

Va dans Menu Démarrer->panneau de config.("affichage classique")-> Options des dossiers
--> vas sur l'onglet " Affichage " .
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valide la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )



2- Rends toi sur ce site :

http://www.virustotal.com/

Copies ce qui suit et colles le dans l'espace pour la recherche ( ou clique sur "parcourir" et va jusqu'au fichier demandé ) :
c:\windows\System32\drivers\epfwwfpr.sys

Clique sur Send File ( = " Envoyer le fichier " ).

Un rapport va s'élaborer ligne à ligne.

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta prochaine réponse ...

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )


Fais de même pour :

c:\windows\System32\drivers\Start1Driver.SYS
C:\Windows:system.exe

Poste moi donc ces 3 rapports ( surtout le début avec le listing des AV , et en précisant bien au début de chacuns à quel fichier ils correspondent ) et attends la suite ...





Ajouter un commentaire
Fryct - 14 juil. 2009 à 23:25
Fichier epfwwfpr.sys reçu le 2009.07.14 21:26:53 (UTC)
Situation actuelle: terminé
Résultat: 0/41 (0%)

Rien n'a été trouvé par les AV.

Information additionnelle
File size: 93312 bytes
MD5...: 32102f2c07182523b1390c2d9341e397
SHA1..: df7308a8c8dbc76c5091ee82d791a9a66f0d64e1
SHA256: 5ecf8602182f291406c5af50f275356a97fdf64d8234500c4d47c4ef0f35ed80
ssdeep: 1536:ASBkWdfFBZmEnvMYwNA+W5Xu2eBdwTXaFmv02MPf1hRW:BkWhNmEnvqq7u2
e/cXaC02Mk
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x16005
timedatestamp.....: 0x49c21e3f (Thu Mar 19 10:28:15 2009)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x10d92 0x10e00 6.54 86e4a3b7d65f9d0070a3ec2a5c18485c
.rdata 0x12000 0xef4 0x1000 6.64 0f835a1160effbd62342806aa68baf97
.data 0x13000 0x10c0 0x1000 7.15 721f939a70cb443997623972983186a4
.edata 0x15000 0x72 0x200 1.38 0bcbc7c62b49820559448abe298d55fb
INIT 0x16000 0xb7e 0xc00 5.40 7d890d41912302c30c9223e0b56c30b6
.rsrc 0x17000 0x428 0x600 2.52 35c51b795ca79fb6ec19bf183a3aac3a
.reloc 0x18000 0x9da 0xa00 4.72 b96d12b953ca3c1fd69c6f2d8202d660

( 4 imports )
> ntoskrnl.exe: RtlInitUnicodeString, ZwClose, ZwQueryDirectoryFile, ZwOpenFile, _wcsnicmp, wcsncmp, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, ZwQueryInformationProcess, ZwOpenProcess, ZwDeviceIoControlFile, ProbeForWrite, ProbeForRead, ExGetPreviousMode, _aulldiv, _allmul, ZwQuerySystemInformation, KeWaitForSingleObject, ZwSetInformationFile, KeDelayExecutionThread, ZwReadFile, ZwQueryInformationFile, ZwOpenKey, ZwCreateFile, ZwQueryValueKey, isdigit, isspace, _purecall, ExDeleteNPagedLookasideList, ExInitializeNPagedLookasideList, KeSetEvent, IoFreeMdl, MmBuildMdlForNonPagedPool, IoAllocateMdl, KeInsertQueueDpc, KeInitializeDpc, ExEventObjectType, _wcsicmp, _allshr, sprintf, qsort, KdDebuggerNotPresent, KdDebuggerEnabled, PsGetCurrentProcessId, MmUnlockPages, MmProbeAndLockPages, IofCompleteRequest, IoDeleteDevice, IoCreateSymbolicLink, IoCreateDevice, KeTickCount, KeBugCheckEx, RtlUnwind, ExAllocatePoolWithTag, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, ExFreePoolWithTag, RtlVolumeDeviceToDosName, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, MmSystemRangeStart, ObReferenceObjectByHandle, KeStackAttachProcess, KeUnstackDetachProcess, ObfDereferenceObject, memset, toupper, wcschr, memcpy, memmove, mbstowcs, strstr, wcsncpy, strncpy, ExInterlockedPushEntrySList, RtlCopyUnicodeString, ExInterlockedPopEntrySList
> HAL.dll: KfAcquireSpinLock, KeGetCurrentIrql, KfReleaseSpinLock
> NDIS.SYS: NdisFreeGenericObject, NdisAllocateNetBufferListPool, NdisAllocateGenericObject, NdisAdvanceNetBufferDataStart, NdisGetDataBuffer, NdisRetreatNetBufferDataStart, NdisFreeNetBufferListPool
> fwpkclnt.sys: FwpsAllocateNetBufferAndNetBufferList0, FwpsStreamInjectAsync0, FwpsFreeNetBufferList0, FwpsCopyStreamDataToBuffer0, FwpmTransactionAbort0, FwpsFlowRemoveContext0, FwpsFreeCloneNetBufferList0, FwpsInjectionHandleCreate0, FwpsInjectionHandleDestroy0, FwpmTransactionCommit0, FwpmFilterAdd0, FwpmTransactionBegin0, FwpsInjectTransportReceiveAsync0, FwpsCalloutUnregisterById0, FwpmCalloutAdd0, FwpmSubLayerAdd0, FwpsCalloutRegister0, FwpmEngineOpen0, FwpmEngineClose0, FwpsCloneStreamData0, FwpsFlowAssociateContext0

( 2 exports )
_PsGetThreadId@4, _PsGetThreadProcessId@4
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Fryct - 14 juil. 2009 à 23:29
Fichier Start1Driver.SYS reçu le 2009.07.14 21:32:28 (UTC)
Situation actuelle: terminé
Résultat: 0/41 (0%)

Rien n'a été trouvé par les AV.

Information additionnelle
File size: 5120 bytes
MD5...: 6caddaf4119aaad4b4df4a14aa6da95a
SHA1..: 1b14cb9a7cef29a02f7a654464a15c13c18ea2cc
SHA256: 1db0e4f2cf03655106aaa5e24451a8a0179247007ea3b44594c4cbb888ff2f28
ssdeep: 48:iRJ+8NOJcVGrtz9ClIS/BxAcTKcXKeIRu9Veq9YnWj3gWDAz79:2+8N8cVGr1
9CPZ2RcXoIlQK3gWEH
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1160
timedatestamp.....: 0x49bbb5b8 (Sat Mar 14 13:48:40 2009)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x300 0x400 4.71 be9c0c99f665a1d050fc76d71005b1f1
.rdata 0x2000 0xfa 0x200 1.86 fed7f8af10b38b9bbf3c6b7c61335c44
.data 0x3000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
INIT 0x4000 0x11c 0x200 3.05 103ef14d788110e84ba0fd2062d1cb48
.rsrc 0x5000 0x400 0x400 3.23 45081760262a39a5984995f93dd8885d
.reloc 0x6000 0x3fa 0x400 0.38 0811e21de198b2a3eb99e66280ed139e

( 1 imports )
> ntoskrnl.exe: ZwSetInformationFile, ZwClose, ZwCreateFile, IofCompleteRequest, IoCreateDevice, ExFreePool, ExAllocatePoolWithTag, ZwEnumerateValueKey, ZwOpenKey, RtlInitUnicodeString

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Fryct - 14 juil. 2009 à 23:33
Pour le dernier (system.exe), le fichier est introuvable.

fix200> Ça n'a rien changé concernant Malwarebyte.
Ajouter un commentaire
1 2 3 Suivant
Posez votre question
Ce document intitulé « TDSS Trojan » issu de CommentCaMarche (www.commentcamarche.net) est mis à disposition sous les termes de la licence Creative Commons. Vous pouvez copier, modifier des copies de cette page, dans les conditions fixées par la licence, tant que cette note apparaît clairement.
Dossier à la une
5 extensions si vous voulez revenir à l'ancien Facebook
TDSS Trojan - page 2