TR/Cryptredol.18944.2.2 Trojan

ratus888 -  
 ratus888 -
Bonjour,

mon antivirus a détecté ce virus: TR/Cryptredol.18944.2.2 Trojan
mais je n'arrive pas à supprimer voici le rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:22, on 02/08/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Anna\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ent.u-bourgogne.fr/portail.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate1c9d2f7e82e47f8) (gupdate1c9d2f7e82e47f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Wacom Touch Service (WacomTouchService) - Unknown owner - C:\Windows\system32\WacomTouchService.exe

--
End of file - 11921 bytes
Configuration: Windows Vista Internet Explorer 8.0

7 réponses

  1. Narco!4 Messages postés 2446 Statut Contributeur 467
     
    Bonjour,

    télécharge GenProc http://www.genproc.com/GenProc.exe

    double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
    0
  2. ratus888
     
    voici le rapport de combofix:

    **********************************************************************************
    ComboFix 09-08-01.09 - Anna 02/08/2009 18:24.1.2 - NTFSx86 MINIMAL
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.1982.1516 [GMT 2:00]
    Running from: c:\users\Anna\Desktop\ComboFix.exe
    .
    /wow section not completed

    ((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
    .

    2009-08-02 15:51 . 2009-08-02 15:51 -------- d-----w- c:\program files\CCleaner
    2009-08-02 15:38 . 2009-08-02 15:48 -------- d-----w- C:\Genproc
    2009-07-22 14:00 . 2009-07-22 15:07 -------- d-----w- c:\windows\BDOSCAN8
    2009-07-19 15:16 . 2009-07-20 19:40 570 ----a-w- c:\windows\system32\geyekrdribmloj.dat
    2009-07-17 23:46 . 2009-07-17 23:46 -------- d-----w- c:\users\Anna\AppData\Local\Graboid_Inc
    2009-07-17 23:46 . 2009-07-17 23:46 -------- d-----w- c:\users\Anna\AppData\Local\Graboid
    2009-07-17 23:46 . 2009-07-17 23:47 -------- d-----w- c:\users\Anna\AppData\Roaming\MozillaControl
    2009-07-17 23:44 . 2009-07-17 23:49 -------- d-----w- c:\program files\Graboid
    2009-07-15 13:35 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
    2009-07-15 13:35 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-07-15 13:35 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
    2009-07-15 13:35 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
    2009-07-15 13:35 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
    2009-07-15 13:35 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-02 16:13 . 2007-12-09 17:47 702978 ----a-w- c:\windows\system32\perfh00C.dat
    2009-08-02 16:13 . 2007-12-09 17:47 122898 ----a-w- c:\windows\system32\perfc00C.dat
    2009-08-02 15:49 . 2009-05-12 11:50 -------- d-----w- c:\users\Anna\AppData\Roaming\Skype
    2009-08-02 14:07 . 2008-11-25 19:26 -------- d-----w- c:\users\Anna\AppData\Roaming\skypePM
    2009-08-02 13:46 . 2008-07-02 16:03 -------- d-----w- c:\users\Anna\AppData\Roaming\WTablet
    2009-08-02 02:32 . 2008-02-28 02:54 12 ----a-w- c:\windows\bthservsdp.dat
    2009-08-01 12:11 . 2008-09-29 15:08 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-07-23 15:32 . 2008-07-02 16:55 27744 ----a-w- c:\users\Anna\AppData\Roaming\nvModes.dat
    2009-07-21 21:52 . 2009-07-29 14:06 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-07-21 21:47 . 2009-07-29 14:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-07-21 21:47 . 2009-07-29 14:06 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-07-21 20:13 . 2009-07-29 14:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-07-20 19:43 . 2008-11-18 06:25 7944 ----a-w- c:\users\Anna\AppData\Local\d3d9caps.dat
    2009-07-16 15:23 . 2008-07-02 16:20 108248 ----a-w- c:\users\Anna\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-07-16 14:31 . 2007-12-09 11:48 -------- d-----w- c:\programdata\Microsoft Help
    2009-07-16 03:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-06-22 20:50 . 2009-06-22 20:45 -------- d-----w- c:\program files\ImageJ
    2009-06-12 01:12 . 2007-12-09 11:25 -------- d-----w- c:\program files\Microsoft Works
    2009-05-28 00:13 . 2008-07-05 11:40 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-07-23 20:51 . 2009-02-08 12:15 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
    2008-10-25 14:30 . 2008-10-25 14:30 22 --sha-w- c:\windows\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    2008-02-14 12:54 1555480 ----a-w- c:\program files\free-downloads.net\tbfree.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-11-25 171448]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-08 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-08 8501792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-08 81920]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-11-01 671744]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-29 185640]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
    "DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-12-09 1006264]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 266497]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
    "DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 259624]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-10 4702208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]
    HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    SetupExecute REG_MULTI_SZ \0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli DPPWDFLT

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{334B0DFC-371C-4510-B5CC-3384CF1CE68E}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{5A696AE9-874B-4BF8-B1F5-F64F2DADE9B7}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{F7855F58-EBD7-42D3-91E5-B0A1B3DE5C56}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{A067D651-8DE6-403D-86B6-A921B96BDDEA}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
    "{92C35FAD-F088-40B7-8D3C-7ECFA28ABA23}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
    "{D4813DEA-4C13-4A6B-8326-C7D1A4127E8E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "TCP Query User{85FD5ADA-8E13-4E2D-A639-AF1C87CFD6B4}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{A6B10350-853E-4FCE-BA17-C963FD957A4D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{DA6CA91C-3BCC-40E0-A33A-8920D88A724A}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{609A85FA-B7FF-4F8D-90CB-23CDA9D05173}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{24388043-1BF7-4535-9114-7B71E3C1BE7F}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{007F3217-331C-47EB-86B5-26A15A9C6939}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{F9BAE322-4012-4D90-B254-011BC799C709}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{2565FD79-317E-4210-A75A-1357687F170D}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{BC93BD81-5F5D-45E3-BEF9-576541834D7B}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{E6EB2C5B-42C1-4A91-AD52-7703DD94570A}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{36CD2DB9-C2B3-477E-A1AB-5E25FB49C3B8}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{9CCE7A04-285D-45A5-87EE-827AD1315B2B}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{C5C77C1C-29E3-4FCE-9EAD-7AE2054363BB}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{39FE5363-9D21-492B-B8A9-0D5D4B60A995}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{1884B7A4-BD42-4EEF-A030-660EA767A98F}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{28E08140-B00E-4A43-82E1-9BCCE257EAD6}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{7B567126-B654-4774-AC55-2063A128732A}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{756AA2A2-084A-4BAB-8D08-B897DF260E3E}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{DC3FB23F-557A-4A8C-8665-7AF13FF15198}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{A43D53D3-38BF-436C-9621-B4AEE3344617}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{8BF1E9DD-A341-4BBA-BE4F-1CA6F7CF15F7}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{EB2BFE68-4643-4A13-8D87-7C227A90BFC1}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{857818F6-232D-4EEA-A29C-247F0EC225A8}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{138D2CF8-DEFC-455C-AA3B-E87EA9C4EC9A}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{474CA222-68EE-43B1-B051-81B392C08A60}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{7BF40A84-5408-4A16-A3CA-E7841AFA15C3}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{B14DC644-F14B-44C8-819D-775C0D1D1A45}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{297D2FEF-BF48-447D-9242-0A37F609A351}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{C69E74FB-15A9-49B8-A1DA-1064F9A2C3B5}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{BCF19381-4CC7-4071-8296-771CAD962BFA}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{62D599B6-1B6B-4442-9269-86167E6946DA}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{C0D8C453-1C0C-402A-BE36-B38A936AADEE}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{CA8DE8C6-98D8-4410-91AE-CB58356DB903}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{B2E819B0-7B60-49CE-AC71-7F1071B2B2C1}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{70901A20-55C1-45D6-B1A6-B8F013AF917B}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{B86D8E47-AF28-42D1-AA5F-0EB5D6519ABB}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{2526FB10-BDA7-48B9-AC4C-2397CADBCB8C}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{1D83230D-45FE-4598-A6C2-4B51D969DF53}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{00FF3DD1-FCCB-4658-A254-2375FB67333C}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{E904BF98-5B8D-4094-BA63-0C1946080D0A}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{7CB3D277-2005-4A9C-B240-A41044A3DAC3}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{8C19F1B9-F18C-49E6-9E0A-A89B5ECF73F5}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{5638F4E2-0EA7-48BC-850D-B4911CBD56BD}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{CBFE8C37-972F-4103-A093-E700621F1BF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{95410D59-4D21-4F49-8FB1-7F9738D37116}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{1BB9B8A8-3DB3-4E9D-A918-CED21906F5A5}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{8959E6A8-0DCB-4AAA-92B8-9FC8881C57C8}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{3B596817-8244-455F-9E20-75B5BC3FF61D}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{230E1D0C-5E3F-4FFB-9620-B0DF2522794F}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{872D7526-2850-4F06-8D2A-C61159214A0D}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{A1E5DFA8-1CA1-46F0-8F19-661E4A49D63D}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{D78AFBB6-55FB-4273-8614-7594FFB81B59}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{9D464BDB-08F2-4727-BB66-4CC876A3BE3E}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{E19927FA-BB6A-42A1-A99E-10ED6C19F492}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{6822EC5E-04BD-48D1-AECA-DAD175F00EB3}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{958F2B5E-4FE6-4997-948B-2FA29B61D75C}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{DF05DF17-BF1D-4189-9269-11D144C0525F}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{22752B33-E463-42EC-868E-82D5437A0285}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{08D1E1DD-C1A6-4111-997F-F829AEF129DA}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{7D4EFAC8-E678-4CF1-825E-0661AC56B522}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{0B9A910B-DBF7-4553-9D92-04AF162AB687}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{DBD9870F-59C9-4F8D-B323-41FA8BF0A773}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{B110BE09-36E6-4C41-B652-42C061A04464}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{D4C64CC5-53CE-4D0F-9C1F-23D882E66660}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{91AA3285-F86E-43C8-B2DE-761CC9D74A26}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{7524FC89-2C92-43DB-A4A8-9DF13D7DE424}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{302ECD40-7486-4952-A383-B6F4E6DA71B3}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{4CF14C5A-A894-4DC9-9DB4-292309F7DE32}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{450E7972-7840-437C-8F66-6B68DFBDEEBF}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{DBDA9E38-6D70-4AF3-95EE-D451358EF413}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{53C18C28-8B57-4034-945E-B00568C75242}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{A3EDF822-C05B-4F61-8388-FC0AF913746B}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{092BDF12-515E-40B8-94C9-AD6AEECC03FC}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{9E2784E6-8FD3-4080-B127-DD0B61CCFF59}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{7561B3DB-3971-48E8-9442-90230192B58D}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{90E8AB30-3D74-4742-B39F-7905C8DC05BD}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{D4E1278F-27AE-4FC9-8A5D-AFABEBBEC8E5}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{EA4EE4BB-26AB-4C99-9F8F-48C256109363}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{9DECD7C9-AB00-4C22-B72E-8D318F16EEF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{CF73EF7D-3475-4EAA-954D-2EE6564F5A84}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{6B056E8E-E756-4418-A4DD-32FB64255CF0}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{CB8A7B4F-B5A6-4EEB-9D6E-CD4DAC577E31}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{421C9056-02F1-4DCC-9330-D3ECF84BDC59}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{66FCD4FE-47D6-4319-9AF5-F10A8658A7A8}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{22E39F56-B914-47D4-9FBD-08028ED1965A}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{B536A463-7900-4AB7-BE05-D56A5FA2CB44}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{4215AD0C-3AD7-4922-B28F-F0FC8E775D0B}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{050ACBDC-729F-4865-8CA5-615973B50B81}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{5280D445-BD79-40A8-B99F-EB8277677BF2}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{D25C3D5E-452A-412C-A63B-FD491DFD1BD8}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{99F8C1A1-E30B-4E47-8B4F-E2DF07E414C3}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{A76259EF-2543-4B37-B1B1-099671933E1D}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{BC0BA36C-5EB1-4492-8E83-C1960609538B}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{AB012D46-F5B2-4287-A722-23A7A324DA4F}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{E3A7D838-3EED-4393-B9DA-3E453B7B36AE}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{28352245-79D1-4D18-8600-C281857116E2}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{181319E0-C57A-405A-B6C1-6B33EA18C86A}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{B99EC42C-9B9E-446F-A0B1-42A5FBC79577}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{36AAA45B-F0B2-4C2F-8173-2CB9A5B91D42}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{0A02A3E7-73B5-4540-843C-DE257F813F0D}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{2DF0A662-D4BB-4D7D-BFEE-24D46E389B44}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{9879954F-AA3C-427B-B9CF-BB0937B12390}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{0C39FFAC-0F18-4CBC-B3C5-6D7F0883EDBE}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{0F82E0D5-FDE6-4805-84A9-60F2269BE137}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{FBECCAFC-7291-4719-BA4F-D4A50C07308C}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{2824ABA7-89D0-4536-9F1D-56328347858A}"= c:\program files\Skype\Phone\Skype.exe:Skype

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R2 gupdate1c9d2f7e82e47f8;Service Google Update (gupdate1c9d2f7e82e47f8);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 133104]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-11-08 1369384]
    R2 WacomTouchService;Wacom Touch Service;c:\windows\system32\WacomTouchService.exe [2007-10-16 95528]
    S3 Wacomhidfilter;Wacom HID Filter;c:\windows\system32\DRIVERS\wacomhidfilter.sys [2007-11-05 10536]
    S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2007-02-22 11312]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - ECACHE

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 11:50]

    2009-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 11:50]

    2009-08-02 c:\windows\Tasks\User_Feed_Synchronization-{00178BE8-2EC3-4720-805B-2EAA3920F7B0}.job
    - c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    HKLM-RunOnce-<NO NAME> - (no file)

    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\2o3e7dai.default\
    FF - prefs.js: browser.search.selectedEngine - Google (Language: FR)
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
    FF - prefs.js: network.proxy.type - 2
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    .
    ------- File Associations -------
    .
    regedit=regedit.exe "%1"
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-02 18:32
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    c:\users\Anna\AppData\Local\Temp\catchme.dll 53248 bytes executable

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(496)
    c:\windows\system32\DPPWDFLT.dll

    - - - - - - - > 'Explorer.exe'(1516)
    c:\windows\system32\btncopy.dll
    .
    Completion time: 2009-08-02 18:34
    ComboFix-quarantined-files.txt 2009-08-02 16:34

    Pre-Run: 183 831 977 984 octets libres
    Post-Run: 184 564 187 136 octets libres

    308 --- E O F --- 2009-08-01 01:01

    **********************************************************************************

    $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

    rapport gen proc
    *********************************************************************************
    Rapport GenProc 2.611 [4] - 02/08/2009 à 18:53:59
    @ Windows Vista "CSDVersion" does not exist - Mode normal
    @ Internet Explorer (8.0.6001.18813) [Navigateur par défaut]

    # Etape 1/ Télécharge :

    - ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe (sUBs) sur ton Bureau.

    Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Anna *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[4]" sur ton bureau).

    # Etape 2/

    Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l'ordinateur.

    # Etape 3/

    Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

    # Etape 4/

    Redémarre normalement et poste, dans la même réponse :

    - Le contenu du rapport Combofix.txt situé dans C:\ ;
    - Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
    - Un nouveau rapport GenProc ;

    Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

    ~~ Arguments de la procédure ~~

    # Détections [2] GenProc 2.611 02/08/2009 à 17:48:33
    TDSS:le 02/08/2009 à 17:48:53 "C:\Windows\System32\geyekr*.???"

    # Détections [3] GenProc 2.611 02/08/2009 à 18:51:30
    TDSS:le 02/08/2009 à 18:52:05 "C:\Windows\System32\geyekr*.???"

    # Détections [4] GenProc 2.611 02/08/2009 à 18:54:00
    TDSS:le 02/08/2009 à 18:54:19 "C:\Windows\System32\geyekr*.???"

    ----------------------------------------------------------------------
    Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
    ----------------------------------------------------------------------

    ~~ Fin à 18:54:26 ~~
    **************************************************************************
    $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

    rapport
    *****************************************************************************
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:01:48, on 02/08/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Hp\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6BXX0IVK\HiJackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
    O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking9\Ereg.ini
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Service Google Update (gupdate1c9d2f7e82e47f8) (gupdate1c9d2f7e82e47f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
    O23 - Service: Wacom Touch Service (WacomTouchService) - Unknown owner - C:\Windows\system32\WacomTouchService.exe
    0
  3. Narco!4 Messages postés 2446 Statut Contributeur 467
     
    recommence combofix en mode sans echec et tu le renomme en ce que tu veut avant de le lancer
    0
  4. ratus888
     
    pourquoi en refaire un? à quoi ça sert de le renommer?
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Narco!4 Messages postés 2446 Statut Contributeur 467
     
    car ça n'a rien fait là
    0
  7. ratus888
     
    ComboFix 09-08-01.09 - Anna 02/08/2009 21:18.2.2 - NTFSx86 MINIMAL
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.1982.1537 [GMT 2:00]
    Running from: c:\users\Anna\Desktop\nanette.exe
    .
    /wow section not completed

    ((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
    .

    2009-08-02 15:51 . 2009-08-02 15:51 -------- d-----w- c:\program files\CCleaner
    2009-08-02 15:38 . 2009-08-02 15:48 -------- d-----w- C:\Genproc
    2009-07-22 14:00 . 2009-07-22 15:07 -------- d-----w- c:\windows\BDOSCAN8
    2009-07-19 15:16 . 2009-07-20 19:40 570 ----a-w- c:\windows\system32\geyekrdribmloj.dat
    2009-07-17 23:46 . 2009-07-17 23:46 -------- d-----w- c:\users\Anna\AppData\Local\Graboid_Inc
    2009-07-17 23:46 . 2009-07-17 23:46 -------- d-----w- c:\users\Anna\AppData\Local\Graboid
    2009-07-17 23:46 . 2009-07-17 23:47 -------- d-----w- c:\users\Anna\AppData\Roaming\MozillaControl
    2009-07-17 23:44 . 2009-07-17 23:49 -------- d-----w- c:\program files\Graboid
    2009-07-15 13:35 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
    2009-07-15 13:35 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-07-15 13:35 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
    2009-07-15 13:35 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
    2009-07-15 13:35 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
    2009-07-15 13:35 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-02 19:12 . 2008-02-28 02:54 12 ----a-w- c:\windows\bthservsdp.dat
    2009-08-02 19:11 . 2009-05-12 11:50 -------- d-----w- c:\users\Anna\AppData\Roaming\Skype
    2009-08-02 19:10 . 2008-07-02 16:03 -------- d-----w- c:\users\Anna\AppData\Roaming\WTablet
    2009-08-02 16:45 . 2008-11-25 19:26 -------- d-----w- c:\users\Anna\AppData\Roaming\skypePM
    2009-08-02 16:13 . 2007-12-09 17:47 702978 ----a-w- c:\windows\system32\perfh00C.dat
    2009-08-02 16:13 . 2007-12-09 17:47 122898 ----a-w- c:\windows\system32\perfc00C.dat
    2009-08-01 12:11 . 2008-09-29 15:08 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-07-23 15:32 . 2008-07-02 16:55 27744 ----a-w- c:\users\Anna\AppData\Roaming\nvModes.dat
    2009-07-21 21:52 . 2009-07-29 14:06 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-07-21 21:47 . 2009-07-29 14:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-07-21 21:47 . 2009-07-29 14:06 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-07-21 20:13 . 2009-07-29 14:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-07-20 19:43 . 2008-11-18 06:25 7944 ----a-w- c:\users\Anna\AppData\Local\d3d9caps.dat
    2009-07-16 15:23 . 2008-07-02 16:20 108248 ----a-w- c:\users\Anna\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-07-16 14:31 . 2007-12-09 11:48 -------- d-----w- c:\programdata\Microsoft Help
    2009-07-16 03:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-06-22 20:50 . 2009-06-22 20:45 -------- d-----w- c:\program files\ImageJ
    2009-06-12 01:12 . 2007-12-09 11:25 -------- d-----w- c:\program files\Microsoft Works
    2009-05-28 00:13 . 2008-07-05 11:40 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-07-23 20:51 . 2009-02-08 12:15 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
    2008-10-25 14:30 . 2008-10-25 14:30 22 --sha-w- c:\windows\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-08-02_16.32.36 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-12-09 09:07 . 2009-08-02 19:11 49248 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2007-12-09 09:07 . 2009-08-02 13:47 49248 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2009-08-02 19:11 96522 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-07-02 16:05 . 2009-08-02 13:47 11906 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2911090414-1564606067-2369229040-1000_UserData.bin
    + 2008-07-02 16:05 . 2009-08-02 19:11 11906 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2911090414-1564606067-2369229040-1000_UserData.bin
    - 2008-07-02 15:57 . 2009-08-02 15:51 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-07-02 15:57 . 2009-08-02 16:54 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-07-02 15:57 . 2009-08-02 15:51 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-07-02 15:57 . 2009-08-02 16:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-07-02 15:57 . 2009-08-02 15:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-07-02 15:57 . 2009-08-02 16:54 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-16 14:55 . 2009-08-02 16:50 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-16 14:55 . 2009-08-01 23:19 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    2008-02-14 12:54 1555480 ----a-w- c:\program files\free-downloads.net\tbfree.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-11-25 171448]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-08 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-08 8501792]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-08 81920]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
    "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-11-01 671744]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-29 185640]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
    "DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-12-09 1006264]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 266497]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
    "DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 259624]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-10 4702208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]
    HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli DPPWDFLT

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{334B0DFC-371C-4510-B5CC-3384CF1CE68E}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{5A696AE9-874B-4BF8-B1F5-F64F2DADE9B7}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{F7855F58-EBD7-42D3-91E5-B0A1B3DE5C56}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{A067D651-8DE6-403D-86B6-A921B96BDDEA}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
    "{92C35FAD-F088-40B7-8D3C-7ECFA28ABA23}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
    "{D4813DEA-4C13-4A6B-8326-C7D1A4127E8E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "TCP Query User{85FD5ADA-8E13-4E2D-A639-AF1C87CFD6B4}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{A6B10350-853E-4FCE-BA17-C963FD957A4D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{DA6CA91C-3BCC-40E0-A33A-8920D88A724A}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{609A85FA-B7FF-4F8D-90CB-23CDA9D05173}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{24388043-1BF7-4535-9114-7B71E3C1BE7F}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{007F3217-331C-47EB-86B5-26A15A9C6939}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{F9BAE322-4012-4D90-B254-011BC799C709}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{2565FD79-317E-4210-A75A-1357687F170D}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{BC93BD81-5F5D-45E3-BEF9-576541834D7B}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{E6EB2C5B-42C1-4A91-AD52-7703DD94570A}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{36CD2DB9-C2B3-477E-A1AB-5E25FB49C3B8}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{9CCE7A04-285D-45A5-87EE-827AD1315B2B}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{C5C77C1C-29E3-4FCE-9EAD-7AE2054363BB}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{39FE5363-9D21-492B-B8A9-0D5D4B60A995}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{1884B7A4-BD42-4EEF-A030-660EA767A98F}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{28E08140-B00E-4A43-82E1-9BCCE257EAD6}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{7B567126-B654-4774-AC55-2063A128732A}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{756AA2A2-084A-4BAB-8D08-B897DF260E3E}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{DC3FB23F-557A-4A8C-8665-7AF13FF15198}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{A43D53D3-38BF-436C-9621-B4AEE3344617}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{8BF1E9DD-A341-4BBA-BE4F-1CA6F7CF15F7}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{EB2BFE68-4643-4A13-8D87-7C227A90BFC1}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{857818F6-232D-4EEA-A29C-247F0EC225A8}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{138D2CF8-DEFC-455C-AA3B-E87EA9C4EC9A}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{474CA222-68EE-43B1-B051-81B392C08A60}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{7BF40A84-5408-4A16-A3CA-E7841AFA15C3}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{B14DC644-F14B-44C8-819D-775C0D1D1A45}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{297D2FEF-BF48-447D-9242-0A37F609A351}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{C69E74FB-15A9-49B8-A1DA-1064F9A2C3B5}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{BCF19381-4CC7-4071-8296-771CAD962BFA}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{62D599B6-1B6B-4442-9269-86167E6946DA}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{C0D8C453-1C0C-402A-BE36-B38A936AADEE}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{CA8DE8C6-98D8-4410-91AE-CB58356DB903}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{B2E819B0-7B60-49CE-AC71-7F1071B2B2C1}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{70901A20-55C1-45D6-B1A6-B8F013AF917B}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{B86D8E47-AF28-42D1-AA5F-0EB5D6519ABB}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{2526FB10-BDA7-48B9-AC4C-2397CADBCB8C}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{1D83230D-45FE-4598-A6C2-4B51D969DF53}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{00FF3DD1-FCCB-4658-A254-2375FB67333C}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{E904BF98-5B8D-4094-BA63-0C1946080D0A}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{7CB3D277-2005-4A9C-B240-A41044A3DAC3}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{8C19F1B9-F18C-49E6-9E0A-A89B5ECF73F5}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{5638F4E2-0EA7-48BC-850D-B4911CBD56BD}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{CBFE8C37-972F-4103-A093-E700621F1BF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{95410D59-4D21-4F49-8FB1-7F9738D37116}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{1BB9B8A8-3DB3-4E9D-A918-CED21906F5A5}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{8959E6A8-0DCB-4AAA-92B8-9FC8881C57C8}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{3B596817-8244-455F-9E20-75B5BC3FF61D}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{230E1D0C-5E3F-4FFB-9620-B0DF2522794F}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{872D7526-2850-4F06-8D2A-C61159214A0D}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{A1E5DFA8-1CA1-46F0-8F19-661E4A49D63D}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{D78AFBB6-55FB-4273-8614-7594FFB81B59}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{9D464BDB-08F2-4727-BB66-4CC876A3BE3E}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{E19927FA-BB6A-42A1-A99E-10ED6C19F492}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{6822EC5E-04BD-48D1-AECA-DAD175F00EB3}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{958F2B5E-4FE6-4997-948B-2FA29B61D75C}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{DF05DF17-BF1D-4189-9269-11D144C0525F}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{22752B33-E463-42EC-868E-82D5437A0285}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{08D1E1DD-C1A6-4111-997F-F829AEF129DA}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{7D4EFAC8-E678-4CF1-825E-0661AC56B522}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{0B9A910B-DBF7-4553-9D92-04AF162AB687}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{DBD9870F-59C9-4F8D-B323-41FA8BF0A773}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{B110BE09-36E6-4C41-B652-42C061A04464}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{D4C64CC5-53CE-4D0F-9C1F-23D882E66660}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{91AA3285-F86E-43C8-B2DE-761CC9D74A26}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{7524FC89-2C92-43DB-A4A8-9DF13D7DE424}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{302ECD40-7486-4952-A383-B6F4E6DA71B3}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{4CF14C5A-A894-4DC9-9DB4-292309F7DE32}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{450E7972-7840-437C-8F66-6B68DFBDEEBF}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{DBDA9E38-6D70-4AF3-95EE-D451358EF413}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{53C18C28-8B57-4034-945E-B00568C75242}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{A3EDF822-C05B-4F61-8388-FC0AF913746B}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{092BDF12-515E-40B8-94C9-AD6AEECC03FC}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{9E2784E6-8FD3-4080-B127-DD0B61CCFF59}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{7561B3DB-3971-48E8-9442-90230192B58D}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{90E8AB30-3D74-4742-B39F-7905C8DC05BD}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{D4E1278F-27AE-4FC9-8A5D-AFABEBBEC8E5}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{EA4EE4BB-26AB-4C99-9F8F-48C256109363}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{9DECD7C9-AB00-4C22-B72E-8D318F16EEF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{CF73EF7D-3475-4EAA-954D-2EE6564F5A84}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{6B056E8E-E756-4418-A4DD-32FB64255CF0}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{CB8A7B4F-B5A6-4EEB-9D6E-CD4DAC577E31}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{421C9056-02F1-4DCC-9330-D3ECF84BDC59}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{66FCD4FE-47D6-4319-9AF5-F10A8658A7A8}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{22E39F56-B914-47D4-9FBD-08028ED1965A}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{B536A463-7900-4AB7-BE05-D56A5FA2CB44}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{4215AD0C-3AD7-4922-B28F-F0FC8E775D0B}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{050ACBDC-729F-4865-8CA5-615973B50B81}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{5280D445-BD79-40A8-B99F-EB8277677BF2}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{D25C3D5E-452A-412C-A63B-FD491DFD1BD8}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{99F8C1A1-E30B-4E47-8B4F-E2DF07E414C3}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{A76259EF-2543-4B37-B1B1-099671933E1D}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{BC0BA36C-5EB1-4492-8E83-C1960609538B}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{AB012D46-F5B2-4287-A722-23A7A324DA4F}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{E3A7D838-3EED-4393-B9DA-3E453B7B36AE}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{28352245-79D1-4D18-8600-C281857116E2}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{181319E0-C57A-405A-B6C1-6B33EA18C86A}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{B99EC42C-9B9E-446F-A0B1-42A5FBC79577}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{36AAA45B-F0B2-4C2F-8173-2CB9A5B91D42}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{0A02A3E7-73B5-4540-843C-DE257F813F0D}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{2DF0A662-D4BB-4D7D-BFEE-24D46E389B44}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{9879954F-AA3C-427B-B9CF-BB0937B12390}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{0C39FFAC-0F18-4CBC-B3C5-6D7F0883EDBE}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{0F82E0D5-FDE6-4805-84A9-60F2269BE137}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{FBECCAFC-7291-4719-BA4F-D4A50C07308C}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{2824ABA7-89D0-4536-9F1D-56328347858A}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{6597BFE5-D196-4035-9C2E-E2155087042A}"= c:\program files\Skype\Phone\Skype.exe:Skype

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R2 gupdate1c9d2f7e82e47f8;Service Google Update (gupdate1c9d2f7e82e47f8);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 133104]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-11-08 1369384]
    R2 WacomTouchService;Wacom Touch Service;c:\windows\system32\WacomTouchService.exe [2007-10-16 95528]
    S3 Wacomhidfilter;Wacom HID Filter;c:\windows\system32\DRIVERS\wacomhidfilter.sys [2007-11-05 10536]
    S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2007-02-22 11312]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - ECACHE

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 11:50]

    2009-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 11:50]

    2009-08-02 c:\windows\Tasks\User_Feed_Synchronization-{00178BE8-2EC3-4720-805B-2EAA3920F7B0}.job
    - c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-RunOnce-<NO NAME> - (no file)

    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\2o3e7dai.default\
    FF - prefs.js: browser.search.selectedEngine - Google (Language: FR)
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
    FF - prefs.js: network.proxy.type - 2
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-02 21:24
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(496)
    c:\windows\system32\DPPWDFLT.dll

    - - - - - - - > 'Explorer.exe'(1092)
    c:\windows\system32\btncopy.dll
    .
    Completion time: 2009-08-02 21:26
    ComboFix-quarantined-files.txt 2009-08-02 19:26
    ComboFix2.txt 2009-08-02 16:34

    Pre-Run: 185 206 489 088 octets libres
    Post-Run: 185 049 227 264 octets libres

    315 --- E O F --- 2009-08-01 01:01
    0
  8. ratus888
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:39:36, on 02/08/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\WTablet\Pen_TabletUser.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Hp\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LO9C9TD9\HiJackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
    O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking9\Ereg.ini
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Service Google Update (gupdate1c9d2f7e82e47f8) (gupdate1c9d2f7e82e47f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
    O23 - Service: Wacom Touch Service (WacomTouchService) - Unknown owner - C:\Windows\system32\WacomTouchService.exe
    0