Vla mon rapport combo fix, je posteré avec les prog du forum si vraiment je ne trouve pas d'aide ...
j'espere que vous pouvé i voir clair, merci
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1242926653-2254958597-335050124-500
c:\$recycle.bin\S-1-5-21-2138742642-2765880599-2234549539-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
C:\desktop.ini
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Installer\16e10da.msi
c:\windows\Installer\18a6967.msi
c:\windows\Installer\18af775.msi
c:\windows\system32\dumphive.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
----- BITS: Possible infected sites -----
hxxp://premium.virginmega.fr
.
((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 )))))))))))))))))))))))))))))))
.
2009-09-08 11:22 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 11:22 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 22:26 . 2009-09-08 11:37 -------- d-----w- c:\users\killer\AppData\Roaming\Moniteur neufbox
2009-09-07 22:26 . 2009-09-07 22:26 -------- d-----w- c:\program files\Moniteur neufbox
2009-09-02 20:00 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 20:00 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 16:28 . 2004-12-30 21:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2009-09-02 16:28 . 2009-09-02 16:28 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-09-02 16:10 . 2009-09-02 16:10 -------- d-----w- c:\program files\gPotato.eu
2009-08-28 00:40 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-15 05:35 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-15 05:35 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-15 05:35 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-15 05:35 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-15 05:35 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-15 05:35 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-15 05:35 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-15 05:35 . 2009-06-10 11:45 206336 ----a-w- c:\windows\system32\telnet.exe
2009-08-15 05:35 . 2009-06-10 09:56 88576 ----a-w- c:\windows\system32\tlntsess.exe
2009-08-15 05:35 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-08 11:38 . 2009-05-01 09:46 352615 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-09-08 11:29 . 2008-03-05 17:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 11:22 . 2009-09-08 11:22 687104 ----a-w- c:\windows\isRS-000.tmp
2009-09-08 09:53 . 2009-07-14 18:10 -------- d-----w- c:\users\killer\AppData\Roaming\IMVU
2009-09-07 21:00 . 2007-12-22 17:21 -------- d-----w- c:\users\killer\AppData\Roaming\uTorrent
2009-09-07 20:40 . 2008-11-25 20:48 -------- d-----w- c:\program files\Free Music Zilla
2009-09-07 10:56 . 2009-04-08 19:53 -------- d-----w- c:\program files\Steam
2009-09-06 10:37 . 2009-04-08 19:53 -------- d-----w- c:\program files\Common Files\Steam
2009-09-04 17:39 . 2008-06-04 13:39 -------- d-----w- c:\users\killer\AppData\Roaming\OpenOffice.org2
2009-09-02 18:10 . 2008-05-17 18:02 -------- d-----w- c:\users\killer\AppData\Roaming\teamspeak2
2009-09-01 18:41 . 2008-01-15 20:08 -------- d-----w- c:\program files\Navilog1
2009-09-01 16:32 . 2007-12-21 20:27 -------- d-----w- c:\programdata\Skype
2009-09-01 16:31 . 2009-03-03 17:55 -------- d-----w- c:\program files\Trials 2 Second Edition
2009-08-31 17:27 . 2007-10-16 19:32 733528 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-31 17:27 . 2007-10-16 19:32 151100 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-31 10:21 . 2009-01-12 11:23 -------- d-----w- c:\users\killer\AppData\Roaming\GrabIt
2009-08-31 10:04 . 2008-02-12 16:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-28 09:09 . 2009-07-14 18:09 -------- d-----w- c:\users\killer\AppData\Roaming\IMVUClient
2009-08-22 18:29 . 2009-05-01 10:16 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-21 16:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-07 17:51 . 2009-08-07 17:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 17:51 . 2009-08-07 17:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-06 09:00 . 2008-05-12 14:57 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 22:51 . 2009-04-20 15:54 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 3
2009-07-29 20:58 . 2009-07-29 20:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-23 17:06 . 2009-07-23 17:06 -------- d-----w- c:\program files\Aspyr
2009-07-18 16:06 . 2009-07-29 10:24 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 10:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 10:24 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 10:07 . 2009-07-16 10:07 -------- d-----w- c:\users\killer\AppData\Roaming\vlc
2009-07-14 17:29 . 2009-07-14 17:29 -------- d-----w- c:\program files\QuickTime
2009-07-14 17:29 . 2009-07-14 17:29 -------- d-----w- c:\programdata\Apple Computer
2009-07-14 17:27 . 2009-07-14 17:27 -------- d-----w- c:\program files\Apple Software Update
2009-07-14 17:27 . 2009-07-14 17:27 -------- d-----w- c:\programdata\Apple
2009-07-14 15:18 . 2009-07-14 15:18 -------- d-----w- c:\users\killer\AppData\Roaming\dvdcss
2009-07-10 19:17 . 2007-12-21 17:52 -------- d-----w- c:\program files\Messenger Plus! Live
2009-06-30 21:48 . 2008-06-12 18:08 615424 ----a-w- c:\windows\system32\themeui.dll
2009-06-30 21:48 . 2008-06-12 18:09 240128 ----a-w- c:\windows\system32\uxtheme.dll
2009-06-15 15:24 . 2009-07-15 22:03 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 22:03 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 22:03 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 22:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2007-12-02 11:36 . 2007-12-02 11:36 278528 ----a-w- c:\program files\Common Files\FDEUnInstaller.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-10-16 19:36 . 2007-10-16 19:36 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
------- Sigcheck -------
[-] 2009-06-30 . 2406E3A5FAE743DCE81168A8CDB8573F . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[7] 2008-01-19 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll
[7] 2006-11-02 . B264DFA21677728613267FE63802B332 . 245248 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16386_none_caf99b2e2002860e\shsvcs.dll
c:\windows\system32\drivers\ip6fw.sys ... is missing !!
c:\windows\system32\msgsvc.dll ... is missing !!
c:\windows\system32\drivers\acpiec.sys ... is missing !!
c:\windows\system32\eventlog.dll ... is missing !!
c:\windows\system32\mspmsnsv.dll ... is missing !!
c:\windows\system32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-09-29 106496]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-05-05 3885408]
"Yodm3D"="c:\program files\yod\Yodm3D.exe" [2007-06-26 2058752]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-04-02 306088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 92704]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
c:\users\killer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Moniteur neufbox.lnk - c:\program files\Moniteur neufbox\Moniteur neufbox.exe [2009-2-13 589744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3791306889-1641947110-789305838-1002]
"EnableNotificationsRef"=dword:00000003
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8AC5EA2E-CD86-4E36-9E4A-279199C81C42}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{100578F1-FA1E-4B77-8485-73477664AC76}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{4806E01A-9C77-4772-BD62-429F06693237}"= Disabled:UDP:c:\skype\Phone\Skype.exe:Skype
"{9772019C-8C93-43EB-9EFA-0914C294CF87}"= Disabled:TCP:c:\skype\Phone\Skype.exe:Skype
"TCP Query User{B61C213E-E72E-40B9-B7E6-02633E7E8B5D}c:\\program files\\steam\\steamapps\\killeriders\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\killeriders\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{85D2E8EA-2DEB-4B45-870B-670DC6435F35}c:\\program files\\steam\\steamapps\\killeriders\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\killeriders\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{1DBCC857-D0AA-4F72-8A48-2FDBCCB023EC}c:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= UDP:c:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"UDP Query User{857D29DD-59E2-449F-A30C-F51BEBF9EADF}c:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= TCP:c:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"TCP Query User{F636588D-7F29-47B5-8080-121F16C89432}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{5B870C8B-4E09-400B-91EB-AEB69FA20A6A}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{DBB43B89-3D29-4249-BA2E-98D87D5929C4}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{59F44481-C787-406D-A782-B18CEDB1DE7E}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{14C6BC42-182D-491C-9789-D214CBABCA55}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{0B236F6D-7609-4CEE-895E-401F47AE8A56}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{C268F105-7A11-490B-802B-009A0A5A27B2}c:\\program files\\steam\\steamapps\\killeriders\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\killeriders\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{1AD90AB9-F28F-4BDB-84C9-5322D394E4D3}c:\\program files\\steam\\steamapps\\killeriders\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\killeriders\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{B65483C8-E765-4C24-A791-9BB48FFC68B4}c:\\users\\killer\\desktop\\half life\\half-life (steam-free) (hd pack) - counter-strike 1.6 - opposing force - blue shift - team fortress classic\\hl.exe"= UDP:c:\users\killer\desktop\half life\half-life (steam-free) (hd pack) - counter-strike 1.6 - opposing force - blue shift - team fortress classic\hl.exe:hl.exe
"UDP Query User{2ACA2757-CB55-4970-9822-FE3A078B245B}c:\\users\\killer\\desktop\\half life\\half-life (steam-free) (hd pack) - counter-strike 1.6 - opposing force - blue shift - team fortress classic\\hl.exe"= TCP:c:\users\killer\desktop\half life\half-life (steam-free) (hd pack) - counter-strike 1.6 - opposing force - blue shift - team fortress classic\hl.exe:hl.exe
"TCP Query User{F6FA46FA-AC51-42E4-9242-609100875546}c:\\users\\killer\\desktop\\half life\\half-life (steam-free) (hd pack) - counter-strike 1.6 - opposing force - blue shift - team fortress classic\\hltv.exe"= UDP:c:\users\killer\desktop\half life\half-life (steam-free) (hd pack) - counter-strike 1.6 - opposing force - blue shift - team fortress classic\hltv.exe:hltv.exe
"UDP Query User{AC8F8A3E-5FF1-4C70-BD02-88AF2609ED35}c:\\users\\killer\\desktop\\half life\\half-life (steam-free) (hd pack) - counter-strike 1.6 - opposing force - blue shift - team fortress classic\\hltv.exe"= TCP:c:\users\killer\desktop\half life\half-life (steam-free) (hd pack) - counter-strike 1.6 - opposing force - blue shift - team fortress classic\hltv.exe:hltv.exe
"TCP Query User{BD95F7B8-5D2C-4C90-8873-DD27878DEA20}c:\\windows\\system32\\dpnsvr.exe"= UDP:c:\windows\system32\dpnsvr.exe:Serveur Microsoft DirectPlay 8
"UDP Query User{4B59C480-4CD3-410B-8302-719B1BEAF3CC}c:\\windows\\system32\\dpnsvr.exe"= TCP:c:\windows\system32\dpnsvr.exe:Serveur Microsoft DirectPlay 8
"TCP Query User{3EB6B3CF-B303-40B8-BB4C-BDBB58317B1F}c:\\program files\\ubisoft\\tom clancy's splinter cell chaos theory\\versus\\system\\scct_versus.ex"= UDP:c:\program files\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus.ex:SCCT_Versus.ex
"UDP Query User{1E93FD61-4DA7-4232-AFA7-1051E94CBAC4}c:\\program files\\ubisoft\\tom clancy's splinter cell chaos theory\\versus\\system\\scct_versus.ex"= TCP:c:\program files\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus.ex:SCCT_Versus.ex
"TCP Query User{8779561E-CBB8-4CE2-96F9-B3DF7FDD9044}c:\\program files\\inventel\\gateway\\rgwrepair.exe"= UDP:c:\program files\inventel\gateway\rgwrepair.exe:RGWRepair
"UDP Query User{45F308D7-639C-41A1-8C53-2D17CE136565}c:\\program files\\inventel\\gateway\\rgwrepair.exe"= TCP:c:\program files\inventel\gateway\rgwrepair.exe:RGWRepair
"TCP Query User{1237AFA4-369F-4E97-AE33-FDB45159F182}c:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:c:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{A05B1A72-23B0-4D15-BB2A-BAF08AF2F015}c:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:c:\program files\gamespy\comrade\comrade.exe:Comrade
"TCP Query User{E93C6DAE-4DBD-48F8-8BED-567464AE9579}c:\\program files\\steam\\steamapps\\thebosslulu\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\thebosslulu\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{9C5FA17C-64B7-4FEF-ACFD-6C5D714F2CB7}c:\\program files\\steam\\steamapps\\thebosslulu\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\thebosslulu\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{4489EF0F-C32D-4E1E-96E7-D2A0FD2DC48B}c:\\program files\\steam\\steamapps\\thebosslulu\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\thebosslulu\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{DB0EC54F-1CDA-4D54-B3C2-169779965B96}c:\\program files\\steam\\steamapps\\thebosslulu\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\thebosslulu\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{D5183DCF-6631-423E-BADC-636BD2C529C8}c:\\users\\killer\\desktop\\h4ck0r1sus.exe"= UDP:c:\users\killer\desktop\h4ck0r1sus.exe:h4ck0r1sus.exe
"UDP Query User{2A5AB143-B0EB-45BB-9F9E-650F5313AC12}c:\\users\\killer\\desktop\\h4ck0r1sus.exe"= TCP:c:\users\killer\desktop\h4ck0r1sus.exe:h4ck0r1sus.exe
"TCP Query User{1B4EC4E4-66C4-48E2-B8FB-990267BD6C96}c:\\program files\\autodesk\\maya 8.5 personal learning edition\\bin\\maya.exe"= UDP:c:\program files\autodesk\maya 8.5 personal learning edition\bin\maya.exe:Maya
"UDP Query User{3F53A95C-ADAD-49DC-B657-E9A9AF466C46}c:\\program files\\autodesk\\maya 8.5 personal learning edition\\bin\\maya.exe"= TCP:c:\program files\autodesk\maya 8.5 personal learning edition\bin\maya.exe:Maya
"TCP Query User{BEF95DAA-572E-409B-B051-6FB236C45A4D}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java
Platform SE binary
"UDP Query User{8A23FB0C-F683-4134-BB67-BCB4297E746A}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java
Platform SE binary
"TCP Query User{9DECE28B-CC25-46C1-89B5-9B2CFDA5FF74}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{4EB819BE-89B3-4B30-971D-6B2CD9C32B18}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"{B1748944-3EE4-4922-8F36-B1B0B0BDA5C5}"= UDP:5900:vnc
"TCP Query User{A41CA44F-E34E-4BBB-8B5E-658EF04F5A73}c:\\program files\\sierra entertainment\\timeshift\\bin\\timeshift.exe"= UDP:c:\program files\sierra entertainment\timeshift\bin\timeshift.exe:TimeShift
"UDP Query User{B4A13D21-847D-4F58-9920-74F7FEB0F299}c:\\program files\\sierra entertainment\\timeshift\\bin\\timeshift.exe"= TCP:c:\program files\sierra entertainment\timeshift\bin\timeshift.exe:TimeShift
"TCP Query User{A604EAF4-B6AB-4AE8-A52D-1F06433E1B43}c:\\program files\\ultravnc\\winvnc.exe"= UDP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
"UDP Query User{B6FF63A0-D577-4425-A391-F9D9E45A8856}c:\\program files\\ultravnc\\winvnc.exe"= TCP:c:\program files\ultravnc\winvnc.exe:VNC server for Win32
"TCP Query User{5A2F54BE-3E13-4864-BBA6-6C71FBB0E06E}c:\\program files\\steam\\steamapps\\thebosslulu\\dedicated server\\hlds.exe"= UDP:c:\program files\steam\steamapps\thebosslulu\dedicated server\hlds.exe:HLDS Launcher
"UDP Query User{4273C631-6EEE-4183-9C74-94E49E623856}c:\\program files\\steam\\steamapps\\thebosslulu\\dedicated server\\hlds.exe"= TCP:c:\program files\steam\steamapps\thebosslulu\dedicated server\hlds.exe:HLDS Launcher
"TCP Query User{8BC27F39-FBD3-42E6-8AEA-E4ED2A9A4CA7}c:\\program files\\world of warcraft\\wow-1.12.0-frfr-downloader.exe"= UDP:c:\program files\world of warcraft\wow-1.12.0-frfr-downloader.exe:Blizzard Downloader
"UDP Query User{274709FE-D1F9-4CB9-A170-4B2DE4835044}c:\\program files\\world of warcraft\\wow-1.12.0-frfr-downloader.exe"= TCP:c:\program files\world of warcraft\wow-1.12.0-frfr-downloader.exe:Blizzard Downloader
"TCP Query User{42B069EE-DBB9-40A4-A6BC-AFC3801FF1E7}c:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-frfr-patch-downloader.exe"= UDP:c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-frfr-patch-downloader.exe:Blizzard Downloader
"UDP Query User{AF730F62-2CC1-4FF2-A2E2-05B09574BF2C}c:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-frfr-patch-downloader.exe"= TCP:c:\program files\world of warcraft\wow-1.12.x-to-2.0.1-frfr-patch-downloader.exe:Blizzard Downloader
"TCP Query User{8BA7E18B-FDAA-419F-A7B4-B7F46C80AAC6}c:\\users\\killer\\desktop\\media bureau\\hack\\prorat\\proconnective.exe"= UDP:c:\users\killer\desktop\media bureau\hack\prorat\proconnective.exe:proconnective.exe
"UDP Query User{FA80034D-0A0D-45CF-8924-331BA201D808}c:\\users\\killer\\desktop\\media bureau\\hack\\prorat\\proconnective.exe"= TCP:c:\users\killer\desktop\media bureau\hack\prorat\proconnective.exe:proconnective.exe
"TCP Query User{0DB4C013-E896-4B4A-88BF-2AF8FC36A48D}c:\\users\\killer\\documents\\mes fichiers reçus\\wow-burningcrusade-frfr-installer-downloader\\wow-burningcrusade-frfr-installer-downloader.exe"= UDP:c:\users\killer\documents\mes fichiers reçus\wow-burningcrusade-frfr-installer-downloader\wow-burningcrusade-frfr-installer-downloader.exe:wow-burningcrusade-frfr-installer-downloader.exe
"UDP Query User{A1031E36-CB49-41FD-9D2B-68291A0E8EB0}c:\\users\\killer\\documents\\mes fichiers reçus\\wow-burningcrusade-frfr-installer-downloader\\wow-burningcrusade-frfr-installer-downloader.exe"= TCP:c:\users\killer\documents\mes fichiers reçus\wow-burningcrusade-frfr-installer-downloader\wow-burningcrusade-frfr-installer-downloader.exe:wow-burningcrusade-frfr-installer-downloader.exe
"{79209FD0-EBB9-442B-839C-720AD12C3AC0}"= TCP:27015:dedicaced server
"{3CF96722-743F-4EE4-B528-D7C2207ED6AD}"= UDP:27015:dedicaced
"{6D2F1C1B-DBBB-4721-9031-76746593CA85}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{238389C1-0C53-4600-A743-BE3E63607B98}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{DF259644-E5FC-4631-96D5-6B8DDBC32BDA}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{7474A9BD-A72B-4B70-ADA6-064B6980199F}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{FCC625B5-2D89-4A7F-BB43-6BAB8E4B7DB0}c:\\users\\killer\\desktop\\nobacko\\nobacko.exe"= UDP:c:\users\killer\desktop\nobacko\nobacko.exe:nobacko.exe
"UDP Query User{BC66515F-3877-42CD-8775-AC508798E408}c:\\users\\killer\\desktop\\nobacko\\nobacko.exe"= TCP:c:\users\killer\desktop\nobacko\nobacko.exe:nobacko.exe
"TCP Query User{D2C9DEE7-BD22-4F93-859B-24FA7AE613A5}c:\\program files\\ghostsurf 2005\\proxy.exe"= UDP:c:\program files\ghostsurf 2005\proxy.exe:GhostSurf proxy
"UDP Query User{3EFAC972-7443-48F2-AABA-689EFBA6E49A}c:\\program files\\ghostsurf 2005\\proxy.exe"= TCP:c:\program files\ghostsurf 2005\proxy.exe:GhostSurf proxy
"TCP Query User{56204778-8DBD-4A6A-905F-0A7704F194CB}c:\\program files\\teamspeak2_rc2\\server_windows.exe"= UDP:c:\program files\teamspeak2_rc2\server_windows.exe:Server
"UDP Query User{1F8B7009-2D6E-482E-B010-ADFBC72695F5}c:\\program files\\teamspeak2_rc2\\server_windows.exe"= TCP:c:\program files\teamspeak2_rc2\server_windows.exe:Server
"TCP Query User{79DB7538-2851-4569-8A1C-580AB5710A73}c:\\program files\\steam\\steamapps\\thebosslulu\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\thebosslulu\counter-strike source\hl2.exe:hl2
"UDP Query User{07CC567A-85AE-43E0-B5C1-3E54D90990D6}c:\\program files\\steam\\steamapps\\thebosslulu\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\thebosslulu\counter-strike source\hl2.exe:hl2
"TCP Query User{2CE9B131-CA32-412E-85F0-82D24B1982F4}c:\\program files\\steam\\steamapps\\thebosslulu\\condition zero deleted scenes\\hl.exe"= UDP:c:\program files\steam\steamapps\thebosslulu\condition zero deleted scenes\hl.exe:Half-Life Launcher
"UDP Query User{325B0CC0-97F0-4773-B5A3-4C52348D8D1E}c:\\program files\\steam\\steamapps\\thebosslulu\\condition zero deleted scenes\\hl.exe"= TCP:c:\program files\steam\steamapps\thebosslulu\condition zero deleted scenes\hl.exe:Half-Life Launcher
"TCP Query User{DDCD7A30-715E-4875-9227-D552BEBDFCF6}c:\\program files\\steam\\steamapps\\thebosslulu\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\thebosslulu\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{2D63CC16-9DD6-4871-865F-7167B19B68D1}c:\\program files\\steam\\steamapps\\thebosslulu\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\thebosslulu\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{CCE13EE0-EABA-472E-A9E2-71E12AFA5C8F}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= UDP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs
"UDP Query User{8F7978C1-ABC7-48A9-94BC-D5038493E2D9}c:\\program files\\flightgear\\bin\\win32\\fgfs.exe"= TCP:c:\program files\flightgear\bin\win32\fgfs.exe:fgfs
"TCP Query User{9E818321-79B3-4F00-81D3-8AEE2781D965}c:\\program files\\steam\\steamapps\\thebosslulu\\deathmatch classic\\hl.exe"= UDP:c:\program files\steam\steamapps\thebosslulu\deathmatch classic\hl.exe:Half-Life Launcher
"UDP Query User{FED6CBE3-AF7E-48C1-9F7C-DCEA98314067}c:\\program files\\steam\\steamapps\\thebosslulu\\deathmatch classic\\hl.exe"= TCP:c:\program files\steam\steamapps\thebosslulu\deathmatch classic\hl.exe:Half-Life Launcher
"TCP Query User{9EE7181A-9D11-4493-8448-151299765156}c:\\program files\\steam\\steamapps\\scauis\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\scauis\counter-strike source\hl2.exe:hl2
"UDP Query User{4F98DB9C-9510-45ED-BA72-7CBD6A79D40A}c:\\program files\\steam\\steamapps\\scauis\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\scauis\counter-strike source\hl2.exe:hl2
"TCP Query User{876F301C-8D50-4778-909A-687A9B776E63}c:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:c:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{4A0A70F4-5426-44FF-BDDA-E5A53C089C60}c:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:c:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"TCP Query User{A3580BD0-1144-4A55-BB0D-A8423BE60F89}c:\\program files\\steam\\steamapps\\scauis\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\scauis\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{551541FF-BA1B-41BD-8099-205CEB5CE368}c:\\program files\\steam\\steamapps\\scauis\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\scauis\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{EEC2DDB8-8D82-48FD-B33E-F2A38DAB3386}c:\\program files\\steam\\steamapps\\goltizg\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\goltizg\counter-strike source\hl2.exe:hl2
"UDP Query User{E497E5B0-FE99-45B5-AA91-22093EBD37AE}c:\\program files\\steam\\steamapps\\goltizg\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\goltizg\counter-strike source\hl2.exe:hl2
"TCP Query User{767EA878-39D2-4820-9756-134B14EAAC00}c:\\program files\\steam\\steamapps\\goltizg\\source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\goltizg\source dedicated server\srcds.exe:srcds
"UDP Query User{7CACDB5B-AC11-4827-BFA6-EBF62FB161AF}c:\\program files\\steam\\steamapps\\goltizg\\source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\goltizg\source dedicated server\srcds.exe:srcds
"{E65C1690-094C-4C0D-9E7F-394A63CD0FF9}"= UDP:c:\program files\WarRock\WRLauncher.exe:Launch WRLauncher.exe
"{53050C2C-AB72-46CA-ABC6-1DE9958E58D2}"= TCP:c:\program files\WarRock\WRLauncher.exe:Launch WRLauncher.exe
"{D7813FF8-5ED1-4C65-92DF-0ADEA41D6A51}"= UDP:c:\program files\WarRock\WRUpdater.exe:Launch WRUpdater.exe
"{2402E81D-B1B2-475D-8F28-774DB2B3C844}"= TCP:c:\program files\WarRock\WRUpdater.exe:Launch WRUpdater.exe
"TCP Query User{CF6C7BB9-AC01-43A2-B273-BEC8B1A3A017}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{72BA0BC9-13D6-4CE7-8ED4-6BE021543C12}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{DE6D2972-2719-4FEA-84A0-62D39FFFD368}c:\\program files\\steam\\steamapps\\goltizg\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\goltizg\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{F723381E-9167-48D1-9C40-F6BCA4E2BC99}c:\\program files\\steam\\steamapps\\goltizg\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\goltizg\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{83E60C1E-29EF-449F-BED2-1B697511E31C}c:\\users\\killer\\temp\\teamviewer3\\teamviewer.exe"= UDP:c:\users\killer\temp\teamviewer3\teamviewer.exe:teamviewer.exe
"UDP Query User{3BD9F2D9-35E8-44DA-9620-934881B3ECC5}c:\\users\\killer\\temp\\teamviewer3\\teamviewer.exe"= TCP:c:\users\killer\temp\teamviewer3\teamviewer.exe:teamviewer.exe
"{E349056E-A3E5-46CB-B072-1DE055BECE2D}"= UDP:1723:vpn
"{13355037-1968-4CEE-AFE9-3E805BE65E84}"= TCP:1723:vpn
"{12384E8F-0AF9-431D-9160-04E16049DB56}"= UDP:1701:vpn
"{04F4BB5F-756E-41B0-A0BF-A32F6E3B8464}"= TCP:1701:vpn
"TCP Query User{4A7904E2-9493-4AD4-803F-7E55006ABB68}c:\\program files\\steam\\steamapps\\goltizg\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\goltizg\day of defeat source\hl2.exe:hl2
"UDP Query User{2276CF6F-4CA1-43E6-952B-7F7329BB5798}c:\\program files\\steam\\steamapps\\goltizg\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\goltizg\day of defeat source\hl2.exe:hl2
"{69184ED1-0506-4E2B-B139-84C7DE0FBA10}"= Disabled:UDP:c:\program files\Empire Interactive\Strangelite\Starship Troopers\STGame.exe:Starship Troopers
"{ED28DD4B-676F-429D-961C-0B06391493DA}"= Disabled:TCP:c:\program files\Empire Interactive\Strangelite\Starship Troopers\STGame.exe:Starship Troopers
"TCP Query User{C52010F3-BE9D-485B-9AA6-24D411E68245}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{F1E6933C-3DF2-4256-8CA4-52569AC0BBC0}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{3D869DDC-40E6-44B1-9D6D-AA3E66BDF53A}c:\\program files\\steam\\steamapps\\goltizg\\synergy\\hl2.exe"= UDP:c:\program files\steam\steamapps\goltizg\synergy\hl2.exe:hl2
"UDP Query User{D0884577-00FF-4194-BA6D-2FADF8D16345}c:\\program files\\steam\\steamapps\\goltizg\\synergy\\hl2.exe"= TCP:c:\program files\steam\steamapps\goltizg\synergy\hl2.exe:hl2
"TCP Query User{BACF1F72-95BD-4E93-8B5D-60A44273121A}c:\\program files\\steam\\steamapps\\goltizg\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\goltizg\age of chivalry\hl2.exe:hl2
"UDP Query User{C866394A-64CD-402A-920F-B979DDA8EB5C}c:\\program files\\steam\\steamapps\\goltizg\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\goltizg\age of chivalry\hl2.exe:hl2
"TCP Query User{F6290353-B228-4227-9BA5-A4C0FE061C56}c:\\program files\\steam\\steamapps\\goltizg\\diprip warm up\\hl2.exe"= UDP:c:\program files\steam\steamapps\goltizg\diprip warm up\hl2.exe:hl2
"UDP Query User{EF5484C8-763D-4939-B3DE-C2D9470FE383}c:\\program files\\steam\\steamapps\\goltizg\\diprip warm up\\hl2.exe"= TCP:c:\program files\steam\steamapps\goltizg\diprip warm up\hl2.exe:hl2
"TCP Query User{93940591-5135-4A94-88CB-D50A28B475AC}c:\\program files\\steam\\steamapps\\goltizg\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\goltizg\zombie panic! source\hl2.exe:hl2
"UDP Query User{F9874AB2-9A13-4B80-AA8B-08B0684CEEFC}c:\\program files\\steam\\steamapps\\goltizg\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\goltizg\zombie panic! source\hl2.exe:hl2
"TCP Query User{78E13ABC-556B-453A-AAC5-161E3EF896F8}c:\\program files\\steam\\steamapps\\goltizg\\insurgency\\hl2.exe"= UDP:c:\program files\steam\steamapps\goltizg\insurgency\hl2.exe:hl2
"UDP Query User{A6A908E6-32A3-4F5D-B615-AF20CE0D8DC7}c:\\program files\\steam\\steamapps\\goltizg\\insurgency\\hl2.exe"= TCP:c:\program files\steam\steamapps\goltizg\insurgency\hl2.exe:hl2
"TCP Query User{221F5A3B-4363-4676-B2B8-E14DFB05492B}c:\\program files\\steam\\steamapps\\goltizg\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\goltizg\source sdk base\hl2.exe:hl2
"UDP Query User{8E59C87E-73F5-41BE-806F-1A21C5BBF72C}c:\\program files\\steam\\steamapps\\goltizg\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\goltizg\source sdk base\hl2.exe:hl2
"TCP Query User{DD99D91C-5B72-497C-B3B8-F10EDD79618D}c:\\program files\\steam\\steamapps\\goltizg\\source sdk base 2007\\hl2.exe"= UDP:c:\program files\steam\steamapps\goltizg\source sdk base 2007\hl2.exe:hl2
"UDP Query User{EBF8E4D6-3F39-49A0-A407-9DDB12775774}c:\\program files\\steam\\steamapps\\goltizg\\source sdk base 2007\\hl2.exe"= TCP:c:\program files\steam\steamapps\goltizg\source sdk base 2007\hl2.exe:hl2
"{09CF9494-A343-40B3-9915-D8423A9627B6}"= UDP:c:\program files\SecondLife\SecondLife.exe:SecondLife
"{074E531D-D7F1-4268-A848-8F4BA88B51FD}"= TCP:c:\program files\SecondLife\SecondLife.exe:SecondLife
"TCP Query User{2D456C4C-F71C-431A-A9DA-184D49B62FF8}c:\\program files\\free music zilla\\fmzilla.exe"= UDP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module
"UDP Query User{480FE489-76A5-4F8A-A410-313C11F396EE}c:\\program files\\free music zilla\\fmzilla.exe"= TCP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module
"TCP Query User{E8D988C5-FBD4-43B0-AEED-483F732E67AD}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{21A21C9C-DEED-4E30-8364-70A2E58CEC2C}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{A2A73605-82AA-4C48-9581-8C845233E913}c:\\program files\\tmunitedforever\\tmforever.exe"= UDP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"UDP Query User{3539C70E-03D8-4F74-AA33-06A5985B7600}c:\\program files\\tmunitedforever\\tmforever.exe"= TCP:c:\program files\tmunitedforever\tmforever.exe:TmForever
"TCP Query User{178B5B7B-4E91-48AF-8884-9F64E5B12F28}c:\\program files\\hand-crafted software\\freeproxy\\freeproxy.exe"= UDP:c:\program files\hand-crafted software\freeproxy\freeproxy.exe:FreeProxy
"UDP Query User{110566F0-87EF-4767-B37A-B5195F7A56B9}c:\\program files\\hand-crafted software\\freeproxy\\freeproxy.exe"= TCP:c:\program files\hand-crafted software\freeproxy\freeproxy.exe:FreeProxy
"TCP Query User{CE9D8B55-55F2-4BDA-AA28-671DA690A293}c:\\downloads\\dead.space. [pc.dvd].[gamestorrents.com]\\deadspace-clone\\dead.space.crack-darkc0der\\dead space.exe"= UDP:c:\downloads\dead.space. [pc.dvd].[gamestorrents.com]\deadspace-clone\dead.space.crack-darkc0der\dead space.exe:Dead Space
"UDP Query User{1D5CE7CE-FBE1-4FFD-86C7-1831136D0E04}c:\\downloads\\dead.space. [pc.dvd].[gamestorrents.com]\\deadspace-clone\\dead.space.crack-darkc0der\\dead space.exe"= TCP:c:\downloads\dead.space. [pc.dvd].[gamestorrents.com]\deadspace-clone\dead.space.crack-darkc0der\dead space.exe:Dead Space
"TCP Query User{DC54AA86-C372-4D53-8C48-D8237ED63540}c:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space
"UDP Query User{CD998B69-720B-4687-BA1F-C740C40ADC09}c:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space
"TCP Query User{7C7EEA62-6D21-4100-B7ED-A50FEC2A538D}x:\\program files\\empire interactive\\flatout2\\flatout2.exe"= UDP
\program files\empire interactive\flatout2\flatout2.exe:flatout2.exe
"UDP Query User{AEDD91AE-BA99-493B-8CFB-BD344A00C359}x:\\program files\\empire interactive\\flatout2\\flatout2.exe"= TCP
\program files\empire interactive\flatout2\flatout2.exe:flatout2.exe
"TCP Query User{19752DEE-3728-4B27-97A6-6120660FDC1F}c:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= UDP:c:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"UDP Query User{7207EF20-C687-4FEF-B4C2-7F7079165C88}c:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= TCP:c:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"TCP Query User{0750461A-92A8-47C5-823B-A98492CDB974}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{32C264FC-4D1C-48C4-90C8-EFAB237CBC7D}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{5433DB0D-1F3C-45D9-A9B6-7EBFC84034A7}x:\\program files\\codemasters\\overlord\\overlord.exe"= UDP
\program files\codemasters\overlord\overlord.exe:overlord.exe
"UDP Query User{C4C70453-B9F3-4CFC-88E3-3FE6AD7C30E0}x:\\program files\\codemasters\\overlord\\overlord.exe"= TCP
\program files\codemasters\overlord\overlord.exe:overlord.exe
"{06D62CD7-131C-4F83-A0FD-B07A22E975B8}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{A40A913D-BABC-4445-831D-035B85905105}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{7F74A43A-4DB1-495C-8B9C-00D2B98A1EE6}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{FC7FA904-4DD4-46FB-B4B1-36874BE81D0F}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{18EC1943-C429-49B4-B4CF-6194C9251819}c:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= UDP:c:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{9A4AA16F-DD40-4398-BC34-84C8D71BF21E}c:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= TCP:c:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{734F412F-C684-41E7-B84A-2D90AFE0C698}x:\\bos\\bos.exe"= UDP
\bos\bos.exe:bos.exe
"UDP Query User{A5A06849-8155-43DE-8290-12AF3DBA6ACB}x:\\bos\\bos.exe"= TCP
\bos\bos.exe:bos.exe
"TCP Query User{9DCCCB44-D92E-4DA3-AD6B-EE20816D862E}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{AFCA7027-844D-466A-B103-FCB225553978}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{3A39799B-FE81-4E6F-9C8A-F7B8BF75C1CA}c:\\users\\killer\\temp\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\users\killer\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"UDP Query User{3C0DA3D3-51FC-499C-AE55-BDB04E2E81A1}c:\\users\\killer\\temp\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\users\killer\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"{7BA2B58C-E485-41F5-A0BD-1A209385D771}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{3B9E9C16-1834-4DE3-8C4A-B5D8246A4F91}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"TCP Query User{15BCD6DD-BB7A-40B1-855A-4969EA8D03F8}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{5A1AB004-938F-4001-8E0D-5DE53AF10AE5}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{9646F915-67D2-45C3-88D7-BDC85CC95F08}x:\\program files\\atari\\boiling point\\xenus.exe"= UDP
\program files\atari\boiling point\xenus.exe:xenus.exe
"UDP Query User{A03812AD-DD4C-4386-BAB8-24767E138711}x:\\program files\\atari\\boiling point\\xenus.exe"= TCP
\program files\atari\boiling point\xenus.exe:xenus.exe
"TCP Query User{31E4CF4E-7111-456D-B97E-034D5FF113C3}c:\\program files\\maxon\\net render r11\\net render client.exe"= UDP:c:\program files\maxon\net render r11\net render client.exe:CINEMA 4D
"UDP Query User{65C5CC9A-59E9-48E3-9E6E-CC2FCC5A6653}c:\\program files\\maxon\\net render r11\\net render client.exe"= TCP:c:\program files\maxon\net render r11\net render client.exe:CINEMA 4D
"TCP Query User{9D6D60DD-144F-4C4C-BD15-1716BF4C8A08}c:\\users\\killer\\desktop\\hack\\hack\\4_floodteamspeak\\spamer.exe"= UDP:c:\users\killer\desktop\hack\hack\4_floodteamspeak\spamer.exe:spamer.exe
"UDP Query User{903DB654-305B-4109-8624-79089C0747FB}c:\\users\\killer\\desktop\\hack\\hack\\4_floodteamspeak\\spamer.exe"= TCP:c:\users\killer\desktop\hack\hack\4_floodteamspeak\spamer.exe:spamer.exe
"{174D2FD6-93E7-46AE-9865-128A55876191}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{ED123516-4F7D-423A-A95E-6A0A5C3D7CF6}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X
"{785BCCC2-B4F1-4F5D-A0C6-BAA0D7E7C1E3}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{01252791-6550-4069-B9F4-89F8A049DDBC}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X
"{BCCC47D1-7C98-4CE5-A46A-2E594D8E5267}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{4C686345-7D72-405C-AE43-E38F9A83E080}x:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= UDP
\program files\touchstone\turok\binaries\turokgame.exe:turokgame.exe
"UDP Query User{286295CE-4EEB-419A-9703-4B5F7CEE12E0}x:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= TCP
\program files\touchstone\turok\binaries\turokgame.exe:turokgame.exe
"TCP Query User{185BC2AF-A23E-4919-A1E5-016698444DE4}c:\\program files\\steam\\steamapps\\goltizg\\dystopia\\hl2.exe"= UDP:c:\program files\steam\steamapps\goltizg\dystopia\hl2.exe:hl2
"UDP Query User{A0AD447C-4610-4C58-B3B6-F8DFA511CC16}c:\\program files\\steam\\steamapps\\goltizg\\dystopia\\hl2.exe"= TCP:c:\program files\steam\steamapps\goltizg\dystopia\hl2.exe:hl2
"{4498F6F6-A0AD-4CC8-916B-2493E9222F15}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{50A408D2-B4E9-4E5F-8BC7-BCE69CC5210F}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"TCP Query User{2395E823-B988-4034-8655-4F18524715F8}c:\\aeriagames\\12sky\\twelvesky.exe"= UDP:c:\aeriagames\12sky\twelvesky.exe:TwelveSky
"UDP Query User{5716F99F-1A5A-47EA-B55F-F30E14122586}c:\\aeriagames\\12sky\\twelvesky.exe"= TCP:c:\aeriagames\12sky\twelvesky.exe:TwelveSky
"{DBE98471-46BE-4B46-9D52-C716DD91B505}"= UDP:c:\gamigo\LastChaosFra\LC.exe:LastChaos
"{56FC817A-0638-4037-B8AF-6CC6F6BD0E44}"= TCP:c:\gamigo\LastChaosFra\LC.exe:LastChaos
"TCP Query User{052B0820-D556-4744-BF1D-D7502EA70407}c:\\program files\\steam\\steamapps\\goltizg\\eternal-silence\\hl2.exe"= UDP:c:\program files\steam\steamapps\goltizg\eternal-silence\hl2.exe:hl2
"UDP Query User{977F3062-A874-4A0D-A64E-DE1F9D99E7F4}c:\\program files\\steam\\steamapps\\goltizg\\eternal-silence\\hl2.exe"= TCP:c:\program files\steam\steamapps\goltizg\eternal-silence\hl2.exe:hl2
"{1E7BF51F-1440-4C4C-B81F-6770296C0F73}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{E29923E7-E872-4238-8F58-E10D71C7D029}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{3FB78B5D-5F74-4503-9B60-D915CB6A471C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{705C95F6-1F43-43C3-9724-FEDB2D492D38}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [01/05/2009 12:16 108289]
R2 eID CRL Service;eID CRL Service;c:\windows\System32\beidservicecrl.exe [20/06/2006 13:38 225280]
R2 eID Privacy Service;eID Privacy Service;c:\windows\System32\beidservicepcsc.exe [21/06/2006 09:47 331776]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [11/01/2009 11:22 55264]
R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06/11/2007 22:22 34064]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12/02/2008 18:29 1153368]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [28/01/2009 09:39 185640]
R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/10/2008 21:53 30152]
R3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [05/12/2006 12:34 507136]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [19/12/2008 17:54 195752]
S3 mamotou;mamotou;c:\windows\System32\drivers\mamotou.sys [27/01/2008 16:50 49399]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [10/05/2009 20:17 28224]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [20/06/2005 09:12 215040]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [07/01/2008 10:37 25088]
S4 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000);c:\windows\System32\drivers\FLMckUSB.sys [16/10/2007 21:29 69810]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-09-08 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-10-16 16:38]
2009-09-08 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-10-16 16:34]
.
- - - - ORPHANS REMOVED - - - -
Notify-WB - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
mStart Page = hxxp://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_dp_id=18&x_format=redirect
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Link to &MidpX - c:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\killer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\users\killer\AppData\Roaming\Mozilla\Firefox\Profiles\fkru03hg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - WikipÃ
dia (fr)
FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla
official
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=59831&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\users\killer\AppData\Roaming\Mozilla\Firefox\Profiles\fkru03hg.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 14:04
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3791306889-1641947110-789305838-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F6AD234-A64A-D8FB-9111-B9B8B7DFD0B2}*]
"iajfjhmklemadnoheg"=hex:63,61,61,66,70,65,00,67
"hafgeggikcfmjlih"=hex:67,61,6d,6a,61,66,6d,61,63,6c,69,67,6a,6d,00,00
[HKEY_USERS\S-1-5-21-3791306889-1641947110-789305838-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:78,a6,24,c4,64,22,46,76,72,7d,4f,ae,89,0b,67,10,a7,38,80,82,a2,1c,66,
f4,8e,48,38,f0,b0,5e,7e,3b,26,f4,ef,e0,c7,d3,ba,93,7e,18,4b,36,55,b8,ac,ff,\
"??"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
[HKEY_USERS\S-1-5-21-3791306889-1641947110-789305838-1002\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:bd,93,c0,90,95,26,63,0d,48,ea,f7,68,3a,77,b6,88,af,12,71,9c,38,
59,8f,ae,6f,de,fb,bc,e1,67,a1,1d,f6,65,a5,70,54,e7,e3,01,00,7e,bb,30,f2,b5,\
"rkeysecu"=hex:f9,7d,9f,5d,26,72,89,85,3d,be,2f,36,83,23,98,69
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{21b52f18-0848-463f-9368-84968c2a61e3}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1700ff21
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{41b65253-3201-42e3-9621-ac9c7f1ed70d}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1200032f
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{449451bd-1d85-45b3-88b9-632bb8ea36d0}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1500032f
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{836f9589-7ecb-4f16-bbc2-f47f5a3e5eae}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d020054
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{941f5e83-3d4a-48f9-ad45-a1e41619a5e8}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001c25
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{ae8b5f80-f531-41b4-bb40-8007528fd4a0}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1a00032f
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{ccfa2a73-61cb-4ca0-915d-ddaf98abfb43}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1600032f
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{e2d054f6-6401-4fa2-ba19-39b453a74c83}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1400032f
"Dhcpv6State"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Completion time: 2009-09-08 14:28
ComboFix-quarantined-files.txt 2009-09-08 12:28
Pre-Run: 171 208 007 680 octets libres
Post-Run: 171 081 703 424 octets libres
482 --- E O F --- 2009-09-08 09:03