J'ai un problème !!! (nwiz, bitcomet, son-avast, scanner)

you360

4 Mai 2009 17:58:48

Bonjour,
j'ai un dossier qui prend plus de 2 TO (2 000 GO) alors que la capacité du disque dur est de 320.
Dans ce dossier il y a plein de fichier avec des nom bizarre du genre : lÛ Úå÷. ìì ou Ú*$¾ ïm.â┴ ou bien encore index st.r l.
Voilà je pense que c'est un virus j'ai essayer de le supprimé avec TuneUp Shredder et Killbox mais sans resultat

.

J'ai fait un scan HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:20, on 04/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWSN\System32\smss.exe
C:\WINDOWSN\system32\winlogon.exe
C:\WINDOWSN\system32\services.exe
C:\WINDOWSN\system32\lsass.exe
C:\WINDOWSN\system32\svchost.exe
C:\WINDOWSN\System32\svchost.exe
C:\WINDOWSN\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWSN\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWSN\system32\nvsvc32.exe
C:\WINDOWSN\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWSN\system32\RUNDLL32.EXE
C:\WINDOWSN\RTHDCPL.EXE
C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWSN\system32\ctfmon.exe
C:\WINDOWSN\System32\svchost.exe
C:\WINDOWSN\system32\wuauclt.exe
C:\WINDOWSN\explorer.exe
C:\Program Files\TuneUp Utilities 2008\DiskExplorer.exe
C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\SEYFUL~1.UNI\LOCALS~1\Temp\Rar$EX00.688\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: radiodofus Toolbar - {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbradi.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: radiodofus Toolbar - {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbradi.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: radiodofus Toolbar - {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbradi.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWSN\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWSN\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWSN\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWSN\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWSN\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O20 - AppInit_DLLs: tsuisw.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Service NDAS (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWSN\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWSN\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWSN\System32\TuneUpDefragService.exe

--
End of file - 7820 bytes

J'attend vos réponse avec impatience.

Autres pages sur : probleme

| Etre averti des réponses
| Alerter

Répondre à you360

Destrio5

4 Mai 2009 18:12:31

Bonjour,

Où se trouve ce dossier ?

Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

Clique sur Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

| Alerter

Répondre à Destrio5

you360

4 Mai 2009 18:20:18

Merci de ta réponse rapide !

log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by Seyfullah at 2009-05-04 20:18:33
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 21 GB (21%) free of 100 GB
Total RAM: 2047 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:35, on 04/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWSN\System32\smss.exe
C:\WINDOWSN\system32\winlogon.exe
C:\WINDOWSN\system32\services.exe
C:\WINDOWSN\system32\lsass.exe
C:\WINDOWSN\system32\svchost.exe
C:\WINDOWSN\System32\svchost.exe
C:\WINDOWSN\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWSN\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWSN\system32\nvsvc32.exe
C:\WINDOWSN\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWSN\system32\RUNDLL32.EXE
C:\WINDOWSN\RTHDCPL.EXE
C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWSN\system32\ctfmon.exe
C:\WINDOWSN\System32\svchost.exe
C:\WINDOWSN\system32\wuauclt.exe
C:\WINDOWSN\explorer.exe
C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWSN\system32\rundll32.exe
C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Bureau\RSIT.exe
C:\Program Files\trend micro\Seyfullah.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: radiodofus Toolbar - {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbradi.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: radiodofus Toolbar - {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbradi.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: radiodofus Toolbar - {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbradi.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWSN\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWSN\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWSN\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWSN\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWSN\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O20 - AppInit_DLLs: tsuisw.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Service NDAS (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWSN\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWSN\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWSN\System32\TuneUpDefragService.exe

--
End of file - 8051 bytes

======Scheduled tasks folder======

C:\WINDOWSN\tasks\dfyggxfv.job
C:\WINDOWSN\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-57989841-725345543-1003.job
C:\WINDOWSN\tasks\Malwarebytes' Scheduled Update for Seyfullah.job
C:\WINDOWSN\tasks\sajoyyis.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll [2008-06-26 656696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-15 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b905bc9d-6059-4517-a6b4-950d26299a2b}]
radiodofus Toolbar - C:\Program Files\radiodofus\tbradi.dll [2009-03-10 2079256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-15 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
{b905bc9d-6059-4517-a6b4-950d26299a2b} - radiodofus Toolbar - C:\Program Files\radiodofus\tbradi.dll [2009-03-10 2079256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWSN\system32\NvMcTray.dll [2007-11-07 81920]
"RTHDCPL"=C:\WINDOWSN\RTHDCPL.EXE [2007-04-10 16126464]
"Alcmtr"=C:\WINDOWSN\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWSN\system32\NvCpl.dll [2007-11-07 8523776]
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-04-06 401040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-10 133104]
"ctfmon.exe"=C:\WINDOWSN\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Menu Démarrer\Programmes\Démarrage
Xfire.lnk - C:\Program Files\Xfire\xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="tsuisw.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWSN\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"MaxRecentDocs"=17

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SFR\Media Center\httpd\httpd.exe"="C:\Program Files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"D:\soldatserver263\soldatserver.exe"="D:\soldatserver263\soldatserver.exe:*:Enabled:soldatserver"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled

ro Evolution Soccer 2008"
"C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Bureau\soldatserver263\soldatserver.exe"="C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Bureau\soldatserver263\soldatserver.exe:*:Enabled:soldatserver"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe"="D:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"D:\Program Files\Soldat\Soldat.exe"="D:\Program Files\Soldat\Soldat.exe:*:Enabled:Soldat"
"D:\Program Files\Microsoft Games\Halo\halo.exe"="D:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Multiwinia\multiwinia.exe"="C:\Program Files\Multiwinia\multiwinia.exe:*:Enabled:Multiwinia"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWSN\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWSN\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:FlashGet"
"C:\Program Files\Power City Exchange\Power City Exchange.exe"="C:\Program Files\Power City Exchange\Power City Exchange.exe:*:Enabled

ower City Exchange"
"C:\Program Files\Moniteur neufbox\Moniteur neufbox.exe"="C:\Program Files\Moniteur neufbox\Moniteur neufbox.exe:*:Enabled:Moniteur neufbox"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"D:\LEDT 4 DEAD\left4dead.exe"="D:\LEDT 4 DEAD\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"D:\Downloads\Pure.Multi-3.Full-Rip.Skullptura\Pure.Multi-3.Full-Rip.Skullptura\Pure\Pure.exe"="D:\Downloads\Pure.Multi-3.Full-Rip.Skullptura\Pure.Multi-3.Full-Rip.Skullptura\Pure\Pure.exe:*:Enabled

ure"
"D:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe"="D:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe:*

isabled:SplinterCell4"
"C:\Program Files\alaplaya\S4League\S4Client.exe"="C:\Program Files\alaplaya\S4League\S4Client.exe:*:Enabled

roject S4 Client.exe"
"D:\Program Files\Games-Masters.com\Copie (2) de CABAL Online (Europe)\elitecabal.exe"="D:\Program Files\Games-Masters.com\Copie (2) de CABAL Online (Europe)\elitecabal.exe:*:Enabled:elitecabal.exe"
"D:\Program Files\Games-Masters.com\Copie (2) de CABAL Online (Europe)\cabalmain.exe"="D:\Program Files\Games-Masters.com\Copie (2) de CABAL Online (Europe)\cabalmain.exe:*:Enabled:cabalmain.exe"
"D:\Program Files\Games-Masters.com\Copie (2) de CABAL Online (Europe)\cabal.exe"="D:\Program Files\Games-Masters.com\Copie (2) de CABAL Online (Europe)\cabal.exe:*:Enabled:cabal.exe"
"D:\Program Files\Games-Masters.com\Copie (2) de CABAL Online (Europe)\update.exe"="D:\Program Files\Games-Masters.com\Copie (2) de CABAL Online (Europe)\update.exe:*:Enabled:update.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWSN\system32\PnkBstrA.exe"="C:\WINDOWSN\system32\PnkBstrA.exe:*:Enabled

nkBstrA"
"C:\WINDOWSN\system32\PnkBstrB.exe"="C:\WINDOWSN\system32\PnkBstrB.exe:*:Enabled

nkBstrB"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Mozilla Firefox\Mozilla Firefox.exe"="C:\Program Files\Mozilla Firefox\Mozilla Firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1992e89b-af28-11dd-9425-001d92470cbc}]
shell\Auto\command - Start.exe
shell\AutoRun\command - C:\WINDOWSN\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

======List of files/folders created in the last 1 months======

2009-05-04 20:18:33 ----D---- C:\rsit
2009-05-04 20:18:33 ----D---- C:\Program Files\trend micro
2009-05-04 19:24:00 ----D---- C:\!KillBox
2009-05-01 08:48:02 ----D---- C:\Program Files\FotoTagger
2009-05-01 08:47:19 ----D---- C:\Program Files\AnmSMP
2009-05-01 08:32:43 ----D---- C:\Program Files\PhotoFiltre Studio X
2009-04-30 19:13:28 ----HDC---- C:\WINDOWSN\$NtUninstallKB961503$
2009-04-25 09:06:47 ----D---- C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Application Data\id Software
2009-04-25 09:05:01 ----A---- C:\WINDOWSN\system32\PnkBstrB.exe
2009-04-25 09:04:58 ----A---- C:\WINDOWSN\system32\PnkBstrA.exe
2009-04-25 09:04:58 ----A---- C:\WINDOWSN\system32\pbsvc.exe
2009-04-25 09:04:57 ----D---- C:\Documents and Settings\All Users.WINDOWSN\Application Data\id Software
2009-04-23 16:42:45 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-04-23 16:25:31 ----D---- C:\Program Files\Mozilla Firefox 3.1 Beta 3
2009-04-17 18:35:40 ----D---- C:\Program Files\Microsoft Virtual PC
2009-04-17 12:07:34 ----HDC---- C:\WINDOWSN\$NtUninstallKB959426$
2009-04-17 12:07:29 ----HDC---- C:\WINDOWSN\$NtUninstallKB961373$
2009-04-17 12:05:10 ----HDC---- C:\WINDOWSN\$NtUninstallKB956572$
2009-04-17 12:05:01 ----HDC---- C:\WINDOWSN\$NtUninstallKB952004$
2009-04-17 12:04:15 ----HDC---- C:\WINDOWSN\$NtUninstallKB960803$
2009-04-17 12:04:04 ----HDC---- C:\WINDOWSN\$NtUninstallKB923561$
2009-04-16 11:32:42 ----D---- C:\Program Files\Cube
2009-04-16 09:39:44 ----D---- C:\Program Files\ElcomSoft
2009-04-15 15:42:49 ----D---- C:\Program Files\Dofus
2009-04-14 20:17:32 ----A---- C:\WINDOWSN\system32\xfcodec.dll
2009-04-07 08:42:38 ----D---- C:\WINDOWSN\RF Legends 2.2.1 Full Client
2009-04-07 08:37:29 ----HDC---- C:\WINDOWSN\$NtUninstallXPSEPSCLP$
2009-04-07 08:24:39 ----D---- C:\WINDOWSN\system32\XPSViewer
2009-04-07 08:24:39 ----D---- C:\WINDOWSN\system32\en-us
2009-04-07 08:23:38 ----N---- C:\WINDOWSN\system32\spmsg2.dll
2009-04-07 08:22:13 ----A---- C:\WINDOWSN\RF Legends 2.2.1 Full Client Setup Log.txt
2009-04-06 15:31:57 ----D---- C:\Program Files\alaplaya

======List of files/folders modified in the last 1 months======

2009-05-04 20:18:33 ----D---- C:\Program Files
2009-05-04 19:56:24 ----D---- C:\WINDOWSN\Prefetch
2009-05-04 19:31:30 ----D---- C:\WINDOWSN\Temp
2009-05-04 19:29:48 ----D---- C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Application Data\Xfire
2009-05-04 19:27:10 ----A---- C:\WINDOWSN\SchedLgU.Txt
2009-05-04 19:20:35 ----A---- C:\WINDOWSN\NeroDigital.ini
2009-05-04 17:00:25 ----D---- C:\WINDOWSN\system32\CatRoot2
2009-05-04 17:00:07 ----D---- C:\WINDOWSN\system32\drivers
2009-05-04 17:00:07 ----D---- C:\WINDOWSN\system32
2009-05-03 21:12:09 ----D---- C:\Program Files\Mozilla Firefox
2009-05-02 13:38:01 ----D---- C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Application Data\Adobe
2009-05-02 13:13:44 ----RSD---- C:\WINDOWSN\Fonts
2009-05-01 09:03:37 ----D---- C:\Documents and Settings\All Users.WINDOWSN\Application Data\FLEXnet
2009-05-01 08:23:55 ----D---- C:\WINDOWSN
2009-04-30 19:13:33 ----HD---- C:\WINDOWSN\inf
2009-04-30 19:13:30 ----RSHDC---- C:\WINDOWSN\system32\dllcache
2009-04-30 19:13:17 ----SHD---- C:\WINDOWSN\Installer
2009-04-30 19:13:16 ----D---- C:\Documents and Settings\All Users.WINDOWSN\Application Data\Microsoft Help
2009-04-30 17:25:17 ----HD---- C:\WINDOWSN\$hf_mig$
2009-04-25 09:04:58 ----D---- C:\WINDOWSN\system32\LogFiles
2009-04-25 08:54:57 ----D---- C:\Program Files\Xfire
2009-04-25 08:54:56 ----D---- C:\Free 2 Play
2009-04-23 16:42:45 ----D---- C:\Program Files\Fichiers communs\System
2009-04-19 21:51:33 ----D---- C:\Program Files\PowerISO
2009-04-18 14:31:20 ----SD---- C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Application Data\Microsoft
2009-04-17 18:37:08 ----A---- C:\WINDOWSN\system32\PerfStringBackup.INI
2009-04-17 13:01:12 ----D---- C:\WINDOWSN\system32\wbem
2009-04-17 13:01:12 ----D---- C:\WINDOWSN\AppPatch
2009-04-17 12:07:37 ----A---- C:\WINDOWSN\imsins.BAK
2009-04-17 12:07:20 ----D---- C:\WINDOWSN\system32\fr-fr
2009-04-17 12:07:20 ----D---- C:\Program Files\Internet Explorer
2009-04-17 12:07:10 ----D---- C:\WINDOWSN\ie7updates
2009-04-16 11:11:23 ----D---- C:\WINDOWSN\system32\DirectX
2009-04-16 10:19:54 ----RSD---- C:\WINDOWSN\assembly
2009-04-12 10:52:15 ----SD---- C:\WINDOWSN\Tasks
2009-04-12 10:52:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-10 12:26:29 ----D---- C:\Program Files\Audacity
2009-04-07 15:52:45 ----D---- C:\WINDOWSN\Microsoft.NET
2009-04-07 08:36:57 ----D---- C:\WINDOWSN\system32\mui
2009-04-07 08:36:42 ----D---- C:\WINDOWSN\system32\CatRoot
2009-04-07 08:33:52 ----D---- C:\WINDOWSN\WinSxS
2009-04-07 08:23:46 ----D---- C:\WINDOWSN\system32\spool
2009-04-06 22:19:20 ----D---- C:\Downloads
2009-04-06 16:57:24 ----A---- C:\WINDOWSN\system32\MRT.exe
2009-04-06 15:32:03 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWSN\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK8;Pilote de processeur AMD; C:\WINDOWSN\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 aswSP;avast! Self Protection; C:\WINDOWSN\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWSN\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 lfsfilt;Lean File Sharing; \??\C:\WINDOWSN\system32\DRIVERS\lfsfilt.sys []
R1 oreans32;oreans32; \??\C:\WINDOWSN\system32\drivers\oreans32.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWSN\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 StarOpen;StarOpen; C:\WINDOWSN\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWSN\system32\Drivers\vmm.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWSN\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWSN\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 aswRdr;aswRdr; C:\WINDOWSN\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWSN\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWSN\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWSN\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWSN\system32\drivers\mbam.sys []
R3 mouhid;Pilote HID de souris; C:\WINDOWSN\system32\DRIVERS\mouhid.sys [2001-08-24 12288]
R3 ndasbus;NDAS Bus Driver; C:\WINDOWSN\system32\DRIVERS\ndasbus.sys [2005-07-15 39168]
R3 ndasscsi;NDAS SCSI Miniport Driver; C:\WINDOWSN\system32\DRIVERS\ndasscsi.sys [2005-07-15 91392]
R3 nv;nv; C:\WINDOWSN\system32\DRIVERS\nv4_mini.sys [2007-11-07 7429088]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWSN\system32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWSN\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWSN\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWSN\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWSN\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S2 zntport;NTPort Library Driver; \??\C:\WINDOWSN\system32\zntport.sys []
S3 asq4uukt;asq4uukt; C:\WINDOWSN\system32\drivers\asq4uukt.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWSN\system32\drivers\EagleNT.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197); C:\WINDOWSN\system32\DRIVERS\qcusbmdm.sys [2003-03-11 59632]
S3 qcusbser;Qualcomm Diagnostic Port 3197; C:\WINDOWSN\system32\DRIVERS\qcusbser.sys [2003-03-11 59632]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWSN\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWSN\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWSN\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWSN\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWSN\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWSN\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWSN\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWSN\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWSN\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWSN\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWSN\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWSN\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-04-06 179856]
R2 ndassvc;Service NDAS; C:\Program Files\NDAS\System\ndassvc.exe [2005-07-15 377856]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWSN\system32\nvsvc32.exe [2007-11-07 155716]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWSN\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWSN\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 PnkBstrA;PnkBstrA; C:\WINDOWSN\system32\PnkBstrA.exe [2009-04-26 75064]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWSN\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWSN\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWSN\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWSN\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWSN\System32\TuneUpDefragService.exe [2008-11-30 355584]
S3 usprserv;User Privilege Service; C:\WINDOWSN\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWSN\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

info.txt

info.txt logfile of random's system information tool 1.06 2009-05-04 20:18:36

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWSN\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWSN\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWSN\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWSN\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
Acrobat.com-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWSN\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWSN\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AnmanieSMP 2.4 i-->"C:\Program Files\AnmSMP\unins000.exe"
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitComet Turbo Accelerator-->C:\Program Files\BitComet Turbo Accelerator\uninstall.exe
BitPim 1.0.6-->"C:\Program Files\BitPim\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWSN\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWSN\$NtUninstallKB952287$\spuninst\spuninst.exe"
Cube-->"C:\Program Files\Cube\uninstall.exe"
Dofus 1.27.0-->C:\Program Files\Dofus\uninstall.exe
EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
Fake Webcam 1.0-->"C:\Program Files\Fake Webcam\unins000.exe"
Favorit-->"c:\documents and settings\yasir.unicorni-429aec\local settings\application data\iieis.exe" -uninstall
FIFA 09-->MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
Flash Decompiler Trillix-->"C:\Program Files\Eltima Software\Flash Decompiler Trillix\unins000.exe"
FotoTagger 2.13.0.1-->C:\Program Files\FotoTagger\uninst.exe
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
Gimp 2.6.2-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWSN\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\DOCUME~1\SEYFUL~1.UNI\LOCALS~1\Temp\Rar$EX03.515\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWSN\$NtUninstallKB929399$\spuninst\spuninst.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
K-Lite Codec Pack 4.5.3 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
Microsoft .NET Framework 3.5-->C:\WINDOWSN\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWSN\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWSN\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWSN\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWSN\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWSN\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWSN\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWSN\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWSN\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWSN\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWSN\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWSN\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWSN\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWSN\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWSN\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWSN\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWSN\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWSN\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWSN\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWSN\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWSN\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWSN\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWSN\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWSN\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWSN\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWSN\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWSN\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWSN\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWSN\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWSN\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWSN\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWSN\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWSN\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWSN\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWSN\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWSN\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWSN\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWSN\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWSN\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWSN\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWSN\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWSN\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWSN\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWSN\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWSN\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWSN\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWSN\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWSN\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWSN\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWSN\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWSN\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWSN\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWSN\$NtUninstallKB967715$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 - fra-->C:\WINDOWSN\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
Mozilla Firefox (3.0.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.1b3)-->C:\Program Files\Mozilla Firefox 3.1 Beta 3\uninstall\helper.exe
MpcStar 3.4-->C:\Program Files\MpcStar\uninst.exe
MSI Live Update 3-->C:\WINDOWSN\IsUninst.exe -f"C:\Program Files\MSI\Live Update 3\Uninst.isu"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
NDAS Software 3.10.1231-->MsiExec.exe /X{D9A34306-A7E3-4FDE-ADDA-B7DFD264080A}
Nero 7 Ultra Edition-->MsiExec.exe /X{22FB6750-ADDF-4726-B67F-6901E1991036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NFO viewer v 2.1-->"C:\Program Files\NFO viewer\unins000.exe"
NVIDIA Drivers-->C:\WINDOWSN\system32\nvudisp.exe UninstallGUI
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWSN\system32\DRVSTORE\amdk8_1F9DE4E49C97F59EE9F75C34E0E91E568FC9EEB2\amdk8.inf
Power City Exchange 1.1.1-->"C:\Program Files\Power City Exchange\unins000.exe"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Pro Evolution Soccer 2008-->C:\Program Files\InstallShield Installation Information\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\setup.exe -runfromtemp -l0x040c
PunkBuster Services-->C:\WINDOWSN\system32\pbsvc.exe -u
Quake Live Mozilla Plugin-->MsiExec.exe /I{6F3F58D0-6CE9-4B76-B3C2-9E5BD6323992}
radiodofus Toolbar-->C:\PROGRA~1\RADIOD~1\UNWISE.EXE /U C:\PROGRA~1\RADIOD~1\INSTALL.LOG
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Revo Uninstaller 1.80-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
RF Legends 2.2.1 Full Client-->"C:\WINDOWSN\RF Legends 2.2.1 Full Client\uninstall.exe" "/U

:\Program Files\RF Legends 2.2.1 Full Client\Uninstall\uninstall.xml"
ROUTE 66 Sync-->C:\Program Files\InstallShield Installation Information\{20BD3140-16AF-4B5F-BCD6-052B6CD11DE6}\setup.exe -runfromtemp -l0x040c
S.T.A.L.K.E.R. - Shadow of Chernobyl-->"D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
S4 League_EU-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D96021A9-B290-4783-B019-0E4000DA84CE}\setup.exe" -l0x9
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWSN\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWSN\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWSN\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWSN\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWSN\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SFR - Media Center-->C:\Program Files\SFR\Media Center\uninstall.exe
Shock Aero 3D v0.94-->"C:\WINDOWSN\IFinst27.exe" -UC:\Program Files\Shock Utility\ShockAero3D\IFU54.inf
Speed Gear 5.00-->"C:\Program Files\Speed Gear 5\unins000.exe"
SpiderMan Web of Shadows-->"D:\Program Files\Team JPN\SpiderMan Web of Shadows\unins000.exe"
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x040c -removeonly
Star Wars Jedi Knight Jedi Academy-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}\Setup.exe" -l0x9
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
The Last Remnant-->"D:\Program Files\The Last Remnant\Uninstall\unins000.exe"
Tom Clancy's Splinter Cell Chaos Theory-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}\setup.exe" -l0x40c -removeonly
Tom Clancy's Splinter Cell Double Agent-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAD1691A-FA24-4B95-9009-3257B8440ECC}\setup.exe" -l0x40c -removeonly
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Ulead GIF Animator 5 Trial-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
WarRock-->C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Imaging Component-->"C:\WINDOWSN\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWSN\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWSN\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWSN\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xilisoft Video Converter Ultimate-->C:\Program Files\Xilisoft\Video Converter Ultimate\Uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWSN\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090504-0]

======System event log======

Computer Name: UNICORNI-429AEC
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 6788
Source Name: Service Control Manager
Time Written: 20090412145300.000000+120
Event Type: Informations
User:

Computer Name: UNICORNI-429AEC
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service HTTP SSL.

Record Number: 6787
Source Name: Service Control Manager
Time Written: 20090412145300.000000+120
Event Type: Informations
User: AUTORITE NT\SERVICE LOCAL

Computer Name: UNICORNI-429AEC
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

Record Number: 6786
Source Name: Service Control Manager
Time Written: 20090412145258.000000+120
Event Type: Informations
User: UNICORNI-429AEC\Seyfullah

Computer Name: UNICORNI-429AEC
Event Code: 7036
Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.

Record Number: 6785
Source Name: Service Control Manager
Time Written: 20090412145258.000000+120
Event Type: Informations
User:

Computer Name: UNICORNI-429AEC
Event Code: 7036
Message: Le service Service de découvertes SSDP est entré dans l'état : en cours d'exécution.

Record Number: 6784
Source Name: Service Control Manager
Time Written: 20090412145257.000000+120
Event Type: Informations
User:

=====Application event log=====

Computer Name: UNICORNI-429AEC
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 82
Source Name: SecurityCenter
Time Written: 20090122135254.000000+060
Event Type: Informations
User:

Computer Name: UNICORNI-429AEC
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 81
Source Name: SecurityCenter
Time Written: 20090121130235.000000+060
Event Type: Informations
User:

Computer Name: UNICORNI-429AEC
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 80
Source Name: SecurityCenter
Time Written: 20090120165358.000000+060
Event Type: Informations
User:

Computer Name: UNICORNI-429AEC
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 79
Source Name: SecurityCenter
Time Written: 20090119184133.000000+060
Event Type: Informations
User:

Computer Name: UNICORNI-429AEC
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 78
Source Name: SecurityCenter
Time Written: 20090118103753.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

EDIT : Ooops... vraiment désoler.

| Alerter

Répondre à you360

Destrio5

4 Mai 2009 18:31:26

Tu m'as posté deux fois le rapport info.

| Alerter

Répondre à Destrio5

you360

4 Mai 2009 18:37:23

C'est bon !

| Alerter

Répondre à you360

Destrio5

4 Mai 2009 18:41:01

Peux-tu me donner le rapport du dernier scan que tu as fait avec MBAM ?

| Alerter

Répondre à Destrio5

you360

4 Mai 2009 18:44:52

Oui bien sure:

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1591
Windows 5.1.2600 Service Pack 3

28/01/2009 17:12:24
mbam-log-2009-01-28 (17-12-24).txt

Type de recherche: Examen rapide
Eléments examinés: 69276
Temps écoulé: 7 minute(s), 42 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWSN\system32\ngsswrds.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Yasir.UNICORNI-429AEC\Local Settings\Temporary Internet Files\Content.IE5\2B7SAW3T\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

| Alerter

Répondre à you360

Destrio5

4 Mai 2009 18:55:20

Oui, mets à jour MBAM, fais un examen rapide et poste le rapport.

| Alerter

Répondre à Destrio5

you360

4 Mai 2009 20:22:04

C'est bon après 1 heures 25 minute d'analyse :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2074
Windows 5.1.2600 Service Pack 3

04/05/2009 22:21:24
mbam-log-2009-05-04 (22-21-24).txt

Type de recherche: Examen rapide
Eléments examinés: 122372
Temps écoulé: 1 hour(s), 23 minute(s), 2 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Yasir.UNICORNI-429AEC\Local Settings\Application Data\iieis_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Yasir.UNICORNI-429AEC\Local Settings\Application Data\iieis_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Yasir.UNICORNI-429AEC\Local Settings\Application Data\iieis.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Yasir.UNICORNI-429AEC\Local Settings\Application Data\iieis.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1993962763-57989841-725345543-1004\Dc217.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1993962763-57989841-725345543-1004\Dc140\FunkyEmoticons_setup.exe (Adware.Navipromo) -> Quarantined and deleted successfully.

| Alerter

Répondre à you360

Destrio5

4 Mai 2009 20:24:16

Ne réinstalle pas FunkyEmoticons, c'est un programme piégé qui installe l'infection Navipromo.

Relance MBAM, va dans Quarantaine et supprime tout.

Télécharge Navilog1 (de IL-MAFIOSO) sur ton Bureau.

Double-clique sur Navilog1.exe afin de lancer l'installation.

Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le Bureau.
(Sous Vista, clique droit sur le raccourci de Navilog1 et choisis Exécuter en tant qu'administrateur)

Appuie sur F ou f puis valide par Entrée.

Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options.

Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix.

Patiente jusqu'au message : *** Analyse terminée le ..... ***

Le scan fini, le Bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse.

Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.

| Alerter

Répondre à Destrio5

you360

4 Mai 2009 20:50:33

Malheureusement je n'est plus le temps.
Je continuerai le scan plus tard.
Merci beaucoup pour votre aide.
A plus tard !

| Alerter

Répondre à you360

Destrio5

4 Mai 2009 21:18:29

Bonne nuit

| Alerter

Répondre à Destrio5

you360

5 Mai 2009 15:59:07

Re, voici le rapport :

Search Navipromo version 3.7.6 commencé le 05/05/2009 à 17:45:22,90

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ )
BIOS : Default System BIOS
USER : Seyfullah ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090504-1] 4.8.1335 (Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:97 Go (Free:27 Go)
D:\ (Local Disk) - NTFS - Total:200 Go (Free:25 Go)
E:\ (CD or DVD)

Recherche executé en mode normal

*** Recherche dossiers dans "C:\WINDOWSN" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWSN\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWSN\menudm~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1.win\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Yasir\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Yasir\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Yasir\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWSN\system32" *

* Recherche dans "C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\Yasir\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWSN\system32" :

* Dans "C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\locals~1\applic~1" :

* Dans "C:\DOCUME~1\Yasir\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :

*** Analyse terminée le 05/05/2009 à 17:57:59,57 ***

| Alerter

Répondre à you360

Destrio5

5 Mai 2009 16:10:43

Relance Navilog1, fais l'option 2 et poste le rapport (C:\cleannavi.txt).

| Alerter

Répondre à Destrio5

you360

5 Mai 2009 16:17:24

C'est bon :

Clean Navipromo version 3.7.6 commencé le 05/05/2009 à 18:12:55,59

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ )
BIOS : Default System BIOS
USER : Seyfullah ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090505-0] 4.8.1335 (Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:97 Go (Free:27 Go)
D:\ (Local Disk) - NTFS - Total:200 Go (Free:25 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

Nettoyage exécuté au redémarrage de l'ordinateur

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWSN\System32" *

* Suppression dans "C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\Yasir\locals~1\applic~1" *

*** Suppression dossiers dans "C:\WINDOWSN" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users.WINDOWSN\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users.WINDOWSN\menudm~1" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1.win\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\Yasir\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\Yasir\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\Yasir\menudm~1\progra~1" ***

*** Suppression fichiers ***

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWSN\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\WINDOWSN\system32" *

* Dans "C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\locals~1\applic~1" *

* Dans "C:\DOCUME~1\Yasir\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***

*** Nettoyage terminé le 05/05/2009 à 18:16:18,79 ***

| Alerter

Répondre à you360

Destrio5

5 Mai 2009 16:27:25

Désinstalle Navilog1.

Refais un scan RSIT et poste le rapport log.

| Alerter

Répondre à Destrio5

you360

5 Mai 2009 17:57:09

********** LOG.txt **********

Logfile of random's system information tool 1.06 (written by random/random)
Run by Seyfullah at 2009-05-05 19:56:05
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 28 GB (28%) free of 100 GB
Total RAM: 2047 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:06, on 05/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWSN\System32\smss.exe
C:\WINDOWSN\system32\winlogon.exe
C:\WINDOWSN\system32\services.exe
C:\WINDOWSN\system32\lsass.exe
C:\WINDOWSN\system32\svchost.exe
C:\WINDOWSN\System32\svchost.exe
C:\WINDOWSN\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWSN\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWSN\system32\nvsvc32.exe
C:\WINDOWSN\system32\PnkBstrA.exe
C:\WINDOWSN\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWSN\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWSN\system32\RUNDLL32.EXE
C:\WINDOWSN\RTHDCPL.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWSN\system32\ctfmon.exe
C:\WINDOWSN\System32\svchost.exe
C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWSN\system32\wuauclt.exe
C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Bureau\RSIT.exe
C:\Program Files\trend micro\Seyfullah.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: radiodofus Toolbar - {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbradi.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: radiodofus Toolbar - {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbradi.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: radiodofus Toolbar - {b905bc9d-6059-4517-a6b4-950d26299a2b} - C:\Program Files\radiodofus\tbradi.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWSN\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWSN\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWSN\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWSN\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWSN\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O20 - AppInit_DLLs: tsuisw.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Service NDAS (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWSN\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWSN\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWSN\System32\TuneUpDefragService.exe

--
End of file - 7986 bytes

======Scheduled tasks folder======

C:\WINDOWSN\tasks\dfyggxfv.job
C:\WINDOWSN\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-57989841-725345543-1003.job
C:\WINDOWSN\tasks\Malwarebytes' Scheduled Update for Seyfullah.job
C:\WINDOWSN\tasks\sajoyyis.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll [2008-06-26 656696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-15 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b905bc9d-6059-4517-a6b4-950d26299a2b}]
radiodofus Toolbar - C:\Program Files\radiodofus\tbradi.dll [2009-03-10 2079256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-15 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
{b905bc9d-6059-4517-a6b4-950d26299a2b} - radiodofus Toolbar - C:\Program Files\radiodofus\tbradi.dll [2009-03-10 2079256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWSN\system32\NvMcTray.dll [2007-11-07 81920]
"RTHDCPL"=C:\WINDOWSN\RTHDCPL.EXE [2007-04-10 16126464]
"Alcmtr"=C:\WINDOWSN\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWSN\system32\NvCpl.dll [2007-11-07 8523776]
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-04-06 401040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-10 133104]
"ctfmon.exe"=C:\WINDOWSN\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Menu Démarrer\Programmes\Démarrage
Xfire.lnk - C:\Program Files\Xfire\xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="tsuisw.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWSN\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"MaxRecentDocs"=17

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SFR\Media Center\httpd\httpd.exe"="C:\Program Files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"D:\soldatserver263\soldatserver.exe"="D:\soldatserver263\soldatserver.exe:*:Enabled:soldatserver"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled

ro Evolution Soccer 2008"
"C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Bureau\soldatserver263\soldatserver.exe"="C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Bureau\soldatserver263\soldatserver.exe:*:Enabled:soldatserver"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe"="D:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"D:\Program Files\Soldat\Soldat.exe"="D:\Program Files\Soldat\Soldat.exe:*:Enabled:Soldat"
"D:\Program Files\Microsoft Games\Halo\halo.exe"="D:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Multiwinia\multiwinia.exe"="C:\Program Files\Multiwinia\multiwinia.exe:*:Enabled:Multiwinia"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWSN\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWSN\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:FlashGet"
"C:\Program Files\Power City Exchange\Power City Exchange.exe"="C:\Program Files\Power City Exchange\Power City Exchange.exe:*:Enabled

ower City Exchange"
"C:\Program Files\Moniteur neufbox\Moniteur neufbox.exe"="C:\Program Files\Moniteur neufbox\Moniteur neufbox.exe:*:Enabled:Moniteur neufbox"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"D:\LEDT 4 DEAD\left4dead.exe"="D:\LEDT 4 DEAD\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"D:\Downloads\Pure.Multi-3.Full-Rip.Skullptura\Pure.Multi-3.Full-Rip.Skullptura\Pure\Pure.exe"="D:\Downloads\Pure.Multi-3.Full-Rip.Skullptura\Pure.Multi-3.Full-Rip.Skullptura\Pure\Pure.exe:*:Enabled

ure"
"D:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe"="D:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe:*

isabled:SplinterCell4"
"C:\Program Files\alaplaya\S4League\S4Client.exe"="C:\Program Files\alaplaya\S4League\S4Client.exe:*:Enabled

roject S4 Client.exe"
"D:\Program Files\Games-Masters.com\Copie (2) de CABAL Online (Europe)\elitecabal.exe"="D:\Program Files\Games-Masters.com\Copie (2) de CABAL Online (Europe)\elitecabal.exe:*:Enabled:elitecabal.exe"
"D:\Program Files\Games-Masters.com\Copie (2) de CABAL Online (Europe)\cabalmain.exe"="D:\Program Files\Games-Masters.com\Copie (2) de CABAL Online (Europe)\cabalmain.exe:*:Enabled:cabalmain.exe"
"D:\Program Files\Games-Masters.com\Copie (2) de CABAL Online (Europe)\cabal.exe"="D:\Program Files\Games-Masters.com\Copie (2) de CABAL Online (Europe)\cabal.exe:*:Enabled:cabal.exe"
"D:\Program Files\Games-Masters.com\Copie (2) de CABAL Online (Europe)\update.exe"="D:\Program Files\Games-Masters.com\Copie (2) de CABAL Online (Europe)\update.exe:*:Enabled:update.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWSN\system32\PnkBstrA.exe"="C:\WINDOWSN\system32\PnkBstrA.exe:*:Enabled

nkBstrA"
"C:\WINDOWSN\system32\PnkBstrB.exe"="C:\WINDOWSN\system32\PnkBstrB.exe:*:Enabled

nkBstrB"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Mozilla Firefox\Mozilla Firefox.exe"="C:\Program Files\Mozilla Firefox\Mozilla Firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1992e89b-af28-11dd-9425-001d92470cbc}]
shell\Auto\command - Start.exe
shell\AutoRun\command - C:\WINDOWSN\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

======List of files/folders created in the last 1 months======

2009-05-05 18:12:55 ----A---- C:\cleannavi.txt
2009-05-05 18:07:17 ----D---- C:\tmp
2009-05-05 18:00:19 ----D---- C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Application Data\Blender Foundation
2009-05-05 18:00:17 ----D---- C:\Program Files\Blender Foundation
2009-05-04 22:28:55 ----A---- C:\fixnavi.txt
2009-05-04 22:27:25 ----D---- C:\Program Files\Navilog1
2009-05-04 20:18:33 ----D---- C:\rsit
2009-05-04 20:18:33 ----D---- C:\Program Files\trend micro
2009-05-04 19:24:00 ----D---- C:\!KillBox
2009-05-01 08:48:02 ----D---- C:\Program Files\FotoTagger
2009-05-01 08:47:19 ----D---- C:\Program Files\AnmSMP
2009-05-01 08:32:43 ----D---- C:\Program Files\PhotoFiltre Studio X
2009-04-30 19:13:28 ----HDC---- C:\WINDOWSN\$NtUninstallKB961503$
2009-04-25 09:06:47 ----D---- C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Application Data\id Software
2009-04-25 09:05:01 ----A---- C:\WINDOWSN\system32\PnkBstrB.exe
2009-04-25 09:04:58 ----A---- C:\WINDOWSN\system32\PnkBstrA.exe
2009-04-25 09:04:58 ----A---- C:\WINDOWSN\system32\pbsvc.exe
2009-04-25 09:04:57 ----D---- C:\Documents and Settings\All Users.WINDOWSN\Application Data\id Software
2009-04-23 16:42:45 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-04-23 16:25:31 ----D---- C:\Program Files\Mozilla Firefox 3.1 Beta 3
2009-04-17 18:35:40 ----D---- C:\Program Files\Microsoft Virtual PC
2009-04-17 12:07:34 ----HDC---- C:\WINDOWSN\$NtUninstallKB959426$
2009-04-17 12:07:29 ----HDC---- C:\WINDOWSN\$NtUninstallKB961373$
2009-04-17 12:05:10 ----HDC---- C:\WINDOWSN\$NtUninstallKB956572$
2009-04-17 12:05:01 ----HDC---- C:\WINDOWSN\$NtUninstallKB952004$
2009-04-17 12:04:15 ----HDC---- C:\WINDOWSN\$NtUninstallKB960803$
2009-04-17 12:04:04 ----HDC---- C:\WINDOWSN\$NtUninstallKB923561$
2009-04-16 11:32:42 ----D---- C:\Program Files\Cube
2009-04-16 09:39:44 ----D---- C:\Program Files\ElcomSoft
2009-04-15 15:42:49 ----D---- C:\Program Files\Dofus
2009-04-14 20:17:32 ----A---- C:\WINDOWSN\system32\xfcodec.dll
2009-04-07 08:42:38 ----D---- C:\WINDOWSN\RF Legends 2.2.1 Full Client
2009-04-07 08:37:29 ----HDC---- C:\WINDOWSN\$NtUninstallXPSEPSCLP$
2009-04-07 08:24:39 ----D---- C:\WINDOWSN\system32\XPSViewer
2009-04-07 08:24:39 ----D---- C:\WINDOWSN\system32\en-us
2009-04-07 08:23:38 ----N---- C:\WINDOWSN\system32\spmsg2.dll
2009-04-07 08:22:13 ----A---- C:\WINDOWSN\RF Legends 2.2.1 Full Client Setup Log.txt
2009-04-06 15:31:57 ----D---- C:\Program Files\alaplaya

======List of files/folders modified in the last 1 months======

2009-05-05 19:48:53 ----D---- C:\WINDOWSN\Temp
2009-05-05 19:48:49 ----D---- C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Application Data\Xfire
2009-05-05 18:16:34 ----D---- C:\WINDOWSN\Prefetch
2009-05-05 18:16:18 ----D---- C:\WINDOWSN\system32
2009-05-05 18:14:03 ----A---- C:\WINDOWSN\SchedLgU.Txt
2009-05-05 18:05:17 ----D---- C:\Program Files\Mozilla Firefox
2009-05-05 18:00:46 ----D---- C:\WINDOWSN
2009-05-05 18:00:17 ----D---- C:\Program Files
2009-05-05 13:47:26 ----D---- C:\WINDOWSN\system32\drivers
2009-05-04 19:20:35 ----A---- C:\WINDOWSN\NeroDigital.ini
2009-05-04 17:00:25 ----D---- C:\WINDOWSN\system32\CatRoot2
2009-05-02 13:38:01 ----D---- C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Application Data\Adobe
2009-05-02 13:13:44 ----RSD---- C:\WINDOWSN\Fonts
2009-05-01 09:03:37 ----D---- C:\Documents and Settings\All Users.WINDOWSN\Application Data\FLEXnet
2009-04-30 19:13:33 ----HD---- C:\WINDOWSN\inf
2009-04-30 19:13:30 ----RSHDC---- C:\WINDOWSN\system32\dllcache
2009-04-30 19:13:17 ----SHD---- C:\WINDOWSN\Installer
2009-04-30 19:13:16 ----D---- C:\Documents and Settings\All Users.WINDOWSN\Application Data\Microsoft Help
2009-04-30 17:25:17 ----HD---- C:\WINDOWSN\$hf_mig$
2009-04-25 09:04:58 ----D---- C:\WINDOWSN\system32\LogFiles
2009-04-25 08:54:57 ----D---- C:\Program Files\Xfire
2009-04-25 08:54:56 ----D---- C:\Free 2 Play
2009-04-23 16:42:45 ----D---- C:\Program Files\Fichiers communs\System
2009-04-19 21:51:33 ----D---- C:\Program Files\PowerISO
2009-04-18 14:31:20 ----SD---- C:\Documents and Settings\Seyfullah.UNICORNI-429AEC\Application Data\Microsoft
2009-04-17 18:37:08 ----A---- C:\WINDOWSN\system32\PerfStringBackup.INI
2009-04-17 13:01:12 ----D---- C:\WINDOWSN\system32\wbem
2009-04-17 13:01:12 ----D---- C:\WINDOWSN\AppPatch
2009-04-17 12:07:37 ----A---- C:\WINDOWSN\imsins.BAK
2009-04-17 12:07:20 ----D---- C:\WINDOWSN\system32\fr-fr
2009-04-17 12:07:20 ----D---- C:\Program Files\Internet Explorer
2009-04-17 12:07:10 ----D---- C:\WINDOWSN\ie7updates
2009-04-16 11:11:23 ----D---- C:\WINDOWSN\system32\DirectX
2009-04-16 10:19:54 ----RSD---- C:\WINDOWSN\assembly
2009-04-12 10:52:15 ----SD---- C:\WINDOWSN\Tasks
2009-04-12 10:52:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-10 12:26:29 ----D---- C:\Program Files\Audacity
2009-04-07 15:52:45 ----D---- C:\WINDOWSN\Microsoft.NET
2009-04-07 08:36:57 ----D---- C:\WINDOWSN\system32\mui
2009-04-07 08:36:42 ----D---- C:\WINDOWSN\system32\CatRoot
2009-04-07 08:33:52 ----D---- C:\WINDOWSN\WinSxS
2009-04-07 08:23:46 ----D---- C:\WINDOWSN\system32\spool
2009-04-06 22:19:20 ----D---- C:\Downloads
2009-04-06 16:57:24 ----A---- C:\WINDOWSN\system32\MRT.exe
2009-04-06 15:32:03 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWSN\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK8;Pilote de processeur AMD; C:\WINDOWSN\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 aswSP;avast! Self Protection; C:\WINDOWSN\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWSN\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 lfsfilt;Lean File Sharing; \??\C:\WINDOWSN\system32\DRIVERS\lfsfilt.sys []
R1 oreans32;oreans32; \??\C:\WINDOWSN\system32\drivers\oreans32.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWSN\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 StarOpen;StarOpen; C:\WINDOWSN\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWSN\system32\Drivers\vmm.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWSN\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWSN\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 aswRdr;aswRdr; C:\WINDOWSN\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWSN\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWSN\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWSN\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWSN\system32\drivers\mbam.sys []
R3 mouhid;Pilote HID de souris; C:\WINDOWSN\system32\DRIVERS\mouhid.sys [2001-08-24 12288]
R3 ndasbus;NDAS Bus Driver; C:\WINDOWSN\system32\DRIVERS\ndasbus.sys [2005-07-15 39168]
R3 nv;nv; C:\WINDOWSN\system32\DRIVERS\nv4_mini.sys [2007-11-07 7429088]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWSN\system32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWSN\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWSN\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWSN\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWSN\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S2 zntport;NTPort Library Driver; \??\C:\WINDOWSN\system32\zntport.sys []
S3 apxt4n7m;apxt4n7m; C:\WINDOWSN\system32\drivers\apxt4n7m.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\SEYFUL~1.UNI\LOCALS~1\Temp\catchme.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWSN\system32\drivers\EagleNT.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 ndasscsi;NDAS SCSI Miniport Driver; C:\WINDOWSN\system32\DRIVERS\ndasscsi.sys [2005-07-15 91392]
S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197); C:\WINDOWSN\system32\DRIVERS\qcusbmdm.sys [2003-03-11 59632]
S3 qcusbser;Qualcomm Diagnostic Port 3197; C:\WINDOWSN\system32\DRIVERS\qcusbser.sys [2003-03-11 59632]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWSN\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWSN\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWSN\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWSN\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWSN\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWSN\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWSN\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWSN\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWSN\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWSN\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWSN\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWSN\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-04-06 179856]
R2 ndassvc;Service NDAS; C:\Program Files\NDAS\System\ndassvc.exe [2005-07-15 377856]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWSN\system32\nvsvc32.exe [2007-11-07 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWSN\system32\PnkBstrA.exe [2009-04-26 75064]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWSN\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWSN\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWSN\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWSN\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWSN\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWSN\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWSN\System32\TuneUpDefragService.exe [2008-11-30 355584]
S3 usprserv;User Privilege Service; C:\WINDOWSN\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWSN\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

********** INFO.txt *********

info.txt logfile of random's system information tool 1.06 2009-05-04 20:18:36

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWSN\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWSN\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWSN\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWSN\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
Acrobat.com-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWSN\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWSN\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AnmanieSMP 2.4 i-->"C:\Program Files\AnmSMP\unins000.exe"
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitComet Turbo Accelerator-->C:\Program Files\BitComet Turbo Accelerator\uninstall.exe
BitPim 1.0.6-->"C:\Program Files\BitPim\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWSN\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWSN\$NtUninstallKB952287$\spuninst\spuninst.exe"
Cube-->"C:\Program Files\Cube\uninstall.exe"
Dofus 1.27.0-->C:\Program Files\Dofus\uninstall.exe
EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
Fake Webcam 1.0-->"C:\Program Files\Fake Webcam\unins000.exe"
Favorit-->"c:\documents and settings\yasir.unicorni-429aec\local settings\application data\iieis.exe" -uninstall
FIFA 09-->MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
Flash Decompiler Trillix-->"C:\Program Files\Eltima Software\Flash Decompiler Trillix\unins000.exe"
FotoTagger 2.13.0.1-->C:\Program Files\FotoTagger\uninst.exe
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
Gimp 2.6.2-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWSN\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\DOCUME~1\SEYFUL~1.UNI\LOCALS~1\Temp\Rar$EX03.515\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWSN\$NtUninstallKB929399$\spuninst\spuninst.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
K-Lite Codec Pack 4.5.3 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
Microsoft .NET Framework 3.5-->C:\WINDOWSN\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWSN\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWSN\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWSN\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWSN\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWSN\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWSN\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWSN\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWSN\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWSN\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWSN\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWSN\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWSN\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWSN\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWSN\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWSN\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWSN\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWSN\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWSN\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWSN\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWSN\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWSN\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWSN\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWSN\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWSN\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWSN\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWSN\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWSN\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWSN\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWSN\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWSN\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWSN\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWSN\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWSN\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWSN\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWSN\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWSN\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWSN\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWSN\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWSN\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWSN\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWSN\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWSN\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWSN\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWSN\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWSN\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWSN\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWSN\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWSN\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWSN\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWSN\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWSN\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWSN\$NtUninstallKB967715$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 - fra-->C:\WINDOWSN\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
Mozilla Firefox (3.0.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.1b3)-->C:\Program Files\Mozilla Firefox 3.1 Beta 3\uninstall\helper.exe
MpcStar 3.4-->C:\Program Files\MpcStar\uninst.exe
MSI Live Update 3-->C:\WINDOWSN\IsUninst.exe -f"C:\Program Files\MSI\Live Update 3\Uninst.isu"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
NDAS Software 3.10.1231-->MsiExec.exe /X{D9A34306-A7E3-4FDE-ADDA-B7DFD264080A}
Nero 7 Ultra Edition-->MsiExec.exe /X{22FB6750-ADDF-4726-B67F-6901E1991036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NFO viewer v 2.1-->"C:\Program Files\NFO viewer\unins000.exe"
NVIDIA Drivers-->C:\WINDOWSN\system32\nvudisp.exe UninstallGUI
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWSN\system32\DRVSTORE\amdk8_1F9DE4E49C97F59EE9F75C34E0E91E568FC9EEB2\amdk8.inf
Power City Exchange 1.1.1-->"C:\Program Files\Power City Exchange\unins000.exe"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Pro Evolution Soccer 2008-->C:\Program Files\InstallShield Installation Information\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\setup.exe -runfromtemp -l0x040c
PunkBuster Services-->C:\WINDOWSN\system32\pbsvc.exe -u
Quake Live Mozilla Plugin-->MsiExec.exe /I{6F3F58D0-6CE9-4B76-B3C2-9E5BD6323992}
radiodofus Toolbar-->C:\PROGRA~1\RADIOD~1\UNWISE.EXE /U C:\PROGRA~1\RADIOD~1\INSTALL.LOG
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Revo Uninstaller 1.80-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
RF Legends 2.2.1 Full Client-->"C:\WINDOWSN\RF Legends 2.2.1 Full Client\uninstall.exe" "/U

:\Program Files\RF Legends 2.2.1 Full Client\Uninstall\uninstall.xml"
ROUTE 66 Sync-->C:\Program Files\InstallShield Installation Information\{20BD3140-16AF-4B5F-BCD6-052B6CD11DE6}\setup.exe -runfromtemp -l0x040c
S.T.A.L.K.E.R. - Shadow of Chernobyl-->"D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
S4 League_EU-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D96021A9-B290-4783-B019-0E4000DA84CE}\setup.exe" -l0x9
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWSN\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWSN\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWSN\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWSN\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWSN\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SFR - Media Center-->C:\Program Files\SFR\Media Center\uninstall.exe
Shock Aero 3D v0.94-->"C:\WINDOWSN\IFinst27.exe" -UC:\Program Files\Shock Utility\ShockAero3D\IFU54.inf
Speed Gear 5.00-->"C:\Program Files\Speed Gear 5\unins000.exe"
SpiderMan Web of Shadows-->"D:\Program Files\Team JPN\SpiderMan Web of Shadows\unins000.exe"
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x040c -removeonly
Star Wars Jedi Knight Jedi Academy-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}\Setup.exe" -l0x9
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
The Last Remnant-->"D:\Program Files\The Last Remnant\Uninstall\unins000.exe"
Tom Clancy's Splinter Cell Chaos Theory-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}\setup.exe" -l0x40c -removeonly
Tom Clancy's Splinter Cell Double Agent-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAD1691A-FA24-4B95-9009-3257B8440ECC}\setup.exe" -l0x40c -removeonly
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Ulead GIF Animator 5 Trial-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
WarRock-->C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Imaging Component-->"C:\WINDOWSN\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWSN\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWSN\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWSN\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xilisoft Video Converter Ultimate-->C:\Program Files\Xilisoft\Video Converter Ultimate\Uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWSN\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090504-0]

======System event log======

Computer Name: UNICORNI-429AEC
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 6788
Source Name: Service Control Manager
Time Written: 20090412145300.000000+120
Event Type: Informations
User:

Computer Name: UNICORNI-429AEC
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service HTTP SSL.

Record Number: 6787
Source Name: Service Control Manager
Time Written: 20090412145300.000000+120
Event Type: Informations
User: AUTORITE NT\SERVICE LOCAL

Computer Name: UNICORNI-429AEC
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

Record Number: 6786
Source Name: Service Control Manager
Time Written: 20090412145258.000000+120
Event Type: Informations
User: UNICORNI-429AEC\Seyfullah

Computer Name: UNICORNI-429AEC
Event Code: 7036
Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.

Record Number: 6785
Source Name: Service Control Manager
Time Written: 20090412145258.000000+120
Event Type: Informations
User:

Computer Name: UNICORNI-429AEC
Event Code: 7036
Message: Le service Service de découvertes SSDP est entré dans l'état : en cours d'exécution.

Record Number: 6784
Source Name: Service Control Manager
Time Written: 20090412145257.000000+120
Event Type: Informations
User:

=====Application event log=====

Computer Name: UNICORNI-429AEC
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 82
Source Name: SecurityCenter
Time Written: 20090122135254.000000+060
Event Type: Informations
User:

Computer Name: UNICORNI-429AEC
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 81
Source Name: SecurityCenter
Time Written: 20090121130235.000000+060
Event Type: Informations
User:

Computer Name: UNICORNI-429AEC
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 80
Source Name: SecurityCenter
Time Written: 20090120165358.000000+060
Event Type: Informations
User:

Computer Name: UNICORNI-429AEC
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 79
Source Name: SecurityCenter
Time Written: 20090119184133.000000+060
Event Type: Informations
User:

Computer Name: UNICORNI-429AEC
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 78
Source Name: SecurityCenter
Time Written: 20090118103753.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

| Alerter

Répondre à you360

Destrio5

5 Mai 2009 18:01:04

Où se trouve le dossier bizarre ?

| Alerter

Répondre à Destrio5

you360

5 Mai 2009 18:16:37

Sur un disque dur NDAS (résau).
Il faut que je le scan aussi ??

| Alerter

Répondre à you360

Destrio5

5 Mai 2009 18:39:48

Et tu y as accès comment ?

| Alerter

Répondre à Destrio5

you360

30 Mai 2009 12:11:08

En fait il est branché sur un routeur. Il y est branché avec un cable ethernet.
Désolé de l'absence très longue

| Alerter

Répondre à you360

you360

1 Juin 2009 11:04:32

En fait j'ai un routeur, les 4 PC sont branché dessus et le disque dur externe réseau aussi (pour que tout le monde puisse y accéder).

Si le problème n'est pas résolu je prévoie le formatage

| Alerter

Répondre à you360

you360

6 Juin 2009 12:30:50

Up !!

| Alerter

Répondre à you360

Tom's guide dans le monde