Petite vérification !

Bonjour !
Je suspecte quelques petites méchantes bébétes sur mon ordinateur !
Est-ce le cas ?
Merci d'avance à celui qui m'aidera

Voilà le rapport Hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:20, on 18/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Samsung Recovery Solution III\WCScheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\java.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Vuze\Azureus.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{029D5E5F-30D1-4033-BFB2-AFEBED6F8634}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{029D5E5F-30D1-4033-BFB2-AFEBED6F8634}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 7683 bytes

Merci !

Donc voilà :

Logfile of random's system information tool 1.05 (written by random/random)
Run by Nowis at 2009-02-18 23:18:40
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 39 GB (34%) free of 115 GB
Total RAM: 3066 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:58, on 18/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Samsung Recovery Solution III\WCScheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Vuze\Azureus.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\java.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Users\Nowis\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nowis.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{029D5E5F-30D1-4033-BFB2-AFEBED6F8634}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{029D5E5F-30D1-4033-BFB2-AFEBED6F8634}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 7765 bytes

======Scheduled tasks folder======

C:\Windows\tasks\NeroLiveEpgUpdate-PC-de-Nowis_Nowis.job
C:\Windows\tasks\SupBackGroundTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-27 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-27 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-06-09 13543968]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-06-09 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-08 6273568]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-10-26 1029416]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-10-10 69632]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-27 136600]
"WinVNC"=C:\Program Files\UltraVNC\WinVNC.exe [2006-07-17 364544]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-10-13 243072]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-02-04 23975720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-11-02 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-02-04 23975720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2008-12-27 1410296]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\Nowis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bece7be-df22-11dd-8113-001377af24e1}]
shell\AutoRun\command - F:\setupSNK.exe


======List of files/folders created in the last 1 months======

2009-02-18 23:18:40 ----D---- C:\rsit
2009-02-18 21:35:13 ----D---- C:\Program Files\Trend Micro
2009-02-18 20:53:22 ----D---- C:\Program Files\eMule
2009-02-18 20:01:39 ----D---- C:\Windows\temp
2009-02-18 20:01:38 ----A---- C:\ComboFix.txt
2009-02-18 19:54:20 ----D---- C:\ComboFix
2009-02-18 19:16:24 ----A---- C:\Windows\APDFPRP.INI
2009-02-18 19:16:21 ----D---- C:\Program Files\ElcomSoft
2009-02-17 23:23:49 ----A---- C:\Windows\zip.exe
2009-02-17 23:23:49 ----A---- C:\Windows\VFIND.exe
2009-02-17 23:23:49 ----A---- C:\Windows\SWXCACLS.exe
2009-02-17 23:23:49 ----A---- C:\Windows\SWSC.exe
2009-02-17 23:23:49 ----A---- C:\Windows\SWREG.exe
2009-02-17 23:23:49 ----A---- C:\Windows\sed.exe
2009-02-17 23:23:49 ----A---- C:\Windows\NIRCMD.exe
2009-02-17 23:23:49 ----A---- C:\Windows\grep.exe
2009-02-17 23:23:49 ----A---- C:\Windows\fdsv.exe
2009-02-17 23:22:40 ----D---- C:\Windows\ERDNT
2009-02-17 23:22:40 ----D---- C:\Qoobox
2009-02-17 22:41:43 ----A---- C:\Windows\ntbtlog.txt
2009-02-17 22:40:31 ----D---- C:\Users\Nowis\AppData\Roaming\Malwarebytes
2009-02-17 22:40:26 ----D---- C:\ProgramData\Malwarebytes
2009-02-17 22:40:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-17 22:07:22 ----A---- C:\IP.txt
2009-02-17 21:59:49 ----D---- C:\Users\Nowis\AppData\Roaming\Anakin Software
2009-02-17 21:59:34 ----A---- C:\Windows\system32\VB5DB.DLL
2009-02-17 18:05:26 ----D---- C:\Program Files\Common Files\Skype
2009-02-17 18:05:25 ----RD---- C:\Program Files\Skype
2009-02-16 21:57:43 ----D---- C:\Users\Nowis\AppData\Roaming\Samsung
2009-02-16 20:50:41 ----D---- C:\Users\Nowis\AppData\Roaming\FileZilla
2009-02-16 20:50:35 ----D---- C:\Program Files\FileZilla FTP Client
2009-02-16 20:44:23 ----D---- C:\Users\Nowis\AppData\Roaming\IrfanView
2009-02-16 11:34:01 ----D---- C:\Program Files\Hamachi
2009-02-15 19:53:11 ----D---- C:\ProgramData\Marginal Team
2009-02-15 02:42:48 ----A---- C:\Windows\system32\EncDec.dll
2009-02-15 02:42:47 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-11 21:42:24 ----D---- C:\Users\Nowis\AppData\Roaming\ABBYY
2009-02-11 21:39:39 ----D---- C:\Program Files\Common Files\ABBYY
2009-02-11 21:38:39 ----D---- C:\ProgramData\ABBYY
2009-02-11 21:38:39 ----D---- C:\Program Files\ABBYY FineReader 9.0
2009-02-11 19:36:55 ----D---- C:\Program Files\MSECache
2009-02-11 03:00:58 ----D---- C:\Windows\SQL9_KB960089_ENU
2009-02-10 19:16:48 ----A---- C:\Windows\system32\mshtml.dll
2009-02-10 19:16:47 ----A---- C:\Windows\system32\wininet.dll
2009-02-10 19:16:47 ----A---- C:\Windows\system32\urlmon.dll
2009-02-10 19:16:47 ----A---- C:\Windows\system32\msfeeds.dll
2009-02-10 19:16:47 ----A---- C:\Windows\system32\iertutil.dll
2009-02-10 19:16:47 ----A---- C:\Windows\system32\ieframe.dll
2009-02-10 19:16:46 ----A---- C:\Windows\system32\mstime.dll
2009-02-10 19:16:46 ----A---- C:\Windows\system32\jsproxy.dll
2009-02-09 18:47:33 ----A---- C:\Windows\system32\CmdLineExt.dll
2009-02-08 21:36:21 ----D---- C:\Program Files\VirginMega
2009-02-08 21:35:39 ----D---- C:\ProgramData\Downloaded Installations
2009-02-06 18:52:40 ----A---- C:\Windows\system32\sirenacm.dll
2009-02-03 20:00:53 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-02-02 21:06:44 ----D---- C:\ProgramData\Blizzard
2009-02-02 17:49:30 ----D---- C:\Users\Nowis\AppData\Roaming\Apple Computer
2009-02-02 17:48:50 ----DC---- C:\Windows\system32\DRVSTORE
2009-02-02 17:48:50 ----A---- C:\Windows\system32\GEARAspi.dll
2009-02-02 17:48:39 ----D---- C:\Program Files\iPod
2009-02-02 17:48:38 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-02 17:48:38 ----D---- C:\Program Files\iTunes
2009-02-02 17:47:33 ----D---- C:\Program Files\Common Files\Apple
2009-02-02 17:43:20 ----D---- C:\Program Files\QuickTime
2009-02-02 17:43:19 ----D---- C:\ProgramData\Apple Computer
2009-01-24 14:24:16 ----D---- C:\Program Files\IncrediMail
2009-01-24 13:29:24 ----D---- C:\ProgramData\IM
2009-01-24 13:29:21 ----D---- C:\ProgramData\IncrediMail
2009-01-22 18:25:35 ----D---- C:\Users\Nowis\AppData\Roaming\Intel
2009-01-22 16:24:39 ----D---- C:\ProgramData\aHisoft
2009-01-22 16:24:21 ----D---- C:\Program Files\aHisoft
2009-01-21 16:24:57 ----D---- C:\Windows\Sun

======List of files/folders modified in the last 1 months======

2009-02-18 23:18:48 ----D---- C:\Users\Nowis\AppData\Roaming\Azureus
2009-02-18 23:10:11 ----D---- C:\Users\Nowis\AppData\Roaming\Hamachi
2009-02-18 22:56:31 ----D---- C:\Users\Nowis\AppData\Roaming\Skype
2009-02-18 22:50:18 ----D---- C:\Program Files\Mozilla Firefox
2009-02-18 21:35:13 ----RD---- C:\Program Files
2009-02-18 21:16:38 ----SHD---- C:\System Volume Information
2009-02-18 21:11:49 ----D---- C:\Windows\System32
2009-02-18 20:54:05 ----D---- C:\ProgramData\eMule
2009-02-18 20:01:45 ----D---- C:\Windows\system32\fr-FR
2009-02-18 20:01:39 ----D---- C:\Windows
2009-02-18 19:58:43 ----A---- C:\Windows\system.ini
2009-02-18 19:57:46 ----D---- C:\Windows\system32\drivers
2009-02-18 19:57:46 ----D---- C:\Windows\AppPatch
2009-02-18 19:57:46 ----D---- C:\Program Files\Common Files
2009-02-18 19:55:38 ----D---- C:\Windows\Prefetch
2009-02-18 18:54:19 ----D---- C:\Users\Nowis\AppData\Roaming\skypePM
2009-02-17 23:25:24 ----SHD---- C:\Windows\Installer
2009-02-17 23:25:24 ----HD---- C:\Config.Msi
2009-02-17 23:24:16 ----D---- C:\Program Files\Common Files\microsoft shared
2009-02-17 22:40:26 ----HD---- C:\ProgramData
2009-02-17 22:09:55 ----D---- C:\Program Files\Steam
2009-02-17 21:59:33 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-17 18:05:26 ----D---- C:\ProgramData\Skype
2009-02-16 21:57:58 ----SD---- C:\Users\Nowis\AppData\Roaming\Microsoft
2009-02-16 00:22:17 ----D---- C:\Windows\system32\catroot2
2009-02-15 11:06:46 ----D---- C:\Program Files\Windows Live Safety Center
2009-02-15 03:03:30 ----D---- C:\Windows\Microsoft.NET
2009-02-15 03:03:19 ----RSD---- C:\Windows\assembly
2009-02-15 03:00:53 ----D---- C:\Windows\winsxs
2009-02-15 03:00:53 ----D---- C:\Windows\ehome
2009-02-15 02:38:18 ----D---- C:\Windows\system32\catroot
2009-02-11 19:33:33 ----D---- C:\Windows\inf
2009-02-11 19:33:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-11 03:03:56 ----D---- C:\ProgramData\Microsoft Help
2009-02-11 03:01:19 ----D---- C:\Program Files\Microsoft SQL Server
2009-02-11 03:00:34 ----D---- C:\Program Files\Windows Mail
2009-02-09 18:01:42 ----D---- C:\Program Files\Bonjour
2009-02-07 20:51:44 ----D---- C:\Program Files\Common Files\Steam
2009-02-07 19:41:41 ----D---- C:\Program Files\Messenger Plus! Live
2009-02-04 00:21:12 ----A---- C:\Windows\system32\mrt.exe
2009-02-02 12:32:23 ----D---- C:\Program Files\Dofus
2009-01-28 13:13:10 ----D---- C:\Program Files\Vuze
2009-01-25 18:11:06 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2008-12-27 5632]
R2 KMDFMEMIO;SAMSUNG Kernel Driver; C:\Windows\system32\DRIVERS\kmdfmemio.sys [2007-05-23 13312]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-02-16 25280]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-07 2152088]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-06-25 3662848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-08-05 44576]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-09 7522624]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-10-26 193456]
R3 VMC302;Vimicro Camera Service VMC302; C:\Windows\System32\Drivers\VMC302.sys [2008-06-05 242048]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-06-27 303616]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 btwaudio;Périphérique audio Bluetooth; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-15 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-15 16168]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-09-26 35472]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-09-26 37392]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-09-26 28816]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-02-21 50688]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 xnacc;Contrôleur XBOX 360 pour le service de pilote Windows; C:\Windows\system32\DRIVERS\xnacc.sys [2008-01-21 521216]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-07-10 819200]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-09 196608]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-07-10 466944]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;Enregistreur VSS SQL Server; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 winvnc;VNC Server; C:\Program Files\UltraVNC\WinVNC.exe [2006-07-17 364544]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-28 654848]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-11-07 121360]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-02-07 316664]
S4 cron;Cron daemon; C:\cyg\bin\cygrunsrv.exe []
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-13 45272]

-----------------EOF-----------------







info.txt logfile of random's system information tool 1.05 2009-02-18 23:19:01

======Uninstall list======

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
ABBYY FineReader 9.0 Professional Edition-->MsiExec.exe /I{F9000000-0001-0000-0000-074957833700}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Agere Systems HDA Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Atheros WLAN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04983D37-2202-4295-94A2-8B547C66133F}\setup.exe" -l0x9
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Dofus 1.26.0-->C:\Program Files\Dofus\uninstall.exe
Easy Battery Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}\setup.exe" -l0x9 Remove
Easy Display Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -l0x9 -removeonly
Easy Network Manager 4.0-->C:\Program Files\InstallShield Installation Information\{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}\setup.exe -runfromtemp -l0x040c
Easy SpeedUp Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF367AA4-070B-493C-9575-85BE59D789C9}\setup.exe" -l0x9 Remove
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Favorit-->c:\users\nowis\appdata\local\wohphx.bat
Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}
FileZilla Client 3.2.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Futoshiki-->C:\Program Files\Micro Application\Futoshiki\Desinstalleur.exe
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)-->C:\Windows\SQL9_KB960089_ENU\Hotfix.exe /Uninstall
Gestionnaire de contacts professionnels pour Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {69ca8988-1c6c-4285-b8af-db780a6e42af}
Gestionnaire de contacts professionnels pour Outlook 2007 SP1-->MsiExec.exe /X{69CA8988-1C6C-4285-B8AF-DB780A6E42AF}
Guitar Hero III-->MsiExec.exe /I{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 8.0-->C:\Program Files\HP\Digital Imaging\{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}\setup\hpzscr01.exe -datfile hposcr13.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
imagine digital freedom - Samsung-->MsiExec.exe /X{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}
IncrediMail JunkFilter Plus-->C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:JunkFilterPlus
IncrediMail-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel PROSet Wireless-->Intel PROSet Wireless
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x040c -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Micro Application - Compil 100pc Détente-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B21FB712-1B08-47B3-B1A1-44D6EF100786}\setup.exe" -l0x40c
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A4040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft SOAP Toolkit 2.0 SP2-->MsiExec.exe /I{36BEAD11-8577-49AD-9250-E06A50AE87B0}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{480DBB60-F0B6-45F2-B26F-1A2E11197791}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{9C7E944F-4502-40B8-A0AB-66B2FA9EE829}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{75FF1600-6330-43FA-9022-E0835BF20778}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Patch The Bloody Sword 1-->D:\Jeux\World of Warcraft\Data\frFR\Uninstall.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PlayCamera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}\setup.exe" -l0x40c
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -removeonly
Samsung Magic Doctor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}\Setup.exe" -l0x9 Remove
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung Recovery Solution III-->"C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung Update Plus-->"C:\Program Files\InstallShield Installation Information\{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}\setup.exe" -runfromtemp -l0x0409 -removeonly
Samsung Update Plus-->MsiExec.exe /X{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
UltraVNC v1.0.2 Fr-->"C:\Program Files\UltraVNC\unins000.exe"
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}
Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}
User Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}\setup.exe" -l0x9 Remove
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vimicro UVC Camera-->C:\Program Files\InstallShield Installation Information\{71A51B09-E7D3-11DB-A386-005056C00008}\setup.exe -runfromtemp -l0x0009 -removeonly
VirginMega.Fr Premium-->MsiExec.exe /I{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}
Vuze-->C:\Program Files\Vuze\uninstall.exe
Wakfu-->C:\Program Files\Wakfu\uninstall.exe
WIDCOMM Bluetooth Software 6.0.1.6300-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

======Security center information======

AS: Windows Defender

System event log

Computer Name: PC-de-Nowis
Event Code: 4201
Message: Le système a détecté que la carte réseau Loopback Pseudo-Interface 1 était connectée au réseau, et a lancé une opération normale.
Record Number: 22685
Source Name: Tcpip
Time Written: 20090121152236.356076-000
Event Type: Information
User:

Computer Name: PC-de-Nowis
Event Code: 4201
Message: Le système a détecté que la carte réseau Loopback Pseudo-Interface 1 était connectée au réseau, et a lancé une opération normale.
Record Number: 22686
Source Name: Tcpip
Time Written: 20090121152236.356076-000
Event Type: Information
User:

Computer Name: PC-de-Nowis
Event Code: 83
Message: Port A is down
Record Number: 22687
Source Name: yukonwlh
Time Written: 20090121152237.791285-000
Event Type: Information
User:

Computer Name: PC-de-Nowis
Event Code: 4201
Message: Le système a détecté que la carte réseau Connexion réseau sans fil était connectée au réseau, et a lancé une opération normale.
Record Number: 22688
Source Name: Tcpip
Time Written: 20090121152258.376346-000
Event Type: Information
User:

Computer Name: PC-de-Nowis
Event Code: 4201
Message: Le système a détecté que la carte réseau Connexion réseau sans fil était connectée au réseau, et a lancé une opération normale.
Record Number: 22689
Source Name: Tcpip
Time Written: 20090121152258.376346-000
Event Type: Information
User:

Application event log

Computer Name: PC-de-Nowis
Event Code: 9013
Message: Le Gestionnaire de fenêtrage n’a pas pu démarrer, car la composition du Bureau a été désactivée par une application en cours d’exécution
Record Number: 24753
Source Name: Desktop Window Manager
Time Written: 20090218203748.000000-000
Event Type: Information
User:

Computer Name: PC-de-Nowis
Event Code: 9010
Message: Une demande de désactivation du Gestionnaire de fenêtrage a été effectuée par le processus (World of Warcraft)
Record Number: 24754
Source Name: Desktop Window Manager
Time Written: 20090218203753.000000-000
Event Type: Information
User:

Computer Name: PC-de-Nowis
Event Code: 9013
Message: Le Gestionnaire de fenêtrage n’a pas pu démarrer, car la composition du Bureau a été désactivée par une application en cours d’exécution
Record Number: 24755
Source Name: Desktop Window Manager
Time Written: 20090218203753.000000-000
Event Type: Information
User:

Computer Name: PC-de-Nowis
Event Code: 9010
Message: Une demande de désactivation du Gestionnaire de fenêtrage a été effectuée par le processus (World of Warcraft)
Record Number: 24756
Source Name: Desktop Window Manager
Time Written: 20090218203757.000000-000
Event Type: Information
User:

Computer Name: PC-de-Nowis
Event Code: 9013
Message: Le Gestionnaire de fenêtrage n’a pas pu démarrer, car la composition du Bureau a été désactivée par une application en cours d’exécution
Record Number: 24757
Source Name: Desktop Window Manager
Time Written: 20090218203757.000000-000
Event Type: Information
User:

Security event log

Computer Name: PC-de-Nowis
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 10120
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090218221854.184000-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-Nowis
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 10121
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090218221854.211000-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-Nowis
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 10122
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090218221854.256000-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-Nowis
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 10123
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090218221854.292000-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-Nowis
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 10124
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090218221854.318000-000
Event Type: Échec de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\WiFi\bin;C:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\Bitvise Tunnelier;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Voilà :

ComboFix 09-02-17.02 - Nowis 2009-02-18 19:55:30.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3066.845 [GMT 1:00]
Lancé depuis: c:\users\Nowis\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-18 au 2009-02-18 ))))))))))))))))))))))))))))))))))))
.

2009-02-18 19:16 . 2009-02-18 19:16 <REP> d-------- c:\program files\ElcomSoft
2009-02-18 19:16 . 2009-02-18 19:16 892 --a------ c:\windows\APDFPRP.INI
2009-02-17 22:40 . 2009-02-17 22:40 <REP> d-------- c:\users\Nowis\AppData\Roaming\Malwarebytes
2009-02-17 22:40 . 2009-02-17 22:40 <REP> d-------- c:\users\All Users\Malwarebytes
2009-02-17 22:40 . 2009-02-17 22:40 <REP> d-------- c:\programdata\Malwarebytes
2009-02-17 22:40 . 2009-02-17 22:40 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-17 22:40 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-17 22:40 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-17 21:59 . 2009-02-17 21:59 <REP> d-------- c:\users\Nowis\AppData\Roaming\Anakin Software
2009-02-17 21:59 . 1998-06-18 00:00 89,360 --a------ c:\windows\System32\VB5DB.DLL
2009-02-17 18:05 . 2009-02-17 18:05 <REP> dr------- c:\program files\Skype
2009-02-17 18:05 . 2009-02-17 18:05 <REP> d-------- c:\program files\Common Files\Skype
2009-02-16 21:57 . 2009-02-16 21:57 <REP> d-------- c:\users\Nowis\AppData\Roaming\Samsung
2009-02-16 20:50 . 2009-02-18 19:13 <REP> d-------- c:\users\Nowis\AppData\Roaming\FileZilla
2009-02-16 20:50 . 2009-02-16 20:51 <REP> d-------- c:\program files\FileZilla FTP Client
2009-02-16 20:44 . 2009-02-16 20:44 <REP> d-------- c:\users\Nowis\AppData\Roaming\IrfanView
2009-02-16 11:34 . 2009-02-16 11:34 <REP> d-------- c:\program files\Hamachi
2009-02-16 11:34 . 2009-02-16 11:34 25,280 --a------ c:\windows\System32\drivers\hamachi.sys
2009-02-15 19:53 . 2009-02-15 19:53 <REP> d-------- c:\users\All Users\Marginal Team
2009-02-15 19:53 . 2009-02-15 19:53 <REP> d-------- c:\programdata\Marginal Team
2009-02-15 02:42 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 02:42 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 02:42 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 02:42 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 02:42 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 21:42 . 2009-02-11 21:42 <REP> d-------- c:\users\Nowis\AppData\Roaming\ABBYY
2009-02-11 21:39 . 2009-02-11 21:39 <REP> d-------- c:\program files\Common Files\ABBYY
2009-02-11 21:38 . 2009-02-11 21:38 <REP> d-------- c:\users\All Users\ABBYY
2009-02-11 21:38 . 2009-02-11 21:38 <REP> d-------- c:\programdata\ABBYY
2009-02-11 21:38 . 2009-02-11 21:42 <REP> d-------- c:\program files\ABBYY FineReader 9.0
2009-02-11 19:36 . 2009-02-11 19:36 <REP> d-------- c:\program files\MSECache
2009-02-11 03:00 . 2009-02-11 03:00 <REP> d-------- c:\windows\SQL9_KB960089_ENU
2009-02-10 19:16 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-10 19:16 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-09 18:47 . 2009-02-09 18:47 107,888 --a------ c:\windows\System32\CmdLineExt.dll
2009-02-08 21:36 . 2009-02-08 21:36 <REP> d-------- c:\program files\VirginMega
2009-02-08 21:35 . 2009-02-08 21:35 <REP> d-------- c:\users\All Users\Downloaded Installations
2009-02-08 21:35 . 2009-02-08 21:35 <REP> d-------- c:\programdata\Downloaded Installations
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll
2009-02-03 20:00 . 2009-02-03 20:00 <REP> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-02-02 21:06 . 2009-02-02 21:06 <REP> d-------- c:\users\All Users\Blizzard
2009-02-02 21:06 . 2009-02-02 21:06 <REP> d-------- c:\programdata\Blizzard
2009-02-02 17:49 . 2009-02-02 17:49 <REP> d-------- c:\users\Nowis\AppData\Roaming\Apple Computer
2009-02-02 17:48 . 2009-02-02 17:48 <REP> d----c--- c:\windows\System32\DRVSTORE
2009-02-02 17:48 . 2009-02-02 17:48 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-02 17:48 . 2009-02-02 17:48 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-02 17:48 . 2009-02-02 17:48 <REP> d-------- c:\program files\iTunes
2009-02-02 17:48 . 2009-02-02 17:48 <REP> d-------- c:\program files\iPod
2009-02-02 17:48 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-02-02 17:48 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-02-02 17:47 . 2009-02-02 17:48 <REP> d-------- c:\program files\Common Files\Apple
2009-02-02 17:43 . 2009-02-02 17:48 <REP> d-------- c:\users\All Users\Apple Computer
2009-02-02 17:43 . 2009-02-02 17:48 <REP> d-------- c:\programdata\Apple Computer
2009-02-02 17:43 . 2009-02-02 17:43 <REP> d-------- c:\program files\QuickTime
2009-01-24 19:47 . 2009-01-24 19:47 3,120 --a------ c:\windows\MF_C426.lfa
2009-01-24 19:44 . 2009-01-24 19:44 3,120 --a------ c:\windows\MF_C432.lfa
2009-01-24 19:44 . 2009-01-24 19:44 3,120 --a------ c:\windows\MF_C425.lfa
2009-01-24 19:44 . 2009-01-24 19:44 3,120 --a------ c:\windows\MF_C421.lfa
2009-01-24 19:44 . 2009-01-24 19:44 3,120 --a------ c:\windows\MF_C420.lfa
2009-01-24 14:24 . 2009-01-24 19:52 <REP> d-------- c:\program files\IncrediMail
2009-01-24 13:29 . 2009-01-24 13:29 <REP> d-------- c:\users\All Users\IncrediMail
2009-01-24 13:29 . 2009-01-24 13:30 <REP> d-------- c:\users\All Users\IM
2009-01-24 13:29 . 2009-01-24 13:29 <REP> d-------- c:\programdata\IncrediMail
2009-01-24 13:29 . 2009-01-24 13:30 <REP> d-------- c:\programdata\IM
2009-01-22 18:25 . 2009-01-22 18:25 <REP> d-------- c:\users\Nowis\AppData\Roaming\Intel
2009-01-22 16:24 . 2009-01-22 16:24 <REP> d-------- c:\users\All Users\aHisoft
2009-01-22 16:24 . 2009-01-22 16:24 <REP> d-------- c:\programdata\aHisoft
2009-01-22 16:24 . 2009-01-22 16:24 <REP> d-------- c:\program files\aHisoft
2009-01-21 16:24 . 2009-01-21 16:24 <REP> d-------- c:\windows\Sun
2009-01-20 12:27 . 2009-01-20 12:27 1,905 --a------ c:\windows\diagwrn.xml
2009-01-20 12:27 . 2009-01-20 12:27 1,905 --a------ c:\windows\diagerr.xml

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-18 18:58 --------- d-----w c:\users\Nowis\AppData\Roaming\Hamachi
2009-02-18 18:58 --------- d-----w c:\users\Nowis\AppData\Roaming\Azureus
2009-02-18 18:43 --------- d-----w c:\users\Nowis\AppData\Roaming\Skype
2009-02-18 17:54 --------- d-----w c:\users\Nowis\AppData\Roaming\skypePM
2009-02-17 22:22 126,177 ----a-w c:\users\All Users\nvModes.dat
2009-02-17 22:22 126,177 ----a-w c:\programdata\nvModes.dat
2009-02-17 21:09 --------- d-----w c:\program files\Steam
2009-02-17 20:59 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-17 17:05 --------- d-----w c:\programdata\Skype
2009-02-15 10:06 --------- d-----w c:\program files\Windows Live Safety Center
2009-02-11 02:03 --------- d-----w c:\programdata\Microsoft Help
2009-02-11 02:01 --------- d-----w c:\program files\Microsoft SQL Server
2009-02-11 02:00 --------- d-----w c:\program files\Windows Mail
2009-02-09 17:01 --------- d-----w c:\program files\Bonjour
2009-02-07 19:51 --------- d-----w c:\program files\Common Files\Steam
2009-02-07 18:41 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-02 11:32 --------- d-----w c:\program files\Dofus
2009-01-28 12:13 --------- d-----w c:\program files\Vuze
2009-01-25 16:36 --------- d-----w c:\programdata\eMule
2009-01-18 19:53 --------- d-----w c:\program files\Wakfu
2009-01-16 17:49 --------- d-----w c:\program files\EA Games
2009-01-13 15:38 --------- d-----w c:\users\Administrateur\AppData\Roaming\HP
2009-01-13 15:37 --------- d-----w c:\users\Administrateur\AppData\Roaming\Logitech
2009-01-12 13:38 --------- d-----w c:\programdata\HP Product Assistant
2009-01-12 05:14 --------- d-----w c:\program files\PowerISO
2009-01-10 20:22 --------- d-----w c:\users\Nowis\AppData\Roaming\Nero
2009-01-10 13:11 --------- d-----w c:\program files\Common Files\Nero
2009-01-10 12:56 --------- d-----w c:\program files\Nero
2009-01-10 12:49 --------- d-----w c:\programdata\Nero
2009-01-07 15:36 --------- d-----w c:\users\Nowis\AppData\Roaming\Image Zone Express
2009-01-06 16:16 --------- d-----w c:\users\Nowis\AppData\Roaming\vlc
2009-01-05 19:09 --------- d-----w c:\users\Nowis\AppData\Roaming\HP
2009-01-05 19:01 --------- d-----w c:\programdata\HP
2009-01-05 19:00 --------- d-----w c:\program files\Hewlett-Packard
2009-01-05 14:54 --------- d-----w c:\users\Nowis\AppData\Roaming\Printer Info Cache
2009-01-05 14:04 --------- d-----w c:\programdata\WEBREG
2009-01-05 06:21 --------- d-----w c:\program files\VideoLAN
2009-01-04 15:05 --------- d-----w c:\programdata\Hewlett-Packard
2009-01-03 15:45 --------- d-----w c:\program files\Micro Application
2009-01-03 15:40 --------- d-----w c:\program files\HP
2009-01-03 15:40 --------- d-----w c:\program files\Common Files\HP
2009-01-03 15:37 --------- d-----w c:\programdata\HPSSUPPLY
2009-01-03 15:36 --------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-01-03 13:17 --------- d-----w c:\program files\MSBuild
2009-01-03 13:14 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-01-01 19:05 --------- d-----w c:\programdata\Apple
2009-01-01 19:05 --------- d-----w c:\program files\Apple Software Update
2009-01-01 18:53 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-12-28 23:50 --------- d-----w c:\program files\Common Files\Adobe
2008-12-28 22:38 --------- d-----w c:\programdata\FLEXnet
2008-12-28 22:26 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-12-28 15:07 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-12-28 14:39 --------- d--h--r c:\users\Nowis\AppData\Roaming\SecuROM
2008-12-28 14:21 --------- d-----w c:\program files\Aspyr
2008-12-28 14:14 --------- d-----w c:\program files\MSXML 4.0
2008-12-27 22:23 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-27 22:23 --------- d-----w c:\program files\Windows Live
2008-12-27 22:23 --------- d-----w c:\program files\Microsoft
2008-12-27 22:19 --------- d-----w c:\program files\Common Files\Windows Live
2008-12-27 22:09 --------- d-----w c:\program files\UltraVNC
2008-12-27 19:14 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2008-12-27 18:42 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-27 18:42 --------- d-----w c:\program files\Java
2008-12-27 18:22 --------- d-----w c:\program files\Samsung
2008-12-27 18:21 --------- d-----w c:\users\Nowis\AppData\Roaming\Logitech
2008-12-27 18:21 --------- d-----w c:\programdata\LogiShrd
2008-12-27 18:20 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-12-27 18:20 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-12-27 18:20 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-12-27 18:20 --------- d-----w c:\program files\Common Files\Logishrd
2008-12-27 18:19 --------- d-----w c:\programdata\Logitech
2008-12-27 18:19 --------- d-----w c:\program files\Logitech
2008-12-27 18:07 --------- d-----w c:\programdata\Messenger Plus!
2008-12-27 17:28 --------- d-----w c:\programdata\Azureus
2008-12-27 17:26 --------- d-----w c:\program files\Common Files\i4j_jres
2008-12-27 16:24 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-27 16:22 --------- d-----w c:\programdata\WLInstaller
2008-12-27 16:00 --------- d-----w c:\programdata\McAfee
2008-12-27 15:29 --------- d-----w c:\programdata\Avira
2008-12-27 15:29 --------- d-----w c:\program files\Avira
2008-12-27 15:00 --------- d-sh--w c:\programdata\Modèles
2008-12-27 15:00 --------- d-sh--w c:\programdata\Menu Démarrer
2008-12-27 15:00 --------- d-sh--w c:\programdata\Favoris
2008-12-27 15:00 --------- d-sh--w c:\programdata\Bureau
2008-12-27 15:00 --------- d-sh--w c:\program files\Fichiers communs
2008-12-12 10:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 10:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-02-17_23.29.23,91 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-17 22:28:47 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-18 18:22:53 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-18 18:22:53 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-17 22:25:46 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-02-18 18:55:18 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-02-18 18:55:18 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2009-02-17 21:13:44 220,338 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-02-18 17:54:28 224,170 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-10-13 243072]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-27 136600]
"WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2006-07-17 364544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-08 c:\windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]

c:\users\Nowis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-02-16 625952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-02-12 723496]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-27 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-01-06 13:06 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-11-02 09:38 167936 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2009-02-04 12:27 23975720 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-12-27 17:35 1410296 c:\program files\Steam\Steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7D53909F-6FB4-4312-97AB-CB480A633FAE}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{965CA0C1-28E7-435E-8671-1CAA6A24DF0B}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{8066D190-01D6-4DF3-98AB-63A2AD4736F7}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{D9125318-7737-4FEE-A6AF-7D066B390FF8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{F9CBFFAD-B212-4C54-902C-AC637D2E53B5}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"UDP Query User{A9E4FA45-EA5E-4DFF-8901-B183CB4E098D}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"{A5B62C82-504E-4A19-8D46-4A5187C3C8AC}"= UDP:c:\users\Nowis\Desktop\OGameAutomizer\OGameAutomizer.exeGameAutomizer
"{C751ED8F-0B83-4353-9003-B1210810320A}"= TCP:c:\users\Nowis\Desktop\OGameAutomizer\OGameAutomizer.exeGameAutomizer
"{5C9EB210-B544-461C-AE87-BE54C80F868D}"= UDP:c:\users\Nowis\Desktop\Ogame\OGameAutomizer.exeGameAutomizer
"{08590A60-FF80-4F42-96B5-859EA31A696B}"= TCP:c:\users\Nowis\Desktop\Ogame\OGameAutomizer.exeGameAutomizer
"TCP Query User{5278FD21-DFDF-47D1-BF2B-9628B593DDB8}c:\\program files\\steam\\steamapps\\jimmzzyy88\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\jimmzzyy88\counter-strike source\hl2.exe:hl2
"UDP Query User{DE8C4660-EDE7-4541-BBE4-CB10EB460546}c:\\program files\\steam\\steamapps\\jimmzzyy88\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\jimmzzyy88\counter-strike source\hl2.exe:hl2
"TCP Query User{F49691A7-2444-4435-B96E-B42F73DF88C4}c:\\program files\\ultravnc\\winvnc.exe"= UDP:c:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32
"UDP Query User{793C7163-2039-4896-86B9-90CB86D94377}c:\\program files\\ultravnc\\winvnc.exe"= TCP:c:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32
"TCP Query User{F75E34AA-9015-42D7-A0AB-629122A7A272}c:\\program files\\aspyr\\guitar hero iii\\gh3.exe"= UDP:c:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
"UDP Query User{641F8C6B-8265-4DE5-9559-AF9640CB3E72}c:\\program files\\aspyr\\guitar hero iii\\gh3.exe"= TCP:c:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III
"TCP Query User{E970BD24-641E-4548-A418-85F1AD38F88C}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{99A7F5EC-EB71-4929-898E-C942F218CFBB}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{1DD033E9-2313-4222-BFB5-3CAF8B6786D2}c:\\windows\\system32\\java.exe"= UDP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"UDP Query User{499FF618-85DA-46D7-880F-B2FC041E5990}c:\\windows\\system32\\java.exe"= TCP:c:\windows\system32\java.exe:Java(TM) Platform SE binary
"TCP Query User{A222C721-6BAD-43A0-BE5A-7C2678D9C7FD}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{F9010F6A-C071-4249-99C4-577A65AABA5F}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{52D273C5-E696-48D9-97BD-D85A99EDEB08}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{BF66693C-44D9-476C-8DCA-26FC1631B5CB}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{FF9E79CC-3EB3-4328-A46B-718BE76D8282}c:\\program files\\steam\\steamapps\\jimmzzyy88\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\jimmzzyy88\counter-strike source\hl2.exe:hl2
"UDP Query User{CBFA36BD-2C51-4ABB-BE5E-90B9F0287A81}c:\\program files\\steam\\steamapps\\jimmzzyy88\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\jimmzzyy88\counter-strike source\hl2.exe:hl2
"TCP Query User{0D81E38E-AFE3-469E-A9E0-462B8E81B8DF}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{C3281F5C-3285-4F02-AC39-6BD00149C8B0}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{AA258C55-E6E3-4DFE-B1F4-2B49698199B7}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{E1E0A89C-2E6B-44C4-88F8-BBD1D90246E1}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{480E7FA1-93FE-4342-B41E-4FE6A0857B87}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{86608257-7014-46D4-87FB-F03B21FDEDFF}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{9B66EAA1-703E-4568-A9B8-56BE04EB08BF}"= Disabled:UDP:c:\users\Nowis\Documents\Azureus Downloads\IncrediMail.Xe.Premium.v5.85.Build.3821.Cracked-GDJ\Crack\IncMail.exe:IncrediMail
"{5925D798-4CF1-4937-BD75-828911A6E946}"= Disabled:TCP:c:\users\Nowis\Documents\Azureus Downloads\IncrediMail.Xe.Premium.v5.85.Build.3821.Cracked-GDJ\Crack\IncMail.exe:IncrediMail
"{09942E67-CC76-422A-B62D-411072F62722}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{28714790-A7B4-44FC-A26D-EDCD45861194}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{5F65D383-B64B-4997-AE17-AA4DE8056666}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{50B9400B-2AD7-4B4E-BD10-E4659ABEC1A5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{4AC8FAF9-B08C-4209-8260-3945F3AA3E99}c:\\users\\nowis\\downloads\\world_of_warcraft.exe"= UDP:c:\users\nowis\downloads\world_of_warcraft.exe:world_of_warcraft.exe
"UDP Query User{52C1671F-A7C4-4189-AE2C-505D8A6B8AD1}c:\\users\\nowis\\downloads\\world_of_warcraft.exe"= TCP:c:\users\nowis\downloads\world_of_warcraft.exe:world_of_warcraft.exe
"TCP Query User{CF5600CA-6432-4237-9883-71348638B475}c:\\users\\nowis\\downloads\\burning_crusade.exe"= UDP:c:\users\nowis\downloads\burning_crusade.exe:burning_crusade.exe
"UDP Query User{E7F4F456-067D-40F2-9D95-DE6C44BF649F}c:\\users\\nowis\\downloads\\burning_crusade.exe"= TCP:c:\users\nowis\downloads\burning_crusade.exe:burning_crusade.exe
"TCP Query User{3809D739-A277-4E6E-A912-D54C06A518B6}c:\\users\\nowis\\appdata\\local\\temp\\blizzard launcher temporary - 03225400\\launcher.exe"= UDP:c:\users\nowis\appdata\local\temp\blizzard launcher temporary - 03225400\launcher.exe:launcher.exe
"UDP Query User{C44BD226-3977-45D9-8E74-5D3D7CA3BA9B}c:\\users\\nowis\\appdata\\local\\temp\\blizzard launcher temporary - 03225400\\launcher.exe"= TCP:c:\users\nowis\appdata\local\temp\blizzard launcher temporary - 03225400\launcher.exe:launcher.exe
"TCP Query User{4A3CD1FA-EB4C-4234-B9B6-4F1C5C80E292}c:\\users\\nowis\\appdata\\local\\temp\\blizzard launcher temporary - e2e28290\\launcher.exe"= UDP:c:\users\nowis\appdata\local\temp\blizzard launcher temporary - e2e28290\launcher.exe:launcher.exe
"UDP Query User{F55E2F31-A569-4CD1-A6C9-0E0F71C263FE}c:\\users\\nowis\\appdata\\local\\temp\\blizzard launcher temporary - e2e28290\\launcher.exe"= TCP:c:\users\nowis\appdata\local\temp\blizzard launcher temporary - e2e28290\launcher.exe:launcher.exe
"TCP Query User{BA44B409-A19F-4C14-BD03-7EA8BE36FE62}d:\\jeux\\world of warcraft\\repair.exe"= UDP:\jeux\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{F8F456BA-B778-4BBF-87F1-0FDD5F863CDA}d:\\jeux\\world of warcraft\\repair.exe"= TCP:\jeux\world of warcraft\repair.exe:Blizzard Repair Utility
"{54873A2E-17F5-45EB-A02F-BB1B85EC95C7}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{82569BED-1395-4592-B259-FBBD571D8C1D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{A1951964-A6F6-47F7-A398-7E4404C1AF92}c:\\users\\nowis\\appdata\\local\\temp\\blizzard launcher temporary - 454caa68\\launcher.exe"= UDP:c:\users\nowis\appdata\local\temp\blizzard launcher temporary - 454caa68\launcher.exe:launcher.exe
"UDP Query User{FF59C5A9-4B06-488A-94CA-BF3E9AFA7689}c:\\users\\nowis\\appdata\\local\\temp\\blizzard launcher temporary - 454caa68\\launcher.exe"= TCP:c:\users\nowis\appdata\local\temp\blizzard launcher temporary - 454caa68\launcher.exe:launcher.exe
"TCP Query User{9E583598-BEE7-4957-A452-8512C4D31B45}d:\\jeux\\world of warcraft\\launcher.exe"= UDP:\jeux\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{71231D22-BC1A-411F-9C48-3F7D4BD024FA}d:\\jeux\\world of warcraft\\launcher.exe"= TCP:\jeux\world of warcraft\launcher.exe:Blizzard Launcher
"TCP Query User{DBCB0053-70AD-4B2F-A7AA-36A67F7118B5}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{32A340D9-C82C-4AAD-919D-C0FE87297DED}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{365F5DB0-81EF-4E81-BAE8-554DB22CE2A2}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{0A3062A5-1A4C-42FD-AA47-45F596B23EF7}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"{65ED3B29-1B67-4BF2-B0F2-E7DA625EB261}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{8A22C8B5-FB63-4750-97D1-17CE8BB10BE0}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{DE59C5B0-8A07-4FA0-A81B-898A100EE83A}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{77512E93-1334-4ADC-8CE1-259CB6BFBBE5}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{63451308-9F6B-4A46-93F3-CC14C6F352DF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{73DF1D07-3307-4AFC-8670-5CF3B89359C9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8987316B-8D70-4899-9662-D3BD9E5EC12C}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{CEE6A932-8988-4DDF-BB42-8F2494667D6C}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{D5A1084A-ABC2-45F7-ACC8-A93D6F87B019}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4133B176-8309-4DDF-990D-CB90F31C9004}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{62213499-7C90-4974-84ED-DB29FB155E6C}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [2008-09-08 13312]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-06-25 3662848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-09-08 44576]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\System32\drivers\vmc302.sys [2008-09-08 242048]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
S4 cron;Cron daemon;c:\cyg\bin\cygrunsrv.exe --> c:\cyg\bin\cygrunsrv.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bece7be-df22-11dd-8113-001377af24e1}]
\shell\AutoRun\command - F:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'

2009-02-17 c:\windows\Tasks\NeroLiveEpgUpdate-PC-de-Nowis_Nowis.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 13:51]

2009-02-17 c:\windows\Tasks\SupBackGroundTask.job
- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [2008-10-27 14:38]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://mystart.incredimail.com/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {029D5E5F-30D1-4033-BFB2-AFEBED6F8634} = 192.168.1.1
FF - ProfilePath - c:\users\Nowis\AppData\Roaming\Mozilla\Firefox\Profiles\jtzqlnd3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 19:58:36
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\users\Nowis\AppData\Roaming\Skype\simdu80\main.db-journal 25136 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(4668)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Heure de fin: 2009-02-18 20:01:35
ComboFix-quarantined-files.txt 2009-02-18 19:01:30
ComboFix2.txt 2009-02-17 22:31:23

Avant-CF: 33 679 175 680 octets libres
Après-CF: 33,455,722,496 octets libres

351 --- E O F --- 2009-02-16 15:53:41

Oui :

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1771
Windows 6.0.6001 Service Pack 1

17/02/2009 23:17:11
mbam-log-2009-02-17 (23-17-11).txt

Type de recherche: Examen complet (C:\|D:\|J:\|)
Eléments examinés: 248791
Temps écoulé: 33 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Nowis\Local Settings\Application Data\wohphx_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Nowis\Local Settings\Application Data\wohphx_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Nowis\Local Settings\Application Data\wohphx.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Nowis\Local Settings\Application Data\wohphx.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
J:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\wmplayer32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Voilà :

Search Navipromo version 3.7.4 commencé le 18/02/2009 à 23:45:21,73

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 16.02.2009 à 18h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz )
BIOS : Phoenix SecureCore(tm) NB Version 02LK.MP00.20080926.SCY
USER : Nowis ( Administrator )
BOOT : Normal boot




C:\ (Local Disk) - NTFS - Total:111 Go (Free:37 Go)
D:\ (Local Disk) - NTFS - Total:110 Go (Free:84 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
I:\ (USB) - FAT - Total:982 Mo (Free:0 Go)


Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\users\nowis\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\Nowis\AppData\Local\virtualstore\Program Files" ***



*** Recherche dossiers dans "C:\Users\Nowis\AppData\Local" ***



*** Recherche dossiers dans "C:\Users\ADMINI~1\AppData\Local" ***




*** Recherche dossiers dans "C:\Users\Nowis\AppData\Roaming" ***


*** Recherche dossiers dans "C:\Users\ADMINI~1\appdata\roaming" ***


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\Nowis\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\Nowis\AppData\Local" *

* Recherche dans "C:\Users\ADMINI~1\AppData\Local" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

Impossible d'aller plus loin, il bloque et se ferme...

Impossible sans rapport de l'option 1 complet...
Je reviens demain matin 7h pour répondre alors

Bonne soirée et merci

Excuse du retard ^^'

ça ne marche toujours pas...

Mais si y'a pas d'infection c'est bon