Votre question

Petite vérification !

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
18 Février 2009 21:37:12

Bonjour !
Je suspecte quelques petites méchantes bébétes sur mon ordinateur !
Est-ce le cas ?
Merci d'avance à celui qui m'aidera :) 

Voilà le rapport Hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:20, on 18/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Samsung Recovery Solution III\WCScheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\java.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Vuze\Azureus.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{029D5E5F-30D1-4033-BFB2-AFEBED6F8634}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{029D5E5F-30D1-4033-BFB2-AFEBED6F8634}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 7683 bytes

Autres pages sur : petite verification

a c 327 8 Sécurité
18 Février 2009 23:17:45

Salut,

Ton rapport HijackThis ne montre pas d'infection.

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparait à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit\.
    18 Février 2009 23:25:02

    Merci !

    Donc voilà :

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Nowis at 2009-02-18 23:18:40
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 39 GB (34%) free of 115 GB
    Total RAM: 3066 MB (39% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:18:58, on 18/02/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
    C:\Program Files\Samsung\Samsung Recovery Solution III\WCScheduler.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Hamachi\hamachi.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Vuze\Azureus.exe
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\java.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\Users\Nowis\Downloads\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Nowis.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Windows\system32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{029D5E5F-30D1-4033-BFB2-AFEBED6F8634}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{029D5E5F-30D1-4033-BFB2-AFEBED6F8634}: NameServer = 192.168.1.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\UltraVNC\WinVNC.exe

    --
    End of file - 7765 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\NeroLiveEpgUpdate-PC-de-Nowis_Nowis.job
    C:\Windows\tasks\SupBackGroundTask.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-27 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-27 34816]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-06-09 13543968]
    "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-06-09 92704]
    "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-08 6273568]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-10-26 1029416]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
    "Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-10-10 69632]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-27 136600]
    "WinVNC"=C:\Program Files\UltraVNC\WinVNC.exe [2006-07-17 364544]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-10-13 243072]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-02-04 23975720]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE [2008-11-02 167936]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    C:\Program Files\Skype\Phone\Skype.exe [2009-02-04 23975720]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    c:\program files\steam\steam.exe [2008-12-27 1410296]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

    C:\Users\Nowis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "EnableLUA"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    shell\AutoRun\command - F:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bece7be-df22-11dd-8113-001377af24e1}]
    shell\AutoRun\command - F:\setupSNK.exe


    ======List of files/folders created in the last 1 months======

    2009-02-18 23:18:40 ----D---- C:\rsit
    2009-02-18 21:35:13 ----D---- C:\Program Files\Trend Micro
    2009-02-18 20:53:22 ----D---- C:\Program Files\eMule
    2009-02-18 20:01:39 ----D---- C:\Windows\temp
    2009-02-18 20:01:38 ----A---- C:\ComboFix.txt
    2009-02-18 19:54:20 ----D---- C:\ComboFix
    2009-02-18 19:16:24 ----A---- C:\Windows\APDFPRP.INI
    2009-02-18 19:16:21 ----D---- C:\Program Files\ElcomSoft
    2009-02-17 23:23:49 ----A---- C:\Windows\zip.exe
    2009-02-17 23:23:49 ----A---- C:\Windows\VFIND.exe
    2009-02-17 23:23:49 ----A---- C:\Windows\SWXCACLS.exe
    2009-02-17 23:23:49 ----A---- C:\Windows\SWSC.exe
    2009-02-17 23:23:49 ----A---- C:\Windows\SWREG.exe
    2009-02-17 23:23:49 ----A---- C:\Windows\sed.exe
    2009-02-17 23:23:49 ----A---- C:\Windows\NIRCMD.exe
    2009-02-17 23:23:49 ----A---- C:\Windows\grep.exe
    2009-02-17 23:23:49 ----A---- C:\Windows\fdsv.exe
    2009-02-17 23:22:40 ----D---- C:\Windows\ERDNT
    2009-02-17 23:22:40 ----D---- C:\Qoobox
    2009-02-17 22:41:43 ----A---- C:\Windows\ntbtlog.txt
    2009-02-17 22:40:31 ----D---- C:\Users\Nowis\AppData\Roaming\Malwarebytes
    2009-02-17 22:40:26 ----D---- C:\ProgramData\Malwarebytes
    2009-02-17 22:40:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-02-17 22:07:22 ----A---- C:\IP.txt
    2009-02-17 21:59:49 ----D---- C:\Users\Nowis\AppData\Roaming\Anakin Software
    2009-02-17 21:59:34 ----A---- C:\Windows\system32\VB5DB.DLL
    2009-02-17 18:05:26 ----D---- C:\Program Files\Common Files\Skype
    2009-02-17 18:05:25 ----RD---- C:\Program Files\Skype
    2009-02-16 21:57:43 ----D---- C:\Users\Nowis\AppData\Roaming\Samsung
    2009-02-16 20:50:41 ----D---- C:\Users\Nowis\AppData\Roaming\FileZilla
    2009-02-16 20:50:35 ----D---- C:\Program Files\FileZilla FTP Client
    2009-02-16 20:44:23 ----D---- C:\Users\Nowis\AppData\Roaming\IrfanView
    2009-02-16 11:34:01 ----D---- C:\Program Files\Hamachi
    2009-02-15 19:53:11 ----D---- C:\ProgramData\Marginal Team
    2009-02-15 02:42:48 ----A---- C:\Windows\system32\EncDec.dll
    2009-02-15 02:42:47 ----A---- C:\Windows\system32\psisdecd.dll
    2009-02-11 21:42:24 ----D---- C:\Users\Nowis\AppData\Roaming\ABBYY
    2009-02-11 21:39:39 ----D---- C:\Program Files\Common Files\ABBYY
    2009-02-11 21:38:39 ----D---- C:\ProgramData\ABBYY
    2009-02-11 21:38:39 ----D---- C:\Program Files\ABBYY FineReader 9.0
    2009-02-11 19:36:55 ----D---- C:\Program Files\MSECache
    2009-02-11 03:00:58 ----D---- C:\Windows\SQL9_KB960089_ENU
    2009-02-10 19:16:48 ----A---- C:\Windows\system32\mshtml.dll
    2009-02-10 19:16:47 ----A---- C:\Windows\system32\wininet.dll
    2009-02-10 19:16:47 ----A---- C:\Windows\system32\urlmon.dll
    2009-02-10 19:16:47 ----A---- C:\Windows\system32\msfeeds.dll
    2009-02-10 19:16:47 ----A---- C:\Windows\system32\iertutil.dll
    2009-02-10 19:16:47 ----A---- C:\Windows\system32\ieframe.dll
    2009-02-10 19:16:46 ----A---- C:\Windows\system32\mstime.dll
    2009-02-10 19:16:46 ----A---- C:\Windows\system32\jsproxy.dll
    2009-02-09 18:47:33 ----A---- C:\Windows\system32\CmdLineExt.dll
    2009-02-08 21:36:21 ----D---- C:\Program Files\VirginMega
    2009-02-08 21:35:39 ----D---- C:\ProgramData\Downloaded Installations
    2009-02-06 18:52:40 ----A---- C:\Windows\system32\sirenacm.dll
    2009-02-03 20:00:53 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
    2009-02-02 21:06:44 ----D---- C:\ProgramData\Blizzard
    2009-02-02 17:49:30 ----D---- C:\Users\Nowis\AppData\Roaming\Apple Computer
    2009-02-02 17:48:50 ----DC---- C:\Windows\system32\DRVSTORE
    2009-02-02 17:48:50 ----A---- C:\Windows\system32\GEARAspi.dll
    2009-02-02 17:48:39 ----D---- C:\Program Files\iPod
    2009-02-02 17:48:38 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-02-02 17:48:38 ----D---- C:\Program Files\iTunes
    2009-02-02 17:47:33 ----D---- C:\Program Files\Common Files\Apple
    2009-02-02 17:43:20 ----D---- C:\Program Files\QuickTime
    2009-02-02 17:43:19 ----D---- C:\ProgramData\Apple Computer
    2009-01-24 14:24:16 ----D---- C:\Program Files\IncrediMail
    2009-01-24 13:29:24 ----D---- C:\ProgramData\IM
    2009-01-24 13:29:21 ----D---- C:\ProgramData\IncrediMail
    2009-01-22 18:25:35 ----D---- C:\Users\Nowis\AppData\Roaming\Intel
    2009-01-22 16:24:39 ----D---- C:\ProgramData\aHisoft
    2009-01-22 16:24:21 ----D---- C:\Program Files\aHisoft
    2009-01-21 16:24:57 ----D---- C:\Windows\Sun

    ======List of files/folders modified in the last 1 months======

    2009-02-18 23:18:48 ----D---- C:\Users\Nowis\AppData\Roaming\Azureus
    2009-02-18 23:10:11 ----D---- C:\Users\Nowis\AppData\Roaming\Hamachi
    2009-02-18 22:56:31 ----D---- C:\Users\Nowis\AppData\Roaming\Skype
    2009-02-18 22:50:18 ----D---- C:\Program Files\Mozilla Firefox
    2009-02-18 21:35:13 ----RD---- C:\Program Files
    2009-02-18 21:16:38 ----SHD---- C:\System Volume Information
    2009-02-18 21:11:49 ----D---- C:\Windows\System32
    2009-02-18 20:54:05 ----D---- C:\ProgramData\eMule
    2009-02-18 20:01:45 ----D---- C:\Windows\system32\fr-FR
    2009-02-18 20:01:39 ----D---- C:\Windows
    2009-02-18 19:58:43 ----A---- C:\Windows\system.ini
    2009-02-18 19:57:46 ----D---- C:\Windows\system32\drivers
    2009-02-18 19:57:46 ----D---- C:\Windows\AppPatch
    2009-02-18 19:57:46 ----D---- C:\Program Files\Common Files
    2009-02-18 19:55:38 ----D---- C:\Windows\Prefetch
    2009-02-18 18:54:19 ----D---- C:\Users\Nowis\AppData\Roaming\skypePM
    2009-02-17 23:25:24 ----SHD---- C:\Windows\Installer
    2009-02-17 23:25:24 ----HD---- C:\Config.Msi
    2009-02-17 23:24:16 ----D---- C:\Program Files\Common Files\microsoft shared
    2009-02-17 22:40:26 ----HD---- C:\ProgramData
    2009-02-17 22:09:55 ----D---- C:\Program Files\Steam
    2009-02-17 21:59:33 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-02-17 18:05:26 ----D---- C:\ProgramData\Skype
    2009-02-16 21:57:58 ----SD---- C:\Users\Nowis\AppData\Roaming\Microsoft
    2009-02-16 00:22:17 ----D---- C:\Windows\system32\catroot2
    2009-02-15 11:06:46 ----D---- C:\Program Files\Windows Live Safety Center
    2009-02-15 03:03:30 ----D---- C:\Windows\Microsoft.NET
    2009-02-15 03:03:19 ----RSD---- C:\Windows\assembly
    2009-02-15 03:00:53 ----D---- C:\Windows\winsxs
    2009-02-15 03:00:53 ----D---- C:\Windows\ehome
    2009-02-15 02:38:18 ----D---- C:\Windows\system32\catroot
    2009-02-11 19:33:33 ----D---- C:\Windows\inf
    2009-02-11 19:33:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-02-11 03:03:56 ----D---- C:\ProgramData\Microsoft Help
    2009-02-11 03:01:19 ----D---- C:\Program Files\Microsoft SQL Server
    2009-02-11 03:00:34 ----D---- C:\Program Files\Windows Mail
    2009-02-09 18:01:42 ----D---- C:\Program Files\Bonjour
    2009-02-07 20:51:44 ----D---- C:\Program Files\Common Files\Steam
    2009-02-07 19:41:41 ----D---- C:\Program Files\Messenger Plus! Live
    2009-02-04 00:21:12 ----A---- C:\Windows\system32\mrt.exe
    2009-02-02 12:32:23 ----D---- C:\Program Files\Dofus
    2009-01-28 13:13:10 ----D---- C:\Program Files\Vuze
    2009-01-25 18:11:06 ----RSD---- C:\Windows\Fonts

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
    R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
    R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-11-02 56572]
    R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
    R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2008-12-27 5632]
    R2 KMDFMEMIO;SAMSUNG Kernel Driver; C:\Windows\system32\DRIVERS\kmdfmemio.sys [2007-05-23 13312]
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
    R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
    R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-02-16 25280]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-07 2152088]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-06-25 3662848]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-08-05 44576]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-09 7522624]
    R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-10-26 193456]
    R3 VMC302;Vimicro Camera Service VMC302; C:\Windows\System32\Drivers\VMC302.sys [2008-06-05 242048]
    R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-06-27 303616]
    S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
    S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
    S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
    S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
    S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
    S3 btwaudio;Périphérique audio Bluetooth; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
    S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-15 80936]
    S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-15 16168]
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
    S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
    S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
    S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
    S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-09-26 35472]
    S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-09-26 37392]
    S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-09-26 28816]
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
    S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
    S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-02-21 50688]
    S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
    S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
    S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
    S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
    S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
    S3 xnacc;Contrôleur XBOX 360 pour le service de pilote Windows; C:\Windows\system32\DRIVERS\xnacc.sys [2008-01-21 521216]
    S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
    S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
    S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
    S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
    R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
    R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
    R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-07-10 819200]
    R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]
    R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
    R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-09 196608]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
    R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-07-10 466944]
    R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
    R2 SQLWriter;Enregistreur VSS SQL Server; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
    R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
    S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
    S2 winvnc;VNC Server; C:\Program Files\UltraVNC\WinVNC.exe [2006-07-17 364544]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-28 654848]
    S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
    S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-11-07 121360]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-02-07 316664]
    S4 cron;Cron daemon; C:\cyg\bin\cygrunsrv.exe []
    S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-13 45272]

    -----------------EOF-----------------







    info.txt logfile of random's system information tool 1.05 2009-02-18 23:19:01

    ======Uninstall list======

    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
    32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
    ABBYY FineReader 9.0 Professional Edition-->MsiExec.exe /I{F9000000-0001-0000-0000-074957833700}
    Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
    Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
    Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
    Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
    Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
    Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
    Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
    Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
    Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
    Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
    Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    Agere Systems HDA Modem-->agrsmdel
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    Atheros WLAN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04983D37-2202-4295-94A2-8B547C66133F}\setup.exe" -l0x9
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
    CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
    Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
    Dofus 1.26.0-->C:\Program Files\Dofus\uninstall.exe
    Easy Battery Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}\setup.exe" -l0x9 Remove
    Easy Display Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -l0x9 -removeonly
    Easy Network Manager 4.0-->C:\Program Files\InstallShield Installation Information\{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}\setup.exe -runfromtemp -l0x040c
    Easy SpeedUp Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF367AA4-070B-493C-9575-85BE59D789C9}\setup.exe" -l0x9 Remove
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    Favorit-->c:\users\nowis\appdata\local\wohphx.bat
    Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}
    FileZilla Client 3.2.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
    Futoshiki-->C:\Program Files\Micro Application\Futoshiki\Desinstalleur.exe
    GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)-->C:\Windows\SQL9_KB960089_ENU\Hotfix.exe /Uninstall
    Gestionnaire de contacts professionnels pour Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {69ca8988-1c6c-4285-b8af-db780a6e42af}
    Gestionnaire de contacts professionnels pour Outlook 2007 SP1-->MsiExec.exe /X{69CA8988-1C6C-4285-B8AF-DB780A6E42AF}
    Guitar Hero III-->MsiExec.exe /I{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}
    Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
    HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
    HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
    HP Photosmart All-In-One Software 8.0-->C:\Program Files\HP\Digital Imaging\{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}\setup\hpzscr01.exe -datfile hposcr13.dat
    HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
    HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
    HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
    HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
    HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
    imagine digital freedom - Samsung-->MsiExec.exe /X{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}
    IncrediMail JunkFilter Plus-->C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:JunkFilterPlus
    IncrediMail-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
    Intel PROSet Wireless-->Intel PROSet Wireless
    Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
    iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
    KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
    Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x040c -removeonly
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Micro Application - Compil 100pc Détente-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B21FB712-1B08-47B3-B1A1-44D6EF100786}\setup.exe" -l0x40c
    Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A4040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft SOAP Toolkit 2.0 SP2-->MsiExec.exe /I{36BEAD11-8577-49AD-9250-E06A50AE87B0}
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{480DBB60-F0B6-45F2-B26F-1A2E11197791}
    Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
    Microsoft SQL Server Native Client-->MsiExec.exe /I{9C7E944F-4502-40B8-A0AB-66B2FA9EE829}
    Microsoft SQL Server VSS Writer-->MsiExec.exe /I{75FF1600-6330-43FA-9022-E0835BF20778}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Patch The Bloody Sword 1-->D:\Jeux\World of Warcraft\Data\frFR\Uninstall.exe
    PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    PlayCamera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}\setup.exe" -l0x40c
    PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
    QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -removeonly
    Samsung Magic Doctor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}\Setup.exe" -l0x9 Remove
    SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
    Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
    Samsung Recovery Solution III-->"C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe" -runfromtemp -l0x040c -removeonly
    Samsung Update Plus-->"C:\Program Files\InstallShield Installation Information\{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}\setup.exe" -runfromtemp -l0x0409 -removeonly
    Samsung Update Plus-->MsiExec.exe /X{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
    Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
    Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
    Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
    Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
    Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
    Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
    Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    UltraVNC v1.0.2 Fr-->"C:\Program Files\UltraVNC\unins000.exe"
    Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118}
    Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Office 2007 (KB946691)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}
    Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}
    User Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}\setup.exe" -l0x9 Remove
    VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Vimicro UVC Camera-->C:\Program Files\InstallShield Installation Information\{71A51B09-E7D3-11DB-A386-005056C00008}\setup.exe -runfromtemp -l0x0009 -removeonly
    VirginMega.Fr Premium-->MsiExec.exe /I{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}
    Vuze-->C:\Program Files\Vuze\uninstall.exe
    Wakfu-->C:\Program Files\Wakfu\uninstall.exe
    WIDCOMM Bluetooth Software 6.0.1.6300-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
    Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

    ======Security center information======

    AS: Windows Defender

    System event log

    Computer Name: PC-de-Nowis
    Event Code: 4201
    Message: Le système a détecté que la carte réseau Loopback Pseudo-Interface 1 était connectée au réseau, et a lancé une opération normale.
    Record Number: 22685
    Source Name: Tcpip
    Time Written: 20090121152236.356076-000
    Event Type: Information
    User:

    Computer Name: PC-de-Nowis
    Event Code: 4201
    Message: Le système a détecté que la carte réseau Loopback Pseudo-Interface 1 était connectée au réseau, et a lancé une opération normale.
    Record Number: 22686
    Source Name: Tcpip
    Time Written: 20090121152236.356076-000
    Event Type: Information
    User:

    Computer Name: PC-de-Nowis
    Event Code: 83
    Message: Port A is down
    Record Number: 22687
    Source Name: yukonwlh
    Time Written: 20090121152237.791285-000
    Event Type: Information
    User:

    Computer Name: PC-de-Nowis
    Event Code: 4201
    Message: Le système a détecté que la carte réseau Connexion réseau sans fil était connectée au réseau, et a lancé une opération normale.
    Record Number: 22688
    Source Name: Tcpip
    Time Written: 20090121152258.376346-000
    Event Type: Information
    User:

    Computer Name: PC-de-Nowis
    Event Code: 4201
    Message: Le système a détecté que la carte réseau Connexion réseau sans fil était connectée au réseau, et a lancé une opération normale.
    Record Number: 22689
    Source Name: Tcpip
    Time Written: 20090121152258.376346-000
    Event Type: Information
    User:

    Application event log

    Computer Name: PC-de-Nowis
    Event Code: 9013
    Message: Le Gestionnaire de fenêtrage n’a pas pu démarrer, car la composition du Bureau a été désactivée par une application en cours d’exécution
    Record Number: 24753
    Source Name: Desktop Window Manager
    Time Written: 20090218203748.000000-000
    Event Type: Information
    User:

    Computer Name: PC-de-Nowis
    Event Code: 9010
    Message: Une demande de désactivation du Gestionnaire de fenêtrage a été effectuée par le processus (World of Warcraft)
    Record Number: 24754
    Source Name: Desktop Window Manager
    Time Written: 20090218203753.000000-000
    Event Type: Information
    User:

    Computer Name: PC-de-Nowis
    Event Code: 9013
    Message: Le Gestionnaire de fenêtrage n’a pas pu démarrer, car la composition du Bureau a été désactivée par une application en cours d’exécution
    Record Number: 24755
    Source Name: Desktop Window Manager
    Time Written: 20090218203753.000000-000
    Event Type: Information
    User:

    Computer Name: PC-de-Nowis
    Event Code: 9010
    Message: Une demande de désactivation du Gestionnaire de fenêtrage a été effectuée par le processus (World of Warcraft)
    Record Number: 24756
    Source Name: Desktop Window Manager
    Time Written: 20090218203757.000000-000
    Event Type: Information
    User:

    Computer Name: PC-de-Nowis
    Event Code: 9013
    Message: Le Gestionnaire de fenêtrage n’a pas pu démarrer, car la composition du Bureau a été désactivée par une application en cours d’exécution
    Record Number: 24757
    Source Name: Desktop Window Manager
    Time Written: 20090218203757.000000-000
    Event Type: Information
    User:

    Security event log

    Computer Name: PC-de-Nowis
    Event Code: 5038
    Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

    Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
    Record Number: 10120
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090218221854.184000-000
    Event Type: Échec de l'audit
    User:

    Computer Name: PC-de-Nowis
    Event Code: 5038
    Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

    Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
    Record Number: 10121
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090218221854.211000-000
    Event Type: Échec de l'audit
    User:

    Computer Name: PC-de-Nowis
    Event Code: 5038
    Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

    Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
    Record Number: 10122
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090218221854.256000-000
    Event Type: Échec de l'audit
    User:

    Computer Name: PC-de-Nowis
    Event Code: 5038
    Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

    Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
    Record Number: 10123
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090218221854.292000-000
    Event Type: Échec de l'audit
    User:

    Computer Name: PC-de-Nowis
    Event Code: 5038
    Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

    Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
    Record Number: 10124
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090218221854.318000-000
    Event Type: Échec de l'audit
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\WiFi\bin;C:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\Bitvise Tunnelier;C:\Program Files\QuickTime\QTSystem
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
    "PROCESSOR_REVISION"=0f0d
    "NUMBER_OF_PROCESSORS"=2
    "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
    "DFSTRACINGON"=FALSE
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

    -----------------EOF-----------------
    Contenus similaires
    a c 327 8 Sécurité
    18 Février 2009 23:36:10

    Tu peux me poster le rapport de ComboFix ? : C:\ComboFix.txt
    18 Février 2009 23:37:13

    Voilà :

    ComboFix 09-02-17.02 - Nowis 2009-02-18 19:55:30.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3066.845 [GMT 1:00]
    Lancé depuis: c:\users\Nowis\Desktop\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-18 au 2009-02-18 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-18 19:16 . 2009-02-18 19:16 <REP> d-------- c:\program files\ElcomSoft
    2009-02-18 19:16 . 2009-02-18 19:16 892 --a------ c:\windows\APDFPRP.INI
    2009-02-17 22:40 . 2009-02-17 22:40 <REP> d-------- c:\users\Nowis\AppData\Roaming\Malwarebytes
    2009-02-17 22:40 . 2009-02-17 22:40 <REP> d-------- c:\users\All Users\Malwarebytes
    2009-02-17 22:40 . 2009-02-17 22:40 <REP> d-------- c:\programdata\Malwarebytes
    2009-02-17 22:40 . 2009-02-17 22:40 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-02-17 22:40 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
    2009-02-17 22:40 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
    2009-02-17 21:59 . 2009-02-17 21:59 <REP> d-------- c:\users\Nowis\AppData\Roaming\Anakin Software
    2009-02-17 21:59 . 1998-06-18 00:00 89,360 --a------ c:\windows\System32\VB5DB.DLL
    2009-02-17 18:05 . 2009-02-17 18:05 <REP> dr------- c:\program files\Skype
    2009-02-17 18:05 . 2009-02-17 18:05 <REP> d-------- c:\program files\Common Files\Skype
    2009-02-16 21:57 . 2009-02-16 21:57 <REP> d-------- c:\users\Nowis\AppData\Roaming\Samsung
    2009-02-16 20:50 . 2009-02-18 19:13 <REP> d-------- c:\users\Nowis\AppData\Roaming\FileZilla
    2009-02-16 20:50 . 2009-02-16 20:51 <REP> d-------- c:\program files\FileZilla FTP Client
    2009-02-16 20:44 . 2009-02-16 20:44 <REP> d-------- c:\users\Nowis\AppData\Roaming\IrfanView
    2009-02-16 11:34 . 2009-02-16 11:34 <REP> d-------- c:\program files\Hamachi
    2009-02-16 11:34 . 2009-02-16 11:34 25,280 --a------ c:\windows\System32\drivers\hamachi.sys
    2009-02-15 19:53 . 2009-02-15 19:53 <REP> d-------- c:\users\All Users\Marginal Team
    2009-02-15 19:53 . 2009-02-15 19:53 <REP> d-------- c:\programdata\Marginal Team
    2009-02-15 02:42 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
    2009-02-15 02:42 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
    2009-02-15 02:42 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
    2009-02-15 02:42 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
    2009-02-15 02:42 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
    2009-02-11 21:42 . 2009-02-11 21:42 <REP> d-------- c:\users\Nowis\AppData\Roaming\ABBYY
    2009-02-11 21:39 . 2009-02-11 21:39 <REP> d-------- c:\program files\Common Files\ABBYY
    2009-02-11 21:38 . 2009-02-11 21:38 <REP> d-------- c:\users\All Users\ABBYY
    2009-02-11 21:38 . 2009-02-11 21:38 <REP> d-------- c:\programdata\ABBYY
    2009-02-11 21:38 . 2009-02-11 21:42 <REP> d-------- c:\program files\ABBYY FineReader 9.0
    2009-02-11 19:36 . 2009-02-11 19:36 <REP> d-------- c:\program files\MSECache
    2009-02-11 03:00 . 2009-02-11 03:00 <REP> d-------- c:\windows\SQL9_KB960089_ENU
    2009-02-10 19:16 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
    2009-02-10 19:16 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
    2009-02-09 18:47 . 2009-02-09 18:47 107,888 --a------ c:\windows\System32\CmdLineExt.dll
    2009-02-08 21:36 . 2009-02-08 21:36 <REP> d-------- c:\program files\VirginMega
    2009-02-08 21:35 . 2009-02-08 21:35 <REP> d-------- c:\users\All Users\Downloaded Installations
    2009-02-08 21:35 . 2009-02-08 21:35 <REP> d-------- c:\programdata\Downloaded Installations
    2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll
    2009-02-03 20:00 . 2009-02-03 20:00 <REP> d-------- c:\program files\Common Files\Blizzard Entertainment
    2009-02-02 21:06 . 2009-02-02 21:06 <REP> d-------- c:\users\All Users\Blizzard
    2009-02-02 21:06 . 2009-02-02 21:06 <REP> d-------- c:\programdata\Blizzard
    2009-02-02 17:49 . 2009-02-02 17:49 <REP> d-------- c:\users\Nowis\AppData\Roaming\Apple Computer
    2009-02-02 17:48 . 2009-02-02 17:48 <REP> d----c--- c:\windows\System32\DRVSTORE
    2009-02-02 17:48 . 2009-02-02 17:48 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-02-02 17:48 . 2009-02-02 17:48 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2009-02-02 17:48 . 2009-02-02 17:48 <REP> d-------- c:\program files\iTunes
    2009-02-02 17:48 . 2009-02-02 17:48 <REP> d-------- c:\program files\iPod
    2009-02-02 17:48 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
    2009-02-02 17:48 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
    2009-02-02 17:47 . 2009-02-02 17:48 <REP> d-------- c:\program files\Common Files\Apple
    2009-02-02 17:43 . 2009-02-02 17:48 <REP> d-------- c:\users\All Users\Apple Computer
    2009-02-02 17:43 . 2009-02-02 17:48 <REP> d-------- c:\programdata\Apple Computer
    2009-02-02 17:43 . 2009-02-02 17:43 <REP> d-------- c:\program files\QuickTime
    2009-01-24 19:47 . 2009-01-24 19:47 3,120 --a------ c:\windows\MF_C426.lfa
    2009-01-24 19:44 . 2009-01-24 19:44 3,120 --a------ c:\windows\MF_C432.lfa
    2009-01-24 19:44 . 2009-01-24 19:44 3,120 --a------ c:\windows\MF_C425.lfa
    2009-01-24 19:44 . 2009-01-24 19:44 3,120 --a------ c:\windows\MF_C421.lfa
    2009-01-24 19:44 . 2009-01-24 19:44 3,120 --a------ c:\windows\MF_C420.lfa
    2009-01-24 14:24 . 2009-01-24 19:52 <REP> d-------- c:\program files\IncrediMail
    2009-01-24 13:29 . 2009-01-24 13:29 <REP> d-------- c:\users\All Users\IncrediMail
    2009-01-24 13:29 . 2009-01-24 13:30 <REP> d-------- c:\users\All Users\IM
    2009-01-24 13:29 . 2009-01-24 13:29 <REP> d-------- c:\programdata\IncrediMail
    2009-01-24 13:29 . 2009-01-24 13:30 <REP> d-------- c:\programdata\IM
    2009-01-22 18:25 . 2009-01-22 18:25 <REP> d-------- c:\users\Nowis\AppData\Roaming\Intel
    2009-01-22 16:24 . 2009-01-22 16:24 <REP> d-------- c:\users\All Users\aHisoft
    2009-01-22 16:24 . 2009-01-22 16:24 <REP> d-------- c:\programdata\aHisoft
    2009-01-22 16:24 . 2009-01-22 16:24 <REP> d-------- c:\program files\aHisoft
    2009-01-21 16:24 . 2009-01-21 16:24 <REP> d-------- c:\windows\Sun
    2009-01-20 12:27 . 2009-01-20 12:27 1,905 --a------ c:\windows\diagwrn.xml
    2009-01-20 12:27 . 2009-01-20 12:27 1,905 --a------ c:\windows\diagerr.xml

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-18 18:58 --------- d-----w c:\users\Nowis\AppData\Roaming\Hamachi
    2009-02-18 18:58 --------- d-----w c:\users\Nowis\AppData\Roaming\Azureus
    2009-02-18 18:43 --------- d-----w c:\users\Nowis\AppData\Roaming\Skype
    2009-02-18 17:54 --------- d-----w c:\users\Nowis\AppData\Roaming\skypePM
    2009-02-17 22:22 126,177 ----a-w c:\users\All Users\nvModes.dat
    2009-02-17 22:22 126,177 ----a-w c:\programdata\nvModes.dat
    2009-02-17 21:09 --------- d-----w c:\program files\Steam
    2009-02-17 20:59 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-17 17:05 --------- d-----w c:\programdata\Skype
    2009-02-15 10:06 --------- d-----w c:\program files\Windows Live Safety Center
    2009-02-11 02:03 --------- d-----w c:\programdata\Microsoft Help
    2009-02-11 02:01 --------- d-----w c:\program files\Microsoft SQL Server
    2009-02-11 02:00 --------- d-----w c:\program files\Windows Mail
    2009-02-09 17:01 --------- d-----w c:\program files\Bonjour
    2009-02-07 19:51 --------- d-----w c:\program files\Common Files\Steam
    2009-02-07 18:41 --------- d-----w c:\program files\Messenger Plus! Live
    2009-02-02 11:32 --------- d-----w c:\program files\Dofus
    2009-01-28 12:13 --------- d-----w c:\program files\Vuze
    2009-01-25 16:36 --------- d-----w c:\programdata\eMule
    2009-01-18 19:53 --------- d-----w c:\program files\Wakfu
    2009-01-16 17:49 --------- d-----w c:\program files\EA Games
    2009-01-13 15:38 --------- d-----w c:\users\Administrateur\AppData\Roaming\HP
    2009-01-13 15:37 --------- d-----w c:\users\Administrateur\AppData\Roaming\Logitech
    2009-01-12 13:38 --------- d-----w c:\programdata\HP Product Assistant
    2009-01-12 05:14 --------- d-----w c:\program files\PowerISO
    2009-01-10 20:22 --------- d-----w c:\users\Nowis\AppData\Roaming\Nero
    2009-01-10 13:11 --------- d-----w c:\program files\Common Files\Nero
    2009-01-10 12:56 --------- d-----w c:\program files\Nero
    2009-01-10 12:49 --------- d-----w c:\programdata\Nero
    2009-01-07 15:36 --------- d-----w c:\users\Nowis\AppData\Roaming\Image Zone Express
    2009-01-06 16:16 --------- d-----w c:\users\Nowis\AppData\Roaming\vlc
    2009-01-05 19:09 --------- d-----w c:\users\Nowis\AppData\Roaming\HP
    2009-01-05 19:01 --------- d-----w c:\programdata\HP
    2009-01-05 19:00 --------- d-----w c:\program files\Hewlett-Packard
    2009-01-05 14:54 --------- d-----w c:\users\Nowis\AppData\Roaming\Printer Info Cache
    2009-01-05 14:04 --------- d-----w c:\programdata\WEBREG
    2009-01-05 06:21 --------- d-----w c:\program files\VideoLAN
    2009-01-04 15:05 --------- d-----w c:\programdata\Hewlett-Packard
    2009-01-03 15:45 --------- d-----w c:\program files\Micro Application
    2009-01-03 15:40 --------- d-----w c:\program files\HP
    2009-01-03 15:40 --------- d-----w c:\program files\Common Files\HP
    2009-01-03 15:37 --------- d-----w c:\programdata\HPSSUPPLY
    2009-01-03 15:36 --------- d-----w c:\program files\Common Files\Hewlett-Packard
    2009-01-03 13:17 --------- d-----w c:\program files\MSBuild
    2009-01-03 13:14 --------- d-----w c:\program files\Microsoft Visual Studio 8
    2009-01-01 19:05 --------- d-----w c:\programdata\Apple
    2009-01-01 19:05 --------- d-----w c:\program files\Apple Software Update
    2009-01-01 18:53 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2008-12-28 23:50 --------- d-----w c:\program files\Common Files\Adobe
    2008-12-28 22:38 --------- d-----w c:\programdata\FLEXnet
    2008-12-28 22:26 --------- d-----w c:\program files\Common Files\Macrovision Shared
    2008-12-28 15:07 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
    2008-12-28 14:39 --------- d--h--r c:\users\Nowis\AppData\Roaming\SecuROM
    2008-12-28 14:21 --------- d-----w c:\program files\Aspyr
    2008-12-28 14:14 --------- d-----w c:\program files\MSXML 4.0
    2008-12-27 22:23 --------- d-----w c:\program files\Windows Live SkyDrive
    2008-12-27 22:23 --------- d-----w c:\program files\Windows Live
    2008-12-27 22:23 --------- d-----w c:\program files\Microsoft
    2008-12-27 22:19 --------- d-----w c:\program files\Common Files\Windows Live
    2008-12-27 22:09 --------- d-----w c:\program files\UltraVNC
    2008-12-27 19:14 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
    2008-12-27 18:42 410,984 ----a-w c:\windows\System32\deploytk.dll
    2008-12-27 18:42 --------- d-----w c:\program files\Java
    2008-12-27 18:22 --------- d-----w c:\program files\Samsung
    2008-12-27 18:21 --------- d-----w c:\users\Nowis\AppData\Roaming\Logitech
    2008-12-27 18:21 --------- d-----w c:\programdata\LogiShrd
    2008-12-27 18:20 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
    2008-12-27 18:20 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2008-12-27 18:20 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2008-12-27 18:20 --------- d-----w c:\program files\Common Files\Logishrd
    2008-12-27 18:19 --------- d-----w c:\programdata\Logitech
    2008-12-27 18:19 --------- d-----w c:\program files\Logitech
    2008-12-27 18:07 --------- d-----w c:\programdata\Messenger Plus!
    2008-12-27 17:28 --------- d-----w c:\programdata\Azureus
    2008-12-27 17:26 --------- d-----w c:\program files\Common Files\i4j_jres
    2008-12-27 16:24 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
    2008-12-27 16:22 --------- d-----w c:\programdata\WLInstaller
    2008-12-27 16:00 --------- d-----w c:\programdata\McAfee
    2008-12-27 15:29 --------- d-----w c:\programdata\Avira
    2008-12-27 15:29 --------- d-----w c:\program files\Avira
    2008-12-27 15:00 --------- d-sh--w c:\programdata\Modèles
    2008-12-27 15:00 --------- d-sh--w c:\programdata\Menu Démarrer
    2008-12-27 15:00 --------- d-sh--w c:\programdata\Favoris
    2008-12-27 15:00 --------- d-sh--w c:\programdata\Bureau
    2008-12-27 15:00 --------- d-sh--w c:\program files\Fichiers communs
    2008-12-12 10:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
    2008-12-12 10:11 61,440 ----a-w c:\windows\System32\dnssd.dll
    2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-17_23.29.23,91 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-02-17 22:28:47 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2009-02-18 18:22:53 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2009-02-18 18:22:53 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2009-02-17 22:25:46 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
    + 2009-02-18 18:55:18 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
    + 2009-02-18 18:55:18 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
    - 2009-02-17 21:13:44 220,338 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-02-18 17:54:28 224,170 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-10-13 243072]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-27 136600]
    "WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2006-07-17 364544]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-07-08 c:\windows\RtHDVCpl.exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]

    c:\users\Nowis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-02-16 625952]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-02-12 723496]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-27 809488]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2009-01-06 13:06 290088 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    --a------ 2008-11-02 09:38 167936 c:\program files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2009-02-04 12:27 23975720 c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2008-12-27 17:35 1410296 c:\program files\Steam\Steam.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{7D53909F-6FB4-4312-97AB-CB480A633FAE}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "TCP Query User{965CA0C1-28E7-435E-8671-1CAA6A24DF0B}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
    "UDP Query User{8066D190-01D6-4DF3-98AB-63A2AD4736F7}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
    "{D9125318-7737-4FEE-A6AF-7D066B390FF8}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "TCP Query User{F9CBFFAD-B212-4C54-902C-AC637D2E53B5}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
    "UDP Query User{A9E4FA45-EA5E-4DFF-8901-B183CB4E098D}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
    "{A5B62C82-504E-4A19-8D46-4A5187C3C8AC}"= UDP:c:\users\Nowis\Desktop\OGameAutomizer\OGameAutomizer.exe:o GameAutomizer
    "{C751ED8F-0B83-4353-9003-B1210810320A}"= TCP:c:\users\Nowis\Desktop\OGameAutomizer\OGameAutomizer.exe:o GameAutomizer
    "{5C9EB210-B544-461C-AE87-BE54C80F868D}"= UDP:c:\users\Nowis\Desktop\Ogame\OGameAutomizer.exe:o GameAutomizer
    "{08590A60-FF80-4F42-96B5-859EA31A696B}"= TCP:c:\users\Nowis\Desktop\Ogame\OGameAutomizer.exe:o GameAutomizer
    "TCP Query User{5278FD21-DFDF-47D1-BF2B-9628B593DDB8}c:\\program files\\steam\\steamapps\\jimmzzyy88\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\jimmzzyy88\counter-strike source\hl2.exe:hl2
    "UDP Query User{DE8C4660-EDE7-4541-BBE4-CB10EB460546}c:\\program files\\steam\\steamapps\\jimmzzyy88\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\jimmzzyy88\counter-strike source\hl2.exe:hl2
    "TCP Query User{F49691A7-2444-4435-B96E-B42F73DF88C4}c:\\program files\\ultravnc\\winvnc.exe"= UDP:c:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32
    "UDP Query User{793C7163-2039-4896-86B9-90CB86D94377}c:\\program files\\ultravnc\\winvnc.exe"= TCP:c:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32
    "TCP Query User{F75E34AA-9015-42D7-A0AB-629122A7A272}c:\\program files\\aspyr\\guitar hero iii\\gh3.exe"= UDP:c:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
    "UDP Query User{641F8C6B-8265-4DE5-9559-AF9640CB3E72}c:\\program files\\aspyr\\guitar hero iii\\gh3.exe"= TCP:c:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
    "TCP Query User{E970BD24-641E-4548-A418-85F1AD38F88C}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
    "UDP Query User{99A7F5EC-EB71-4929-898E-C942F218CFBB}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
    "TCP Query User{1DD033E9-2313-4222-BFB5-3CAF8B6786D2}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
    "UDP Query User{499FF618-85DA-46D7-880F-B2FC041E5990}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
    "TCP Query User{A222C721-6BAD-43A0-BE5A-7C2678D9C7FD}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
    "UDP Query User{F9010F6A-C071-4249-99C4-577A65AABA5F}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
    "TCP Query User{52D273C5-E696-48D9-97BD-D85A99EDEB08}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
    "UDP Query User{BF66693C-44D9-476C-8DCA-26FC1631B5CB}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
    "TCP Query User{FF9E79CC-3EB3-4328-A46B-718BE76D8282}c:\\program files\\steam\\steamapps\\jimmzzyy88\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\jimmzzyy88\counter-strike source\hl2.exe:hl2
    "UDP Query User{CBFA36BD-2C51-4ABB-BE5E-90B9F0287A81}c:\\program files\\steam\\steamapps\\jimmzzyy88\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\jimmzzyy88\counter-strike source\hl2.exe:hl2
    "TCP Query User{0D81E38E-AFE3-469E-A9E0-462B8E81B8DF}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
    "UDP Query User{C3281F5C-3285-4F02-AC39-6BD00149C8B0}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
    "TCP Query User{AA258C55-E6E3-4DFE-B1F4-2B49698199B7}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
    "UDP Query User{E1E0A89C-2E6B-44C4-88F8-BBD1D90246E1}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
    "TCP Query User{480E7FA1-93FE-4342-B41E-4FE6A0857B87}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
    "UDP Query User{86608257-7014-46D4-87FB-F03B21FDEDFF}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
    "{9B66EAA1-703E-4568-A9B8-56BE04EB08BF}"= Disabled:UDP:c:\users\Nowis\Documents\Azureus Downloads\IncrediMail.Xe.Premium.v5.85.Build.3821.Cracked-GDJ\Crack\IncMail.exe:IncrediMail
    "{5925D798-4CF1-4937-BD75-828911A6E946}"= Disabled:TCP:c:\users\Nowis\Documents\Azureus Downloads\IncrediMail.Xe.Premium.v5.85.Build.3821.Cracked-GDJ\Crack\IncMail.exe:IncrediMail
    "{09942E67-CC76-422A-B62D-411072F62722}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{28714790-A7B4-44FC-A26D-EDCD45861194}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{5F65D383-B64B-4997-AE17-AA4DE8056666}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{50B9400B-2AD7-4B4E-BD10-E4659ABEC1A5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "TCP Query User{4AC8FAF9-B08C-4209-8260-3945F3AA3E99}c:\\users\\nowis\\downloads\\world_of_warcraft.exe"= UDP:c:\users\nowis\downloads\world_of_warcraft.exe:world_of_warcraft.exe
    "UDP Query User{52C1671F-A7C4-4189-AE2C-505D8A6B8AD1}c:\\users\\nowis\\downloads\\world_of_warcraft.exe"= TCP:c:\users\nowis\downloads\world_of_warcraft.exe:world_of_warcraft.exe
    "TCP Query User{CF5600CA-6432-4237-9883-71348638B475}c:\\users\\nowis\\downloads\\burning_crusade.exe"= UDP:c:\users\nowis\downloads\burning_crusade.exe:burning_crusade.exe
    "UDP Query User{E7F4F456-067D-40F2-9D95-DE6C44BF649F}c:\\users\\nowis\\downloads\\burning_crusade.exe"= TCP:c:\users\nowis\downloads\burning_crusade.exe:burning_crusade.exe
    "TCP Query User{3809D739-A277-4E6E-A912-D54C06A518B6}c:\\users\\nowis\\appdata\\local\\temp\\blizzard launcher temporary - 03225400\\launcher.exe"= UDP:c:\users\nowis\appdata\local\temp\blizzard launcher temporary - 03225400\launcher.exe:launcher.exe
    "UDP Query User{C44BD226-3977-45D9-8E74-5D3D7CA3BA9B}c:\\users\\nowis\\appdata\\local\\temp\\blizzard launcher temporary - 03225400\\launcher.exe"= TCP:c:\users\nowis\appdata\local\temp\blizzard launcher temporary - 03225400\launcher.exe:launcher.exe
    "TCP Query User{4A3CD1FA-EB4C-4234-B9B6-4F1C5C80E292}c:\\users\\nowis\\appdata\\local\\temp\\blizzard launcher temporary - e2e28290\\launcher.exe"= UDP:c:\users\nowis\appdata\local\temp\blizzard launcher temporary - e2e28290\launcher.exe:launcher.exe
    "UDP Query User{F55E2F31-A569-4CD1-A6C9-0E0F71C263FE}c:\\users\\nowis\\appdata\\local\\temp\\blizzard launcher temporary - e2e28290\\launcher.exe"= TCP:c:\users\nowis\appdata\local\temp\blizzard launcher temporary - e2e28290\launcher.exe:launcher.exe
    "TCP Query User{BA44B409-A19F-4C14-BD03-7EA8BE36FE62}d:\\jeux\\world of warcraft\\repair.exe"= UDP:D :\jeux\world of warcraft\repair.exe:Blizzard Repair Utility
    "UDP Query User{F8F456BA-B778-4BBF-87F1-0FDD5F863CDA}d:\\jeux\\world of warcraft\\repair.exe"= TCP:D :\jeux\world of warcraft\repair.exe:Blizzard Repair Utility
    "{54873A2E-17F5-45EB-A02F-BB1B85EC95C7}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{82569BED-1395-4592-B259-FBBD571D8C1D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "TCP Query User{A1951964-A6F6-47F7-A398-7E4404C1AF92}c:\\users\\nowis\\appdata\\local\\temp\\blizzard launcher temporary - 454caa68\\launcher.exe"= UDP:c:\users\nowis\appdata\local\temp\blizzard launcher temporary - 454caa68\launcher.exe:launcher.exe
    "UDP Query User{FF59C5A9-4B06-488A-94CA-BF3E9AFA7689}c:\\users\\nowis\\appdata\\local\\temp\\blizzard launcher temporary - 454caa68\\launcher.exe"= TCP:c:\users\nowis\appdata\local\temp\blizzard launcher temporary - 454caa68\launcher.exe:launcher.exe
    "TCP Query User{9E583598-BEE7-4957-A452-8512C4D31B45}d:\\jeux\\world of warcraft\\launcher.exe"= UDP:D :\jeux\world of warcraft\launcher.exe:Blizzard Launcher
    "UDP Query User{71231D22-BC1A-411F-9C48-3F7D4BD024FA}d:\\jeux\\world of warcraft\\launcher.exe"= TCP:D :\jeux\world of warcraft\launcher.exe:Blizzard Launcher
    "TCP Query User{DBCB0053-70AD-4B2F-A7AA-36A67F7118B5}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{32A340D9-C82C-4AAD-919D-C0FE87297DED}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{365F5DB0-81EF-4E81-BAE8-554DB22CE2A2}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
    "UDP Query User{0A3062A5-1A4C-42FD-AA47-45F596B23EF7}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
    "{65ED3B29-1B67-4BF2-B0F2-E7DA625EB261}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{8A22C8B5-FB63-4750-97D1-17CE8BB10BE0}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{DE59C5B0-8A07-4FA0-A81B-898A100EE83A}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{77512E93-1334-4ADC-8CE1-259CB6BFBBE5}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{63451308-9F6B-4A46-93F3-CC14C6F352DF}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{73DF1D07-3307-4AFC-8670-5CF3B89359C9}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{8987316B-8D70-4899-9662-D3BD9E5EC12C}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{CEE6A932-8988-4DDF-BB42-8F2494667D6C}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{D5A1084A-ABC2-45F7-ACC8-A93D6F87B019}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{4133B176-8309-4DDF-990D-CB90F31C9004}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{62213499-7C90-4974-84ED-DB29FB155E6C}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

    R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
    R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
    R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [2008-09-08 13312]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-06-25 3662848]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-09-08 44576]
    R3 VMC302;Vimicro Camera Service VMC302;c:\windows\System32\drivers\vmc302.sys [2008-09-08 242048]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
    S4 cron;Cron daemon;c:\cyg\bin\cygrunsrv.exe --> c:\cyg\bin\cygrunsrv.exe [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    \shell\AutoRun\command - F:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bece7be-df22-11dd-8113-001377af24e1}]
    \shell\AutoRun\command - F:\setupSNK.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-02-17 c:\windows\Tasks\NeroLiveEpgUpdate-PC-de-Nowis_Nowis.job
    - c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 13:51]

    2009-02-17 c:\windows\Tasks\SupBackGroundTask.job
    - c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [2008-10-27 14:38]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://mystart.incredimail.com/
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: {029D5E5F-30D1-4033-BFB2-AFEBED6F8634} = 192.168.1.1
    FF - ProfilePath - c:\users\Nowis\AppData\Roaming\Mozilla\Firefox\Profiles\jtzqlnd3.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
    FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
    FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-18 19:58:36
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...


    c:\users\Nowis\AppData\Roaming\Skype\simdu80\main.db-journal 25136 bytes

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.exe'(4668)
    c:\program files\Logitech\SetPoint\GameHook.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    .
    Heure de fin: 2009-02-18 20:01:35
    ComboFix-quarantined-files.txt 2009-02-18 19:01:30
    ComboFix2.txt 2009-02-17 22:31:23

    Avant-CF: 33 679 175 680 octets libres
    Après-CF: 33,455,722,496 octets libres

    351 --- E O F --- 2009-02-16 15:53:41
    a c 327 8 Sécurité
    18 Février 2009 23:38:03

    MBAM avait trouvé quelque chose ?
    18 Février 2009 23:39:30

    Oui :

    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1771
    Windows 6.0.6001 Service Pack 1

    17/02/2009 23:17:11
    mbam-log-2009-02-17 (23-17-11).txt

    Type de recherche: Examen complet (C:\|D:\|J:\|)
    Eléments examinés: 248791
    Temps écoulé: 33 minute(s), 38 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 5

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Users\Nowis\Local Settings\Application Data\wohphx_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Users\Nowis\Local Settings\Application Data\wohphx_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Users\Nowis\Local Settings\Application Data\wohphx.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Users\Nowis\Local Settings\Application Data\wohphx.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    J:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    a c 327 8 Sécurité
    18 Février 2009 23:40:08

  • Désactive l'UAC le temps de la désinfection.
  • Télécharge Navilog1 (de IL-MAFIOSO) sur ton Bureau.
  • Double-clique sur Navilog1.exe afin de lancer l'installation.
  • Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le Bureau.
  • Appuie sur F ou f puis valide par Entrée.
  • Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options.
  • Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix.
  • Patiente jusqu'au message : *** Analyse terminée le ..... ***
  • Le scan fini, le Bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse.
  • Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

    N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.
    18 Février 2009 23:46:50

    Voilà :

    Search Navipromo version 3.7.4 commencé le 18/02/2009 à 23:45:21,73

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 16.02.2009 à 18h00 par IL-MAFIOSO

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz )
    BIOS : Phoenix SecureCore(tm) NB Version 02LK.MP00.20080926.SCY
    USER : Nowis ( Administrator )
    BOOT : Normal boot




    C:\ (Local Disk) - NTFS - Total:111 Go (Free:37 Go)
    D:\ (Local Disk) - NTFS - Total:110 Go (Free:84 Go)
    E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
    I:\ (USB) - FAT - Total:982 Mo (Free:0 Go)


    Recherche executé en mode normal

    *** Recherche Programmes installés ***


    *** Recherche dossiers dans "C:\Windows" ***


    *** Recherche dossiers dans "C:\Program Files" ***


    *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


    *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


    *** Recherche dossiers dans "C:\ProgramData" ***


    *** Recherche dossiers dans "c:\users\nowis\appdata\roaming\micros~1\windows\startm~1\programs" ***


    *** Recherche dossiers dans "C:\Users\Nowis\AppData\Local\virtualstore\Program Files" ***



    *** Recherche dossiers dans "C:\Users\Nowis\AppData\Local" ***



    *** Recherche dossiers dans "C:\Users\ADMINI~1\AppData\Local" ***




    *** Recherche dossiers dans "C:\Users\Nowis\AppData\Roaming" ***


    *** Recherche dossiers dans "C:\Users\ADMINI~1\appdata\roaming" ***


    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\Windows\system32" *

    * Recherche dans "C:\Users\Nowis\AppData\Local\Microsoft" *

    * Recherche dans "C:\Users\Nowis\AppData\Local" *

    * Recherche dans "C:\Users\ADMINI~1\AppData\Local" *



    *** Recherche fichiers ***



    *** Recherche clés spécifiques dans le Registre ***
    !! Les clés trouvées ne sont pas forcément infectées !!

    a c 327 8 Sécurité
    18 Février 2009 23:48:52

    Le rapport n'est pas complet.
    18 Février 2009 23:56:05

    Impossible d'aller plus loin, il bloque et se ferme...
    a c 327 8 Sécurité
    18 Février 2009 23:58:08

    Essaie l'option 2.

    Je reviens dans 20 minutes.
    18 Février 2009 23:59:32

    Impossible sans rapport de l'option 1 complet...
    Je reviens demain matin 7h pour répondre alors :) 

    Bonne soirée et merci ;) 
    a c 327 8 Sécurité
    19 Février 2009 00:01:26

    Pour lancer Navilog1, clique droit sur le raccourci de Navilog1 et choisis Exécuter en tant qu'administrateur puis essaie l'option 1.
    20 Février 2009 17:56:45

    Excuse du retard ^^'

    ça ne marche toujours pas...

    Mais si y'a pas d'infection c'est bon :) 
    a c 327 8 Sécurité
    20 Février 2009 18:18:57

    1/

  • Désinstalle HijackThis et Navilog1.
  • Relance MBAM, va dans Quarantaine et supprime tout.
  • Mets à jour Adobe Reader.

  • Télécharge OTCleanIt sur ton Bureau :
  • Clique droit sur OTCleanIt et choisis Exécuter en tant qu'administrateur.
  • Clique sur CleanUp! puis clique sur Yes à la fenêtre Confirm.
  • Redémarre ton PC comme demandé.


    2/

  • Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
  • Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

  • Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème.


    ==Prévention==

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Tu peux utiliser l'extension NoScript pour plus de sécurité.

    Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC : Lien

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    Si tu estimes que ton problème est résolu :

    ---> Ajoute maintenant [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Rajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS