Merci pour l'aide, j'ai donc suivi les instructions mais ça ne semble pas avoir changé grand-chose. Je n'ai pas eu à rebooter (ce que j'ai quand même fait, en cas) et il est toujours là au redémarrage. Voici le rapport Combofix, où il y a d'ailleurs un certain Start1Driver.SYS. Serait-ce lui le coupable ?

------------

ComboFix 09-07-13.01 - Fryct 14/07/2009 17:07.5.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3583.2509 [GMT 2:00]
Running from: c:\users\Fryct\Desktop\ComboFix.exe
SP: AdwareBot *disabled* (Updated) {2BFC08CE-6B66-47D4-BA62-0A39887A0229}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-14 15:15 . 2009-07-14 15:15 -------- d-----w- c:\users\Fryct\AppData\Local\temp
2009-07-14 13:35 . 2009-07-14 13:35 -------- d-----w- c:\program files\Trend Micro
2009-07-14 11:56 . 2009-07-14 12:49 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-07-14 11:36 . 2009-03-14 04:48 5120 ----a-w- c:\windows\system32\drivers\Start1Driver­.SYS
2009-07-14 09:45 . 2009-07-14 09:45 -------- d-----w- c:\progra~2\Simply Super Software
2009-07-13 22:27 . 2009-07-13 23:19 -------- d-----w- c:\windows\BDOSCAN8
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\users\Fryct\AppData\Roaming\Malwa­rebytes
2009-07-13 18:41 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissar­my.sys
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-13 18:41 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 16:23 . 2009-07-13 16:23 -------- d---a-w- c:\program files\Common Files\Nero
2009-07-13 16:07 . 2009-07-13 16:07 -------- d-----w- c:\progra~2\SlySoft
2009-07-13 16:04 . 2009-07-13 16:04 -------- d-----w- c:\program files\SlySoft
2009-07-12 21:47 . 2009-07-12 22:17 -------- d-----w- c:\users\Fryct\AppData\Roaming\Cyber­Link
2009-07-12 21:47 . 2009-07-12 21:47 -------- d-----w- c:\users\Public\CyberLink
2009-07-12 21:44 . 2009-07-12 21:44 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-12 21:40 . 2009-07-12 22:07 -------- d-----w- c:\progra~2\CyberLink
2009-07-12 21:40 . 2008-05-14 12:48 29480 ------w- c:\windows\system32\msxml3a.dll
2009-07-12 21:39 . 2008-05-14 12:48 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-12 21:39 . 2009-07-13 16:15 -------- d-----w- c:\program files\CyberLink
2009-07-12 08:45 . 2009-07-12 08:45 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-12 08:45 . 2009-07-12 08:45 -------- d-----w- c:\windows\system32\AGEIA
2009-07-12 08:29 . 2009-07-12 08:29 -------- d-----w- c:\users\Fryct\{c904a8d4-a5d3-4d40-a­799-60f6c462408a}
2009-07-12 08:29 . 2009-06-04 14:39 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-08 17:58 . 2005-07-25 09:59 28672 ----a-w- c:\users\Fryct\AppData\Roaming\Mozilla\­Firefox\Profiles\qcdel8hs.default\extensions\{3502a070-ea2f-­11dd-ba2f-0800200c9a66}\components\mintray-9178506d-20050725­16-trunk.dll
2009-07-05 17:55 . 2008-04-16 12:13 65536 ----a-w- c:\users\Fryct\AppData\Roaming\Mozilla\­Firefox\Profiles\qcdel8hs.default\extensions\doudehou@gmail.­com\components\statusbarEx.dll
2009-07-05 00:33 . 2009-07-05 07:17 -------- d-----w- c:\users\Fryct\AppData\Roaming\IGN_D­LM
2009-07-01 15:57 . 2009-07-01 15:57 0 ----a-w- c:\windows\nsreg.dat
2009-07-01 15:57 . 2009-07-01 15:57 -------- d-----w- c:\users\Fryct\AppData\Local\Mozilla­
2009-06-20 09:48 . 2009-06-20 09:48 -------- d-----w- c:\users\Fryct\AppData\Local\ArmA 2
2009-06-20 09:47 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-06-20 09:47 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-06-20 09:47 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dl­l
2009-06-20 09:47 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-06-20 09:35 . 2009-06-20 09:35 -------- d-----w- c:\program files\Bohemia Interactive
2009-06-17 19:46 . 2009-06-17 19:46 -------- d-----w- c:\users\Fryct\AppData\Local\Monte Cristo
2009-06-15 19:06 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-15 19:06 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dl­l
2009-06-15 19:06 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-15 19:06 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-15 19:06 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-15 19:06 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 14:35 . 2006-11-02 15:48 716060 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-14 14:35 . 2006-11-02 15:48 144214 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-14 14:30 . 2008-07-24 14:48 -------- d-----w- c:\progra~2\NVIDIA
2009-07-14 14:30 . 2009-07-12 08:52 31966 ----a-w- c:\progra~2\nvModes.dat
2009-07-13 16:23 . 2008-07-24 17:11 -------- d-----w- c:\program files\Nero
2009-07-13 16:15 . 2008-07-25 22:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-13 14:56 . 2008-07-24 19:34 -------- d-----w- c:\program files\Steam
2009-07-12 21:47 . 2008-07-24 14:42 106240 ----a-w- c:\users\Fryct\AppData\Local\GDIPFONTC­ACHEV1.DAT
2009-07-12 21:38 . 2008-07-24 14:44 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-12 16:03 . 2008-09-25 15:16 -------- d-----w- c:\users\Fryct\AppData\Roaming\vlc
2009-07-12 08:45 . 2008-11-08 12:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 08:39 . 2008-07-24 14:41 2708 ----a-w- c:\users\Fryct\AppData\Local\d3d9caps.da­t
2009-07-12 03:21 . 2008-07-26 17:11 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-11 20:42 . 2008-07-24 18:19 -------- d-----w- c:\users\Fryct\AppData\Roaming\MxBoo­st
2009-07-05 11:08 . 2008-07-24 19:34 -------- d-----w- c:\program files\Common Files\Steam
2009-07-05 09:32 . 2008-08-23 11:39 -------- d-----w- c:\program files\City of Heroes
2009-06-30 16:50 . 2008-07-26 21:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-23 12:11 . 2008-07-25 22:10 137888 ----a-w- c:\windows\system32\drivers\PnkBstrK.s­ys
2009-06-23 12:11 . 2008-07-25 22:09 189288 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-22 11:51 . 2008-07-25 22:09 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-17 17:47 . 2009-05-09 10:38 -------- d-----w- c:\program files\Common Files\BioWare
2009-06-17 17:46 . 2008-07-26 15:49 -------- d-----w- c:\progra~2\Media Center Programs
2009-06-14 15:15 . 2009-06-13 13:26 -------- d-----w- c:\program files\Sony Online Entertainment
2009-06-11 18:46 . 2008-08-02 09:51 -------- d-----w- c:\progra~2\Steam
2009-06-11 18:46 . 2008-08-02 09:50 -------- d-----w- c:\progra~2\PopCap Games
2009-06-10 16:33 . 2009-06-10 16:33 9899296 ----a-w- c:\windows\system32\drivers\nvlddmkm.­sys
2009-06-10 16:33 . 2009-06-10 16:33 989696 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 16:33 . 2009-06-10 16:33 7611904 ----a-w- c:\windows\system32\nvd3dum.dll
2009-06-10 16:33 . 2009-06-10 16:33 678432 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 16:33 . 2009-06-10 16:33 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 16:33 . 2009-06-10 16:33 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd­
2009-06-10 16:33 . 2009-06-10 16:33 3148288 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-06-10 16:33 . 2009-06-10 16:33 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod155.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 16:33 . 2009-06-10 16:33 1317408 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 16:33 . 2009-06-10 16:33 10379264 ----a-w- c:\windows\system32\nvoglv32.dll
2009-06-10 09:19 . 2008-07-26 07:13 -------- d-----w- c:\progra~2\Microsoft Help
2009-06-10 06:35 . 2009-06-10 06:35 1505824 ----a-w- c:\windows\system32\nvcpluir.dll
2009-06-10 06:35 . 2009-06-10 06:35 1358368 ----a-w- c:\windows\system32\nvsvsr.dll
2009-06-10 06:35 . 2009-06-10 06:35 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-06-10 06:35 . 2009-06-10 06:35 1296928 ----a-w- c:\windows\system32\nvsvs.dll
2009-06-10 04:33 . 2009-06-10 04:33 244736 ----a-w- c:\windows\system32\nvStInst.exe
2009-06-10 04:33 . 2009-06-10 04:33 467968 ----a-w- c:\windows\system32\nvstlink.exe
2009-06-10 04:33 . 2009-06-10 04:33 3953152 ----a-w- c:\windows\system32\nvstwiz.exe
2009-06-10 04:33 . 2009-06-10 04:33 141824 ----a-w- c:\windows\system32\nvStereoApiI.dll
2009-06-10 04:33 . 2009-06-10 04:33 171520 ----a-w- c:\windows\system32\nvStereoApiI64.dll­
2009-06-10 04:33 . 2009-06-10 04:33 232960 ----a-w- c:\windows\system32\nvSCPAPISvr.exe
2009-06-10 04:32 . 2009-06-10 04:32 257536 ----a-w- c:\windows\system32\nvSCPAPI.dll
2009-06-10 04:32 . 2009-06-10 04:32 301568 ----a-w- c:\windows\system32\nvSCPAPI64.dll
2009-06-10 04:32 . 2009-06-10 04:32 3293184 ----a-w- c:\windows\system32\nvstres.dll
2009-06-10 04:32 . 2009-06-10 04:32 5847 ----a-w- c:\windows\system32\oglstreg.reg
2009-06-10 04:31 . 2009-06-10 04:31 167424 ----a-w- c:\windows\system32\nvstreg.exe
2009-06-10 04:31 . 2009-06-10 04:31 1718272 ----a-w- c:\windows\system32\nvsttest.exe
2009-06-10 04:31 . 2009-06-10 04:31 1034752 ----a-w- c:\windows\system32\nvstview.exe
2009-06-10 04:31 . 2009-06-10 04:31 89088 ----a-w- c:\windows\system32\nvimage.dll
2009-06-10 04:29 . 2009-06-10 04:29 1656 ----a-w- c:\windows\system32\nvstdef.reg
2009-06-08 17:01 . 2008-07-31 19:40 -------- d-----w- c:\progra~2\TrackMania
2009-06-07 08:52 . 2009-06-07 08:52 10134 ----a-r- c:\users\Fryct\AppData\Roaming\Microsof­t\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUC­TICON.exe
2009-06-07 08:52 . 2009-06-07 08:52 -------- d-----w- c:\program files\Microsoft WSE
2009-06-06 16:12 . 2008-07-26 15:36 -------- d-----w- c:\program files\Electronic Arts
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-28 15:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-28 15:07 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-28 10:55 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.Co­mpositeFont
2009-05-21 20:49 . 2009-05-10 10:46 -------- d-----w- c:\program files\rFactor
2009-05-10 19:21 . 2009-05-10 19:21 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-05-09 05:50 . 2009-06-10 09:09 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 09:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-04-28 07:55 . 2009-04-28 07:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-23 12:15 . 2009-06-10 09:07 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-10 09:07 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-21 11:39 . 2009-06-10 09:07 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-24 15:27 . 2009-07-01 15:56 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-03-08 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-01 215552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-17 6793760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632]

c:\users\Fryct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-7-26 3581680]

c:\users\Fryct\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-7-26 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):84,f2,65,d2,a6,df,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3017709691-804468469-1464511852-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{101D2057-1C16-420A-906F-E3C44D627292}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D8383F2A-5385-46A6-8BFA-1E8EE34798EE}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{6E1B9AAE-98B5-427D-B821-B6378835474B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{189A5AF6-EAEC-4117-A744-187E90D5BB2B}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{CD5DA0EC-732B-48A3-9546-F11402E8B70A}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E53F93DE-736E-4106-8758-65DC804075E1}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{12AD7443-1084-433B-BBE6-FCFE92D07171}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2114042D-FBB9-43F2-91CA-7792702A75A7}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{9E808409-3B11-427C-B17B-16688660CDB3}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{DB5EF49C-23F0-4508-9FA9-987ED80E18D5}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{F5958A01-E278-4574-8ADE-A23ACB4F8E3F}"= UDP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"{DEE2E5F3-2040-40D0-9F92-A22BAA14AFAB}"= TCP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"{61843F1F-BF99-4E05-A217-F92B4A1ADB2D}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{8F0E10BD-8BAC-47CB-8B46-33A2A948205F}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{FDAFF9FE-B8B7-4CAB-BC25-EE0CBD4CCA80}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{22E23C74-7242-4685-A4FB-7F6BC351EE28}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{FF9A2C3C-0D16-4FDC-9040-D1B3EF3A4226}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{4B8BEBA6-80B0-45BA-8867-B013CF2ECA79}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{530425C9-0F63-416B-8B84-99A437E8B0EE}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{BD1AED9B-66F7-42D5-973F-3CD6CFB018DA}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{3BCB6A29-7AE3-4304-96F3-AC616D14D646}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{87C52663-2039-479C-A0FF-537DBE081EB7}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{CF4F955D-6822-44C2-A772-F2A680F83C59}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{1E4DB4E0-6A3D-4C28-BE8F-968F93B9F3A6}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{83E8973F-F3CD-43C0-915F-3FAAB66F24F5}"= UDP:c:\program files\Steam\steamapps\common\trackmania united\TmForever.exe:TrackMania United Forever
"{F200D435-B063-4BD4-94F2-8B6077F964BD}"= TCP:c:\program files\Steam\steamapps\common\trackmania united\TmForever.exe:TrackMania United Forever
"{9CA93B90-7E0A-4464-AAB7-B3E6B9B7E073}"= UDP:c:\program files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:TrackMania United Forever
"{E9D5835A-8BEA-4041-9D8D-92D840EF0E44}"= TCP:c:\program files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:TrackMania United Forever
"{9C0C5B0E-354D-4175-AD3E-ED9B251DCAD7}"= UDP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{11FD57B5-4A28-422E-BBA6-C19BF9D10C75}"= TCP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{80126E6C-8F0B-4004-B875-22A334D4027D}"= UDP:c:\program files\Steam\steamapps\common\titan quest\help.htm:Titan Quest
"{16B4B97C-6E57-4785-8D80-E61248DB0C25}"= TCP:c:\program files\Steam\steamapps\common\titan quest\help.htm:Titan Quest
"{AA1C9932-7B6F-4730-A8C0-07735C9805C8}"= UDP:c:\program files\Steam\steamapps\common\titan quest immortal throne\Tqit.exe:Titan Quest: Immortal Throne
"{5C44A1D4-E9C3-4F6B-BF09-6043D5245191}"= TCP:c:\program files\Steam\steamapps\common\titan quest immortal throne\Tqit.exe:Titan Quest: Immortal Throne
"{5EC5A276-4BE0-4A72-83ED-CB8C045D8591}"= UDP:c:\program files\Steam\steamapps\common\titan quest immortal throne\help.htm:Titan Quest: Immortal Throne
"{C0C74C27-C2F3-4596-A503-FB8E26C42C0B}"= TCP:c:\program files\Steam\steamapps\common\titan quest immortal throne\help.htm:Titan Quest: Immortal Throne
"{D9775FD4-3FBC-4949-A6D7-D99BB24C5399}"= UDP:c:\program files\Steam\steamapps\common\trials 2 second edition\launcher.exe:Trials 2: Second Edition
"{623BC05D-93B6-4A0B-8BA1-A0AE2DCF9726}"= TCP:c:\program files\Steam\steamapps\common\trials 2 second edition\launcher.exe:Trials 2: Second Edition
"{FDD7CF1D-6AF2-49D8-B1C9-7D0809E19FC8}"= UDP:c:\program files\Steam\steamapps\common\x3 terran conflict\X3TC.exe:X3: Terran Conflict
"{BD3053F5-FDC1-43C8-BF0E-935CA6B28362}"= TCP:c:\program files\Steam\steamapps\common\x3 terran conflict\X3TC.exe:X3: Terran Conflict
"{4CDD6878-4548-4EDE-81AC-F80B359CC549}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{EBD9DF36-8BAD-4688-B9BF-C5DADF31DF0A}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{7A378ADA-706A-46AB-B1C7-3C681500BC39}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7F3CCEF5-BFDB-4BE7-804D-1F6857DBC07A}"= UDP:c:\program files\Steam\steamapps\common\the last remnant\Binaries\TLR.exe:The Last Remnant
"{17B89F98-B2E3-4FF6-AD6A-F24030AB0DB0}"= TCP:c:\program files\Steam\steamapps\common\the last remnant\Binaries\TLR.exe:The Last Remnant
"{95213D48-9D1E-430A-81B7-5942AAE3A917}"= UDP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{53E6152D-9FDE-4D0E-8EF3-89988CC311E8}"= TCP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{29733425-D2A2-49DA-8466-51BECA6B482A}"= UDP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{DA9C1B56-1DDD-4212-80FA-FD98ABFC3125}"= TCP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{A9CF6801-94F7-444C-A1C3-5FB9445E1552}"= UDP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{F37BC531-42A8-46F0-9D50-748A3F01B289}"= TCP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{39F3C5BA-DD85-45F9-BED7-CB02F7757781}"= UDP:c:\program files\Steam\steamapps\common\peggle deluxe\Peggle.exe:Peggle Deluxe
"{61190302-9076-4F54-BD68-845C1174C736}"= TCP:c:\program files\Steam\steamapps\common\peggle deluxe\Peggle.exe:Peggle Deluxe
"{A1957312-D880-4A9C-BA63-3C6A9D12269C}"= UDP:c:\program files\Steam\steamapps\common\peggle nights\PeggleNights.exe:Peggle Nights
"{0A14D283-CB35-4278-874E-EBC2D28EB7C2}"= TCP:c:\program files\Steam\steamapps\common\peggle nights\PeggleNights.exe:Peggle Nights
"{61D72F24-DC12-46D3-A73A-E0CF6A809B04}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Opposing Fronts
"{8E3A8E66-68CD-49E6-B98F-AE95E4CB9F2E}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Opposing Fronts
"{6CBF54B0-1EFE-4A20-BDDE-53B4152E5C3E}"= UDP:c:\program files\Steam\steamapps\common\prototype\prototypef.exe:Prototype
"{216C3479-379E-4B80-824B-BC6A4F5351BD}"= TCP:c:\program files\Steam\steamapps\common\prototype\prototypef.exe:Prototype
"{62B3ED5F-D096-41C1-AE37-F7EB12D7B748}"= UDP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{595778B3-1656-449D-8B09-8379B7F66E54}"= TCP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{800EA7D6-2A21-42A5-9C20-AB68008B708F}"= UDP:c:\program files\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe:Shadowgrounds
"{84D0B703-303F-46C5-A146-9BF8BCCBE6D4}"= TCP:c:\program files\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe:Shadowgrounds
"{B19F27EF-32AF-44C6-8BD3-3B9D208CDE43}"= UDP:c:\program files\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe:Shadowgrounds
"{FCDF5311-1CC7-40BE-8872-DAB61223EDAC}"= TCP:c:\program files\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe:Shadowgrounds
"{DD27ABE2-A9D8-44D5-AB6F-E7CB46A5F269}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{DB624513-F49B-4FD8-9A60-E63BC63232E9}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{9F6C31A3-4A02-4596-B9FE-ABA70F81E714}"= UDP:d:\streetfighteriv\StreetFighterIV.exe:STREET FIGHTER IV
"{FCB9D426-12A3-47B5-AADB-B7FB05A70FDE}"= TCP:d:\streetfighteriv\StreetFighterIV.exe:STREET FIGHTER IV
"{6AE9B028-EC14-439A-92D0-A765243722B6}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{24145960-6301-4880-83DA-E154F76347BC}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{C2A6EA39-0D9A-4CBE-9999-F80B8064C4D7}"= UDP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{C6C881ED-5ACB-4197-8B6C-A57910CCB895}"= TCP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{458616C4-2F77-4590-946B-E26323046FB5}"= UDP:c:\program files\Steam\steamapps\common\trine\trine_launcher.exe:Trine
"{538E8070-ED91-4ACA-A245-33A0679DEEC7}"= TCP:c:\program files\Steam\steamapps\common\trine\trine_launcher.exe:Trine
"{90618E61-22A7-4EDC-9A38-593985B9C439}"= UDP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor
"{82ED241A-ACB0-4BAC-A15B-6652A8D97643}"= TCP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Persona\\Persona.exe"= c:\program files\Persona\Persona.exe:*:Enabled:Persona

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [19/03/2009 11:44 107256]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [01/10/2008 16:44 20384]
R1 Start1Driver;Start1Driver;c:\windows\System32\drivers\Start1Driver.SYS [14/07/2009 13:36 5120]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [19/03/2009 11:44 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [19/03/2009 11:45 93312]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [10/06/2009 06:33 232960]
R3 LycoFltr;Lycosa Keyboard;c:\windows\System32\drivers\Lycosa.sys [18/01/2008 06:43 16128]
S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\System32\drivers\AGUx86.sys [08/10/2007 09:53 892416]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNIMP50.sys [16/11/2006 14:36 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNISP50.sys [16/11/2006 14:36 20480]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [29/02/2008 02:07 942080]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\System32\drivers\WN111v2v.sys [30/09/2008 03:20 449536]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F6E42294-30F1-D27F-2FEE-DEC4CBE77B09}]
C:\Windows:system.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: dogsoftheseas.com
Trusted Zone: dogsoftheseas.com\realm01
Trusted Zone: dogsoftheseas.com\www
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
FF - component: c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\doudehou@gmail.com\components\statusbarEx.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npsoestb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 17:15
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6008)
geyekrpahvfrqw.dll 10000000 36864 \\?\globalroot\systemroot\system32\geyekrpahvfrqw.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
c:\program files\Stardock\Object Desktop\DeskScapes\deskscape.dll
c:\progra~1\Stardock\OBJECT~2\DESKSC~1\DesktopControlPanel.dll
c:\program files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
.
Completion time: 2009-07-14 17:18
ComboFix-quarantined-files.txt 2009-07-14 17:18

Pre-Run: 68 574 527 488 octets libres
Post-Run: 68 861 390 848 octets libres

Ca n'a hélas pas marché, il est toujours là. Voici le rapport de ComboFix et de Malwarebyte:


ComboFix 09-07-13.01 - Fryct 14/07/2009 17:57.6.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3583.2562 [GMT 2:00]
Running from: c:\users\Fryct\Desktop\ComboFix.exe
Command switches used :: c:\users\Fryct\Desktop\CFScript.txt
SP: AdwareBot *disabled* (Updated) {2BFC08CE-6B66-47D4-BA62-0A39887A0229}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\users\Fryct\AppData\Local\d3d9caps.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Fryct\AppData\Local\d3d9caps.dat

.
((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-14 16:04 . 2009-07-14 16:04 -------- d-----w- c:\users\Fryct\AppData\Local\temp
2009-07-14 13:35 . 2009-07-14 13:35 -------- d-----w- c:\program files\Trend Micro
2009-07-14 11:56 . 2009-07-14 12:49 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-07-14 11:36 . 2009-03-14 04:48 5120 ----a-w- c:\windows\system32\drivers\Start1Driver.SYS
2009-07-14 09:45 . 2009-07-14 09:45 -------- d-----w- c:\progra~2\Simply Super Software
2009-07-13 22:27 . 2009-07-13 23:19 -------- d-----w- c:\windows\BDOSCAN8
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\users\Fryct\AppData\Roaming\Malwarebytes
2009-07-13 18:41 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 18:41 . 2009-07-13 18:41 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-13 18:41 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 16:23 . 2009-07-13 16:23 -------- d---a-w- c:\program files\Common Files\Nero
2009-07-13 16:07 . 2009-07-13 16:07 -------- d-----w- c:\progra~2\SlySoft
2009-07-13 16:04 . 2009-07-13 16:04 -------- d-----w- c:\program files\SlySoft
2009-07-12 21:47 . 2009-07-12 22:17 -------- d-----w- c:\users\Fryct\AppData\Roaming\CyberLink
2009-07-12 21:47 . 2009-07-12 21:47 -------- d-----w- c:\users\Public\CyberLink
2009-07-12 21:44 . 2009-07-12 21:44 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-12 21:40 . 2009-07-12 22:07 -------- d-----w- c:\progra~2\CyberLink
2009-07-12 21:40 . 2008-05-14 12:48 29480 ------w- c:\windows\system32\msxml3a.dll
2009-07-12 21:39 . 2008-05-14 12:48 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-12 21:39 . 2009-07-13 16:15 -------- d-----w- c:\program files\CyberLink
2009-07-12 08:45 . 2009-07-12 08:45 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-12 08:45 . 2009-07-12 08:45 -------- d-----w- c:\windows\system32\AGEIA
2009-07-12 08:29 . 2009-07-12 08:29 -------- d-----w- c:\users\Fryct\{c904a8d4-a5d3-4d40-a799-60f6c462408a}
2009-07-12 08:29 . 2009-06-04 14:39 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-08 17:58 . 2005-07-25 09:59 28672 ----a-w- c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
2009-07-05 17:55 . 2008-04-16 12:13 65536 ----a-w- c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\doudehou@gmail.com\components\statusbarEx.dll
2009-07-05 00:33 . 2009-07-05 07:17 -------- d-----w- c:\users\Fryct\AppData\Roaming\IGN_DLM
2009-07-01 15:57 . 2009-07-01 15:57 0 ----a-w- c:\windows\nsreg.dat
2009-07-01 15:57 . 2009-07-01 15:57 -------- d-----w- c:\users\Fryct\AppData\Local\Mozilla
2009-06-20 09:48 . 2009-06-20 09:48 -------- d-----w- c:\users\Fryct\AppData\Local\ArmA 2
2009-06-20 09:47 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-06-20 09:47 . 2008-10-15 04:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-06-20 09:47 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-06-20 09:47 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-06-20 09:35 . 2009-06-20 09:35 -------- d-----w- c:\program files\Bohemia Interactive
2009-06-17 19:46 . 2009-06-17 19:46 -------- d-----w- c:\users\Fryct\AppData\Local\Monte Cristo
2009-06-15 19:06 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-15 19:06 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-15 19:06 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-15 19:06 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-15 19:06 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-15 19:06 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 15:53 . 2006-11-02 15:48 716060 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-14 15:53 . 2006-11-02 15:48 144214 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-14 15:49 . 2009-07-12 08:52 31966 ----a-w- c:\progra~2\nvModes.dat
2009-07-14 15:49 . 2008-07-24 14:48 -------- d-----w- c:\progra~2\NVIDIA
2009-07-13 16:23 . 2008-07-24 17:11 -------- d-----w- c:\program files\Nero
2009-07-13 16:15 . 2008-07-25 22:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-13 14:56 . 2008-07-24 19:34 -------- d-----w- c:\program files\Steam
2009-07-12 21:47 . 2008-07-24 14:42 106240 ----a-w- c:\users\Fryct\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-12 21:38 . 2008-07-24 14:44 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-12 16:03 . 2008-09-25 15:16 -------- d-----w- c:\users\Fryct\AppData\Roaming\vlc
2009-07-12 08:45 . 2008-11-08 12:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 03:21 . 2008-07-26 17:11 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-11 20:42 . 2008-07-24 18:19 -------- d-----w- c:\users\Fryct\AppData\Roaming\MxBoost
2009-07-05 11:08 . 2008-07-24 19:34 -------- d-----w- c:\program files\Common Files\Steam
2009-07-05 09:32 . 2008-08-23 11:39 -------- d-----w- c:\program files\City of Heroes
2009-06-30 16:50 . 2008-07-26 21:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-23 12:11 . 2008-07-25 22:10 137888 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-23 12:11 . 2008-07-25 22:09 189288 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-22 11:51 . 2008-07-25 22:09 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-17 17:47 . 2009-05-09 10:38 -------- d-----w- c:\program files\Common Files\BioWare
2009-06-17 17:46 . 2008-07-26 15:49 -------- d-----w- c:\progra~2\Media Center Programs
2009-06-14 15:15 . 2009-06-13 13:26 -------- d-----w- c:\program files\Sony Online Entertainment
2009-06-11 18:46 . 2008-08-02 09:51 -------- d-----w- c:\progra~2\Steam
2009-06-11 18:46 . 2008-08-02 09:50 -------- d-----w- c:\progra~2\PopCap Games
2009-06-10 16:33 . 2009-06-10 16:33 9899296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-06-10 16:33 . 2009-06-10 16:33 989696 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 16:33 . 2009-06-10 16:33 7611904 ----a-w- c:\windows\system32\nvd3dum.dll
2009-06-10 16:33 . 2009-06-10 16:33 678432 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 16:33 . 2009-06-10 16:33 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 16:33 . 2009-06-10 16:33 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-06-10 16:33 . 2009-06-10 16:33 3148288 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-06-10 16:33 . 2009-06-10 16:33 1704960 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod155.dll
2009-06-10 16:33 . 2009-06-10 16:33 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 16:33 . 2009-06-10 16:33 1317408 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 16:33 . 2009-06-10 16:33 10379264 ----a-w- c:\windows\system32\nvoglv32.dll
2009-06-10 09:19 . 2008-07-26 07:13 -------- d-----w- c:\progra~2\Microsoft Help
2009-06-10 06:35 . 2009-06-10 06:35 1505824 ----a-w- c:\windows\system32\nvcpluir.dll
2009-06-10 06:35 . 2009-06-10 06:35 1358368 ----a-w- c:\windows\system32\nvsvsr.dll
2009-06-10 06:35 . 2009-06-10 06:35 1194528 ----a-w- c:\windows\system32\nvcplui.exe
2009-06-10 06:35 . 2009-06-10 06:35 1296928 ----a-w- c:\windows\system32\nvsvs.dll
2009-06-10 04:33 . 2009-06-10 04:33 244736 ----a-w- c:\windows\system32\nvStInst.exe
2009-06-10 04:33 . 2009-06-10 04:33 467968 ----a-w- c:\windows\system32\nvstlink.exe
2009-06-10 04:33 . 2009-06-10 04:33 3953152 ----a-w- c:\windows\system32\nvstwiz.exe
2009-06-10 04:33 . 2009-06-10 04:33 141824 ----a-w- c:\windows\system32\nvStereoApiI.dll
2009-06-10 04:33 . 2009-06-10 04:33 171520 ----a-w- c:\windows\system32\nvStereoApiI64.dll
2009-06-10 04:33 . 2009-06-10 04:33 232960 ----a-w- c:\windows\system32\nvSCPAPISvr.exe
2009-06-10 04:32 . 2009-06-10 04:32 257536 ----a-w- c:\windows\system32\nvSCPAPI.dll
2009-06-10 04:32 . 2009-06-10 04:32 301568 ----a-w- c:\windows\system32\nvSCPAPI64.dll
2009-06-10 04:32 . 2009-06-10 04:32 3293184 ----a-w- c:\windows\system32\nvstres.dll
2009-06-10 04:32 . 2009-06-10 04:32 5847 ----a-w- c:\windows\system32\oglstreg.reg
2009-06-10 04:31 . 2009-06-10 04:31 167424 ----a-w- c:\windows\system32\nvstreg.exe
2009-06-10 04:31 . 2009-06-10 04:31 1718272 ----a-w- c:\windows\system32\nvsttest.exe
2009-06-10 04:31 . 2009-06-10 04:31 1034752 ----a-w- c:\windows\system32\nvstview.exe
2009-06-10 04:31 . 2009-06-10 04:31 89088 ----a-w- c:\windows\system32\nvimage.dll
2009-06-10 04:29 . 2009-06-10 04:29 1656 ----a-w- c:\windows\system32\nvstdef.reg
2009-06-08 17:01 . 2008-07-31 19:40 -------- d-----w- c:\progra~2\TrackMania
2009-06-07 08:52 . 2009-06-07 08:52 10134 ----a-r- c:\users\Fryct\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-07 08:52 . 2009-06-07 08:52 -------- d-----w- c:\program files\Microsoft WSE
2009-06-06 16:12 . 2008-07-26 15:36 -------- d-----w- c:\program files\Electronic Arts
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-28 15:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-28 15:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-28 15:07 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-28 10:55 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-05-21 20:49 . 2009-05-10 10:46 -------- d-----w- c:\program files\rFactor
2009-05-10 19:21 . 2009-05-10 19:21 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-05-09 05:50 . 2009-06-10 09:09 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 09:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-04-28 07:55 . 2009-04-28 07:55 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-04-23 12:15 . 2009-06-10 09:07 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-10 09:07 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-21 11:39 . 2009-06-10 09:07 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-24 15:27 . 2009-07-01 15:56 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-14_15.15.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-24 14:49 . 2009-07-14 15:51 33988 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-14 15:51 74672 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:02 . 2009-07-14 14:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-07-14 15:49 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-07-14 15:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-07-14 14:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-07-14 14:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2009-07-14 15:49 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-24 14:43 . 2009-07-14 15:51 7836 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3017709691-804468469-1464511852-1000_UserData.bin
- 2008-07-24 14:43 . 2009-07-14 14:32 7836 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3017709691-804468469-1464511852-1000_UserData.bin
- 2009-07-14 14:30 . 2009-07-14 14:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-14 15:49 . 2009-07-14 15:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-14 15:49 . 2009-07-14 15:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 14:30 . 2009-07-14 14:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-07-14 15:53 628288 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-14 14:35 628288 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-14 15:53 117790 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-07-14 14:35 117790 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-03-08 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-01 215552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-17 6793760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13785632]

c:\users\Fryct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-7-26 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):84,f2,65,d2,a6,df,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3017709691-804468469-1464511852-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{101D2057-1C16-420A-906F-E3C44D627292}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D8383F2A-5385-46A6-8BFA-1E8EE34798EE}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{6E1B9AAE-98B5-427D-B821-B6378835474B}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{189A5AF6-EAEC-4117-A744-187E90D5BB2B}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{CD5DA0EC-732B-48A3-9546-F11402E8B70A}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{E53F93DE-736E-4106-8758-65DC804075E1}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{12AD7443-1084-433B-BBE6-FCFE92D07171}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2114042D-FBB9-43F2-91CA-7792702A75A7}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{9E808409-3B11-427C-B17B-16688660CDB3}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{DB5EF49C-23F0-4508-9FA9-987ED80E18D5}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{F5958A01-E278-4574-8ADE-A23ACB4F8E3F}"= UDP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"{DEE2E5F3-2040-40D0-9F92-A22BAA14AFAB}"= TCP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"{61843F1F-BF99-4E05-A217-F92B4A1ADB2D}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{8F0E10BD-8BAC-47CB-8B46-33A2A948205F}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{FDAFF9FE-B8B7-4CAB-BC25-EE0CBD4CCA80}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{22E23C74-7242-4685-A4FB-7F6BC351EE28}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{FF9A2C3C-0D16-4FDC-9040-D1B3EF3A4226}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{4B8BEBA6-80B0-45BA-8867-B013CF2ECA79}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{530425C9-0F63-416B-8B84-99A437E8B0EE}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{BD1AED9B-66F7-42D5-973F-3CD6CFB018DA}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{3BCB6A29-7AE3-4304-96F3-AC616D14D646}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{87C52663-2039-479C-A0FF-537DBE081EB7}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{CF4F955D-6822-44C2-A772-F2A680F83C59}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{1E4DB4E0-6A3D-4C28-BE8F-968F93B9F3A6}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{83E8973F-F3CD-43C0-915F-3FAAB66F24F5}"= UDP:c:\program files\Steam\steamapps\common\trackmania united\TmForever.exe:TrackMania United Forever
"{F200D435-B063-4BD4-94F2-8B6077F964BD}"= TCP:c:\program files\Steam\steamapps\common\trackmania united\TmForever.exe:TrackMania United Forever
"{9CA93B90-7E0A-4464-AAB7-B3E6B9B7E073}"= UDP:c:\program files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:TrackMania United Forever
"{E9D5835A-8BEA-4041-9D8D-92D840EF0E44}"= TCP:c:\program files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:TrackMania United Forever
"{9C0C5B0E-354D-4175-AD3E-ED9B251DCAD7}"= UDP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{11FD57B5-4A28-422E-BBA6-C19BF9D10C75}"= TCP:c:\program files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:Peggle Extreme
"{80126E6C-8F0B-4004-B875-22A334D4027D}"= UDP:c:\program files\Steam\steamapps\common\titan quest\help.htm:Titan Quest
"{16B4B97C-6E57-4785-8D80-E61248DB0C25}"= TCP:c:\program files\Steam\steamapps\common\titan quest\help.htm:Titan Quest
"{AA1C9932-7B6F-4730-A8C0-07735C9805C8}"= UDP:c:\program files\Steam\steamapps\common\titan quest immortal throne\Tqit.exe:Titan Quest: Immortal Throne
"{5C44A1D4-E9C3-4F6B-BF09-6043D5245191}"= TCP:c:\program files\Steam\steamapps\common\titan quest immortal throne\Tqit.exe:Titan Quest: Immortal Throne
"{5EC5A276-4BE0-4A72-83ED-CB8C045D8591}"= UDP:c:\program files\Steam\steamapps\common\titan quest immortal throne\help.htm:Titan Quest: Immortal Throne
"{C0C74C27-C2F3-4596-A503-FB8E26C42C0B}"= TCP:c:\program files\Steam\steamapps\common\titan quest immortal throne\help.htm:Titan Quest: Immortal Throne
"{D9775FD4-3FBC-4949-A6D7-D99BB24C5399}"= UDP:c:\program files\Steam\steamapps\common\trials 2 second edition\launcher.exe:Trials 2: Second Edition
"{623BC05D-93B6-4A0B-8BA1-A0AE2DCF9726}"= TCP:c:\program files\Steam\steamapps\common\trials 2 second edition\launcher.exe:Trials 2: Second Edition
"{FDD7CF1D-6AF2-49D8-B1C9-7D0809E19FC8}"= UDP:c:\program files\Steam\steamapps\common\x3 terran conflict\X3TC.exe:X3: Terran Conflict
"{BD3053F5-FDC1-43C8-BF0E-935CA6B28362}"= TCP:c:\program files\Steam\steamapps\common\x3 terran conflict\X3TC.exe:X3: Terran Conflict
"{4CDD6878-4548-4EDE-81AC-F80B359CC549}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{EBD9DF36-8BAD-4688-B9BF-C5DADF31DF0A}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\help.htm:Company of Heroes
"{7A378ADA-706A-46AB-B1C7-3C681500BC39}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7F3CCEF5-BFDB-4BE7-804D-1F6857DBC07A}"= UDP:c:\program files\Steam\steamapps\common\the last remnant\Binaries\TLR.exe:The Last Remnant
"{17B89F98-B2E3-4FF6-AD6A-F24030AB0DB0}"= TCP:c:\program files\Steam\steamapps\common\the last remnant\Binaries\TLR.exe:The Last Remnant
"{95213D48-9D1E-430A-81B7-5942AAE3A917}"= UDP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{53E6152D-9FDE-4D0E-8EF3-89988CC311E8}"= TCP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{29733425-D2A2-49DA-8466-51BECA6B482A}"= UDP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{DA9C1B56-1DDD-4212-80FA-FD98ABFC3125}"= TCP:c:\program files\Electronic Arts\BattleForge\Bootstrapper.exe:BattleForge™ Launcher
"{A9CF6801-94F7-444C-A1C3-5FB9445E1552}"= UDP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{F37BC531-42A8-46F0-9D50-748A3F01B289}"= TCP:c:\program files\Electronic Arts\BattleForge\BattleForge.exe:BattleForge™
"{39F3C5BA-DD85-45F9-BED7-CB02F7757781}"= UDP:c:\program files\Steam\steamapps\common\peggle deluxe\Peggle.exe:Peggle Deluxe
"{61190302-9076-4F54-BD68-845C1174C736}"= TCP:c:\program files\Steam\steamapps\common\peggle deluxe\Peggle.exe:Peggle Deluxe
"{A1957312-D880-4A9C-BA63-3C6A9D12269C}"= UDP:c:\program files\Steam\steamapps\common\peggle nights\PeggleNights.exe:Peggle Nights
"{0A14D283-CB35-4278-874E-EBC2D28EB7C2}"= TCP:c:\program files\Steam\steamapps\common\peggle nights\PeggleNights.exe:Peggle Nights
"{61D72F24-DC12-46D3-A73A-E0CF6A809B04}"= UDP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Opposing Fronts
"{8E3A8E66-68CD-49E6-B98F-AE95E4CB9F2E}"= TCP:c:\program files\Steam\steamapps\common\company of heroes\RelicCOH.exe:Company of Heroes: Opposing Fronts
"{6CBF54B0-1EFE-4A20-BDDE-53B4152E5C3E}"= UDP:c:\program files\Steam\steamapps\common\prototype\prototypef.exe:Prototype
"{216C3479-379E-4B80-824B-BC6A4F5351BD}"= TCP:c:\program files\Steam\steamapps\common\prototype\prototypef.exe:Prototype
"{62B3ED5F-D096-41C1-AE37-F7EB12D7B748}"= UDP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{595778B3-1656-449D-8B09-8379B7F66E54}"= TCP:c:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra
"{800EA7D6-2A21-42A5-9C20-AB68008B708F}"= UDP:c:\program files\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe:Shadowgrounds
"{84D0B703-303F-46C5-A146-9BF8BCCBE6D4}"= TCP:c:\program files\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe:Shadowgrounds
"{B19F27EF-32AF-44C6-8BD3-3B9D208CDE43}"= UDP:c:\program files\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe:Shadowgrounds
"{FCDF5311-1CC7-40BE-8872-DAB61223EDAC}"= TCP:c:\program files\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe:Shadowgrounds
"{DD27ABE2-A9D8-44D5-AB6F-E7CB46A5F269}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{DB624513-F49B-4FD8-9A60-E63BC63232E9}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{9F6C31A3-4A02-4596-B9FE-ABA70F81E714}"= UDP:d:\streetfighteriv\StreetFighterIV.exe:STREET FIGHTER IV
"{FCB9D426-12A3-47B5-AADB-B7FB05A70FDE}"= TCP:d:\streetfighteriv\StreetFighterIV.exe:STREET FIGHTER IV
"{6AE9B028-EC14-439A-92D0-A765243722B6}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{24145960-6301-4880-83DA-E154F76347BC}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{C2A6EA39-0D9A-4CBE-9999-F80B8064C4D7}"= UDP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{C6C881ED-5ACB-4197-8B6C-A57910CCB895}"= TCP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{458616C4-2F77-4590-946B-E26323046FB5}"= UDP:c:\program files\Steam\steamapps\common\trine\trine_launcher.exe:Trine
"{538E8070-ED91-4ACA-A245-33A0679DEEC7}"= TCP:c:\program files\Steam\steamapps\common\trine\trine_launcher.exe:Trine
"{90618E61-22A7-4EDC-9A38-593985B9C439}"= UDP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor
"{82ED241A-ACB0-4BAC-A15B-6652A8D97643}"= TCP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Persona\\Persona.exe"= c:\program files\Persona\Persona.exe:*:Enabled:Persona

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [19/03/2009 11:44 107256]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [01/10/2008 16:44 20384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [19/03/2009 11:44 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [19/03/2009 11:45 93312]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\System32\nvSCPAPISvr.exe [10/06/2009 06:33 232960]
R3 LycoFltr;Lycosa Keyboard;c:\windows\System32\drivers\Lycosa.sys [18/01/2008 06:43 16128]
S1 Start1Driver;Start1Driver;c:\windows\System32\drivers\Start1Driver.SYS [14/07/2009 13:36 5120]
S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\System32\drivers\AGUx86.sys [08/10/2007 09:53 892416]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNIMP50.sys [16/11/2006 14:36 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\System32\drivers\DNISP50.sys [16/11/2006 14:36 20480]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [29/02/2008 02:07 942080]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\System32\drivers\WN111v2v.sys [30/09/2008 03:20 449536]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F6E42294-30F1-D27F-2FEE-DEC4CBE77B09}]
C:\Windows:system.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: dogsoftheseas.com
Trusted Zone: dogsoftheseas.com\realm01
Trusted Zone: dogsoftheseas.com\www
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
FF - component: c:\users\Fryct\AppData\Roaming\Mozilla\Firefox\Profiles\qcdel8hs.default\extensions\doudehou@gmail.com\components\statusbarEx.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npsoestb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 18:04
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2009-07-14 18:07
ComboFix-quarantined-files.txt 2009-07-14 16:07
ComboFix2.txt 2009-07-14 15:18

Pre-Run: 68 896 911 360 octets libres
Post-Run: 68 887 498 752 octets libres

---
Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2427
Windows 6.0.6002 Service Pack 2

14/07/2009 18:17:07
mbam-log-2009-07-14 (18-17-07).txt

Type de recherche: Examen rapide
Eléments examinés: 79606
Temps écoulé: 2 minute(s), 18 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
\\?\globalroot\systemroot\System32\geyekrpahvfrqw.dll (Trojan.TDSS) -> Delete on reboot.

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
\\?\globalroot\systemroot\System32\geyekrpahvfrqw.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

Voici le log.txt de rsit:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Fryct at 2009-07-14 20:38:39
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 65 GB (23%) free of 286 GB
Total RAM: 3583 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:42, on 14/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Fryct\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Fryct.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O15 - Trusted Zone: http://realm01.dogsoftheseas.com
O15 - Trusted Zone: http://www.dogsoftheseas.com
O15 - Trusted Zone: http://*.dogsoftheseas.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe
End of file - 7272 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\AdwareBot System Startup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-03-19 2029640]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-02-17 6793760]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-06-10 13785632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-03-08 3885408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-29 520024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]

C:\Users\Fryct\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll [2008-03-29 103848]
Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~2\DESKSC~1\DesktopControlPanel.dll [2008-05-05 87320]
StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll [2008-10-14 582936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Persona\Persona.exe"="C:\Program Files\Persona\Persona.exe:*:Enabled:Persona"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-07-14 20:38:39 ----D---- C:\rsit
2009-07-14 18:07:38 ----D---- C:\Windows\temp
2009-07-14 18:07:35 ----SHD---- C:\$RECYCLE.BIN
2009-07-14 18:07:35 ----A---- C:\ComboFix.txt
2009-07-14 17:55:32 ----SD---- C:\ComboFix
2009-07-14 17:05:24 ----D---- C:\Qoobox
2009-07-14 15:35:53 ----D---- C:\Program Files\Trend Micro
2009-07-14 13:56:13 ----D---- C:\Program Files\Common Files\ParetoLogic
2009-07-14 11:45:34 ----D---- C:\ProgramData\Simply Super Software
2009-07-14 05:34:33 ----A---- C:\Windows\zip.exe
2009-07-14 05:34:33 ----A---- C:\Windows\SWXCACLS.exe
2009-07-14 05:34:33 ----A---- C:\Windows\SWSC.exe
2009-07-14 05:34:33 ----A---- C:\Windows\SWREG.exe
2009-07-14 05:34:33 ----A---- C:\Windows\sed.exe
2009-07-14 05:34:33 ----A---- C:\Windows\PEV.exe
2009-07-14 05:34:33 ----A---- C:\Windows\NIRCMD.exe
2009-07-14 05:34:33 ----A---- C:\Windows\grep.exe
2009-07-14 05:34:22 ----D---- C:\Windows\ERDNT
2009-07-14 00:27:48 ----D---- C:\Windows\BDOSCAN8
2009-07-13 20:41:28 ----D---- C:\Users\Fryct\AppData\Roaming\Malwarebytes
2009-07-13 20:41:24 ----D---- C:\ProgramData\Malwarebytes
2009-07-13 20:41:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-13 18:23:13 ----AD---- C:\Program Files\Common Files\Nero
2009-07-13 18:07:52 ----D---- C:\ProgramData\SlySoft
2009-07-13 18:04:51 ----D---- C:\Program Files\SlySoft
2009-07-12 23:47:50 ----D---- C:\Users\Fryct\AppData\Roaming\CyberLink
2009-07-12 23:44:09 ----DC---- C:\Windows\system32\DRVSTORE
2009-07-12 23:40:23 ----D---- C:\ProgramData\CyberLink
2009-07-12 23:40:22 ----N---- C:\Windows\system32\msxml3a.dll
2009-07-12 23:39:45 ----A---- C:\Windows\system32\msvcp71.dll
2009-07-12 23:39:31 ----D---- C:\Program Files\CyberLink
2009-07-12 10:45:50 ----D---- C:\Windows\system32\AGEIA
2009-07-12 10:45:50 ----D---- C:\Program Files\AGEIA Technologies
2009-07-12 10:29:08 ----A---- C:\Windows\system32\NVUNINST.EXE
2009-07-05 02:33:34 ----D---- C:\Users\Fryct\AppData\Roaming\IGN_DLM
2009-07-01 17:55:59 ----D---- C:\Program Files\Mozilla Firefox
2009-06-20 11:47:51 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-06-20 11:47:51 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-06-20 11:47:51 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-06-20 11:47:50 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-06-20 11:35:32 ----D---- C:\Program Files\Bohemia Interactive
2009-06-15 21:06:30 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-06-15 21:06:30 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-06-15 21:06:29 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-06-15 21:06:29 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-06-15 21:06:29 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-06-15 21:06:28 ----A---- C:\Windows\system32\xactengine3_4.dll

======List of files/folders modified in the last 1 months======

2009-07-14 18:28:56 ----D---- C:\Windows\System32
2009-07-14 18:23:36 ----D---- C:\Windows\inf
2009-07-14 18:23:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-14 18:19:06 ----D---- C:\ProgramData\NVIDIA
2009-07-14 18:18:49 ----D---- C:\Windows\system32\drivers
2009-07-14 18:07:40 ----D---- C:\Windows\system32\fr-FR
2009-07-14 18:07:38 ----AD---- C:\Windows
2009-07-14 18:04:31 ----A---- C:\Windows\system.ini
2009-07-14 18:00:50 ----D---- C:\Windows\AppPatch
2009-07-14 18:00:50 ----AD---- C:\Program Files\Common Files
2009-07-14 17:49:26 ----RD---- C:\Program Files
2009-07-14 17:07:11 ----D---- C:\Windows\Prefetch
2009-07-14 16:28:56 ----D---- C:\Windows\Tasks
2009-07-14 15:26:29 ----SHD---- C:\Windows\Installer
2009-07-14 15:23:13 ----D---- C:\Windows\system32\Tasks
2009-07-14 14:58:19 ----D---- C:\Windows\system32\catroot2
2009-07-14 14:57:08 ----A---- C:\Windows\ntbtlog.txt
2009-07-14 14:49:12 ----HD---- C:\ProgramData
2009-07-14 14:49:02 ----D---- C:\Windows\system32\catroot
2009-07-14 11:24:49 ----D---- C:\Windows\Minidump
2009-07-14 00:27:50 ----SD---- C:\Windows\Downloaded Program Files
2009-07-13 18:25:22 ----SHD---- C:\System Volume Information
2009-07-13 18:23:16 ----D---- C:\Program Files\Nero
2009-07-13 18:18:50 ----A---- C:\Windows\system32\MsiExec.exe.log
2009-07-13 18:15:13 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-13 17:48:56 ----A---- C:\Windows\NeroDigital.ini
2009-07-13 16:56:12 ----D---- C:\Program Files\Steam
2009-07-12 23:41:25 ----RSD---- C:\Windows\Fonts
2009-07-12 23:38:48 ----D---- C:\Program Files\Common Files\InstallShield
2009-07-12 18:03:34 ----D---- C:\Users\Fryct\AppData\Roaming\vlc
2009-07-12 10:46:14 ----D---- C:\Windows\Help
2009-07-12 10:45:35 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-12 05:21:01 ----D---- C:\Program Files\Messenger Plus! Live
2009-07-11 22:42:07 ----D---- C:\Users\Fryct\AppData\Roaming\MxBoost
2009-07-05 23:44:52 ----RSD---- C:\Windows\assembly
2009-07-05 13:08:55 ----D---- C:\Program Files\Common Files\Steam
2009-07-05 11:32:33 ----D---- C:\Program Files\City of Heroes
2009-07-01 17:57:37 ----D---- C:\Users\Fryct\AppData\Roaming\Mozilla
2009-06-30 18:50:34 ----A---- C:\Windows\system32\CmdLineExt.dll
2009-06-25 19:17:19 ----AD---- C:\ProgramData\TEMP
2009-06-25 19:16:54 ----D---- C:\Fraps
2009-06-24 00:08:19 ----D---- C:\Windows\Microsoft.NET
2009-06-23 23:59:09 ----D---- C:\Windows\winsxs
2009-06-23 23:59:09 ----D---- C:\Program Files\Internet Explorer
2009-06-23 14:11:06 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-06-22 13:51:05 ----A---- C:\Windows\system32\PnkBstrA.exe
2009-06-21 04:00:18 ----A---- C:\finfos.txt
2009-06-19 17:51:52 ----D---- C:\NVIDIA
2009-06-17 19:47:11 ----D---- C:\Program Files\Common Files\BioWare
2009-06-17 19:46:59 ----D---- C:\ProgramData\Media Center Programs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-03-19 107256]
R1 jswpslwf;JumpStart Wireless Filter Driver; C:\Windows\system32\DRIVERS\jswpslwf.sys [2008-10-01 20384]
R1 Start1Driver;Start1Driver; C:\Windows\system32\drivers\Start1Driver.sys [2009-03-14 5120]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2008-12-11 279712]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-03-19 113960]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-03-19 93312]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2008-10-17 25888]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2006-10-23 44416]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-17 2323488]
R3 LycoFltr;Lycosa Keyboard; C:\Windows\System32\Drivers\Lycosa.sys [2008-01-18 16128]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-06-10 9899296]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver; C:\Windows\system32\DRIVERS\AGUx86.sys [2007-10-08 892416]
S3 auh3lmqz;auh3lmqz; C:\Windows\system32\drivers\auh3lmqz.sys []
S3 aujasnkj;aujasnkj; \??\C:\Users\Fryct\AppData\Local\Temp\aujasnkj.sys []
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-04-11 93696]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-04-11 93696]
S3 catchme;catchme; \??\C:\Users\Fryct\AppData\Local\Temp\catchme.sys []
S3 DNIMp50;DNIMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\DNIMp50.sys [2006-11-16 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\DNISp50.sys [2006-11-16 20480]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2008-04-22 27672]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 usb_rndisx;Carte RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service; C:\Windows\system32\DRIVERS\WN111v2v.sys [2008-09-30 449536]
S3 XDva190;XDva190; \??\C:\Windows\system32\XDva190.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-03-19 731840]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-06-10 211488]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-06-22 75064]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Windows\System32\nvSCPAPISvr.exe [2009-06-10 232960]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-03-19 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-03 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [2008-02-29 942080]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-03-17 2800669]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-04 316664]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-29 1029456]

-----------------EOF-----------------