VIRUS INCROYABLE AIDER MOI
Fermé
muco45
Messages postés
441
Date d'inscription
dimanche 17 février 2008
Statut
Membre
Dernière intervention
26 novembre 2013
-
6 juin 2009 à 16:43
muco45 Messages postés 441 Date d'inscription dimanche 17 février 2008 Statut Membre Dernière intervention 26 novembre 2013 - 13 juin 2009 à 23:04
muco45 Messages postés 441 Date d'inscription dimanche 17 février 2008 Statut Membre Dernière intervention 26 novembre 2013 - 13 juin 2009 à 23:04
A voir également:
- VIRUS INCROYABLE AIDER MOI
- Svchost.exe virus - Guide
- Produkey virus ✓ - Forum Windows 10
- Vérificateur de lien virus - Guide
- Lien virus à envoyer - Forum Virus
- Youtu.be virus - Guide
20 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
6 juin 2009 à 20:36
6 juin 2009 à 20:36
slt,
# télécharger Hoster :
http://www.funkytoad.com/download/HostsXpert.zip
# Dézipper le dossier sur le bureau.
# Lancer Hoster et cliquer sur Restore Microsoft's Hosts File
si impossible fais RHOST
http://siri.urz.free.fr/RHosts.php
_______________________
colle un rapport bitdefender que tu as
a plus
# télécharger Hoster :
http://www.funkytoad.com/download/HostsXpert.zip
# Dézipper le dossier sur le bureau.
# Lancer Hoster et cliquer sur Restore Microsoft's Hosts File
si impossible fais RHOST
http://siri.urz.free.fr/RHosts.php
_______________________
colle un rapport bitdefender que tu as
a plus
muco45
Messages postés
441
Date d'inscription
dimanche 17 février 2008
Statut
Membre
Dernière intervention
26 novembre 2013
65
7 juin 2009 à 12:22
7 juin 2009 à 12:22
OK c'est bon merci beaucoup ! plus de probleme
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
8 juin 2009 à 10:40
8 juin 2009 à 10:40
ok
muco45
Messages postés
441
Date d'inscription
dimanche 17 février 2008
Statut
Membre
Dernière intervention
26 novembre 2013
65
10 juin 2009 à 19:42
10 juin 2009 à 19:42
EN FAITE NON LE PROBLEME EST REVENUE POUVEZ VOUS M'aider merci !
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
11 juin 2009 à 13:36
11 juin 2009 à 13:36
refais hoster puis
scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
muco45
Messages postés
441
Date d'inscription
dimanche 17 février 2008
Statut
Membre
Dernière intervention
26 novembre 2013
65
11 juin 2009 à 17:00
11 juin 2009 à 17:00
Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2182
Windows 6.0.6001 Service Pack 1
11/06/2009 16:57:58
mbam-log-2009-06-11 (16-57-58).txt
Type de recherche: Examen rapide
Eléments examinés: 87352
Temps écoulé: 3 minute(s), 37 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\Users\Furkan\local settings\application data\akqsk_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\Users\Furkan\local settings\application data\akqsk_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\Users\Furkan\local settings\application data\akqsk.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\Users\Furkan\local settings\application data\aoaau_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\Users\Furkan\local settings\application data\aoaau_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\Users\Furkan\local settings\application data\aoaau.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\Users\Furkan\local settings\application data\aoaau.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\Users\Furkan\local settings\application data\wsuoowi_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\Users\Furkan\local settings\application data\wsuoowi_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\Users\Furkan\local settings\application data\wsuoowi.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\senekabcyqmyrm.sys (Trojan.Agent) -> Quarantined and deleted successfully.
Version de la base de données: 2182
Windows 6.0.6001 Service Pack 1
11/06/2009 16:57:58
mbam-log-2009-06-11 (16-57-58).txt
Type de recherche: Examen rapide
Eléments examinés: 87352
Temps écoulé: 3 minute(s), 37 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\Users\Furkan\local settings\application data\akqsk_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\Users\Furkan\local settings\application data\akqsk_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\Users\Furkan\local settings\application data\akqsk.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\Users\Furkan\local settings\application data\aoaau_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\Users\Furkan\local settings\application data\aoaau_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\Users\Furkan\local settings\application data\aoaau.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\Users\Furkan\local settings\application data\aoaau.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\Users\Furkan\local settings\application data\wsuoowi_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\Users\Furkan\local settings\application data\wsuoowi_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\Users\Furkan\local settings\application data\wsuoowi.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\senekabcyqmyrm.sys (Trojan.Agent) -> Quarantined and deleted successfully.
muco45
Messages postés
441
Date d'inscription
dimanche 17 février 2008
Statut
Membre
Dernière intervention
26 novembre 2013
65
11 juin 2009 à 17:14
11 juin 2009 à 17:14
Logfile of random's system information tool 1.06 (written by random/random)
Run by Mucahid at 2009-06-11 16:59:35
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 68 GB (36%) free of 190 GB
Total RAM: 2046 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:19, on 11/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Mucahid\Desktop\RSIT.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\trend micro\Mucahid.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.jeu.fr/jeu/Crashed-Ice.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-556349300-2617274519-4165335550-1003\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Furkan')
O4 - HKUS\S-1-5-21-556349300-2617274519-4165335550-1003\..\Run: [aoaau] "c:\users\furkan\appdata\local\aoaau.exe" aoaau (User 'Furkan')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - S-1-5-21-556349300-2617274519-4165335550-1003 Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (User 'Furkan')
O4 - S-1-5-21-556349300-2617274519-4165335550-1003 User Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (User 'Furkan')
O4 - Global Startup: WiFi Station pour Livebox.lnk = C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://m6.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Update Service (gupdate1c98aef813cc9ed) (gupdate1c98aef813cc9ed) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Webcam Corp. Service Starter - Unknown owner - C:\Program Files\Webcam\Webcam123\dogsvc.exe (file missing)
Run by Mucahid at 2009-06-11 16:59:35
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 68 GB (36%) free of 190 GB
Total RAM: 2046 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:19, on 11/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Mucahid\Desktop\RSIT.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\trend micro\Mucahid.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.jeu.fr/jeu/Crashed-Ice.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-556349300-2617274519-4165335550-1003\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Furkan')
O4 - HKUS\S-1-5-21-556349300-2617274519-4165335550-1003\..\Run: [aoaau] "c:\users\furkan\appdata\local\aoaau.exe" aoaau (User 'Furkan')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - S-1-5-21-556349300-2617274519-4165335550-1003 Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (User 'Furkan')
O4 - S-1-5-21-556349300-2617274519-4165335550-1003 User Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (User 'Furkan')
O4 - Global Startup: WiFi Station pour Livebox.lnk = C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://m6.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Update Service (gupdate1c98aef813cc9ed) (gupdate1c98aef813cc9ed) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Webcam Corp. Service Starter - Unknown owner - C:\Program Files\Webcam\Webcam123\dogsvc.exe (file missing)
muco45
Messages postés
441
Date d'inscription
dimanche 17 février 2008
Statut
Membre
Dernière intervention
26 novembre 2013
65
11 juin 2009 à 17:17
11 juin 2009 à 17:17
info.txt logfile of random's system information tool 1.06 2009-06-11 17:00:23
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
18 Wheels of Steel: Haulin' (remove only)-->"C:\Program Files\18 Wheels of Steel Haulin\Uninstall.exe"
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{786547F9-59BB-4FA3-B2D8-327FF1F14870}
Adobe Reader 8.1.5 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Reader 8-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader*
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
BitDefender Total Security 2009-->MsiExec.exe /X{8ACF317C-CA66-4363-AEBF-A073B124AA1A}
Browser Address Error Redirector-->regsvr32 /u /s "C:\Program Files\Google\Google_BAE\BAE.dll"
Burnout(TM) Paradise The Ultimate Box-->MsiExec.exe /X{9A996B6A-846E-4A89-B9C4-17546B7BE49F}
Call of Duty(R) - World at War(TM) 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{149464D9-B06F-4505-9968-FD1206F67AD3}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{9F01A67B-7D67-482F-9D4F-D5980A440FD4}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x040c
CamStudio-->C:\Program Files\CamStudio\uninstall.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cheat Engine 5.3-->"C:\Program Files\Cheat Engine\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Code de la Route-->MsiExec.exe /X{A37A26D5-8444-4862-933B-478371D0299D}
Coffret de pilotes Logitech Legacy USB Camera-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.51.2023\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"legacyqcam_10.51" /clone_wait /hide_progress
Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.90.1262\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.90" /clone_wait /hide_progress
CrazyTalk v5.1 PRO Trial-->C:\Program Files\InstallShield Installation Information\{2EB3B0AB-4FEB-4548-B7E7-7A0E73F69125}\setup.exe -runfromtemp -l0x040c -removeonly /remove
Creator 9-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *CREATOR9*
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DWGeditor-->MsiExec.exe /X{0686F02A-C7AF-4727-A95B-6581C2E3496D}
EASEUS Partition Master 3.5 Home Edition-->"C:\Program Files\EASEUS\EASEUS Partition Master 3.5 Home Edition\unins000.exe"
eDrawings 2008-->MsiExec.exe /I{0534E2D5-59BA-4CE6-8E6D-0B2CA4BCF0C2}
Favorit-->c:\users\furkan\appdata\local\qmiok.bat
Firefox-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *FirefoxFR*
Flash Player 9 Internet Explorer-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Flashplayer*
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
GIMP 2.6.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google BAE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleBAE*
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.31\Installer\setup.exe" --uninstall --system-level
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GOOGLE_EARTH*
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
GoogleDesktop-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleDesktop*
GoogleToolbar-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleToolbar*
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
Hercules WiFi Station for Livebox-->C:\Program Files\InstallShield Installation Information\{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}\setup.exe -runfromtemp -l0x040c -removeonly
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}\setup\hpzscr01.exe -datfile hposcr15.dat
Infocentre Rev. 2.0-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Codec Pack 3.6.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech QuickCam-->MsiExec.exe /I{937B232D-9776-471E-92BD-D424E514EF14}
Ma-Config.com-->MsiExec.exe /X{E780E536-16CE-4CD1-8FE0-2D5E52FAA65B}
Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x40c UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
Microsoft .NET Framework 3.5-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft ActiveX Control Pad-->C:\Program Files\ActiveX Control Pad\Setup\Remove.exe
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90120000-00A4-0409-0000-0000000FF1CE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 9 SE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *works9se*
Microsoft Works-->MsiExec.exe /I{0214A441-A4AB-43A8-8DEF-2F73C5364673}
Microsoft® Office Trial 2007-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *OFF2k7_FR*
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Module linguistique Microsoft .NET Framework 3.5 - fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Packard Bell Demo-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *PB_DEMO*
Packard Bell ImageWriter-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *ImageWriter*
Packard Bell LCD Test-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *LCDTest*
Packard Bell Updator-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Picasa2-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Picasa_2*
Privoxy 3.0.6-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek HD Audio V6.0.1.5490-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AUDIO_REALTEK*
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roxio Creator 9 LE-->MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SAMSUNG CDMA Modem Driver Set-->C:\Program Files\SAMSUNG\SAMSUNG CDMA Modem\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
SAMSUNG SYMBIAN USB Download Driver-->C:\Program Files\SAMSUNG\SYMBIAN USB Download Driver\Uninstall.exe
SAMSUNG USB Mobile Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
SetUp My PC-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_FR*
Shockwave player 10-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Shockwave*
Skype 3.5.2.239-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SKYPE*
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Softick PPP 2.21 (remove only)-->"C:\Program Files\Softick\PPP\uninstall.exe"
Software Informer 1.0 BETA-->"C:\Program Files\Software Informer\unins000.exe"
SolidWorks 2008-2009 Student Design Kit-->MsiExec.exe /I{AB7848AD-3172-46C5-BBCE-8D998072D74E}
SopCast 3.0.1-->C:\Program Files\SopCast\uninst.exe
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe"
Tor 0.2.0.34-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Vidalia 0.1.10-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
Video NVIDIA v163.69-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *VIDEO_NVIDIA*
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Bêta)-->MsiExec.exe /I{2D87E961-577B-492B-AD54-1368680FB9A7}
Vodafone WCDMA Composite Device Drive Software-->C:\Windows\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
======Hosts File======
127.0.0.1 localhost
======Security center information======
AV: BitDefender Antivirus
FW: BitDefender Firewall
AS: BitDefender Antispyware
AS: Windows Defender
======System event log======
Computer Name: PC-de-Mucahid
Event Code: 10111
Message: Le périphérique USB Storage-CFC (emplacement (unknown)) est hors connexion en raison d’un blocage du pilote mode-utilisateur. Windows essaiera de redémarrer le périphérique à 5 reprises. Pour plus d’informations sur ce problème, contactez le fabricant du périphérique.
Record Number: 365787
Source Name: Microsoft-Windows-DriverFrameworks-UserMode
Time Written: 20090611103134.410504-000
Event Type: Critique
User: AUTORITE NT\SYSTEM
Computer Name: PC-de-Mucahid
Event Code: 7011
Message: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service ShellHWDetection.
Record Number: 365858
Source Name: Service Control Manager
Time Written: 20090611103137.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Mucahid
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 365905
Source Name: Tcpip
Time Written: 20090611114448.284504-000
Event Type: Avertissement
User:
Computer Name: PC-de-Mucahid
Event Code: 4001
Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.
Record Number: 365940
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090611123412.851600-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-de-Mucahid
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 365953
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090611134730.662385-000
Event Type: Erreur
User:
=====Application event log=====
Computer Name: PC-de-Mucahid
Event Code: 3013
Message: Impossible de mettre à jour l'entrée <C:\USERS\FURKAN\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5> dans la configuration de hachage.
Contexte : Application , Catalogue SystemIndex
Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)
Record Number: 43514
Source Name: Microsoft-Windows-Search
Time Written: 20090611115353.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Mucahid
Event Code: 3036
Message: La source de contenu <iehistory://{s-1-5-21-556349300-2617274519-4165335550-1003}/> est inaccessible.
Contexte : Application , Catalogue SystemIndex
Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)
Record Number: 43515
Source Name: Microsoft-Windows-Search
Time Written: 20090611115353.000000-000
Event Type: Avertissement
User:
Computer Name: PC-de-Mucahid
Event Code: 3023
Message: Impossible de démarrer l'analyse car toutes les sources de contenu ont été exclues par des règles de chemin d'accès au site ou supprimées de la configuration de l'index.
Contexte : Application , Catalogue SystemIndex
Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)
Record Number: 43516
Source Name: Microsoft-Windows-Search
Time Written: 20090611115353.000000-000
Event Type: Avertissement
User:
Computer Name: PC-de-Mucahid
Event Code: 3013
Message: Impossible de mettre à jour l'entrée <C:\USERS\FURKAN\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5> dans la configuration de hachage.
Contexte : Application , Catalogue SystemIndex
Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)
Record Number: 43517
Source Name: Microsoft-Windows-Search
Time Written: 20090611115354.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Mucahid
Event Code: 3031
Message: Impossible d'allouer un ID de document.
Contexte : Application , Catalogue SystemIndex
Détails :
Impossible de lire l'index du contenu. (0xc0041800)
Record Number: 43532
Source Name: Microsoft-Windows-Search
Time Written: 20090611123323.000000-000
Event Type: Erreur
User:
=====Security event log=====
Computer Name: PC-de-Mucahid
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-MUCAHID$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
Type d’ouverture de session : 5
Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Informations sur le processus :
ID du processus : 0x268
Nom du processus : C:\Windows\System32\services.exe
Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -
Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0
Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.
Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.
Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).
Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.
Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.
Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 35060
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090403125423.637932-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-Mucahid
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 35061
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090403125423.637932-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-Mucahid
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-MUCAHID$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Compte dont les informations d’identification ont été utilisées :
Nom du compte : Mucahid
Domaine du compte : PC-de-Mucahid
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost
Informations sur le processus :
ID du processus : 0x360
Nom du processus : C:\Windows\System32\winlogon.exe
Informations sur le réseau :
Adresse du réseau : 127.0.0.1
Port : 0
Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 35062
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090403125525.460732-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-Mucahid
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-MUCAHID$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
Type d’ouverture de session : 2
Nouvelle ouverture de session :
ID de sécurité : S-1-5-21-556349300-2617274519-4165335550-1002
Nom du compte : Mucahid
Domaine du compte : PC-de-Mucahid
ID d’ouverture de session : 0x3f21c
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Informations sur le processus :
ID du processus : 0x360
Nom du processus : C:\Windows\System32\winlogon.exe
Informations sur le réseau :
Nom de la station de travail : PC-DE-MUCAHID
Adresse du réseau source : 127.0.0.1
Port source : 0
Informations détaillées sur l’authentification :
Processus d’ouverture de session : User32
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0
Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.
Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.
Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).
Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.
Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.
Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 35063
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090403125525.460732-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-Mucahid
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-MUCAHID$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
Type d’ouverture de session : 2
Nouvelle ouverture de session :
ID de sécurité : S-1-5-21-556349300-2617274519-4165335550-1002
Nom du compte : Mucahid
Domaine du compte : PC-de-Mucahid
ID d’ouverture de session : 0x3f23a
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Informations sur le processus :
ID du processus : 0x360
Nom du processus : C:\Windows\System32\winlogon.exe
Informations sur le réseau :
Nom de la station de travail : PC-DE-MUCAHID
Adresse du réseau source : 127.0.0.1
Port source : 0
Informations détaillées sur l’authentification :
Processus d’ouverture de session : User32
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0
Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.
Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.
Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).
Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.
Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.
Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 35064
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090403125525.460732-000
Event Type: Succès de l'audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\Samsung\Samsung PC Studio 3\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
-----------------EOF-----------------
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
18 Wheels of Steel: Haulin' (remove only)-->"C:\Program Files\18 Wheels of Steel Haulin\Uninstall.exe"
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{786547F9-59BB-4FA3-B2D8-327FF1F14870}
Adobe Reader 8.1.5 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Reader 8-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader*
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
BitDefender Total Security 2009-->MsiExec.exe /X{8ACF317C-CA66-4363-AEBF-A073B124AA1A}
Browser Address Error Redirector-->regsvr32 /u /s "C:\Program Files\Google\Google_BAE\BAE.dll"
Burnout(TM) Paradise The Ultimate Box-->MsiExec.exe /X{9A996B6A-846E-4A89-B9C4-17546B7BE49F}
Call of Duty(R) - World at War(TM) 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{149464D9-B06F-4505-9968-FD1206F67AD3}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{9F01A67B-7D67-482F-9D4F-D5980A440FD4}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x040c
CamStudio-->C:\Program Files\CamStudio\uninstall.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cheat Engine 5.3-->"C:\Program Files\Cheat Engine\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Code de la Route-->MsiExec.exe /X{A37A26D5-8444-4862-933B-478371D0299D}
Coffret de pilotes Logitech Legacy USB Camera-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.51.2023\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"legacyqcam_10.51" /clone_wait /hide_progress
Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.90.1262\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.90" /clone_wait /hide_progress
CrazyTalk v5.1 PRO Trial-->C:\Program Files\InstallShield Installation Information\{2EB3B0AB-4FEB-4548-B7E7-7A0E73F69125}\setup.exe -runfromtemp -l0x040c -removeonly /remove
Creator 9-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *CREATOR9*
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DWGeditor-->MsiExec.exe /X{0686F02A-C7AF-4727-A95B-6581C2E3496D}
EASEUS Partition Master 3.5 Home Edition-->"C:\Program Files\EASEUS\EASEUS Partition Master 3.5 Home Edition\unins000.exe"
eDrawings 2008-->MsiExec.exe /I{0534E2D5-59BA-4CE6-8E6D-0B2CA4BCF0C2}
Favorit-->c:\users\furkan\appdata\local\qmiok.bat
Firefox-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *FirefoxFR*
Flash Player 9 Internet Explorer-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Flashplayer*
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
GIMP 2.6.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google BAE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleBAE*
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.31\Installer\setup.exe" --uninstall --system-level
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GOOGLE_EARTH*
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
GoogleDesktop-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleDesktop*
GoogleToolbar-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleToolbar*
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
Hercules WiFi Station for Livebox-->C:\Program Files\InstallShield Installation Information\{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}\setup.exe -runfromtemp -l0x040c -removeonly
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}\setup\hpzscr01.exe -datfile hposcr15.dat
Infocentre Rev. 2.0-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Codec Pack 3.6.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech QuickCam-->MsiExec.exe /I{937B232D-9776-471E-92BD-D424E514EF14}
Ma-Config.com-->MsiExec.exe /X{E780E536-16CE-4CD1-8FE0-2D5E52FAA65B}
Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x40c UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
Microsoft .NET Framework 3.5-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft ActiveX Control Pad-->C:\Program Files\ActiveX Control Pad\Setup\Remove.exe
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90120000-00A4-0409-0000-0000000FF1CE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 9 SE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *works9se*
Microsoft Works-->MsiExec.exe /I{0214A441-A4AB-43A8-8DEF-2F73C5364673}
Microsoft® Office Trial 2007-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *OFF2k7_FR*
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Module linguistique Microsoft .NET Framework 3.5 - fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Packard Bell Demo-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *PB_DEMO*
Packard Bell ImageWriter-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *ImageWriter*
Packard Bell LCD Test-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *LCDTest*
Packard Bell Updator-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Picasa2-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Picasa_2*
Privoxy 3.0.6-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek HD Audio V6.0.1.5490-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AUDIO_REALTEK*
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roxio Creator 9 LE-->MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SAMSUNG CDMA Modem Driver Set-->C:\Program Files\SAMSUNG\SAMSUNG CDMA Modem\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
SAMSUNG SYMBIAN USB Download Driver-->C:\Program Files\SAMSUNG\SYMBIAN USB Download Driver\Uninstall.exe
SAMSUNG USB Mobile Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
SetUp My PC-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_FR*
Shockwave player 10-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Shockwave*
Skype 3.5.2.239-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SKYPE*
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Softick PPP 2.21 (remove only)-->"C:\Program Files\Softick\PPP\uninstall.exe"
Software Informer 1.0 BETA-->"C:\Program Files\Software Informer\unins000.exe"
SolidWorks 2008-2009 Student Design Kit-->MsiExec.exe /I{AB7848AD-3172-46C5-BBCE-8D998072D74E}
SopCast 3.0.1-->C:\Program Files\SopCast\uninst.exe
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe"
Tor 0.2.0.34-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Vidalia 0.1.10-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
Video NVIDIA v163.69-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *VIDEO_NVIDIA*
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Bêta)-->MsiExec.exe /I{2D87E961-577B-492B-AD54-1368680FB9A7}
Vodafone WCDMA Composite Device Drive Software-->C:\Windows\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
======Hosts File======
127.0.0.1 localhost
======Security center information======
AV: BitDefender Antivirus
FW: BitDefender Firewall
AS: BitDefender Antispyware
AS: Windows Defender
======System event log======
Computer Name: PC-de-Mucahid
Event Code: 10111
Message: Le périphérique USB Storage-CFC (emplacement (unknown)) est hors connexion en raison d’un blocage du pilote mode-utilisateur. Windows essaiera de redémarrer le périphérique à 5 reprises. Pour plus d’informations sur ce problème, contactez le fabricant du périphérique.
Record Number: 365787
Source Name: Microsoft-Windows-DriverFrameworks-UserMode
Time Written: 20090611103134.410504-000
Event Type: Critique
User: AUTORITE NT\SYSTEM
Computer Name: PC-de-Mucahid
Event Code: 7011
Message: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service ShellHWDetection.
Record Number: 365858
Source Name: Service Control Manager
Time Written: 20090611103137.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Mucahid
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 365905
Source Name: Tcpip
Time Written: 20090611114448.284504-000
Event Type: Avertissement
User:
Computer Name: PC-de-Mucahid
Event Code: 4001
Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.
Record Number: 365940
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090611123412.851600-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-de-Mucahid
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 365953
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090611134730.662385-000
Event Type: Erreur
User:
=====Application event log=====
Computer Name: PC-de-Mucahid
Event Code: 3013
Message: Impossible de mettre à jour l'entrée <C:\USERS\FURKAN\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5> dans la configuration de hachage.
Contexte : Application , Catalogue SystemIndex
Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)
Record Number: 43514
Source Name: Microsoft-Windows-Search
Time Written: 20090611115353.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Mucahid
Event Code: 3036
Message: La source de contenu <iehistory://{s-1-5-21-556349300-2617274519-4165335550-1003}/> est inaccessible.
Contexte : Application , Catalogue SystemIndex
Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)
Record Number: 43515
Source Name: Microsoft-Windows-Search
Time Written: 20090611115353.000000-000
Event Type: Avertissement
User:
Computer Name: PC-de-Mucahid
Event Code: 3023
Message: Impossible de démarrer l'analyse car toutes les sources de contenu ont été exclues par des règles de chemin d'accès au site ou supprimées de la configuration de l'index.
Contexte : Application , Catalogue SystemIndex
Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)
Record Number: 43516
Source Name: Microsoft-Windows-Search
Time Written: 20090611115353.000000-000
Event Type: Avertissement
User:
Computer Name: PC-de-Mucahid
Event Code: 3013
Message: Impossible de mettre à jour l'entrée <C:\USERS\FURKAN\APPDATA\LOCAL\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5> dans la configuration de hachage.
Contexte : Application , Catalogue SystemIndex
Détails :
Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)
Record Number: 43517
Source Name: Microsoft-Windows-Search
Time Written: 20090611115354.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Mucahid
Event Code: 3031
Message: Impossible d'allouer un ID de document.
Contexte : Application , Catalogue SystemIndex
Détails :
Impossible de lire l'index du contenu. (0xc0041800)
Record Number: 43532
Source Name: Microsoft-Windows-Search
Time Written: 20090611123323.000000-000
Event Type: Erreur
User:
=====Security event log=====
Computer Name: PC-de-Mucahid
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-MUCAHID$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
Type d’ouverture de session : 5
Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Informations sur le processus :
ID du processus : 0x268
Nom du processus : C:\Windows\System32\services.exe
Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -
Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0
Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.
Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.
Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).
Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.
Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.
Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 35060
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090403125423.637932-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-Mucahid
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 35061
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090403125423.637932-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-Mucahid
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-MUCAHID$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Compte dont les informations d’identification ont été utilisées :
Nom du compte : Mucahid
Domaine du compte : PC-de-Mucahid
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost
Informations sur le processus :
ID du processus : 0x360
Nom du processus : C:\Windows\System32\winlogon.exe
Informations sur le réseau :
Adresse du réseau : 127.0.0.1
Port : 0
Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 35062
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090403125525.460732-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-Mucahid
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-MUCAHID$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
Type d’ouverture de session : 2
Nouvelle ouverture de session :
ID de sécurité : S-1-5-21-556349300-2617274519-4165335550-1002
Nom du compte : Mucahid
Domaine du compte : PC-de-Mucahid
ID d’ouverture de session : 0x3f21c
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Informations sur le processus :
ID du processus : 0x360
Nom du processus : C:\Windows\System32\winlogon.exe
Informations sur le réseau :
Nom de la station de travail : PC-DE-MUCAHID
Adresse du réseau source : 127.0.0.1
Port source : 0
Informations détaillées sur l’authentification :
Processus d’ouverture de session : User32
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0
Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.
Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.
Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).
Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.
Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.
Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 35063
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090403125525.460732-000
Event Type: Succès de l'audit
User:
Computer Name: PC-de-Mucahid
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-MUCAHID$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
Type d’ouverture de session : 2
Nouvelle ouverture de session :
ID de sécurité : S-1-5-21-556349300-2617274519-4165335550-1002
Nom du compte : Mucahid
Domaine du compte : PC-de-Mucahid
ID d’ouverture de session : 0x3f23a
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}
Informations sur le processus :
ID du processus : 0x360
Nom du processus : C:\Windows\System32\winlogon.exe
Informations sur le réseau :
Nom de la station de travail : PC-DE-MUCAHID
Adresse du réseau source : 127.0.0.1
Port source : 0
Informations détaillées sur l’authentification :
Processus d’ouverture de session : User32
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0
Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.
Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.
Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).
Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.
Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.
Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 35064
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090403125525.460732-000
Event Type: Succès de l'audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\Samsung\Samsung PC Studio 3\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
-----------------EOF-----------------
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
11 juin 2009 à 17:29
11 juin 2009 à 17:29
[ si l'internaute est sous Vista]
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
muco45
Messages postés
441
Date d'inscription
dimanche 17 février 2008
Statut
Membre
Dernière intervention
26 novembre 2013
65
12 juin 2009 à 10:35
12 juin 2009 à 10:35
ComboFix 09-06-11.06 - Mucahid 12/06/2009 10:18.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1152 [GMT 2:00]
Lancé depuis: c:\users\Mucahid\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\TEMP\logishrd\LVPrcInj02.dll
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-12 au 2009-06-12 ))))))))))))))))))))))))))))))))))))
.
2009-06-12 08:24 . 2009-06-12 08:26 -------- d-----w- c:\users\Mucahid\AppData\Local\temp
2009-06-12 08:24 . 2009-06-12 08:24 -------- d-----w- c:\users\Furkan\AppData\Local\temp
2009-06-11 14:59 . 2009-06-11 15:00 -------- d-----w- C:\rsit
2009-06-11 14:53 . 2009-06-11 14:53 -------- d-----w- c:\users\Mucahid\AppData\Roaming\Malwarebytes
2009-06-11 14:53 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-11 14:53 . 2009-06-11 14:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-11 14:53 . 2009-06-11 14:53 -------- d-----w- c:\programdata\Malwarebytes
2009-06-11 14:53 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 11:18 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-10 11:03 . 2009-06-10 11:02 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3BAA.tmp.exe
2009-06-06 13:11 . 2009-06-06 13:11 -------- d-----w- c:\program files\Software Informer
2009-06-01 14:52 . 2009-06-01 14:52 -------- d-----w- c:\users\Mucahid\AppData\Local\vdownloader
2009-06-01 13:46 . 2009-03-19 12:03 1907712 ----a-w- c:\windows\system32\BootMan.exe
2009-06-01 13:46 . 2009-02-25 18:22 9728 ----a-w- c:\windows\system32\epmntdrv.sys
2009-06-01 13:46 . 2009-02-25 18:22 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2009-06-01 13:46 . 2009-02-25 18:22 3072 ----a-w- c:\windows\system32\EuGdiDrv.sys
2009-06-01 13:46 . 2009-02-25 18:21 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2009-06-01 13:46 . 2009-06-01 13:46 -------- d-----w- c:\program files\EASEUS
2009-05-30 21:06 . 2009-05-30 21:06 -------- d-----w- c:\users\Furkan\AppData\Roaming\PC Suite
2009-05-30 20:11 . 2009-05-30 20:11 -------- d-----w- c:\users\Mucahid\AppData\Roaming\PC Suite
2009-05-30 20:11 . 2009-05-30 20:11 -------- d-----w- c:\programdata\PC Suite
2009-05-30 20:07 . 2007-05-02 14:31 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-05-30 20:07 . 2009-05-30 20:07 -------- d-----w- c:\program files\DIFX
2009-05-30 20:07 . 2007-09-17 13:53 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-05-30 20:05 . 2009-05-30 20:05 -------- d-----w- c:\program files\MarkAny
2009-05-30 20:05 . 2009-05-30 20:07 -------- d-----w- c:\program files\PC Connectivity Solution
2009-05-30 20:03 . 2009-05-30 20:03 -------- d-----w- c:\users\Mucahid\AppData\Local\Downloaded Installations
2009-05-30 17:10 . 2009-04-07 07:39 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2009-05-30 17:10 . 2009-04-07 07:39 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2009-05-30 17:10 . 2009-04-07 07:39 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2009-05-29 20:36 . 2009-05-29 20:36 -------- d-----w- c:\users\Furkan\.thumbnails
2009-05-29 20:35 . 2009-05-29 20:37 -------- d-----w- c:\users\Furkan\.gimp-2.6
2009-05-29 20:35 . 2009-05-30 16:18 -------- d-----w- c:\users\Furkan\.gegl-0.0
2009-05-24 12:49 . 2009-05-24 12:49 -------- d-sh--w- C:\found.001
2009-05-21 11:03 . 2009-05-21 11:03 135680 ----a-w- c:\users\Mucahid\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2009-05-17 14:00 . 2009-05-14 13:20 2645832 ----a-w- c:\users\Mucahid\AppData\Roaming\Mozilla\Firefox\Profiles\7ci7vonf.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\maconfsetup.exe
2009-05-17 14:00 . 2009-05-14 12:56 402800 ----a-w- c:\users\Mucahid\AppData\Roaming\Mozilla\Firefox\Profiles\7ci7vonf.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
2009-05-14 14:23 . 2009-05-14 14:23 -------- d-----w- c:\program files\ma-config.com
2009-05-14 14:23 . 2009-05-14 14:23 -------- d-----w- c:\programdata\ma-config.com
2009-05-13 11:18 . 2009-05-13 11:26 -------- d-----w- c:\program files\Kellogg's Afrique
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-12 08:24 . 2009-04-28 19:06 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-11 15:00 . 2009-03-27 16:49 -------- d-----w- c:\program files\Trend Micro
2009-06-11 13:48 . 2009-04-02 13:47 89 ----a-w- c:\users\Furkan\AppData\Local\qmiok.bat
2009-06-10 18:08 . 2008-04-08 14:18 -------- d-----w- c:\programdata\Microsoft Help
2009-06-08 16:36 . 2008-04-08 23:07 678718 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-08 16:36 . 2008-04-08 23:07 127798 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-08 16:25 . 2009-04-11 13:42 -------- d-----w- c:\users\Mucahid\AppData\Roaming\BitTorrent
2009-06-06 14:31 . 2009-04-29 18:46 -------- d-----w- c:\program files\Bus Simulator 2008 Demo
2009-06-02 17:28 . 2009-01-18 15:41 -------- d-----w- c:\users\Mucahid\AppData\Roaming\gtk-2.0
2009-06-02 13:34 . 2009-04-11 13:42 -------- d-----w- c:\users\Mucahid\AppData\Roaming\DNA
2009-06-01 12:43 . 2008-04-08 14:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-31 19:15 . 2008-12-18 18:58 86576 ----a-w- c:\users\Mucahid\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-05-31 19:15 . 2008-12-18 18:58 132672 ----a-w- c:\users\Mucahid\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2009-05-31 19:15 . 2008-12-18 18:58 392728 ----a-w- c:\users\Mucahid\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
2009-05-31 18:51 . 2008-12-06 15:33 -------- d-----w- c:\program files\Samsung
2009-05-30 20:05 . 2008-10-29 22:06 -------- d-----w- c:\users\Mucahid\AppData\Roaming\Samsung
2009-05-21 13:39 . 2008-04-08 14:20 -------- d-----w- c:\program files\Microsoft.NET
2009-05-20 15:41 . 2008-11-05 14:18 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-19 19:08 . 2008-10-29 22:34 8268 ----a-w- c:\users\Mucahid\AppData\Local\d3d9caps.dat
2009-05-13 17:39 . 2009-04-24 14:08 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-13 13:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-13 13:10 . 2008-12-10 16:34 -------- d-----w- c:\program files\Cheat Engine
2009-05-13 12:10 . 2008-11-27 11:48 -------- d-----w- c:\program files\DNA
2009-05-10 14:50 . 2009-05-10 14:50 -------- d-----w- c:\users\Mucahid\AppData\Roaming\Skype
2009-05-10 09:08 . 2008-04-08 14:13 -------- d-----w- c:\program files\Google
2009-05-09 05:50 . 2009-06-10 11:19 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 11:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-07 16:47 . 2009-03-03 15:33 -------- d-----w- c:\users\Mucahid\AppData\Roaming\Hamachi
2009-05-07 11:01 . 2008-10-30 10:21 97704 ----a-w- c:\users\Furkan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-06 12:35 . 2008-12-18 18:58 0 ----a-r- c:\users\Mucahid\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
2009-05-05 11:03 . 2008-10-29 18:54 97704 ----a-w- c:\users\Mucahid\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 17:38 . 2009-05-01 17:35 -------- d-----w- c:\program files\Blockland
2009-04-30 15:13 . 2008-04-23 16:34 192512 ----a-w- c:\windows\system32\txmlutil.dll
2009-04-30 15:13 . 2008-08-12 16:40 242184 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2009-04-30 15:13 . 2008-08-14 16:54 104328 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2009-04-30 15:13 . 2008-08-12 16:40 111112 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-04-30 15:13 . 2008-07-02 11:07 82696 ----a-w- c:\windows\system32\drivers\BDVEDISK.sys
2009-04-30 13:23 . 2009-04-12 19:29 -------- d-----w- c:\users\Mucahid\AppData\Roaming\tor
2009-04-30 13:23 . 2009-04-12 19:29 -------- d-----w- c:\users\Mucahid\AppData\Roaming\Vidalia
2009-04-30 12:53 . 2009-04-30 12:53 -------- d-----w- c:\program files\BitDefender
2009-04-30 12:53 . 2009-04-28 18:47 -------- d-----w- c:\program files\Common Files\BitDefender
2009-04-30 11:40 . 2009-04-30 11:40 -------- d-----w- c:\users\Furkan\AppData\Roaming\BitDefender
2009-04-29 12:40 . 2009-04-29 12:32 -------- d-----w- c:\programdata\BitDefender
2009-04-29 12:33 . 2009-04-29 12:33 -------- d-----w- c:\users\Mucahid\AppData\Roaming\BitDefender
2009-04-28 17:58 . 2009-02-11 18:33 -------- d-----w- c:\programdata\McAfee
2009-04-27 13:55 . 2009-04-27 13:55 -------- d-----w- c:\program files\CamStudio
2009-04-26 21:46 . 2009-04-26 21:46 -------- d-----w- c:\users\Mucahid\AppData\Roaming\Reallusion
2009-04-26 21:23 . 2009-04-26 21:23 -------- d-----w- c:\program files\Reallusion
2009-04-26 15:54 . 2009-04-26 15:54 -------- d-----w- c:\programdata\Chat Republic Games
2009-04-24 13:13 . 2008-12-26 09:00 -------- d-----w- c:\programdata\TrackMania
2009-04-23 12:42 . 2009-06-10 11:19 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 11:19 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 15:53 . 2009-04-17 15:50 -------- d-----w- c:\program files\Virtual Earth 3D
2009-04-14 20:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-04-12 10:39 . 2009-04-12 10:39 57344 ----a-w- c:\windows\system32\COMMTB32.DLL
2009-04-12 10:39 . 2009-04-12 10:39 169984 ----a-w- c:\windows\system32\P2D.DLL
2009-04-12 10:39 . 2009-04-12 10:38 161552 ----a-w- c:\windows\system32\ASYCPICT.DLL
2009-04-11 20:33 . 2009-04-11 12:46 91648 ----a-w- c:\users\Mucahid\AppData\Local\stunnel.exe
2009-04-11 20:33 . 2009-04-11 12:46 802 ----a-w- c:\users\Mucahid\AppData\Local\crt.vbs
2009-04-11 20:33 . 2009-04-11 12:46 74240 ----a-w- c:\users\Mucahid\AppData\Local\zlib1.dll
2009-04-11 20:33 . 2009-04-11 12:46 65024 ----a-w- c:\users\Mucahid\AppData\Local\GoalServer2009.exe
2009-04-11 20:33 . 2009-04-11 12:46 495 ----a-w- c:\users\Mucahid\AppData\Local\check.vbs
2009-04-11 20:33 . 2009-04-11 12:46 41984 ----a-w- c:\users\Mucahid\AppData\Local\GoalWebServer2009.exe
2009-04-11 20:33 . 2009-04-11 12:46 306052 ----a-w- c:\users\Mucahid\AppData\Local\libssl32.dll
2009-04-11 20:33 . 2009-04-11 12:46 1420256 ----a-w- c:\users\Mucahid\AppData\Local\libeay32.dll
2009-04-11 20:33 . 2009-04-11 12:46 1011784 ----a-w- c:\users\Mucahid\AppData\Local\HamachiSetup-1.0.3.0-en.exe
2009-04-11 12:33 . 2009-04-11 12:33 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-04-03 17:48 . 2009-04-03 16:56 661 ---ha-w- C:\os704404.bin
2009-03-25 09:06 . 2009-02-11 19:21 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 09:06 . 2009-02-11 19:21 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 09:06 . 2009-02-11 19:21 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 09:06 . 2009-01-09 11:03 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 09:05 . 2009-02-11 19:19 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-03-24 21:39 . 2009-01-22 17:17 89 ----a-w- c:\users\Furkan\AppData\Local\usukwws.bat
2009-03-17 03:38 . 2009-04-15 10:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 10:38 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-16 14:08 . 2009-02-27 13:37 90 ----a-w- c:\users\Mucahid\AppData\Local\nnmftml.bat
2009-04-30 15:11 . 2008-08-13 17:02 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2008-04-08 14:13 . 2008-04-08 14:13 157184 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-04-08 23:39 . 2008-04-08 23:11 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-09 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-30 778240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-30 69632]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-10 68592]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-01 4702208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
c:\users\Furkan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2008-4-17 488728]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WiFi Station pour Livebox.lnk - c:\program files\Hercules\WiFi Station pour Livebox\WiFiLB.exe [2008-10-29 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Mucahid^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Notification de cadeaux MSN.lnk]
path=c:\users\Mucahid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notification de cadeaux MSN.lnk
backup=c:\windows\pss\Notification de cadeaux MSN.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-556349300-2617274519-4165335550-1002]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BD0F52EF-57D1-40C3-9340-311452739801}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5D0D7DC6-E644-4E1C-8DFF-BCABF7FF95C4}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9B1B6083-4C04-496A-AE0C-848BC268DDCE}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{DBF87929-363E-48AD-8708-F697C70C3806}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{1DA69B69-B200-4CD1-B9BF-F36067383676}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{21806E9E-BC5B-46BE-B798-ED83A4B7D830}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{5B199967-0FAB-465F-803A-C7129BC53A09}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"UDP Query User{FF48423E-6057-42D2-812A-8240E2CAB979}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= TCP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{7AA21EC2-BE18-483E-AD9B-468C7F154D0D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{981F5D47-64D1-439A-92D3-089F37956D7B}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{52420EE4-29C1-4B74-B26C-5141A02E1607}c:\\users\\mucahid\\desktop\\pes2009.exe"= UDP:c:\users\mucahid\desktop\pes2009.exe:pes2009.exe
"UDP Query User{3D37F019-3B56-454D-8BA1-C77F4879F49F}c:\\users\\mucahid\\desktop\\pes2009.exe"= TCP:c:\users\mucahid\desktop\pes2009.exe:pes2009.exe
"{77EDD6ED-3469-4B14-A2DE-BA120DF32F8A}"= Disabled:UDP:c:\users\Furkan\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{EC9D89BE-93CD-4997-9405-17F3E718FD88}"= Disabled:TCP:c:\users\Furkan\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"TCP Query User{643E1FE4-F482-46C0-8106-ED38B42375B7}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{8628AFD2-8150-456A-97ED-80B3A9858518}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{BA4FBC66-264D-4362-B90C-EA72DE19B4F6}c:\\users\\mucahid\\program files\\dna\\btdna.exe"= UDP:c:\users\mucahid\program files\dna\btdna.exe:btdna.exe
"UDP Query User{79CA3C95-2B5A-406C-A6D3-D6097BDAC4FC}c:\\users\\mucahid\\program files\\dna\\btdna.exe"= TCP:c:\users\mucahid\program files\dna\btdna.exe:btdna.exe
"{5A3351CC-FB3E-4716-9686-DEBF21DB5DC6}"= UDP:c:\program files\RealVNC\VNC4\winvnc4.exe:VNC Server
"{9C58D177-C03D-43FC-ACDF-D24388460374}"= TCP:c:\program files\RealVNC\VNC4\winvnc4.exe:VNC Server
"TCP Query User{79C97FDD-83D6-4133-A5B4-9A22FF3707ED}c:\\program files\\realvnc\\vnc4\\vncviewer.exe"= UDP:c:\program files\realvnc\vnc4\vncviewer.exe:VNC Viewer Personal Edition for Win32
"UDP Query User{134159BA-6A65-42CF-9131-D5B27DB5698B}c:\\program files\\realvnc\\vnc4\\vncviewer.exe"= TCP:c:\program files\realvnc\vnc4\vncviewer.exe:VNC Viewer Personal Edition for Win32
"TCP Query User{D1D9EF17-6249-4159-BFE1-5457307911AC}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{314B77FD-A2D3-464B-879C-F87003A0D379}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{9BD5AFFB-2EB5-4B90-8C78-C7213D3DCD9D}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{4E9A500F-1BC6-444B-B313-8C941A1882FC}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{23495BA4-8D35-4B96-8EEA-D76CFB945974}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{10327E92-23FA-40CC-B63E-73ED3AFBF80F}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{72915CCE-FC28-459F-A7D4-E25CD7600AFD}c:\\program files\\softick\\ppp\\bin\\pppgate.exe"= UDP:c:\program files\softick\ppp\bin\pppgate.exe:Win32 PPP Server
"UDP Query User{A9D4FAC7-7DCC-41D2-82D1-2449E8F5C8DE}c:\\program files\\softick\\ppp\\bin\\pppgate.exe"= TCP:c:\program files\softick\ppp\bin\pppgate.exe:Win32 PPP Server
"TCP Query User{644FD162-E8C5-4D34-B443-C8199365D45F}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.607\\uploader.exe"= UDP:c:\users\mucahid\appdata\local\temp\rar$ex00.607\uploader.exe:uploader.exe
"UDP Query User{6A2A3931-64CA-4F28-83DC-70D771E06F0D}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.607\\uploader.exe"= TCP:c:\users\mucahid\appdata\local\temp\rar$ex00.607\uploader.exe:uploader.exe
"TCP Query User{EDDFE0B3-A5B9-4BAB-B767-D251B8FEC271}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.341\\uploader.exe"= UDP:c:\users\mucahid\appdata\local\temp\rar$ex00.341\uploader.exe:uploader.exe
"UDP Query User{9FD4C85B-4A7F-4CB9-95C0-C625EBAE8AE7}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.341\\uploader.exe"= TCP:c:\users\mucahid\appdata\local\temp\rar$ex00.341\uploader.exe:uploader.exe
"TCP Query User{E5B38EF0-1234-45F5-86DE-71822AE9DCC8}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.186\\uploader.exe"= UDP:c:\users\mucahid\appdata\local\temp\rar$ex00.186\uploader.exe:uploader.exe
"UDP Query User{C5A8E69A-4C1C-44F3-87E2-33B8070DFD56}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.186\\uploader.exe"= TCP:c:\users\mucahid\appdata\local\temp\rar$ex00.186\uploader.exe:uploader.exe
"TCP Query User{A228A2F0-BD56-44CB-9A73-429A2C1814A4}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex16.517\\uploader.exe"= UDP:c:\users\mucahid\appdata\local\temp\rar$ex16.517\uploader.exe:uploader.exe
"UDP Query User{3F969ACA-7970-4B9B-8A80-0CBBA30EC8C1}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex16.517\\uploader.exe"= TCP:c:\users\mucahid\appdata\local\temp\rar$ex16.517\uploader.exe:uploader.exe
"TCP Query User{DF6412BC-8933-4828-B9BA-CA1E0B3BB60A}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.998\\uploader.exe"= UDP:c:\users\mucahid\appdata\local\temp\rar$ex00.998\uploader.exe:uploader.exe
"UDP Query User{734C9A24-98BC-43D1-B78C-81B54758CAC1}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.998\\uploader.exe"= TCP:c:\users\mucahid\appdata\local\temp\rar$ex00.998\uploader.exe:uploader.exe
"TCP Query User{65AC5370-8A9E-434D-9A04-BB791987B7E5}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.575\\uploader.exe"= UDP:c:\users\mucahid\appdata\local\temp\rar$ex00.575\uploader.exe:uploader.exe
"UDP Query User{9B53168D-6629-4A1E-BFB4-BD64C2CCB017}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.575\\uploader.exe"= TCP:c:\users\mucahid\appdata\local\temp\rar$ex00.575\uploader.exe:uploader.exe
"TCP Query User{38020602-7616-4B27-9B1B-57BE127E3892}c:\\users\\mucahid\\desktop\\java\\uploader.exe"= UDP:c:\users\mucahid\desktop\java\uploader.exe:uploader.exe
"UDP Query User{57F95C53-6085-4DEC-A295-70D94FC1D577}c:\\users\\mucahid\\desktop\\java\\uploader.exe"= TCP:c:\users\mucahid\desktop\java\uploader.exe:uploader.exe
"TCP Query User{FD5512EB-1659-4BFD-BFC9-466E5F7FB74A}c:\\users\\mucahid\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= UDP:c:\users\mucahid\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe
"UDP Query User{CE61BD9E-0AA2-4ECF-A064-560E75AED7A0}c:\\users\\mucahid\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= TCP:c:\users\mucahid\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe
"TCP Query User{186DB4C6-3C9C-4772-BD6A-46BB803F177A}c:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"UDP Query User{7CCEDD65-2D03-4713-AE5E-DC380C99A5C8}c:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"TCP Query User{6F7D9B0F-14C1-4C1E-BE6D-D2EFF276F666}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{0E6458FB-3FD1-450A-B4FD-D639EBE2F578}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{E20CDFB6-0F0C-40FC-8B00-D639FADA80FA}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.836\\trackmaniaserver.exe"= UDP:c:\users\mucahid\appdata\local\temp\rar$ex00.836\trackmaniaserver.exe:trackmaniaserver.exe
"UDP Query User{411E298A-8CB5-4B06-985F-A23B357DFE7A}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.836\\trackmaniaserver.exe"= TCP:c:\users\mucahid\appdata\local\temp\rar$ex00.836\trackmaniaserver.exe:trackmaniaserver.exe
"TCP Query User{E068F7BF-78EA-407F-A292-71287B2828BA}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.919\\trackmaniaserver.exe"= UDP:c:\users\mucahid\appdata\local\temp\rar$ex00.919\trackmaniaserver.exe:trackmaniaserver.exe
"UDP Query User{F05C304D-BC11-49B8-9425-EFCFF974E30A}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.919\\trackmaniaserver.exe"= TCP:c:\users\mucahid\appdata\local\temp\rar$ex00.919\trackmaniaserver.exe:trackmaniaserver.exe
"TCP Query User{4717B686-3371-4B21-AA14-92A807C90F4D}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{77350276-B21E-45CD-955C-8C197141D24F}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{3358D1F9-DE65-4E01-8C31-A2AD8779E1C5}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.919\\portchkpes2009eupc.exe"= UDP:c:\users\mucahid\appdata\local\temp\rar$ex00.919\portchkpes2009eupc.exe:portchkpes2009eupc.exe
"UDP Query User{4C4299D6-E013-4B4E-9C09-BF465F2AAFE7}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.919\\portchkpes2009eupc.exe"= TCP:c:\users\mucahid\appdata\local\temp\rar$ex00.919\portchkpes2009eupc.exe:portchkpes2009eupc.exe
"TCP Query User{462EBD9D-0384-4B7E-89DC-935B28343F33}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{F755B2D4-05CD-4318-9D44-65C108D3C5EB}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{F487F47E-DE87-4C84-97BA-E4C7C0F59F34}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{5FF09896-2A7C-4450-AF0B-99D34ED172E1}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{A85130C7-B68E-4EFB-AC44-2289D8FEA82D}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{EA679115-C973-4A5C-844B-3A6EA9C43566}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{E9B8315F-7AFC-4D54-B382-5CA1AE38AB41}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{25A5148B-5A9A-4F41-BF2C-B2399787ABF0}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{4F263E99-83D7-4BE5-9F5F-9BE558245AFF}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{5AD0900E-AA6F-4669-94A6-61125D660B4E}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{8FA58290-EB0C-45A9-A5B4-664A2C2E52EA}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{07FF4D7A-8D4B-433C-90D1-1234C423D354}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{E1136A24-227F-4959-B0FA-D57A61EE4925}c:\\program files\\activision\\call of duty - world at war\\codwaw_lanfixed.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{4CBABAF8-9899-42D0-BF44-1088B02D7675}c:\\program files\\activision\\call of duty - world at war\\codwaw_lanfixed.exe"= TCP:c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe:Call of Duty(R): World at War Campaign/Coop
"TCP Query User{35C1F5B9-AE67-4960-BC54-1AECED43DA8C}c:\\program files\\activision\\call of duty - world at war\\codwaw 1.2 lanfix.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw 1.2 lanfix.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{70173B10-C72F-4721-84BD-4E876151A4A5}c:\\program files\\activision\\call of duty - world at war\\codwaw 1.2 lanfix.exe"= TCP:c:\program files\activision\call of duty - world at war\codwaw 1.2 lanfix.exe:Call of Duty(R): World at War Campaign/Coop
"TCP Query User{7AF2D93D-41E8-446F-BFBA-52A8E1E923F1}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"UDP Query User{77F08B6B-AF4A-4E66-B0DE-AC9844028F22}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= TCP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{C2DE97B9-C872-4F22-83DA-E4F1D852FF2F}c:\\program files\\activision\\call of duty - world at war\\codwawmp.exe"= UDP:c:\program files\activision\call of duty - world at war\codwawmp.exe:Call of Duty(R): World at War Multiplayer
"UDP Query User{AFAA83E0-C8B9-41CF-B9DF-F153BC2AED0C}c:\\program files\\activision\\call of duty - world at war\\codwawmp.exe"= TCP:c:\program files\activision\call of duty - world at war\codwawmp.exe:Call of Duty(R): World at War Multiplayer
"TCP Query User{4C8E53CF-4121-417D-BD88-9543CA2ADCBF}c:\\users\\mucahid\\desktop\\garena\\garena.exe"= UDP:c:\users\mucahid\desktop\garena\garena.exe:garena.exe
"UDP Query User{CD8CBCC6-8CF5-493B-BF10-B80845857856}c:\\users\\mucahid\\desktop\\garena\\garena.exe"= TCP:c:\users\mucahid\desktop\garena\garena.exe:garena.exe
"TCP Query User{38F14CFC-33D5-44A1-9751-0761E5669D68}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{E172D16F-6609-44AA-8FEE-E5A623F845FB}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{1BE9302B-25C9-4C04-AC16-930E80F9E89C}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{B019EFC6-FBCA-484C-B591-3925933E878E}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{DCA4F1BF-082B-4F99-8D0F-AB53F175C1B6}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{F305C842-CEC8-4612-BF72-B35E5BC691D4}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{B9D99C37-D78C-4C9A-B5A6-955153C357B5}c:\\program files\\webcam\\webcam123\\wsrv.exe"= UDP:c:\program files\webcam\webcam123\wsrv.exe:WSRV
"UDP Query User{FA33D061-0924-4632-B783-9D00111B17E2}c:\\program files\\webcam\\webcam123\\wsrv.exe"= TCP:c:\program files\webcam\webcam123\wsrv.exe:WSRV
"TCP Query User{5BE0F209-C7A5-4D22-9859-C93FF359E4DE}c:\\program files\\webcam\\webcam123\\webcam.exe"= UDP:c:\program files\webcam\webcam123\webcam.exe:Webcam 1-2-3
"UDP Query User{60747C6F-22D9-4059-90C4-8DFDF006F0F9}c:\\program files\\webcam\\webcam123\\webcam.exe"= TCP:c:\program files\webcam\webcam123\webcam.exe:Webcam 1-2-3
"TCP Query User{9D200936-0EAE-4A0E-BBE3-4B6269A47AAD}c:\\program files\\voipbuster.com\\voipbuster\\voipbuster.exe"= UDP:c:\program files\voipbuster.com\voipbuster\voipbuster.exe:Client to make VoIP calls.
"UDP Query User{C94599D4-83B7-4FE9-B44D-DDBD6AEEECD8}c:\\program files\\voipbuster.com\\voipbuster\\voipbuster.exe"= TCP:c:\program files\voipbuster.com\voipbuster\voipbuster.exe:Client to make VoIP calls.
"TCP Query User{BD8557D2-A022-479C-ADF7-65336AFFB76F}c:\\program files\\activision\\call of duty - world at war\\server.1.3.exe"= UDP:c:\program files\activision\call of duty - world at war\server.1.3.exe:Call of Duty(R): World at War Multiplayer
"UDP Query User{8CEA81DA-F14A-4556-814E-21E2BDFDDE4D}c:\\program files\\activision\\call of duty - world at war\\server.1.3.exe"= TCP:c:\program files\activision\call of duty - world at war\server.1.3.exe:Call of Duty(R): World at War Multiplayer
"TCP Query User{360CA650-E73B-42B7-A7A0-00DADA45D7CA}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{38EB5842-ED6C-4237-933F-6DD6BE90716F}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{B68662D2-5732-4A2A-97B8-C9C215DEC648}c:\\program files\\anonymizer\\anonymizer software\\common\\anonproxy.exe"= UDP:c:\program files\anonymizer\anonymizer software\common\anonproxy.exe:AnonProxy
"UDP Query User{E36EDFED-CED9-4116-995A-016B0587707B}c:\\program files\\anonymizer\\anonymizer software\\common\\anonproxy.exe"= TCP:c:\program files\anonymizer\anonymizer software\common\anonproxy.exe:AnonProxy
"{3E186776-09D1-4F7B-A241-986594D81346}"= UDP:c:\users\Mucahid\AppData\Local\Temp\7zS6FC4.tmp\SymNRT.exe:Norton Removal Tool
"{A235A6A9-D7FE-47C4-8269-864CFDBC9333}"= TCP:c:\users\Mucahid\AppData\Local\Temp\7zS6FC4.tmp\SymNRT.exe:Norton Removal Tool
"TCP Query User{5C47A926-D12E-4719-A678-BE5F1FA25817}c:\\users\\mucahid\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= UDP:c:\users\mucahid\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe
"UDP Query User{2D6E78D6-36B0-4073-ADE6-1ACB270C5E2D}c:\\users\\mucahid\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= TCP:c:\users\mucahid\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe
"TCP Query User{5ED38026-4058-4483-B2C0-B92439702B0F}c:\\users\\mucahid\\desktop\\java(365)\\uploader.exe"= UDP:c:\users\mucahid\desktop\java(365)\uploader.exe:uploader.exe
"UDP Query User{FA6DE39B-9177-45A3-A8DF-E3BFED94D90A}c:\\users\\mucahid\\desktop\\java(365)\\uploader.exe"= TCP:c:\users\mucahid\desktop\java(365)\uploader.exe:uploader.exe
"TCP Query User{F13FEA7E-E762-4D69-8DE5-B562B32BB60D}c:\\users\\mucahid\\desktop\\java\\uploader.exe"= UDP:c:\users\mucahid\desktop\java\uploader.exe:uploader.exe
"UDP Query User{DFE7B4E6-66A6-46F9-97D5-082C8A569993}c:\\users\\mucahid\\desktop\\java\\uploader.exe"= TCP:c:\users\mucahid\desktop\java\uploader.exe:uploader.exe
"TCP Query User{481F30D2-A95A-4665-BDF6-CD40B316C74B}c:\\program files\\konami\\pro evolution soccer 2009\\goalserver2009.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\goalserver2009.exe:GoalServer2009
"UDP Query User{54708D90-E317-4BF3-BF69-438FC0FF3B93}c:\\program files\\konami\\pro evolution soccer 2009\\goalserver2009.exe"= TCP:c:\program files\konami\pro evolution soccer 2009\goalserver2009.exe:GoalServer2009
"TCP Query User{F2BDDCF9-5F8D-4F38-8E5B-050AFB9B50EE}c:\\program files\\konami\\pro evolution soccer 2009\\goalwebserver2009.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\goalwebserver2009.exe:GoalWebServer2009
"UDP Query User{65EFEA46-60DC-4304-AA33-05BD81C62559}c:\\program files\\konami\\pro evolution soccer 2009\\goalwebserver2009.exe"= TCP:c:\program files\konami\pro evolution soccer 2009\goalwebserver2009.exe:GoalWebServer2009
"TCP Query User{9DC04CF2-6A50-4440-AF5B-3C76AE2080F7}c:\\program files\\konami\\pro evolution soccer 2009\\stunnel\\stunnel.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\stunnel\stunnel.exe:stunnel
"UDP Query User{BCE58C0F-C820-4D74-A997-181D24C8D2CA}c:\\program files\\konami\\pro evolution soccer 2009\\stunnel\\stunnel.exe"= TCP:c:\program files\konami\pro evolution soccer 2009\stunnel\stunnel.exe:stunnel
"TCP Query User{AE79BBD8-8C42-412D-A7A1-9DFEB655E54F}c:\\tempo\\goalserver2009kp\\goalwebserver2009.exe"= UDP:c:\tempo\goalserver2009kp\goalwebserver2009.exe:GoalWebServer2009
"UDP Query User{09C0796C-0EA4-4582-868A-A6139C6904BD}c:\\tempo\\goalserver2009kp\\goalwebserver2009.exe"= TCP:c:\tempo\goalserver2009kp\goalwebserver2009.exe:GoalWebServer2009
"TCP Query User{13366873-F1EC-44A6-A13B-2948BD2E8413}c:\\tempo\\goalserver2009kp\\stunnel\\stunnel.exe"= UDP:c:\tempo\goalserver2009kp\stunnel\stunnel.exe:stunnel
"UDP Query User{EF677F89-4ACD-465E-9B02-0E501C4CFDE2}c:\\tempo\\goalserver2009kp\\stunnel\\stunnel.exe"= TCP:c:\tempo\goalserver2009kp\stunnel\stunnel.exe:stunnel
"TCP Query User{A6323AC1-4EFE-4EAE-8B84-BC30150362DD}c:\\tempo\\goalserver2009kp\\goalserver2009.exe"= UDP:c:\tempo\goalserver2009kp\goalserver2009.exe:GoalServer2009
"UDP Query User{D330BE82-77D2-4F20-8C0E-2DC39167F666}c:\\tempo\\goalserver2009kp\\goalserver2009.exe"= TCP:c:\tempo\goalserver2009kp\goalserver2009.exe:GoalServer2009
"TCP Query User{4EDD6484-01F7-40C5-9629-3C10E3995769}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{C967DCD7-8B06-42BA-92DA-300FD9F60874}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{4B778590-BAFE-40A6-9938-836D7D6F6620}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex02.593\\goalserver2009\\goalserver2009.exe"= UDP:c:\users\mucahid\appdata\local\temp\rar$ex02.593\goalserver2009\goalserver2009.exe:goalserver2009.exe
"UDP Query User{7ED8C7BF-8B61-4EED-9239-BEBB63E014E2}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex02.593\\goalserver2009\\goalserver2009.exe"= TCP:c:\users\mucahid\appdata\local\temp\rar$ex02.593\goalserver2009\goalserver2009.exe:goalserver2009.exe
"TCP Query User{EB26CAE8-D307-4018-8504-FB660C0757FD}c:\\users\\mucahid\\program files\\dna\\btdna.exe"= UDP:c:\users\mucahid\program files\dna\btdna.exe:btdna.exe
"UDP Query User{4D6CFC00-CFD0-4CCC-9D78-DAA5364C07BA}c:\\users\\mucahid\\program files\\dna\\btdna.exe"= TCP:c:\users\mucahid\program files\dna\btdna.exe:btdna.exe
"{F7EC7706-F413-4F34-B004-3C8BBADC49AC}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{87321FE0-C55D-4E4E-A683-F1B5251A6297}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{EA56DF34-8382-4BE9-AAB0-CA3E33F697B0}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
"UDP Query User{116C47E2-5468-4D28-8FBF-E2DDC50F1AC8}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA
"{DBB726E9-9F5B-4F6A-AB2A-026DD796EA52}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{810D1481-5CF5-48A8-8D13-659B89EFCA2C}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{EED366B4-893B-4B84-A27C-80F89DA93D91}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{7DCACAC9-F056-43C6-8583-B949C74A73D6}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{CBBD8332-4F4F-401B-AF5A-81577F05DF08}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{8AA167BF-5FA7-4FCF-82A3-9072ED0F05DC}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{53076A12-2003-49FB-8EE1-A110A77351A6}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{60462977-7412-4320-93EE-AB2130BFACAF}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{5C7135DD-8B76-48BF-B382-8A62F39B7B32}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{F7C1B5AD-7E79-48FE-BA4E-94E518ACE012}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{74E47D7A-1FB9-4885-8718-2BE94F783564}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{31A2775E-CEB7-4271-9C54-DCA9EB0892FD}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{1B3F885A-3DB9-4455-8E21-25F2F48496A1}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{3DE82BC1-6223-49A0-B117-ECB6A7BD071A}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [02/07/2008 13:07 82696]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [30/05/2009 19:10 233472]
R3 bdfm;BDFM;c:\windows\System32\drivers\bdfm.sys [12/08/2008 18:40 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [14/08/2008 18:54 104328]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [30/05/2009 19:10 36608]
R3 netr73;Hercules Wireless USB Dongle Driver for Vista;c:\windows\System32\drivers\netr73.sys [29/10/2008 20:59 256000]
S2 gupdate1c98aef813cc9ed;Google Update Service (gupdate1c98aef813cc9ed);c:\program files\Google\Update\GoogleUpdate.exe [09/02/2009 21:49 133104]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/07/2008 13:06 118784]
S3 epmntdrv;epmntdrv;c:\windows\System32\epmntdrv.sys [01/06/2009 15:46 9728]
S3 EuGdiDrv;EuGdiDrv;c:\windows\System32\EuGdiDrv.sys [01/06/2009 15:46 3072]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [21/04/2009 15:36 216232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'
2009-06-12 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-04-08 16:38]
2009-06-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 19:49]
2009-06-12 c:\windows\Tasks\User_Feed_Synchronization-{85F9A1E9-8484-4F3A-901E-ADF14F129533}.job
- c:\windows\system32\msfeedssync.exe [2009-05-07 11:31]
2009-06-12 c:\windows\Tasks\User_Feed_Synchronization-{983CC906-7A11-4DBC-A02C-B3803AF6A1C6}.job
- c:\windows\system32\msfeedssync.exe [2009-05-07 11:31]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-fsm - (no file)
HKCU-RunOnce-Shockwave Updater - c:\windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET
HKLM-Run-NPSStartup - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = local
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://m6.powerchallenge.com/applet/PowerLoader.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
FF - ProfilePath - c:\users\Mucahid\AppData\Roaming\Mozilla\Firefox\Profiles\7ci7vonf.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\users\Mucahid\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 10:26
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-556349300-2617274519-4165335550-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0FA930B0-DE4F-5619-C51F-6980249E97C6}*]
"hajhdjmhfechohba"=hex:6a,61,63,6c,6d,69,6e,6b,6e,67,66,69,66,68,67,6f,6d,6b,
61,66,00,00
[HKEY_USERS\S-1-5-21-556349300-2617274519-4165335550-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAD47439-4FDD-CA55-6D2A-A5F650760E07}*]
"pacbldnakdoplmfecndiefafbbbcjeli"=hex:6b,61,67,6d,68,67,6e,61,69,6d,61,69,70,
63,68,67,68,70,6a,69,70,61,00,00
"oaiadbodeahaaefojpjgfaecfkapmf"=hex:6a,61,68,6d,70,64,64,6e,6b,6d,63,62,65,66,
6a,67,68,63,68,6f,00,ea
"oacbldnakdoplmfecndiffnefohffj"=hex:6b,61,67,6d,68,67,6e,61,69,6d,61,69,70,63,
68,67,68,70,6a,69,70,61,00,00
"naiadbodeahaaefojpkgopgnkpff"=hex:6a,61,63,6d,69,65,64,6e,68,64,6d,66,6f,6a,
61,6f,63,6c,6f,65,00,ea
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(7224)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Autres processus actifs ------------------------
.
SystemRoot\System32\smss.exe [480]
c:\windows\system32\csrss.exe [548]
c:\windows\system32\wininit.exe [596]
c:\windows\system32\csrss.exe [608]
c:\windows\system32\services.exe [644]
c:\windows\system32\lsass.exe [656]
c:\windows\system32\lsm.exe [668]
c:\windows\system32\svchost.exe [816]
c:\windows\system32\nvvsvc.exe [860]
c:\windows\system32\winlogon.exe [884]
c:\windows\system32\svchost.exe [928]
c:\windows\System32\svchost.exe [988]
c:\windows\System32\svchost.exe [1208]
c:\windows\System32\svchost.exe [1240]
c:\windows\system32\svchost.exe [1292]
c:\windows\system32\svchost.exe [1444]
c:\windows\system32\SLsvc.exe [1460]
c:\windows\system32\svchost.exe [1524]
c:\windows\system32\svchost.exe [1680]
c:\windows\system32\rundll32.exe [1784]
c:\windows\System32\spoolsv.exe [1920]
c:\windows\system32\svchost.exe [1948]
c:\windows\system32\FsUsbExService.Exe [1508]
c:\program files\Google\Update\GoogleUpdate.exe [2116]
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2124]
c:\windows\System32\svchost.exe [2140]
c:\windows\System32\svchost.exe [2268]
c:\windows\system32\PnkBstrA.exe [2280]
c:\windows\system32\svchost.exe [2292]
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2304]
c:\windows\system32\svchost.exe [2392]
c:\windows\System32\svchost.exe [2432]
c:\windows\system32\SearchIndexer.exe [2500]
c:\windows\system32\WUDFHost.exe [2676]
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [3244]
c:\windows\system32\Dwm.exe [3280]
c:\windows\system32\taskeng.exe [3328]
c:\windows\system32\taskeng.exe [3528]
c:\windows\system32\conime.exe [3916]
c:\windows\system32\CF6381.exe [3692]
c:\windows\RtHDVCpl.exe [4032]
c:\windows\System32\rundll32.exe [2376]
c:\program files\Java\jre6\bin\jusched.exe [2452]
c:\program files\Windows Sidebar\sidebar.exe [2112]
c:\windows\ehome\ehtray.exe [1828]
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [3888]
c:\program files\Hercules\WiFi Station pour Livebox\WiFiLB.exe [1076]
c:\windows\ehome\ehmsas.exe [4180]
c:\windows\system32\wbem\unsecapp.exe [6048]
c:\windows\system32\wbem\wmiprvse.exe [6104]
c:\windows\servicing\TrustedInstaller.exe [6124]
c:\windows\system32\wuauclt.exe [4332]
c:\windows\Explorer.exe [7224]
c:\windows\system32\DllHost.exe [8796]
c:\combofix\catchme.cfexe [9828]
.
**************************************************************************
.
Heure de fin: 2009-06-12 10:34 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-12 08:34
Avant-CF: 150 282 686 464 octets libres
Après-CF: 150 296 104 960 octets libres
502 --- E O F --- 2009-06-11 20:08
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1152 [GMT 2:00]
Lancé depuis: c:\users\Mucahid\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\TEMP\logishrd\LVPrcInj02.dll
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-12 au 2009-06-12 ))))))))))))))))))))))))))))))))))))
.
2009-06-12 08:24 . 2009-06-12 08:26 -------- d-----w- c:\users\Mucahid\AppData\Local\temp
2009-06-12 08:24 . 2009-06-12 08:24 -------- d-----w- c:\users\Furkan\AppData\Local\temp
2009-06-11 14:59 . 2009-06-11 15:00 -------- d-----w- C:\rsit
2009-06-11 14:53 . 2009-06-11 14:53 -------- d-----w- c:\users\Mucahid\AppData\Roaming\Malwarebytes
2009-06-11 14:53 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-11 14:53 . 2009-06-11 14:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-11 14:53 . 2009-06-11 14:53 -------- d-----w- c:\programdata\Malwarebytes
2009-06-11 14:53 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 11:18 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-10 11:03 . 2009-06-10 11:02 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3BAA.tmp.exe
2009-06-06 13:11 . 2009-06-06 13:11 -------- d-----w- c:\program files\Software Informer
2009-06-01 14:52 . 2009-06-01 14:52 -------- d-----w- c:\users\Mucahid\AppData\Local\vdownloader
2009-06-01 13:46 . 2009-03-19 12:03 1907712 ----a-w- c:\windows\system32\BootMan.exe
2009-06-01 13:46 . 2009-02-25 18:22 9728 ----a-w- c:\windows\system32\epmntdrv.sys
2009-06-01 13:46 . 2009-02-25 18:22 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2009-06-01 13:46 . 2009-02-25 18:22 3072 ----a-w- c:\windows\system32\EuGdiDrv.sys
2009-06-01 13:46 . 2009-02-25 18:21 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2009-06-01 13:46 . 2009-06-01 13:46 -------- d-----w- c:\program files\EASEUS
2009-05-30 21:06 . 2009-05-30 21:06 -------- d-----w- c:\users\Furkan\AppData\Roaming\PC Suite
2009-05-30 20:11 . 2009-05-30 20:11 -------- d-----w- c:\users\Mucahid\AppData\Roaming\PC Suite
2009-05-30 20:11 . 2009-05-30 20:11 -------- d-----w- c:\programdata\PC Suite
2009-05-30 20:07 . 2007-05-02 14:31 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-05-30 20:07 . 2009-05-30 20:07 -------- d-----w- c:\program files\DIFX
2009-05-30 20:07 . 2007-09-17 13:53 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-05-30 20:05 . 2009-05-30 20:05 -------- d-----w- c:\program files\MarkAny
2009-05-30 20:05 . 2009-05-30 20:07 -------- d-----w- c:\program files\PC Connectivity Solution
2009-05-30 20:03 . 2009-05-30 20:03 -------- d-----w- c:\users\Mucahid\AppData\Local\Downloaded Installations
2009-05-30 17:10 . 2009-04-07 07:39 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2009-05-30 17:10 . 2009-04-07 07:39 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2009-05-30 17:10 . 2009-04-07 07:39 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2009-05-29 20:36 . 2009-05-29 20:36 -------- d-----w- c:\users\Furkan\.thumbnails
2009-05-29 20:35 . 2009-05-29 20:37 -------- d-----w- c:\users\Furkan\.gimp-2.6
2009-05-29 20:35 . 2009-05-30 16:18 -------- d-----w- c:\users\Furkan\.gegl-0.0
2009-05-24 12:49 . 2009-05-24 12:49 -------- d-sh--w- C:\found.001
2009-05-21 11:03 . 2009-05-21 11:03 135680 ----a-w- c:\users\Mucahid\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2009-05-17 14:00 . 2009-05-14 13:20 2645832 ----a-w- c:\users\Mucahid\AppData\Roaming\Mozilla\Firefox\Profiles\7ci7vonf.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\maconfsetup.exe
2009-05-17 14:00 . 2009-05-14 12:56 402800 ----a-w- c:\users\Mucahid\AppData\Roaming\Mozilla\Firefox\Profiles\7ci7vonf.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
2009-05-14 14:23 . 2009-05-14 14:23 -------- d-----w- c:\program files\ma-config.com
2009-05-14 14:23 . 2009-05-14 14:23 -------- d-----w- c:\programdata\ma-config.com
2009-05-13 11:18 . 2009-05-13 11:26 -------- d-----w- c:\program files\Kellogg's Afrique
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-12 08:24 . 2009-04-28 19:06 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-11 15:00 . 2009-03-27 16:49 -------- d-----w- c:\program files\Trend Micro
2009-06-11 13:48 . 2009-04-02 13:47 89 ----a-w- c:\users\Furkan\AppData\Local\qmiok.bat
2009-06-10 18:08 . 2008-04-08 14:18 -------- d-----w- c:\programdata\Microsoft Help
2009-06-08 16:36 . 2008-04-08 23:07 678718 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-08 16:36 . 2008-04-08 23:07 127798 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-08 16:25 . 2009-04-11 13:42 -------- d-----w- c:\users\Mucahid\AppData\Roaming\BitTorrent
2009-06-06 14:31 . 2009-04-29 18:46 -------- d-----w- c:\program files\Bus Simulator 2008 Demo
2009-06-02 17:28 . 2009-01-18 15:41 -------- d-----w- c:\users\Mucahid\AppData\Roaming\gtk-2.0
2009-06-02 13:34 . 2009-04-11 13:42 -------- d-----w- c:\users\Mucahid\AppData\Roaming\DNA
2009-06-01 12:43 . 2008-04-08 14:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-31 19:15 . 2008-12-18 18:58 86576 ----a-w- c:\users\Mucahid\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-05-31 19:15 . 2008-12-18 18:58 132672 ----a-w- c:\users\Mucahid\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2009-05-31 19:15 . 2008-12-18 18:58 392728 ----a-w- c:\users\Mucahid\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
2009-05-31 18:51 . 2008-12-06 15:33 -------- d-----w- c:\program files\Samsung
2009-05-30 20:05 . 2008-10-29 22:06 -------- d-----w- c:\users\Mucahid\AppData\Roaming\Samsung
2009-05-21 13:39 . 2008-04-08 14:20 -------- d-----w- c:\program files\Microsoft.NET
2009-05-20 15:41 . 2008-11-05 14:18 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-19 19:08 . 2008-10-29 22:34 8268 ----a-w- c:\users\Mucahid\AppData\Local\d3d9caps.dat
2009-05-13 17:39 . 2009-04-24 14:08 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-13 13:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-13 13:10 . 2008-12-10 16:34 -------- d-----w- c:\program files\Cheat Engine
2009-05-13 12:10 . 2008-11-27 11:48 -------- d-----w- c:\program files\DNA
2009-05-10 14:50 . 2009-05-10 14:50 -------- d-----w- c:\users\Mucahid\AppData\Roaming\Skype
2009-05-10 09:08 . 2008-04-08 14:13 -------- d-----w- c:\program files\Google
2009-05-09 05:50 . 2009-06-10 11:19 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 11:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-07 16:47 . 2009-03-03 15:33 -------- d-----w- c:\users\Mucahid\AppData\Roaming\Hamachi
2009-05-07 11:01 . 2008-10-30 10:21 97704 ----a-w- c:\users\Furkan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-06 12:35 . 2008-12-18 18:58 0 ----a-r- c:\users\Mucahid\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
2009-05-05 11:03 . 2008-10-29 18:54 97704 ----a-w- c:\users\Mucahid\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 17:38 . 2009-05-01 17:35 -------- d-----w- c:\program files\Blockland
2009-04-30 15:13 . 2008-04-23 16:34 192512 ----a-w- c:\windows\system32\txmlutil.dll
2009-04-30 15:13 . 2008-08-12 16:40 242184 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2009-04-30 15:13 . 2008-08-14 16:54 104328 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2009-04-30 15:13 . 2008-08-12 16:40 111112 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-04-30 15:13 . 2008-07-02 11:07 82696 ----a-w- c:\windows\system32\drivers\BDVEDISK.sys
2009-04-30 13:23 . 2009-04-12 19:29 -------- d-----w- c:\users\Mucahid\AppData\Roaming\tor
2009-04-30 13:23 . 2009-04-12 19:29 -------- d-----w- c:\users\Mucahid\AppData\Roaming\Vidalia
2009-04-30 12:53 . 2009-04-30 12:53 -------- d-----w- c:\program files\BitDefender
2009-04-30 12:53 . 2009-04-28 18:47 -------- d-----w- c:\program files\Common Files\BitDefender
2009-04-30 11:40 . 2009-04-30 11:40 -------- d-----w- c:\users\Furkan\AppData\Roaming\BitDefender
2009-04-29 12:40 . 2009-04-29 12:32 -------- d-----w- c:\programdata\BitDefender
2009-04-29 12:33 . 2009-04-29 12:33 -------- d-----w- c:\users\Mucahid\AppData\Roaming\BitDefender
2009-04-28 17:58 . 2009-02-11 18:33 -------- d-----w- c:\programdata\McAfee
2009-04-27 13:55 . 2009-04-27 13:55 -------- d-----w- c:\program files\CamStudio
2009-04-26 21:46 . 2009-04-26 21:46 -------- d-----w- c:\users\Mucahid\AppData\Roaming\Reallusion
2009-04-26 21:23 . 2009-04-26 21:23 -------- d-----w- c:\program files\Reallusion
2009-04-26 15:54 . 2009-04-26 15:54 -------- d-----w- c:\programdata\Chat Republic Games
2009-04-24 13:13 . 2008-12-26 09:00 -------- d-----w- c:\programdata\TrackMania
2009-04-23 12:42 . 2009-06-10 11:19 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 11:19 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 15:53 . 2009-04-17 15:50 -------- d-----w- c:\program files\Virtual Earth 3D
2009-04-14 20:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-04-12 10:39 . 2009-04-12 10:39 57344 ----a-w- c:\windows\system32\COMMTB32.DLL
2009-04-12 10:39 . 2009-04-12 10:39 169984 ----a-w- c:\windows\system32\P2D.DLL
2009-04-12 10:39 . 2009-04-12 10:38 161552 ----a-w- c:\windows\system32\ASYCPICT.DLL
2009-04-11 20:33 . 2009-04-11 12:46 91648 ----a-w- c:\users\Mucahid\AppData\Local\stunnel.exe
2009-04-11 20:33 . 2009-04-11 12:46 802 ----a-w- c:\users\Mucahid\AppData\Local\crt.vbs
2009-04-11 20:33 . 2009-04-11 12:46 74240 ----a-w- c:\users\Mucahid\AppData\Local\zlib1.dll
2009-04-11 20:33 . 2009-04-11 12:46 65024 ----a-w- c:\users\Mucahid\AppData\Local\GoalServer2009.exe
2009-04-11 20:33 . 2009-04-11 12:46 495 ----a-w- c:\users\Mucahid\AppData\Local\check.vbs
2009-04-11 20:33 . 2009-04-11 12:46 41984 ----a-w- c:\users\Mucahid\AppData\Local\GoalWebServer2009.exe
2009-04-11 20:33 . 2009-04-11 12:46 306052 ----a-w- c:\users\Mucahid\AppData\Local\libssl32.dll
2009-04-11 20:33 . 2009-04-11 12:46 1420256 ----a-w- c:\users\Mucahid\AppData\Local\libeay32.dll
2009-04-11 20:33 . 2009-04-11 12:46 1011784 ----a-w- c:\users\Mucahid\AppData\Local\HamachiSetup-1.0.3.0-en.exe
2009-04-11 12:33 . 2009-04-11 12:33 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-04-03 17:48 . 2009-04-03 16:56 661 ---ha-w- C:\os704404.bin
2009-03-25 09:06 . 2009-02-11 19:21 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 09:06 . 2009-02-11 19:21 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 09:06 . 2009-02-11 19:21 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 09:06 . 2009-01-09 11:03 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 09:05 . 2009-02-11 19:19 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-03-24 21:39 . 2009-01-22 17:17 89 ----a-w- c:\users\Furkan\AppData\Local\usukwws.bat
2009-03-17 03:38 . 2009-04-15 10:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 10:38 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-16 14:08 . 2009-02-27 13:37 90 ----a-w- c:\users\Mucahid\AppData\Local\nnmftml.bat
2009-04-30 15:11 . 2008-08-13 17:02 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2008-04-08 14:13 . 2008-04-08 14:13 157184 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-04-08 23:39 . 2008-04-08 23:11 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-09 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-30 778240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-30 69632]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-10 68592]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-01 4702208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
c:\users\Furkan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2008-4-17 488728]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WiFi Station pour Livebox.lnk - c:\program files\Hercules\WiFi Station pour Livebox\WiFiLB.exe [2008-10-29 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Mucahid^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Notification de cadeaux MSN.lnk]
path=c:\users\Mucahid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notification de cadeaux MSN.lnk
backup=c:\windows\pss\Notification de cadeaux MSN.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-556349300-2617274519-4165335550-1002]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BD0F52EF-57D1-40C3-9340-311452739801}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5D0D7DC6-E644-4E1C-8DFF-BCABF7FF95C4}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9B1B6083-4C04-496A-AE0C-848BC268DDCE}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{DBF87929-363E-48AD-8708-F697C70C3806}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{1DA69B69-B200-4CD1-B9BF-F36067383676}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{21806E9E-BC5B-46BE-B798-ED83A4B7D830}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{5B199967-0FAB-465F-803A-C7129BC53A09}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"UDP Query User{FF48423E-6057-42D2-812A-8240E2CAB979}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= TCP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{7AA21EC2-BE18-483E-AD9B-468C7F154D0D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{981F5D47-64D1-439A-92D3-089F37956D7B}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{52420EE4-29C1-4B74-B26C-5141A02E1607}c:\\users\\mucahid\\desktop\\pes2009.exe"= UDP:c:\users\mucahid\desktop\pes2009.exe:pes2009.exe
"UDP Query User{3D37F019-3B56-454D-8BA1-C77F4879F49F}c:\\users\\mucahid\\desktop\\pes2009.exe"= TCP:c:\users\mucahid\desktop\pes2009.exe:pes2009.exe
"{77EDD6ED-3469-4B14-A2DE-BA120DF32F8A}"= Disabled:UDP:c:\users\Furkan\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{EC9D89BE-93CD-4997-9405-17F3E718FD88}"= Disabled:TCP:c:\users\Furkan\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"TCP Query User{643E1FE4-F482-46C0-8106-ED38B42375B7}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{8628AFD2-8150-456A-97ED-80B3A9858518}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{BA4FBC66-264D-4362-B90C-EA72DE19B4F6}c:\\users\\mucahid\\program files\\dna\\btdna.exe"= UDP:c:\users\mucahid\program files\dna\btdna.exe:btdna.exe
"UDP Query User{79CA3C95-2B5A-406C-A6D3-D6097BDAC4FC}c:\\users\\mucahid\\program files\\dna\\btdna.exe"= TCP:c:\users\mucahid\program files\dna\btdna.exe:btdna.exe
"{5A3351CC-FB3E-4716-9686-DEBF21DB5DC6}"= UDP:c:\program files\RealVNC\VNC4\winvnc4.exe:VNC Server
"{9C58D177-C03D-43FC-ACDF-D24388460374}"= TCP:c:\program files\RealVNC\VNC4\winvnc4.exe:VNC Server
"TCP Query User{79C97FDD-83D6-4133-A5B4-9A22FF3707ED}c:\\program files\\realvnc\\vnc4\\vncviewer.exe"= UDP:c:\program files\realvnc\vnc4\vncviewer.exe:VNC Viewer Personal Edition for Win32
"UDP Query User{134159BA-6A65-42CF-9131-D5B27DB5698B}c:\\program files\\realvnc\\vnc4\\vncviewer.exe"= TCP:c:\program files\realvnc\vnc4\vncviewer.exe:VNC Viewer Personal Edition for Win32
"TCP Query User{D1D9EF17-6249-4159-BFE1-5457307911AC}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{314B77FD-A2D3-464B-879C-F87003A0D379}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{9BD5AFFB-2EB5-4B90-8C78-C7213D3DCD9D}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{4E9A500F-1BC6-444B-B313-8C941A1882FC}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{23495BA4-8D35-4B96-8EEA-D76CFB945974}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{10327E92-23FA-40CC-B63E-73ED3AFBF80F}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{72915CCE-FC28-459F-A7D4-E25CD7600AFD}c:\\program files\\softick\\ppp\\bin\\pppgate.exe"= UDP:c:\program files\softick\ppp\bin\pppgate.exe:Win32 PPP Server
"UDP Query User{A9D4FAC7-7DCC-41D2-82D1-2449E8F5C8DE}c:\\program files\\softick\\ppp\\bin\\pppgate.exe"= TCP:c:\program files\softick\ppp\bin\pppgate.exe:Win32 PPP Server
"TCP Query User{644FD162-E8C5-4D34-B443-C8199365D45F}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.607\\uploader.exe"= UDP:c:\users\mucahid\appdata\local\temp\rar$ex00.607\uploader.exe:uploader.exe
"UDP Query User{6A2A3931-64CA-4F28-83DC-70D771E06F0D}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.607\\uploader.exe"= TCP:c:\users\mucahid\appdata\local\temp\rar$ex00.607\uploader.exe:uploader.exe
"TCP Query User{EDDFE0B3-A5B9-4BAB-B767-D251B8FEC271}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.341\\uploader.exe"= UDP:c:\users\mucahid\appdata\local\temp\rar$ex00.341\uploader.exe:uploader.exe
"UDP Query User{9FD4C85B-4A7F-4CB9-95C0-C625EBAE8AE7}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.341\\uploader.exe"= TCP:c:\users\mucahid\appdata\local\temp\rar$ex00.341\uploader.exe:uploader.exe
"TCP Query User{E5B38EF0-1234-45F5-86DE-71822AE9DCC8}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.186\\uploader.exe"= UDP:c:\users\mucahid\appdata\local\temp\rar$ex00.186\uploader.exe:uploader.exe
"UDP Query User{C5A8E69A-4C1C-44F3-87E2-33B8070DFD56}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.186\\uploader.exe"= TCP:c:\users\mucahid\appdata\local\temp\rar$ex00.186\uploader.exe:uploader.exe
"TCP Query User{A228A2F0-BD56-44CB-9A73-429A2C1814A4}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex16.517\\uploader.exe"= UDP:c:\users\mucahid\appdata\local\temp\rar$ex16.517\uploader.exe:uploader.exe
"UDP Query User{3F969ACA-7970-4B9B-8A80-0CBBA30EC8C1}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex16.517\\uploader.exe"= TCP:c:\users\mucahid\appdata\local\temp\rar$ex16.517\uploader.exe:uploader.exe
"TCP Query User{DF6412BC-8933-4828-B9BA-CA1E0B3BB60A}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.998\\uploader.exe"= UDP:c:\users\mucahid\appdata\local\temp\rar$ex00.998\uploader.exe:uploader.exe
"UDP Query User{734C9A24-98BC-43D1-B78C-81B54758CAC1}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.998\\uploader.exe"= TCP:c:\users\mucahid\appdata\local\temp\rar$ex00.998\uploader.exe:uploader.exe
"TCP Query User{65AC5370-8A9E-434D-9A04-BB791987B7E5}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.575\\uploader.exe"= UDP:c:\users\mucahid\appdata\local\temp\rar$ex00.575\uploader.exe:uploader.exe
"UDP Query User{9B53168D-6629-4A1E-BFB4-BD64C2CCB017}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.575\\uploader.exe"= TCP:c:\users\mucahid\appdata\local\temp\rar$ex00.575\uploader.exe:uploader.exe
"TCP Query User{38020602-7616-4B27-9B1B-57BE127E3892}c:\\users\\mucahid\\desktop\\java\\uploader.exe"= UDP:c:\users\mucahid\desktop\java\uploader.exe:uploader.exe
"UDP Query User{57F95C53-6085-4DEC-A295-70D94FC1D577}c:\\users\\mucahid\\desktop\\java\\uploader.exe"= TCP:c:\users\mucahid\desktop\java\uploader.exe:uploader.exe
"TCP Query User{FD5512EB-1659-4BFD-BFC9-466E5F7FB74A}c:\\users\\mucahid\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= UDP:c:\users\mucahid\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe
"UDP Query User{CE61BD9E-0AA2-4ECF-A064-560E75AED7A0}c:\\users\\mucahid\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= TCP:c:\users\mucahid\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe
"TCP Query User{186DB4C6-3C9C-4772-BD6A-46BB803F177A}c:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"UDP Query User{7CCEDD65-2D03-4713-AE5E-DC380C99A5C8}c:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"TCP Query User{6F7D9B0F-14C1-4C1E-BE6D-D2EFF276F666}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{0E6458FB-3FD1-450A-B4FD-D639EBE2F578}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{E20CDFB6-0F0C-40FC-8B00-D639FADA80FA}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.836\\trackmaniaserver.exe"= UDP:c:\users\mucahid\appdata\local\temp\rar$ex00.836\trackmaniaserver.exe:trackmaniaserver.exe
"UDP Query User{411E298A-8CB5-4B06-985F-A23B357DFE7A}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.836\\trackmaniaserver.exe"= TCP:c:\users\mucahid\appdata\local\temp\rar$ex00.836\trackmaniaserver.exe:trackmaniaserver.exe
"TCP Query User{E068F7BF-78EA-407F-A292-71287B2828BA}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.919\\trackmaniaserver.exe"= UDP:c:\users\mucahid\appdata\local\temp\rar$ex00.919\trackmaniaserver.exe:trackmaniaserver.exe
"UDP Query User{F05C304D-BC11-49B8-9425-EFCFF974E30A}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.919\\trackmaniaserver.exe"= TCP:c:\users\mucahid\appdata\local\temp\rar$ex00.919\trackmaniaserver.exe:trackmaniaserver.exe
"TCP Query User{4717B686-3371-4B21-AA14-92A807C90F4D}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{77350276-B21E-45CD-955C-8C197141D24F}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{3358D1F9-DE65-4E01-8C31-A2AD8779E1C5}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.919\\portchkpes2009eupc.exe"= UDP:c:\users\mucahid\appdata\local\temp\rar$ex00.919\portchkpes2009eupc.exe:portchkpes2009eupc.exe
"UDP Query User{4C4299D6-E013-4B4E-9C09-BF465F2AAFE7}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex00.919\\portchkpes2009eupc.exe"= TCP:c:\users\mucahid\appdata\local\temp\rar$ex00.919\portchkpes2009eupc.exe:portchkpes2009eupc.exe
"TCP Query User{462EBD9D-0384-4B7E-89DC-935B28343F33}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{F755B2D4-05CD-4318-9D44-65C108D3C5EB}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{F487F47E-DE87-4C84-97BA-E4C7C0F59F34}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{5FF09896-2A7C-4450-AF0B-99D34ED172E1}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{A85130C7-B68E-4EFB-AC44-2289D8FEA82D}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{EA679115-C973-4A5C-844B-3A6EA9C43566}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{E9B8315F-7AFC-4D54-B382-5CA1AE38AB41}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{25A5148B-5A9A-4F41-BF2C-B2399787ABF0}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{4F263E99-83D7-4BE5-9F5F-9BE558245AFF}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{5AD0900E-AA6F-4669-94A6-61125D660B4E}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{8FA58290-EB0C-45A9-A5B4-664A2C2E52EA}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{07FF4D7A-8D4B-433C-90D1-1234C423D354}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{E1136A24-227F-4959-B0FA-D57A61EE4925}c:\\program files\\activision\\call of duty - world at war\\codwaw_lanfixed.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{4CBABAF8-9899-42D0-BF44-1088B02D7675}c:\\program files\\activision\\call of duty - world at war\\codwaw_lanfixed.exe"= TCP:c:\program files\activision\call of duty - world at war\codwaw_lanfixed.exe:Call of Duty(R): World at War Campaign/Coop
"TCP Query User{35C1F5B9-AE67-4960-BC54-1AECED43DA8C}c:\\program files\\activision\\call of duty - world at war\\codwaw 1.2 lanfix.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw 1.2 lanfix.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{70173B10-C72F-4721-84BD-4E876151A4A5}c:\\program files\\activision\\call of duty - world at war\\codwaw 1.2 lanfix.exe"= TCP:c:\program files\activision\call of duty - world at war\codwaw 1.2 lanfix.exe:Call of Duty(R): World at War Campaign/Coop
"TCP Query User{7AF2D93D-41E8-446F-BFBA-52A8E1E923F1}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"UDP Query User{77F08B6B-AF4A-4E66-B0DE-AC9844028F22}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= TCP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{C2DE97B9-C872-4F22-83DA-E4F1D852FF2F}c:\\program files\\activision\\call of duty - world at war\\codwawmp.exe"= UDP:c:\program files\activision\call of duty - world at war\codwawmp.exe:Call of Duty(R): World at War Multiplayer
"UDP Query User{AFAA83E0-C8B9-41CF-B9DF-F153BC2AED0C}c:\\program files\\activision\\call of duty - world at war\\codwawmp.exe"= TCP:c:\program files\activision\call of duty - world at war\codwawmp.exe:Call of Duty(R): World at War Multiplayer
"TCP Query User{4C8E53CF-4121-417D-BD88-9543CA2ADCBF}c:\\users\\mucahid\\desktop\\garena\\garena.exe"= UDP:c:\users\mucahid\desktop\garena\garena.exe:garena.exe
"UDP Query User{CD8CBCC6-8CF5-493B-BF10-B80845857856}c:\\users\\mucahid\\desktop\\garena\\garena.exe"= TCP:c:\users\mucahid\desktop\garena\garena.exe:garena.exe
"TCP Query User{38F14CFC-33D5-44A1-9751-0761E5669D68}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{E172D16F-6609-44AA-8FEE-E5A623F845FB}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{1BE9302B-25C9-4C04-AC16-930E80F9E89C}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{B019EFC6-FBCA-484C-B591-3925933E878E}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{DCA4F1BF-082B-4F99-8D0F-AB53F175C1B6}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{F305C842-CEC8-4612-BF72-B35E5BC691D4}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{B9D99C37-D78C-4C9A-B5A6-955153C357B5}c:\\program files\\webcam\\webcam123\\wsrv.exe"= UDP:c:\program files\webcam\webcam123\wsrv.exe:WSRV
"UDP Query User{FA33D061-0924-4632-B783-9D00111B17E2}c:\\program files\\webcam\\webcam123\\wsrv.exe"= TCP:c:\program files\webcam\webcam123\wsrv.exe:WSRV
"TCP Query User{5BE0F209-C7A5-4D22-9859-C93FF359E4DE}c:\\program files\\webcam\\webcam123\\webcam.exe"= UDP:c:\program files\webcam\webcam123\webcam.exe:Webcam 1-2-3
"UDP Query User{60747C6F-22D9-4059-90C4-8DFDF006F0F9}c:\\program files\\webcam\\webcam123\\webcam.exe"= TCP:c:\program files\webcam\webcam123\webcam.exe:Webcam 1-2-3
"TCP Query User{9D200936-0EAE-4A0E-BBE3-4B6269A47AAD}c:\\program files\\voipbuster.com\\voipbuster\\voipbuster.exe"= UDP:c:\program files\voipbuster.com\voipbuster\voipbuster.exe:Client to make VoIP calls.
"UDP Query User{C94599D4-83B7-4FE9-B44D-DDBD6AEEECD8}c:\\program files\\voipbuster.com\\voipbuster\\voipbuster.exe"= TCP:c:\program files\voipbuster.com\voipbuster\voipbuster.exe:Client to make VoIP calls.
"TCP Query User{BD8557D2-A022-479C-ADF7-65336AFFB76F}c:\\program files\\activision\\call of duty - world at war\\server.1.3.exe"= UDP:c:\program files\activision\call of duty - world at war\server.1.3.exe:Call of Duty(R): World at War Multiplayer
"UDP Query User{8CEA81DA-F14A-4556-814E-21E2BDFDDE4D}c:\\program files\\activision\\call of duty - world at war\\server.1.3.exe"= TCP:c:\program files\activision\call of duty - world at war\server.1.3.exe:Call of Duty(R): World at War Multiplayer
"TCP Query User{360CA650-E73B-42B7-A7A0-00DADA45D7CA}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{38EB5842-ED6C-4237-933F-6DD6BE90716F}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{B68662D2-5732-4A2A-97B8-C9C215DEC648}c:\\program files\\anonymizer\\anonymizer software\\common\\anonproxy.exe"= UDP:c:\program files\anonymizer\anonymizer software\common\anonproxy.exe:AnonProxy
"UDP Query User{E36EDFED-CED9-4116-995A-016B0587707B}c:\\program files\\anonymizer\\anonymizer software\\common\\anonproxy.exe"= TCP:c:\program files\anonymizer\anonymizer software\common\anonproxy.exe:AnonProxy
"{3E186776-09D1-4F7B-A241-986594D81346}"= UDP:c:\users\Mucahid\AppData\Local\Temp\7zS6FC4.tmp\SymNRT.exe:Norton Removal Tool
"{A235A6A9-D7FE-47C4-8269-864CFDBC9333}"= TCP:c:\users\Mucahid\AppData\Local\Temp\7zS6FC4.tmp\SymNRT.exe:Norton Removal Tool
"TCP Query User{5C47A926-D12E-4719-A678-BE5F1FA25817}c:\\users\\mucahid\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= UDP:c:\users\mucahid\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe
"UDP Query User{2D6E78D6-36B0-4073-ADE6-1ACB270C5E2D}c:\\users\\mucahid\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= TCP:c:\users\mucahid\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe
"TCP Query User{5ED38026-4058-4483-B2C0-B92439702B0F}c:\\users\\mucahid\\desktop\\java(365)\\uploader.exe"= UDP:c:\users\mucahid\desktop\java(365)\uploader.exe:uploader.exe
"UDP Query User{FA6DE39B-9177-45A3-A8DF-E3BFED94D90A}c:\\users\\mucahid\\desktop\\java(365)\\uploader.exe"= TCP:c:\users\mucahid\desktop\java(365)\uploader.exe:uploader.exe
"TCP Query User{F13FEA7E-E762-4D69-8DE5-B562B32BB60D}c:\\users\\mucahid\\desktop\\java\\uploader.exe"= UDP:c:\users\mucahid\desktop\java\uploader.exe:uploader.exe
"UDP Query User{DFE7B4E6-66A6-46F9-97D5-082C8A569993}c:\\users\\mucahid\\desktop\\java\\uploader.exe"= TCP:c:\users\mucahid\desktop\java\uploader.exe:uploader.exe
"TCP Query User{481F30D2-A95A-4665-BDF6-CD40B316C74B}c:\\program files\\konami\\pro evolution soccer 2009\\goalserver2009.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\goalserver2009.exe:GoalServer2009
"UDP Query User{54708D90-E317-4BF3-BF69-438FC0FF3B93}c:\\program files\\konami\\pro evolution soccer 2009\\goalserver2009.exe"= TCP:c:\program files\konami\pro evolution soccer 2009\goalserver2009.exe:GoalServer2009
"TCP Query User{F2BDDCF9-5F8D-4F38-8E5B-050AFB9B50EE}c:\\program files\\konami\\pro evolution soccer 2009\\goalwebserver2009.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\goalwebserver2009.exe:GoalWebServer2009
"UDP Query User{65EFEA46-60DC-4304-AA33-05BD81C62559}c:\\program files\\konami\\pro evolution soccer 2009\\goalwebserver2009.exe"= TCP:c:\program files\konami\pro evolution soccer 2009\goalwebserver2009.exe:GoalWebServer2009
"TCP Query User{9DC04CF2-6A50-4440-AF5B-3C76AE2080F7}c:\\program files\\konami\\pro evolution soccer 2009\\stunnel\\stunnel.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\stunnel\stunnel.exe:stunnel
"UDP Query User{BCE58C0F-C820-4D74-A997-181D24C8D2CA}c:\\program files\\konami\\pro evolution soccer 2009\\stunnel\\stunnel.exe"= TCP:c:\program files\konami\pro evolution soccer 2009\stunnel\stunnel.exe:stunnel
"TCP Query User{AE79BBD8-8C42-412D-A7A1-9DFEB655E54F}c:\\tempo\\goalserver2009kp\\goalwebserver2009.exe"= UDP:c:\tempo\goalserver2009kp\goalwebserver2009.exe:GoalWebServer2009
"UDP Query User{09C0796C-0EA4-4582-868A-A6139C6904BD}c:\\tempo\\goalserver2009kp\\goalwebserver2009.exe"= TCP:c:\tempo\goalserver2009kp\goalwebserver2009.exe:GoalWebServer2009
"TCP Query User{13366873-F1EC-44A6-A13B-2948BD2E8413}c:\\tempo\\goalserver2009kp\\stunnel\\stunnel.exe"= UDP:c:\tempo\goalserver2009kp\stunnel\stunnel.exe:stunnel
"UDP Query User{EF677F89-4ACD-465E-9B02-0E501C4CFDE2}c:\\tempo\\goalserver2009kp\\stunnel\\stunnel.exe"= TCP:c:\tempo\goalserver2009kp\stunnel\stunnel.exe:stunnel
"TCP Query User{A6323AC1-4EFE-4EAE-8B84-BC30150362DD}c:\\tempo\\goalserver2009kp\\goalserver2009.exe"= UDP:c:\tempo\goalserver2009kp\goalserver2009.exe:GoalServer2009
"UDP Query User{D330BE82-77D2-4F20-8C0E-2DC39167F666}c:\\tempo\\goalserver2009kp\\goalserver2009.exe"= TCP:c:\tempo\goalserver2009kp\goalserver2009.exe:GoalServer2009
"TCP Query User{4EDD6484-01F7-40C5-9629-3C10E3995769}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{C967DCD7-8B06-42BA-92DA-300FD9F60874}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{4B778590-BAFE-40A6-9938-836D7D6F6620}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex02.593\\goalserver2009\\goalserver2009.exe"= UDP:c:\users\mucahid\appdata\local\temp\rar$ex02.593\goalserver2009\goalserver2009.exe:goalserver2009.exe
"UDP Query User{7ED8C7BF-8B61-4EED-9239-BEBB63E014E2}c:\\users\\mucahid\\appdata\\local\\temp\\rar$ex02.593\\goalserver2009\\goalserver2009.exe"= TCP:c:\users\mucahid\appdata\local\temp\rar$ex02.593\goalserver2009\goalserver2009.exe:goalserver2009.exe
"TCP Query User{EB26CAE8-D307-4018-8504-FB660C0757FD}c:\\users\\mucahid\\program files\\dna\\btdna.exe"= UDP:c:\users\mucahid\program files\dna\btdna.exe:btdna.exe
"UDP Query User{4D6CFC00-CFD0-4CCC-9D78-DAA5364C07BA}c:\\users\\mucahid\\program files\\dna\\btdna.exe"= TCP:c:\users\mucahid\program files\dna\btdna.exe:btdna.exe
"{F7EC7706-F413-4F34-B004-3C8BBADC49AC}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{87321FE0-C55D-4E4E-A683-F1B5251A6297}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{EA56DF34-8382-4BE9-AAB0-CA3E33F697B0}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
"UDP Query User{116C47E2-5468-4D28-8FBF-E2DDC50F1AC8}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA
"{DBB726E9-9F5B-4F6A-AB2A-026DD796EA52}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{810D1481-5CF5-48A8-8D13-659B89EFCA2C}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{EED366B4-893B-4B84-A27C-80F89DA93D91}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{7DCACAC9-F056-43C6-8583-B949C74A73D6}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{CBBD8332-4F4F-401B-AF5A-81577F05DF08}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{8AA167BF-5FA7-4FCF-82A3-9072ED0F05DC}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{53076A12-2003-49FB-8EE1-A110A77351A6}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{60462977-7412-4320-93EE-AB2130BFACAF}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsasvr.exe:KTF MUSIC AoD Server
"{5C7135DD-8B76-48BF-B382-8A62F39B7B32}"= UDP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{F7C1B5AD-7E79-48FE-BA4E-94E518ACE012}"= TCP:c:\program files\Samsung\Samsung New PC Studio\npsvsvr.exe:KTF MUSIC VoD Server
"{74E47D7A-1FB9-4885-8718-2BE94F783564}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{31A2775E-CEB7-4271-9C54-DCA9EB0892FD}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{1B3F885A-3DB9-4455-8E21-25F2F48496A1}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{3DE82BC1-6223-49A0-B117-ECB6A7BD071A}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [02/07/2008 13:07 82696]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [30/05/2009 19:10 233472]
R3 bdfm;BDFM;c:\windows\System32\drivers\bdfm.sys [12/08/2008 18:40 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [14/08/2008 18:54 104328]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [30/05/2009 19:10 36608]
R3 netr73;Hercules Wireless USB Dongle Driver for Vista;c:\windows\System32\drivers\netr73.sys [29/10/2008 20:59 256000]
S2 gupdate1c98aef813cc9ed;Google Update Service (gupdate1c98aef813cc9ed);c:\program files\Google\Update\GoogleUpdate.exe [09/02/2009 21:49 133104]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [17/07/2008 13:06 118784]
S3 epmntdrv;epmntdrv;c:\windows\System32\epmntdrv.sys [01/06/2009 15:46 9728]
S3 EuGdiDrv;EuGdiDrv;c:\windows\System32\EuGdiDrv.sys [01/06/2009 15:46 3072]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [21/04/2009 15:36 216232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'
2009-06-12 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-04-08 16:38]
2009-06-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 19:49]
2009-06-12 c:\windows\Tasks\User_Feed_Synchronization-{85F9A1E9-8484-4F3A-901E-ADF14F129533}.job
- c:\windows\system32\msfeedssync.exe [2009-05-07 11:31]
2009-06-12 c:\windows\Tasks\User_Feed_Synchronization-{983CC906-7A11-4DBC-A02C-B3803AF6A1C6}.job
- c:\windows\system32\msfeedssync.exe [2009-05-07 11:31]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-fsm - (no file)
HKCU-RunOnce-Shockwave Updater - c:\windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET
HKLM-Run-NPSStartup - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = local
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://m6.powerchallenge.com/applet/PowerLoader.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
FF - ProfilePath - c:\users\Mucahid\AppData\Roaming\Mozilla\Firefox\Profiles\7ci7vonf.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\users\Mucahid\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 10:26
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-556349300-2617274519-4165335550-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0FA930B0-DE4F-5619-C51F-6980249E97C6}*]
"hajhdjmhfechohba"=hex:6a,61,63,6c,6d,69,6e,6b,6e,67,66,69,66,68,67,6f,6d,6b,
61,66,00,00
[HKEY_USERS\S-1-5-21-556349300-2617274519-4165335550-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAD47439-4FDD-CA55-6D2A-A5F650760E07}*]
"pacbldnakdoplmfecndiefafbbbcjeli"=hex:6b,61,67,6d,68,67,6e,61,69,6d,61,69,70,
63,68,67,68,70,6a,69,70,61,00,00
"oaiadbodeahaaefojpjgfaecfkapmf"=hex:6a,61,68,6d,70,64,64,6e,6b,6d,63,62,65,66,
6a,67,68,63,68,6f,00,ea
"oacbldnakdoplmfecndiffnefohffj"=hex:6b,61,67,6d,68,67,6e,61,69,6d,61,69,70,63,
68,67,68,70,6a,69,70,61,00,00
"naiadbodeahaaefojpkgopgnkpff"=hex:6a,61,63,6d,69,65,64,6e,68,64,6d,66,6f,6a,
61,6f,63,6c,6f,65,00,ea
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(7224)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Autres processus actifs ------------------------
.
SystemRoot\System32\smss.exe [480]
c:\windows\system32\csrss.exe [548]
c:\windows\system32\wininit.exe [596]
c:\windows\system32\csrss.exe [608]
c:\windows\system32\services.exe [644]
c:\windows\system32\lsass.exe [656]
c:\windows\system32\lsm.exe [668]
c:\windows\system32\svchost.exe [816]
c:\windows\system32\nvvsvc.exe [860]
c:\windows\system32\winlogon.exe [884]
c:\windows\system32\svchost.exe [928]
c:\windows\System32\svchost.exe [988]
c:\windows\System32\svchost.exe [1208]
c:\windows\System32\svchost.exe [1240]
c:\windows\system32\svchost.exe [1292]
c:\windows\system32\svchost.exe [1444]
c:\windows\system32\SLsvc.exe [1460]
c:\windows\system32\svchost.exe [1524]
c:\windows\system32\svchost.exe [1680]
c:\windows\system32\rundll32.exe [1784]
c:\windows\System32\spoolsv.exe [1920]
c:\windows\system32\svchost.exe [1948]
c:\windows\system32\FsUsbExService.Exe [1508]
c:\program files\Google\Update\GoogleUpdate.exe [2116]
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2124]
c:\windows\System32\svchost.exe [2140]
c:\windows\System32\svchost.exe [2268]
c:\windows\system32\PnkBstrA.exe [2280]
c:\windows\system32\svchost.exe [2292]
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2304]
c:\windows\system32\svchost.exe [2392]
c:\windows\System32\svchost.exe [2432]
c:\windows\system32\SearchIndexer.exe [2500]
c:\windows\system32\WUDFHost.exe [2676]
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [3244]
c:\windows\system32\Dwm.exe [3280]
c:\windows\system32\taskeng.exe [3328]
c:\windows\system32\taskeng.exe [3528]
c:\windows\system32\conime.exe [3916]
c:\windows\system32\CF6381.exe [3692]
c:\windows\RtHDVCpl.exe [4032]
c:\windows\System32\rundll32.exe [2376]
c:\program files\Java\jre6\bin\jusched.exe [2452]
c:\program files\Windows Sidebar\sidebar.exe [2112]
c:\windows\ehome\ehtray.exe [1828]
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [3888]
c:\program files\Hercules\WiFi Station pour Livebox\WiFiLB.exe [1076]
c:\windows\ehome\ehmsas.exe [4180]
c:\windows\system32\wbem\unsecapp.exe [6048]
c:\windows\system32\wbem\wmiprvse.exe [6104]
c:\windows\servicing\TrustedInstaller.exe [6124]
c:\windows\system32\wuauclt.exe [4332]
c:\windows\Explorer.exe [7224]
c:\windows\system32\DllHost.exe [8796]
c:\combofix\catchme.cfexe [9828]
.
**************************************************************************
.
Heure de fin: 2009-06-12 10:34 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-12 08:34
Avant-CF: 150 282 686 464 octets libres
Après-CF: 150 296 104 960 octets libres
502 --- E O F --- 2009-06-11 20:08
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
12 juin 2009 à 10:40
12 juin 2009 à 10:40
analyse ces deux fichiers sur virus total et colle les rapports: https://www.virustotal.com/gui/
c:\windows\System32\epmntdrv.sys
c:\windows\System32\EuGdiDrv.sys
__________________
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
c:\windows\System32\epmntdrv.sys
c:\windows\System32\EuGdiDrv.sys
__________________
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
muco45
Messages postés
441
Date d'inscription
dimanche 17 février 2008
Statut
Membre
Dernière intervention
26 novembre 2013
65
12 juin 2009 à 12:51
12 juin 2009 à 12:51
http://www.virustotal.com/fr/analisis/971506f90f764aa9acc87e498f606fb433a45e4a3ac66441e4e6df002dd9bcde-1244803167
http://www.virustotal.com/fr/analisis/b2c4d872550a41a91efc2a12fe699e99b3f6baa26e68d75f1004389fbcf7db89-1244802946
http://www.virustotal.com/fr/analisis/b2c4d872550a41a91efc2a12fe699e99b3f6baa26e68d75f1004389fbcf7db89-1244802946
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
12 juin 2009 à 12:55
12 juin 2009 à 12:55
ok passe ccleaner et dis si encore des soucis?
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
12 juin 2009 à 15:14
12 juin 2009 à 15:14
elle est pour quel produit cette pub? Bitdefender ne trouve aucune infection?
muco45
Messages postés
441
Date d'inscription
dimanche 17 février 2008
Statut
Membre
Dernière intervention
26 novembre 2013
65
12 juin 2009 à 19:56
12 juin 2009 à 19:56
non aucune il y a MMM ensuite une voiture chinoise et sa vien pas tous le temps
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
12 juin 2009 à 20:18
12 juin 2009 à 20:18
cela vient peut etre du jeu car certains contiennent des pubs!
c'est le cas?
c'est le cas?
muco45
Messages postés
441
Date d'inscription
dimanche 17 février 2008
Statut
Membre
Dernière intervention
26 novembre 2013
65
13 juin 2009 à 16:04
13 juin 2009 à 16:04
non en faite avant je n'avais pas ces pub !
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
13 juin 2009 à 17:13
13 juin 2009 à 17:13
tu as tenté de désinstallé puis remettre le jeu?
______________
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
______________
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
muco45
Messages postés
441
Date d'inscription
dimanche 17 février 2008
Statut
Membre
Dernière intervention
26 novembre 2013
65
13 juin 2009 à 23:04
13 juin 2009 à 23:04
Rapport GenProc 2.590 [2]
@ 13/06/2009 à 23:02:53
@ Windows Vista Service Pack 1 - Mode normal
@ Internet Explorer (8.0.6001.18783) [Navigateur par défaut]
# Etape 1/ Télécharge :
- Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 (Team IDN) sur ton Bureau.
Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Mucahid *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[2]" sur ton bureau).
# Etape 2/
Lance Toolbar-S&D situé sur le Bureau.
Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.
# Etape 3/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 4/
Redémarre normalement et poste, dans la même réponse :
- Le contenu du rapport TB.txt situé dans C:\ ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
- Un nouveau rapport GenProc ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------
~~ Arguments de la procédure ~~
# Détections [1] GenProc 2.590 13/06/2009 à 23:00:35
Toolbar:le 13/06/2009 à 23:01:13 "C:\Windows\iun6002.exe"
# Détections [2] GenProc 2.590 13/06/2009 à 23:02:54
Toolbar:le 13/06/2009 à 23:03:08 "C:\Windows\iun6002.exe"
~~ Fin à 23:03:33 ~~
@ 13/06/2009 à 23:02:53
@ Windows Vista Service Pack 1 - Mode normal
@ Internet Explorer (8.0.6001.18783) [Navigateur par défaut]
# Etape 1/ Télécharge :
- Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 (Team IDN) sur ton Bureau.
Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Mucahid *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[2]" sur ton bureau).
# Etape 2/
Lance Toolbar-S&D situé sur le Bureau.
Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.
# Etape 3/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 4/
Redémarre normalement et poste, dans la même réponse :
- Le contenu du rapport TB.txt situé dans C:\ ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
- Un nouveau rapport GenProc ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------
~~ Arguments de la procédure ~~
# Détections [1] GenProc 2.590 13/06/2009 à 23:00:35
Toolbar:le 13/06/2009 à 23:01:13 "C:\Windows\iun6002.exe"
# Détections [2] GenProc 2.590 13/06/2009 à 23:02:54
Toolbar:le 13/06/2009 à 23:03:08 "C:\Windows\iun6002.exe"
~~ Fin à 23:03:33 ~~
