[résolu] Virus qui provoque un écran bleu :s

Bonjour à tous, je viens vers vous aujourd'hui pour vous expliquer ma situation...


Hier mon ordi s'éteind avec un écran bleu : BAD_POOL_HEADER (désolé je n'en sais pas plus ça va trop vite :s)

Je précise que je suis sous vista...
Je tente donc de le rallumer, même erreur... Je démarre en mode sans échec, je tente de regarde ce qui cloche au niveau des drivers (je venais juste d'installer Anti-malware...)...
De mémoire j'ai vu 2 ou 3 Vers, et je crois avoir aperçu le Baggle...


Je relance machine ce matin... ça marche, mais :

- plus de wifi
- impossible non plus avec cable ethernet
- très lent pour ouvrir un fichier...
- pas d'antivirus connecté (j'utilise Antivir)
===> évidamment quand je tente de l'activer, il me dis : pas une application win32 valide... (c'est pas notre ami Baggle ça ?)


Bref, je ne peux pas donner de rapport hijackthis, parce que c'est pas une application win32 valide non plus

Salut,

Tu es infecté par Bagle.

XP ou Vista ?

Rapport Hijackthis enfin disponible :

à noter des erreurs "For some reason your system denied write access to the hosts file."




Logfile of HijackThis v1.99.1
Scan saved at 12:40:34, on 15/03/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Nowis\AppData\Local\Temp\Rar$EX00.747\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{029D5E5F-30D1-4033-BFB2-AFEBED6F8634}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{029D5E5F-30D1-4033-BFB2-AFEBED6F8634}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - Unknown owner - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

############################## [ FindyKill V4.720 ]

# User : Nowis (Administrateurs) # PC-DE-NOWIS
# Update on 12/03/09 by Chiquitine29
# Start at: 12:46:54 | 15/03/2009

# Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled

# C:\ # Disque fixe local # 111,88 Go (20,38 Go free) # NTFS
# D:\ # Disque fixe local # 111 Go (58,68 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque CD-ROM
# I:\ # Disque CD-ROM
# J:\ # Disque CD-ROM
# M:\ # Disque amovible # 7,57 Go (1,9 Go free) [KINGSTON 8g] # NTFS

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Recovery Solution III\WCScheduler.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## [ Fichiers / Dossiers infectieux C:\ ]

Found ! - "C:\Muestras"
Found ! - C:\InfoSat.txt

################## [ C:\Windows ]


################## [ C:\Windows\system32 ]


################## [ C:\Windows\system32\drivers ]


################## [ C:\.. Application Data ... ]


################## [ Registre / Clés infectieuses ]

Found ! - HKEY_USERS\S-1-5-21-2856237762-1057885019-1358304490-1003\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_USERS\S-1-5-21-2856237762-1057885019-1358304490-1003\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-2856237762-1057885019-1358304490-1003\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-2856237762-1057885019-1358304490-1003\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-2856237762-1057885019-1358304490-1003\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData


################## [ Recherche dans supports amovibles]


# Contenu de l'autorun : M:\autorun.inf

[AUTORUN]
open=install.exe
icon=%SystemRoot%\system32\SHELL32.dll,7
UseAutoPlay=1
action= @install.exe
shell\open=Abrir
shell\open\command=install.exe
shell\open\Default=1

# Presence des fichiers :

Found ! [12/03/2009 09:07][---h-----] - M:\autorun.inf

################## [ Registre / Mountpoint2 ]

# -> Not found !

################## [ ! Fin du rapport # FindyKill V4.720 ! ]

############################## [ FindyKill V4.720 ]

# User : Nowis (Administrateurs) # PC-DE-NOWIS
# Update on 12/03/09 by Chiquitine29
# Start at: 15:08:28 | 15/03/2009

# Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled

# C:\ # Disque fixe local # 111,88 Go (24,18 Go free) # NTFS
# D:\ # Disque fixe local # 111 Go (58,68 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque CD-ROM
# I:\ # Disque CD-ROM
# J:\ # Disque CD-ROM

############################## [ Active Processes ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Recovery Solution III\WCScheduler.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## [ Infected Files / Folders C:\ ]

Deleted ! - "C:\Muestras"
Deleted ! - C:\InfoSat.txt

################## [ C:\Windows ]


################## [ C:\Windows\system32 ]


################## [ C:\Windows\system32\drivers ]


################## [ C:\.. Application Data ... ]


################## [ Registry / Infected keys ]

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\MuleAppData
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-2856237762-1057885019-1358304490-1003\Software\MuleAppData

################## [ Cleaning Removable drives ]

# Deleting files :


################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ Searching Other Infections ]

Suspect ! : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
# Taille : 868352 # MD5 : E676FAC25F2C42B4F7C2626C01FD70AB
File was renamed : msnmsgr.exe.REN

################## [ PEH Corrupted ]

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avadmin.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avconfig.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\guardgui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\licmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\preupd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\wsctool.exe
C:\Program Files\Mozilla Firefox\uninstall\helper.exe
C:\Program Files\Samsung\Samsung Magic Doctor\Sysinfo.exe
C:\Program Files\Samsung\Samsung PC Studio 3\LiveUpdate.exe
C:\Program Files\Samsung\Samsung PC Studio 3\Update\LiveUpdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Nowis\Desktop\ComboFix.exe
C:\Users\Nowis\Documents\Azureus Downloads\Windows XP Ultimate-Edition SP3 7.1 By Mad Dog\ULTIMATE.EDITION.7.1\APPS\SYSINFO.EXE
C:\Windows\System32\config\systemprofile\Desktop\Kill Bagle.exe

################## [ ! End of Report # FindyKill V4.720 ! ]

Voilà

à savoir qu'internet refonctionne en WIFI

Y'a t'il d'autre infection tant qu'on y est ? xD

Voilà :


Logfile of random's system information tool 1.05 (written by random/random)
Run by Nowis at 2009-03-15 18:06:12
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 24 GB (21%) free of 115 GB
Total RAM: 3066 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:35, on 15/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Recovery Solution III\WCScheduler.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\java.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Steam\Steam.exe
c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe
C:\Program Files\Steam\GameOverlayUI.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Nowis\Downloads\RSIT.exe
C:\Program Files\trend micro\Nowis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{029D5E5F-30D1-4033-BFB2-AFEBED6F8634}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{029D5E5F-30D1-4033-BFB2-AFEBED6F8634}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7714 bytes

======Scheduled tasks folder======

C:\Windows\tasks\NeroLiveEpgUpdate-PC-de-Nowis_Nowis.job
C:\Windows\tasks\SupBackGroundTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-27 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-27 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-08 6273568]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-10-26 1029416]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2009-03-15 266497]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-10-10 69632]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-27 136600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-11-02 167936]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-07-27 13548064]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-07-27 92704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-10-13 243072]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-02-04 23975720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-02-04 23975720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2008-12-27 1410296]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\Nowis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\AutoPlay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\Suppress_AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\Suppress_AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\AutoPlay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\Suppress_AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bece7be-df22-11dd-8113-001377af24e1}]
shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c522f2f4-d440-11dd-b280-001377af24e1}]
shell\AutoRun\command - install.exe
shell\open\command - install.exe


======List of files/folders created in the last 1 months======

2009-03-15 18:06:12 ----D---- C:\rsit
2009-03-15 17:39:52 ----D---- C:\Program Files\Windows Live SkyDrive
2009-03-15 17:30:12 ----D---- C:\Users\Nowis\AppData\Roaming\Windows Live Writer
2009-03-15 16:42:20 ----A---- C:\FindyKill.txt
2009-03-15 16:18:22 ----D---- C:\Users\Nowis\AppData\Roaming\pctmon
2009-03-15 16:17:16 ----D---- C:\Program Files\prtpcs
2009-03-15 12:46:21 ----D---- C:\Program Files\FindyKill
2009-03-15 09:58:45 ----D---- C:\ProgramData\WindowsSearch
2009-03-14 23:59:21 ----A---- C:\Windows\ntbtlog.txt
2009-03-14 23:48:34 ----D---- C:\Windows\Minidump
2009-03-11 02:07:16 ----A---- C:\Windows\system32\wmp.dll
2009-03-11 02:07:15 ----A---- C:\Windows\system32\spwmp.dll
2009-03-11 02:07:15 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-11 02:07:14 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-11 02:07:09 ----A---- C:\Windows\system32\schannel.dll
2009-03-10 19:54:13 ----D---- C:\Users\Nowis\AppData\Roaming\SPORE
2009-03-10 19:24:13 ----D---- C:\Program Files\Electronic Arts
2009-03-06 12:48:20 ----D---- C:\Program Files\Recosoft PDF2Office
2009-03-05 19:42:02 ----D---- C:\Program Files\Emjysoft
2009-03-05 00:55:49 ----D---- C:\Program Files\PdfGrabber 4.0
2009-03-04 19:45:24 ----D---- C:\ProgramData\PixelPlanet
2009-03-04 19:45:06 ----D---- C:\Users\Nowis\AppData\Roaming\PixelPlanet
2009-03-04 19:45:06 ----D---- C:\Program Files\Common Files\XpressUpdate
2009-03-01 16:43:11 ----D---- C:\Program Files\Age Of Empires 2
2009-02-27 12:47:22 ----D---- C:\Program Files\GameSpy Arcade
2009-02-26 21:01:59 ----D---- C:\Users\Nowis\AppData\Roaming\GameRanger
2009-02-24 20:36:26 ----D---- C:\Users\Nowis\AppData\Roaming\Mumble
2009-02-24 20:36:02 ----D---- C:\Program Files\Mumble
2009-02-23 16:35:32 ----D---- C:\Windows\system32\xlive
2009-02-23 16:35:31 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-02-23 13:47:41 ----D---- C:\ProgramData\TEMP
2009-02-22 18:50:25 ----A---- C:\Windows\NeroDigital.ini
2009-02-22 18:17:01 ----D---- C:\Program Files\THQ
2009-02-22 18:15:56 ----D---- C:\Users\Nowis\AppData\Roaming\InstallShield
2009-02-22 00:03:34 ----A---- C:\Windows\system32\SQLite3.dll
2009-02-21 22:22:33 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-02-21 22:22:33 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-02-21 22:22:32 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-02-21 22:22:31 ----A---- C:\Windows\system32\XAudio2_3.dll
2009-02-21 22:22:31 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2009-02-21 22:22:31 ----A---- C:\Windows\system32\xactengine3_3.dll
2009-02-21 22:22:31 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2009-02-21 22:20:58 ----D---- C:\Windows\system32\directx
2009-02-21 21:59:16 ----A---- C:\Windows\system32\nvexpbar.dll
2009-02-21 21:59:16 ----A---- C:\Windows\system32\nvcpluir.dll
2009-02-21 21:59:15 ----A---- C:\Windows\system32\nvcplui.exe
2009-02-21 21:10:24 ----D---- C:\Users\Nowis\AppData\Roaming\OpenOffice.org
2009-02-21 20:39:02 ----D---- C:\Program Files\OpenOffice.org 3
2009-02-21 18:56:12 ----A---- C:\Windows\system32\CmdLineExt03.dll
2009-02-21 18:28:23 ----D---- C:\Program Files\CCleaner
2009-02-18 23:45:21 ----A---- C:\fixnavi.txt
2009-02-18 23:44:46 ----D---- C:\Program Files\Navilog1
2009-02-18 21:35:13 ----D---- C:\Program Files\Trend Micro
2009-02-18 20:53:22 ----D---- C:\Program Files\eMule
2009-02-18 20:01:39 ----D---- C:\Windows\temp
2009-02-18 19:16:24 ----A---- C:\Windows\APDFPRP.INI
2009-02-18 19:16:21 ----D---- C:\Program Files\ElcomSoft
2009-02-17 23:22:40 ----D---- C:\Windows\ERDNT
2009-02-17 22:40:31 ----D---- C:\Users\Nowis\AppData\Roaming\Malwarebytes
2009-02-17 22:40:26 ----D---- C:\ProgramData\Malwarebytes
2009-02-17 22:07:22 ----A---- C:\IP.txt
2009-02-17 21:59:49 ----D---- C:\Users\Nowis\AppData\Roaming\Anakin Software
2009-02-17 21:59:34 ----A---- C:\Windows\system32\VB5DB.DLL
2009-02-17 18:05:26 ----D---- C:\Program Files\Common Files\Skype
2009-02-17 18:05:25 ----RD---- C:\Program Files\Skype
2009-02-16 21:57:43 ----D---- C:\Users\Nowis\AppData\Roaming\Samsung
2009-02-16 20:50:41 ----D---- C:\Users\Nowis\AppData\Roaming\FileZilla
2009-02-16 20:44:23 ----D---- C:\Users\Nowis\AppData\Roaming\IrfanView
2009-02-16 11:34:01 ----D---- C:\Program Files\Hamachi

======List of files/folders modified in the last 1 months======

2009-03-15 18:05:07 ----D---- C:\Program Files\Mozilla Firefox
2009-03-15 18:03:00 ----D---- C:\Program Files\Steam
2009-03-15 17:40:12 ----SHD---- C:\Windows\Installer
2009-03-15 17:40:12 ----HD---- C:\Config.Msi
2009-03-15 17:40:03 ----D---- C:\Windows\System32
2009-03-15 17:39:52 ----RD---- C:\Program Files
2009-03-15 17:39:45 ----D---- C:\Program Files\Windows Live
2009-03-15 17:38:12 ----SHD---- C:\System Volume Information
2009-03-15 17:36:48 ----D---- C:\Program Files\UltraVNC
2009-03-15 17:28:52 ----D---- C:\Windows\Prefetch
2009-03-15 16:51:50 ----D---- C:\Users\Nowis\AppData\Roaming\Hamachi
2009-03-15 15:11:33 ----D---- C:\Windows\system32\WDI
2009-03-15 14:38:03 ----D---- C:\Users\Nowis\AppData\Roaming\Skype
2009-03-15 09:58:45 ----HD---- C:\ProgramData
2009-03-15 09:50:39 ----D---- C:\Users\Nowis\AppData\Roaming\skypePM
2009-03-15 09:48:54 ----D---- C:\Windows
2009-03-15 08:35:37 ----D---- C:\Windows\system32\LogFiles
2009-03-15 00:40:30 ----HD---- C:\Windows\system32\drivers
2009-03-14 23:16:23 ----D---- C:\Program Files\Windows Live Safety Center
2009-03-14 20:15:09 ----D---- C:\Users\Nowis\AppData\Roaming\Azureus
2009-03-14 19:03:48 ----D---- C:\Program Files\Common Files\Steam
2009-03-14 15:32:52 ----D---- C:\Program Files\Wakfu
2009-03-14 15:31:56 ----D---- C:\Program Files\Micro Application
2009-03-14 15:31:18 ----D---- C:\Program Files\Dofus
2009-03-11 22:22:23 ----D---- C:\Windows\system32\catroot2
2009-03-11 07:15:12 ----D---- C:\Windows\winsxs
2009-03-11 07:05:08 ----D---- C:\Windows\system32\catroot
2009-03-11 07:02:24 ----D---- C:\Program Files\Windows Media Player
2009-03-11 07:02:24 ----D---- C:\Program Files\Windows Mail
2009-03-11 07:01:17 ----D---- C:\ProgramData\Microsoft Help
2009-03-10 19:26:02 ----D---- C:\Windows\inf
2009-03-10 19:26:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-03-10 19:22:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-05 00:55:58 ----SD---- C:\Users\Nowis\AppData\Roaming\Microsoft
2009-03-05 00:55:13 ----D---- C:\Program Files\Common Files
2009-03-02 12:41:10 ----D---- C:\Program Files\MSECache
2009-02-27 21:23:16 ----D---- C:\Program Files\Vuze
2009-02-27 13:04:38 ----RSD---- C:\Windows\Fonts
2009-02-27 13:04:31 ----D---- C:\Program Files\Microsoft Games
2009-02-24 15:29:19 ----RSD---- C:\Windows\assembly
2009-02-24 13:01:11 ----D---- C:\ProgramData\Messenger Plus!
2009-02-21 22:05:27 ----D---- C:\ProgramData\NVIDIA
2009-02-21 19:51:07 ----A---- C:\Windows\win.ini
2009-02-21 18:30:17 ----D---- C:\Windows\Debug
2009-02-19 23:46:14 ----RD---- C:\Users
2009-02-18 20:54:05 ----D---- C:\ProgramData\eMule
2009-02-18 20:01:45 ----D---- C:\Windows\system32\fr-FR
2009-02-18 19:58:43 ----A---- C:\Windows\system.ini
2009-02-18 19:57:46 ----D---- C:\Windows\AppPatch
2009-02-17 23:24:16 ----D---- C:\Program Files\Common Files\microsoft shared
2009-02-17 18:05:26 ----D---- C:\ProgramData\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2008-12-27 5632]
R2 KMDFMEMIO;SAMSUNG Kernel Driver; C:\Windows\system32\DRIVERS\kmdfmemio.sys [2007-05-23 13312]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-02-16 25280]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-07 2152088]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-09-26 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-09-26 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-09-26 28816]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-06-25 3662848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-08-05 44576]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-07-27 7548000]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-10-26 193456]
R3 VMC302;Vimicro Camera Service VMC302; C:\Windows\System32\Drivers\VMC302.sys [2008-06-05 242048]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-06-27 303616]
S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 btwaudio;Périphérique audio Bluetooth; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-15 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-15 16168]
S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys []
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-02-21 50688]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 xnacc;Contrôleur XBOX 360 pour le service de pilote Windows; C:\Windows\system32\DRIVERS\xnacc.sys [2008-01-21 521216]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-07-10 819200]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-07-27 196608]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-07-10 466944]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;Enregistreur VSS SQL Server; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-03-11 316664]
S2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2009-03-15 68865]
S2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2009-03-15 151297]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-28 654848]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-11-07 121360]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 cron;Cron daemon; C:\cyg\bin\cygrunsrv.exe []
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-13 45272]

-----------------EOF-----------------









info.txt logfile of random's system information tool 1.05 2009-03-15 18:06:37

======Uninstall list======

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
ABBYY FineReader 9.0 Professional Edition-->MsiExec.exe /I{F9000000-0001-0000-0000-074957833700}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Age of Empires II - The Conquerors - 1.0e Patch FINAL-->"C:\Program Files\Microsoft Games\Age of Empires II\unins000.exe"
Agere Systems HDA Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Atheros WLAN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04983D37-2202-4295-94A2-8B547C66133F}\setup.exe" -l0x9
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Dawn of War - Dark Crusade-->C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x040c -removeonly
Easy Battery Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}\setup.exe" -l0x9 Remove
Easy Display Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -l0x9 -removeonly
Easy Network Manager 4.0-->C:\Program Files\InstallShield Installation Information\{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}\setup.exe -runfromtemp -l0x040c
Easy SpeedUp Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF367AA4-070B-493C-9575-85BE59D789C9}\setup.exe" -l0x9 Remove
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Favorit-->c:\users\nowis\appdata\local\wohphx.bat
Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)-->C:\Windows\SQL9_KB960089_ENU\Hotfix.exe /Uninstall
Gestionnaire de contacts professionnels pour Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {69ca8988-1c6c-4285-b8af-db780a6e42af}
Gestionnaire de contacts professionnels pour Outlook 2007 SP1-->MsiExec.exe /X{69CA8988-1C6C-4285-B8AF-DB780A6E42AF}
Guitar Hero III-->MsiExec.exe /I{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 8.0-->C:\Program Files\HP\Digital Imaging\{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}\setup\hpzscr01.exe -datfile hposcr13.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
imagine digital freedom - Samsung-->MsiExec.exe /X{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}
IncrediMail JunkFilter Plus-->C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:JunkFilterPlus
IncrediMail-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel PROSet Wireless-->Intel PROSet Wireless
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x040c -removeonly
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Micro Application - Compil 100pc Détente-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B21FB712-1B08-47B3-B1A1-44D6EF100786}\setup.exe" -l0x40c
Microsoft Age of Empires II : The Conquerors Expansion-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A4040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft SOAP Toolkit 2.0 SP2-->MsiExec.exe /I{36BEAD11-8577-49AD-9250-E06A50AE87B0}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{480DBB60-F0B6-45F2-B26F-1A2E11197791}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{9C7E944F-4502-40B8-A0AB-66B2FA9EE829}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{75FF1600-6330-43FA-9022-E0835BF20778}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 3.0-->MsiExec.exe /I{1572F66F-F9AD-4D45-B0D2-0F45A0D5A0F6}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Patch The Bloody Sword 1-->D:\Jeux\World of Warcraft\Data\frFR\Uninstall.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PDF2Office v4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD63AC-C256-4237-A6C9-D166CF456422}\setup.exe" -l0x9 -removeonly
PdfGrabber 4.0-->MsiExec.exe /I{8DAEAEA6-BCA4-450C-9219-A84C81D8E54D}
PlayCamera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}\setup.exe" -l0x40c
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -removeonly
Samsung Magic Doctor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}\Setup.exe" -l0x9 Remove
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung Recovery Solution III-->"C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung Update Plus-->"C:\Program Files\InstallShield Installation Information\{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}\setup.exe" -runfromtemp -l0x0409 -removeonly
Samsung Update Plus-->MsiExec.exe /X{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x040c -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
User Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}\setup.exe" -l0x9 Remove
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vimicro UVC Camera-->C:\Program Files\InstallShield Installation Information\{71A51B09-E7D3-11DB-A386-005056C00008}\setup.exe -runfromtemp -l0x0009 -removeonly
VirginMega.Fr Premium-->MsiExec.exe /I{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}
Vuze-->C:\Program Files\Vuze\uninstall.exe
WIDCOMM Bluetooth Software 6.0.1.6300-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

======Security center information======

AS: Windows Defender

System event log

Computer Name: PC-de-Nowis
Event Code: 4201
Message: Le système a détecté que la carte réseau Loopback Pseudo-Interface 1 était connectée au réseau, et a lancé une opération normale.
Record Number: 22685
Source Name: Tcpip
Time Written: 20090121152236.356076-000
Event Type: Information
User:

Computer Name: PC-de-Nowis
Event Code: 4201
Message: Le système a détecté que la carte réseau Loopback Pseudo-Interface 1 était connectée au réseau, et a lancé une opération normale.
Record Number: 22686
Source Name: Tcpip
Time Written: 20090121152236.356076-000
Event Type: Information
User:

Computer Name: PC-de-Nowis
Event Code: 83
Message: Port A is down
Record Number: 22687
Source Name: yukonwlh
Time Written: 20090121152237.791285-000
Event Type: Information
User:

Computer Name: PC-de-Nowis
Event Code: 4201
Message: Le système a détecté que la carte réseau Connexion réseau sans fil était connectée au réseau, et a lancé une opération normale.
Record Number: 22688
Source Name: Tcpip
Time Written: 20090121152258.376346-000
Event Type: Information
User:

Computer Name: PC-de-Nowis
Event Code: 4201
Message: Le système a détecté que la carte réseau Connexion réseau sans fil était connectée au réseau, et a lancé une opération normale.
Record Number: 22689
Source Name: Tcpip
Time Written: 20090121152258.376346-000
Event Type: Information
User:

Application event log

Computer Name: PC-de-Nowis
Event Code: 9010
Message: Une demande de désactivation du Gestionnaire de fenêtrage a été effectuée par le processus (5732)
Record Number: 27960
Source Name: Desktop Window Manager
Time Written: 20090315165951.000000-000
Event Type: Information
User:

Computer Name: PC-de-Nowis
Event Code: 9013
Message: Le Gestionnaire de fenêtrage n’a pas pu démarrer, car la composition du Bureau a été désactivée par une application en cours d’exécution
Record Number: 27961
Source Name: Desktop Window Manager
Time Written: 20090315165951.000000-000
Event Type: Information
User:

Computer Name: PC-de-Nowis
Event Code: 9010
Message: Une demande de désactivation du Gestionnaire de fenêtrage a été effectuée par le processus (5808)
Record Number: 27962
Source Name: Desktop Window Manager
Time Written: 20090315170255.000000-000
Event Type: Information
User:

Computer Name: PC-de-Nowis
Event Code: 9013
Message: Le Gestionnaire de fenêtrage n’a pas pu démarrer, car la composition du Bureau a été désactivée par une application en cours d’exécution
Record Number: 27963
Source Name: Desktop Window Manager
Time Written: 20090315170255.000000-000
Event Type: Information
User:

Computer Name: PC-de-Nowis
Event Code: 8194
Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

Opération :
Données du rédacteur en cours de collecte

Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {490ad967-7bdd-4014-b855-2e2ee231a0c7}
Record Number: 27964
Source Name: VSS
Time Written: 20090315170646.000000-000
Event Type: Erreur
User:

Security event log

Computer Name: PC-de-Nowis
Event Code: 4904
Message: Une tentative d’inscription de la source d’un événement de sécurité a été effectuée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-NOWIS$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Processus :
ID du processus : 0x1084
Nom du processus : C:\Windows\System32\VSSVC.exe

Source de l’événement :
Nom de la source : VSSAudit
ID de la source de l’événement : 0x690104
Record Number: 17814
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090315170714.798631-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Nowis
Event Code: 4905
Message: Une tentative d’annulation d’inscription de la source d’un événement de sécurité a été effectuée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-NOWIS$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Processus :
ID du processus : 0x1084
Nom du processus : C:\Windows\System32\VSSVC.exe

Source de l’événement :
Nom de la source : VSSAudit
ID de la source de l’événement : 0x690104
Record Number: 17815
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090315170714.798631-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Nowis
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
Record Number: 17816
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090315170727.908631-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-Nowis
Event Code: 4904
Message: Une tentative d’inscription de la source d’un événement de sécurité a été effectuée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-NOWIS$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Processus :
ID du processus : 0x1084
Nom du processus : C:\Windows\System32\VSSVC.exe

Source de l’événement :
Nom de la source : VSSAudit
ID de la source de l’événement : 0x9d866a
Record Number: 17817
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090315170819.091631-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Nowis
Event Code: 4905
Message: Une tentative d’annulation d’inscription de la source d’un événement de sécurité a été effectuée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-NOWIS$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Processus :
ID du processus : 0x1084
Nom du processus : C:\Windows\System32\VSSVC.exe

Source de l’événement :
Nom de la source : VSSAudit
ID de la source de l’événement : 0x9d866a
Record Number: 17818
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090315170819.092631-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\WiFi\bin;C:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\Bitvise Tunnelier;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

R.A.S :


Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1851
Windows 6.0.6001 Service Pack 1

15/03/2009 18:32:56
mbam-log-2009-03-15 (18-32-56).txt

Type de recherche: Examen rapide
Eléments examinés: 68603
Temps écoulé: 3 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Il me semble que le fichier de la première ligne a été trouvé avec antivir, et j'ai fait supprimé


Sinon, voilà le rapport



DirLook.exe v2.0 by jpshortstuff
Log created at 18:44 on 15/03/2009
==================================
Contents of "C:\Program Files\prtpcs"

[color=blue]---FOLDERS---[/color]

(none found)

[color=blue]---FILES---[/color]

readme.txt (2194 bytes - created on 15/03/2009 at 15:17, modified on 13/04/2007 at 23:51) --a---

==================================
Contents of "C:\Users\Nowis\AppData\Roaming\pctmon"

[color=blue]---FOLDERS---[/color]

Temp_Ig (Created on 15/03/2009 at 15:18) d-----

[color=blue]---FILES---[/color]

pspt23.exe (552448 bytes - created on 15/03/2009 at 15:18, modified on 15/03/2009 at 15:18) --a---

==================================
[color=blue]=EOF=[/color]

Impossible d'ouvrir, Antivir m'ouvre tout le temps une fenêtre d'alerte

Je l'ai supprimé, il n'est plus dans le dossier, mais je pense qu'il va revenir, non ?

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Users\Nowis\AppData\Roaming\pctmon\Temp_Ig moved successfully.
C:\Users\Nowis\AppData\Roaming\pctmon moved successfully.
C:\Program Files\prtpcs moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Nowis\AppData\Local\Temp\hsperfdata_Nowis\3568 scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\hsperfdata_Nowis\4452 scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\+~JF3390029730421142961.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_101237097071.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_111237143860.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_121237119489.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_131233900408.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_141236912972.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_161236759165.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_181236492260.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_201234490827.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_211236981865.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_221237124424.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_231237093467.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_41236954063.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_71236954386.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_81236999872.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_91236992666.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_131236917060.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_141236912972.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_151236791136.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_161237132084.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_171237144965.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_181237144955.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_201237144968.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_211236981861.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_221237133887.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_231236553457.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_241235399286.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_251237057458.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_261236823466.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_271236971058.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_281237124017.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_291237100671.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_301237086272.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_311236924267.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_331236978264.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_341237125278.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_351237113432.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_361236899063.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_381237007073.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_391237122872.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_401237068263.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_411237125509.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_41236954061.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_71236989063.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_3_2_11231224990.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_8_2_11223394495.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\cteng_8_2_21231227908.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\etilqs_7HtDLTAeMTBNxNRz69Nh scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\etilqs_FH9ZnnOaagHw9xHoRUuK scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\etilqs_FH9ZnnOaagHw9xHoRUuK-journal scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\swt-awt-win32-3514.dll scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\swt-win32-3514.dll scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\~DF26B1.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\~DFEFAF.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Temp\~DFF8B8.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\Nowis\AppData\Local\Mozilla\Firefox\Profiles\jtzqlnd3.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Mozilla\Firefox\Profiles\jtzqlnd3.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Mozilla\Firefox\Profiles\jtzqlnd3.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Mozilla\Firefox\Profiles\jtzqlnd3.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Mozilla\Firefox\Profiles\jtzqlnd3.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Nowis\AppData\Local\Mozilla\Firefox\Profiles\jtzqlnd3.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03152009_235232

Files moved on Reboot...
C:\Users\Nowis\AppData\Local\Temp\hsperfdata_Nowis\3568 moved successfully.
C:\Users\Nowis\AppData\Local\Temp\hsperfdata_Nowis\4452 moved successfully.
C:\Users\Nowis\AppData\Local\Temp\+~JF3390029730421142961.tmp moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_101237097071.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_111237143860.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_121237119489.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_131233900408.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_141236912972.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_161236759165.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_181236492260.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_201234490827.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_211236981865.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_221237124424.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_231237093467.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_41236954063.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_71236954386.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_81236999872.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_1_91236992666.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_131236917060.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_141236912972.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_151236791136.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_161237132084.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_171237144965.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_181237144955.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_201237144968.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_211236981861.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_221237133887.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_231236553457.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_241235399286.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_251237057458.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_261236823466.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_271236971058.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_281237124017.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_291237100671.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_301237086272.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_311236924267.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_331236978264.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_341237125278.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_351237113432.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_361236899063.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_381237007073.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_391237122872.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_401237068263.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_411237125509.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_41236954061.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_1_2_71236989063.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_3_2_11231224990.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_8_2_11223394495.dat moved successfully.
C:\Users\Nowis\AppData\Local\Temp\cteng_8_2_21231227908.dat moved successfully.
File C:\Users\Nowis\AppData\Local\Temp\etilqs_7HtDLTAeMTBNxNRz69Nh not found!
C:\Users\Nowis\AppData\Local\Temp\etilqs_FH9ZnnOaagHw9xHoRUuK moved successfully.
C:\Users\Nowis\AppData\Local\Temp\etilqs_FH9ZnnOaagHw9xHoRUuK-journal moved successfully.
LoadLibrary failed for C:\Users\Nowis\AppData\Local\Temp\swt-awt-win32-3514.dll
C:\Users\Nowis\AppData\Local\Temp\swt-awt-win32-3514.dll NOT unregistered.
C:\Users\Nowis\AppData\Local\Temp\swt-awt-win32-3514.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\Nowis\AppData\Local\Temp\swt-win32-3514.dll
C:\Users\Nowis\AppData\Local\Temp\swt-win32-3514.dll NOT unregistered.
C:\Users\Nowis\AppData\Local\Temp\swt-win32-3514.dll moved successfully.
C:\Users\Nowis\AppData\Local\Temp\~DF26B1.tmp moved successfully.
C:\Users\Nowis\AppData\Local\Temp\~DFEFAF.tmp moved successfully.
C:\Users\Nowis\AppData\Local\Temp\~DFF8B8.tmp moved successfully.
C:\Users\Nowis\AppData\Local\Mozilla\Firefox\Profiles\jtzqlnd3.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Nowis\AppData\Local\Mozilla\Firefox\Profiles\jtzqlnd3.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Nowis\AppData\Local\Mozilla\Firefox\Profiles\jtzqlnd3.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Nowis\AppData\Local\Mozilla\Firefox\Profiles\jtzqlnd3.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Nowis\AppData\Local\Mozilla\Firefox\Profiles\jtzqlnd3.default\urlclassifier3.sqlite moved successfully.
C:\Users\Nowis\AppData\Local\Mozilla\Firefox\Profiles\jtzqlnd3.default\XUL.mfl moved successfully.

Voilu :




Avira AntiVir Personal
Date de création du fichier de rapport : lundi 16 mars 2009 10:03

La recherche porte sur 1297221 souches de virus.

Détenteur de la licence :Avira AntiVir PersonalEdition Classic
Numéro de série : 0000149996-ADJIE-0001
Plateforme : Windows Vista
Version de Windows Service Pack 1) [6.0.6001]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur C-DE-NOWIS

Informations de version :
BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00
AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16
LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 17:15:12
ANTIVIR2.VDF : 7.1.2.152 749568 Bytes 11/03/2009 17:15:12
ANTIVIR3.VDF : 7.1.2.171 61952 Bytes 13/03/2009 17:15:12
Version du moteur: 8.2.0.114
AEVDF.DLL : 8.1.1.0 106868 Bytes 15/03/2009 17:15:12
AESCRIPT.DLL : 8.1.1.63 364923 Bytes 15/03/2009 17:15:12
AESCN.DLL : 8.1.1.8 127346 Bytes 15/03/2009 17:15:12
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.10 397686 Bytes 15/03/2009 17:15:12
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 15/03/2009 17:15:12
AEHEUR.DLL : 8.1.0.104 1634679 Bytes 15/03/2009 17:15:12
AEHELP.DLL : 8.1.2.2 119158 Bytes 15/03/2009 17:15:12
AEGEN.DLL : 8.1.1.28 336244 Bytes 15/03/2009 17:15:12
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.6.6 176501 Bytes 15/03/2009 17:15:12
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16
RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43

Configuration pour la recherche actuelle :
Nom de la tâche..................: Contrôle intégral du système
Fichier de configuration.........: C:\program files\avira\antivir personaledition classic\sysscan.avp
Documentation....................: bas
Action principale................: interactif
Action secondaire................: ignorer
Recherche sur les secteurs d'amorçage maître: marche
Recherche sur les secteurs d'amorçage: marche
Secteurs d'amorçage..............: C:, D:,
Recherche dans les programmes actifs: marche
Recherche en cours sur l'enregistrement: marche
Recherche de Rootkits............: marche
Fichier mode de recherche........: Sélection de fichiers intelligente
Recherche sur les archives.......: marche
Limiter la profondeur de récursivité: 20
Archive Smart Extensions.........: marche
Heuristique de macrovirus........: marche
Heuristique fichier..............: moyen

Début de la recherche : lundi 16 mars 2009 10:03

La recherche d'objets cachés commence.
'82465' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'java.exe' - '1' module(s) sont contrôlés
Processus de recherche 'java.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SynTPHelper.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wlcomm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'skypePM.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpqste08.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ImApp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'KHALMNPR.exe' - '1' module(s) sont contrôlés
Processus de recherche 'soffice.bin' - '1' module(s) sont contrôlés
Processus de recherche 'soffice.exe' - '1' module(s) sont contrôlés
Processus de recherche 'conime.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hamachi.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SetPoint.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpqtra08.exe' - '1' module(s) sont contrôlés
Processus de recherche 'BTTray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Skype.exe' - '1' module(s) sont contrôlés
Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PWRISOVM.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'hpwuSchd2.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SynTPEnh.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RtHDVCpl.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WmiPrvSE.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WCScheduler.exe' - '1' module(s) sont contrôlés
Processus de recherche 'EasySpeedUpManager.exe' - '1' module(s) sont contrôlés
Processus de recherche 'dmhkcore.exe' - '1' module(s) sont contrôlés
Processus de recherche 'EasyBatteryMgr3.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SearchIndexer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MagicDoctorKbdHk.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sqlwriter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sqlbrowser.exe' - '1' module(s) sont contrôlés
Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RegSrvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'dwm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'NBService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'EvtEng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés
Processus de recherche 'BcmSqlStartupSvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'agrsmsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'NetworkLicenseServer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wlanext.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SLsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'audiodg.exe' - '0' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'nvvsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wininit.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'80' processus ont été contrôlés avec '80' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'D:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence.
Le registre a été contrôlé ( '49' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
Recherche débutant dans 'D:\'


Fin de la recherche : lundi 16 mars 2009 10:52
Temps nécessaire: 48:48 Minute(s)

La recherche a été effectuée intégralement

19471 Les répertoires ont été contrôlés
451904 Des fichiers ont été contrôlés
0 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
1 Impossible de contrôler des fichiers
451903 Fichiers non infectés
9340 Les archives ont été contrôlées
1 Avertissements
0 Consignes
82465 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés

Pour précision, je te conseille de modifier tes canneds, car pour vista, il faut faire un clique droit, et "executer en tant qu'admin" pour lancer correctement Navilog1

Sinon, voilà le rapport :


Search Navipromo version 3.7.6 commencé le 16/03/2009 à 20:11:45,86

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz )
BIOS : Phoenix SecureCore(tm) NB Version 02LK.MP00.20080926.SCY
USER : Nowis ( Administrator )
BOOT : Normal boot




C:\ (Local Disk) - NTFS - Total:111 Go (Free:21 Go)
D:\ (Local Disk) - NTFS - Total:110 Go (Free:58 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (CD or DVD)
M:\ (USB) - NTFS - Total:7750 Mo (Free:1 Go)


Recherche executé en mode normal


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\users\nowis\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\Nowis\AppData\Local\virtualstore\Program Files" ***



*** Recherche dossiers dans "C:\Users\Nowis\AppData\Local" ***



*** Recherche dossiers dans "C:\Users\ADMINI~1\AppData\Local" ***




*** Recherche dossiers dans "C:\Users\Nowis\AppData\Roaming" ***


*** Recherche dossiers dans "C:\Users\ADMINI~1\appdata\roaming" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\Nowis\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\Nowis\AppData\Local" *

* Recherche dans "C:\Users\ADMINI~1\AppData\Local" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\Windows\system32" :


* Dans "C:\Users\Nowis\AppData\Local\Microsoft" :


* Dans "C:\Users\Nowis\AppData\Local" :


* Dans "C:\Users\ADMINI~1\AppData\Local" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :

Beaucoup mieux, on va dire que ça m'a bien aidé ^^'

Je suis maintenant la formation pour devenir helpeur, que je voulais tant faire depuis x temps !

En tout cas, merci de ton aide, et de rien pour le canned

Peut-être qu'un jour j'aurais ton niveau ^^'

En attendant je crois que j'ai énormément de lecture et d'analyse à travailler !

Encore merci