Rapport :



############################## | FindyKill V5.002 |

# User : Rom1 (Administrators) # ROM1-PC
# Update on 12/06/09 by Chiquitine29
# Start at: 20:59:51 | 23/06/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
# Microsoft® Windows Vista™ Édition Intégrale (6.0.6001 64-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18762
# Windows Firewall Status : Enabled

# C:\ # Disque fixe local # 48,83 Go (12,06 Go free) # NTFS
# D:\ # Disque fixe local # 25,7 Go (20,27 Go free) [Stock] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque fixe local # 195,31 Go (170,4 Go free) [DL] # NTFS
# H:\ # Disque fixe local # 270,32 Go (225,38 Go free) [DATA1 ] # NTFS

############################## | Processus actifs |

C:\Program Files (x86)\ASUS\AASP\1.00.32\aaCenter.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Users\Rom1\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Rom1\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
C:\PROGRA~2\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\CCleaner\CCleaner.exe

################## | C: |


################## | C:\Windows |

Présent ! C:\Windows\Prefetch\123478468.EXE-9E69F439.pf
Présent ! C:\Windows\Prefetch\123484421.EXE-FE1E14D3.pf
Présent ! C:\Windows\Prefetch\FLEC006.EXE-70449844.pf
Présent ! C:\Windows\Prefetch\KEY GENERATOR.EXE-978FFBDD.pf

################## | C:\Windows\system32 |


################## | C:\Windows\system32\drivers |


################## | C:\Users\Rom1\AppData\Roaming |

Présent ! C:\Users\Rom1\AppData\Roaming\drivers

################## | Autres ... |


################## | C:\Users\Rom1\Temporary Internet Files |


################## | Registre / Clés infectieuses |

Présent ! [HKCU\Software\bisoft]
Présent ! [HKCU\Software\MuleAppData]
Présent ! [HKU\S-1-5-21-3277550768-3320579636-2742006690-1000\Software­\bisoft]
Présent ! [HKU\S-1-5-21-3277550768-3320579636-2742006690-1000\Software­\MuleAppData]
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\run]
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]
Présent ! [HKU\S-1-5-21-3277550768-3320579636-2742006690-1000\Software­\Local AppWizard-Generated Applications\run]
Présent ! [HKU\S-1-5-21-3277550768-3320579636-2742006690-1000\Software­\Local AppWizard-Generated Applications\winupgro]

################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK

# Mode sans echec : OK

# (!) Uac = 0x0

# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Wlansvc -> Start = 3 ( Good = 2 | Bad = 4 )
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) windefend -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wuauserv -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )


################## | ! Fin du rapport # FindyKill V5.002 ! |

############################## | FindyKill V5.002 |

# User : Rom1 (Administrators) # ROM1-PC
# Update on 12/06/09 by Chiquitine29
# Start at: 21:07:52 | 23/06/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
# Microsoft® Windows Vista™ Édition Intégrale (6.0.6001 64-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18762
# Windows Firewall Status : Enabled

# C:\ # Disque fixe local # 48,83 Go (12,06 Go free) # NTFS
# D:\ # Disque fixe local # 25,7 Go (20,27 Go free) [Stock] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque fixe local # 195,31 Go (170,4 Go free) [DL] # NTFS
# H:\ # Disque fixe local # 270,32 Go (225,38 Go free) [DATA1 ] # NTFS

############################## | Processus actifs |

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\ASUS\AASP\1.00.32\aaCenter.exe
C:\Windows\SysWOW64\runonce.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
C:\PROGRA~2\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe

################## | C: |


################## | C:\Windows |

Supprimé ! C:\Windows\Prefetch\123478468.EXE-9E69F439.pf
Supprimé ! C:\Windows\Prefetch\123484421.EXE-FE1E14D3.pf
Supprimé ! C:\Windows\Prefetch\FLEC006.EXE-70449844.pf
Supprimé ! C:\Windows\Prefetch\KEY GENERATOR.EXE-978FFBDD.pf
Supprimé ! C:\Windows\Prefetch\WINUPGRO.EXE-1A2F6195.pf

################## | C:\Windows\system32 |


################## | C:\Windows\system32\drivers |


################## | C:\Users\Rom1\AppData\Roaming |

Supprimé ! C:\Users\Rom1\AppData\Roaming\drivers

################## | Autres ... |


################## | Temporary Internet Files |

Supprimé ! C:\Users\Rom1\AppData\Local\Temp\7zO38A2.tmp\run.exe

################## | Registre / Clés infectieuses |

Supprimé ! [HKCU\Software\bisoft]
Supprimé ! [HKCU\Software\MuleAppData]
Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\run]
Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]

################## | Etat / Services / Informations |

# Mode sans echec : OK


# Affichage des fichiers cachés : OK

# Uac : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# windefend -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )


################## | PEH ... |


################## | Cracks / Keygens / Serials |

"C:\Users\Rom1\Desktop\Photofiltre\"Keygen.exe""
06/04/2009 11:54 |Size 266240 |Crc32 b5830804 |Md5 3a08411f677892d1a6e95aa6e89a707e


################## | ! Fin du rapport # FindyKill V5.002 ! |

Log.txt :


Logfile of random's system information tool 1.06 (written by random/random)
Run by Rom1 at 2009-06-23 21:35:43
Microsoft® Windows Vista™ Édition Intégrale Service Pack 1
System drive C: has 11 GB (22%) free of 50 GB
Total RAM: 4094 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:48, on 23/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AASP\1.00.32\aaCenter.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Users\Rom1\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\Rom1\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Rom1\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Rom1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 220.162.183.207:8088
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: recfree Toolbar - {15c93148-34fe-47e6-88e5-37607a3002f3} - C:\Program Files (x86)\recfree\tbrecf.dll
O1 - Hosts: ::1 localhost
O2 - BHO: recfree Toolbar - {15c93148-34fe-47e6-88e5-37607a3002f3} - C:\Program Files (x86)\recfree\tbrecf.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - D:\Program Files (x86)\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: recfree Toolbar - {15c93148-34fe-47e6-88e5-37607a3002f3} - C:\Program Files (x86)\recfree\tbrecf.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICEE.EXE /FU "C:\Windows\TEMP\E_S1BA8.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.maidmarian.com/MOONBASE.htm"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Rom1\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: &Download All by FlashGet - D:\Program Files (x86)\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - D:\Program Files (x86)\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.orange.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{91591CC6-9A37-4A6C-9D4C-32C7FB4F0B73}: NameServer = 192.168.1.1,195.167.224.150
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~2\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
End of file - 8731 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15c93148-34fe-47e6-88e5-37607a3002f3}]
recfree Toolbar - C:\Program Files (x86)\recfree\tbrecf.dll [2008-09-15 1784856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl - D:\Program Files (x86)\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [2008-11-24 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [2008-11-24 333192]
{15c93148-34fe-47e6-88e5-37607a3002f3} - recfree Toolbar - C:\Program Files (x86)\recfree\tbrecf.dll [2008-09-15 1784856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-01-05 413696]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX8400 Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICEE.EXE [2007-04-12 213504]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [2004-02-21 856064]
"Gadwin PrintScreen 3.1"=C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [2005-09-27 1073152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-11-24 460216]

C:\Users\Rom1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Outil de notification Live Search.lnk - C:\Users\Rom1\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"UacDisableNotify"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Orange\Connectivity\ConnectivityManager.exe"="C:\Program Files (x86)\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
"D:\Program Files (x86)\FlashGet Network\FlashGet universal\FlashGet.exe"="D:\Program Files (x86)\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"D:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdate.exe"="D:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"D:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="D:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30881a5b-b3ce-11dd-a5f2-00173158d925}]
shell\AutoRun\command - setupSNK.exe


======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-06-23 21:35:44 ----D---- C:\Program Files (x86)\trend micro
2009-06-23 21:35:43 ----D---- C:\rsit
2009-06-23 21:21:45 ----HD---- C:\Users\Rom1\AppData\Roaming\drivers
2009-06-23 21:07:20 ----A---- C:\FindyKill.txt
2009-06-23 20:59:30 ----D---- C:\FindyKill
2009-06-23 20:43:24 ----D---- C:\ProgramData\Avira
2009-06-23 20:43:24 ----D---- C:\Program Files (x86)\Avira
2009-06-23 20:41:20 ----D---- C:\Users\Rom1\AppData\Roaming\Malwarebytes
2009-06-23 20:41:15 ----D---- C:\ProgramData\Malwarebytes
2009-06-23 20:41:15 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-06-23 19:00:34 ----A---- C:\Windows\bdagent.INI
2009-06-23 18:43:41 ----D---- C:\Program Files (x86)\Sodensoft
2009-06-23 17:27:54 ----D---- C:\Windows\BDOSCAN8
2009-06-23 16:52:29 ----D---- C:\Program Files (x86)\SMS-it
2009-06-23 16:52:22 ----A---- C:\Windows\IsUninst.exe
2009-06-22 18:31:31 ----D---- C:\Program Files (x86)\Teamspeak2_RC2
2009-06-19 17:28:10 ----D---- C:\Program Files (x86)\Gadwin Systems
2009-06-14 15:02:56 ----D---- C:\Users\Rom1\AppData\Roaming\PhotoFiltre Studio X
2009-06-12 18:02:54 ----D---- C:\Users\Rom1\AppData\Roaming\Tor
2009-06-12 18:02:54 ----D---- C:\Program Files (x86)\Tor
2009-06-11 20:55:49 ----D---- C:\Users\Rom1\AppData\Roaming\Winamp
2009-06-11 20:55:49 ----D---- C:\Program Files (x86)\Winamp
2009-06-03 21:31:12 ----D---- C:\Users\Rom1\AppData\Roaming\SecondLife
2009-06-03 19:06:57 ----D---- C:\Program Files (x86)\TeamViewer
2009-05-26 20:51:58 ----D---- C:\Users\Rom1\AppData\Roaming\TeamViewer
2009-05-24 14:55:58 ----D---- C:\Program Files (x86)\Conduit
2009-05-24 14:55:57 ----D---- C:\Program Files (x86)\recfree
2009-05-24 14:55:40 ----A---- C:\Windows\system32\unicows.dll
2009-05-24 14:55:40 ----A---- C:\Windows\system32\pthreadGC2.dll
2009-05-24 14:55:40 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2009-05-24 14:55:40 ----A---- C:\Windows\system32\ff_vfw.dll
2009-05-24 14:35:33 ----D---- C:\My Videos
2009-05-24 14:35:10 ----D---- C:\ProgramData\Apowersoft

======List of files/folders modified in the last 1 months======

2009-06-23 21:35:47 ----D---- C:\Windows\Temp
2009-06-23 21:35:44 ----RD---- C:\Program Files (x86)
2009-06-23 21:30:49 ----D---- C:\Windows\winsxs
2009-06-23 21:24:18 ----SHD---- C:\System Volume Information
2009-06-23 21:22:29 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-06-23 21:19:09 ----D---- C:\Windows
2009-06-23 21:18:52 ----SD---- C:\Windows\Downloaded Program Files
2009-06-23 21:18:47 ----SHD---- C:\$Recycle.Bin
2009-06-23 21:18:38 ----D---- C:\Windows\Prefetch
2009-06-23 21:14:58 ----D---- C:\Windows\System32
2009-06-23 21:14:58 ----D---- C:\Windows\inf
2009-06-23 20:52:46 ----D---- C:\Windows\Minidump
2009-06-23 20:52:46 ----D---- C:\Windows\Debug
2009-06-23 20:48:26 ----D---- C:\Windows\SysWOW64
2009-06-23 20:43:25 ----D---- C:\Windows\system32\drivers
2009-06-23 20:43:24 ----HD---- C:\ProgramData
2009-06-23 20:42:48 ----SHD---- C:\Windows\Installer
2009-06-23 19:00:25 ----D---- C:\Windows\Logs
2009-06-23 17:29:57 ----SD---- C:\ProgramData\Microsoft
2009-06-23 17:05:08 ----D---- C:\Program Files (x86)\Windows Media Player
2009-06-23 16:55:37 ----D---- C:\Users\Rom1\AppData\Roaming\Skype
2009-06-14 15:02:58 ----D---- C:\Users\Rom1\AppData\Roaming\Identities
2009-06-12 23:37:54 ----D---- C:\Users\Rom1\AppData\Roaming\Azureus
2009-06-11 18:34:07 ----D---- C:\Program Files (x86)\Common Files\Steam
2009-05-25 20:25:57 ----D---- C:\Program Files (x86)\Vuze
2009-05-24 14:55:57 ----RD---- C:\Users
2009-05-24 11:14:55 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2007-12-17 14392]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys []
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC64.SYS []
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx64.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 ScreamBAudioSvc;ScreamBee Audio; C:\Windows\system32\drivers\ScreamingBAudio64.sys []
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys []
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys []
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-02-06 5632]
S3 af8vw02q;af8vw02q; C:\Windows\system32\drivers\af8vw02q.sys []
S3 cpuz132;cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x64.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 dump_wmimmc;dump_wmimmc; \??\D:\Program Files (x86)\Metin 2 Chinese\Às¾s\GameGuard\dump_wmimmc.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2004-12-30 4682]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50a64.sys []
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50a64.sys []
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl64.sys []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys []
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys []
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 ZSMC301b;Philips SPC 200NC PC Camera; C:\Windows\System32\Drivers\usbVM31b.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 ASKUpgrade;ASKUpgrade; C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [2008-11-24 234888]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~2\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-09-25 65536]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 TeamViewer4;TeamViewer 4; C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2009-05-27 185640]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-05-16 322032]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2007-11-08 4466688]

-----------------EOF-----------------


info.txt

info.txt logfile of random's system information tool 1.06 2009-06-23 21:35:50

======Uninstall list======

-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
7-Zip 4.65-->"D:\Program Files (x86)\7-Zip\Uninstall.exe"
abgx360 v0.9.4-->"C:\Program Files (x86)\abgx360\uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
AMX Mod X Installer 1.8.1-->D:\Program Files (x86)\AMX Mod X\uninst.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->"C:\Program Files (x86)\AskBarDis\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
AviSynth 2.5-->"C:\Program Files (x86)\AviSynth 2.5\Uninstall.exe"
Calendrier Xtra v10.020-->"C:\Program Files (x86)\Calendrier\unins000.exe"
CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Counter-Strike(TM)-->MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
Cucusoft YouTube Mate 7.16-->"D:\Program Files (x86)\Cucusoft\YouTube-Mate\unins000.exe"
DeskScapes (Free)-->"C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\UninstHelper.exe" /autouninstall dksw
DEVIL MAY CRY 4-->MsiExec.exe /I{D4E5A687-797D-44B1-8F96-4FD7A24166A9}
DivX Codec-->C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dofus 1.27.0-->D:\Program Files (x86)\Dofus\uninstall.exe
DVD Shrink 3.2-->"C:\Program Files (x86)\DVD Shrink\unins000.exe"
Dyson v1.20-->"D:\Program Files (x86)\Dyson\unins000.exe"
eMule-->"D:\Program Files (x86)\eMule\Uninstall.exe"
EPSON Scan-->C:\Program Files (x86)\epson\escndv\setup\setup.exe /r
Favorit-->c:\users\rom1\appdata\local\qwwigsw.bat
FlashGet 2.0-->D:\Program Files (x86)\FlashGet Network\FlashGet universal\uninst.exe
Foxit Reader-->C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe
Gadwin PrintScreen-->C:\Program Files (x86)\Gadwin Systems\PrintScreen\Uninstall.exe
Guitar Hero III-->MsiExec.exe /I{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}
Hamachi 1.0.2.5-->C:\Program Files (x86)\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files (x86)\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
HTML Guardian 7-->MsiExec.exe /I{3420C6C3-2A57-434E-97EB-513FE3038157}
ImgBurn 2.3.2.0 Fr-->"C:\Program Files (x86)\ImgBurn\unins000.exe"
Installation Windows Live-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Insurgency-->"H:\Programme\Steam\steam.exe" steam://uninstall/17700
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files (x86)\Messenger Plus! Live\Uninstall.exe"
Metin 2 Révolution 1.0-->"H:\Program Files (x86)\Metin 2 Révolution\unins000.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0021-040C-0000-0000000FF1CE} /uninstall {CCDA3DD6-E33D-4D75-B7C9-FF585580CE83}
Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (French) 2007-->MsiExec.exe /X{90120000-0021-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Database Publishing Wizard 1.2-->MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual Studio Web Authoring Component-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Visual Web Developer 2008 Express Edition - FRA-->MsiExec.exe /X{3E413415-45B0-3979-8E6C-4FF7CC5386F6}
Microsoft Visual Web Developer 2008 Express - Français-->D:\Program Files (x86)\Microsoft Visual Studio 9.0\Microsoft Visual Web Developer 2008 Express Edition - FRA\setup.exe
MorphVOX Pro-->MsiExec.exe /I{66C948DD-A242-474B-B4F0-6C04CD885321}
Mozilla Firefox (3.0.11)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.21)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mumble and Murmur-->C:\Program Files (x86)\Mumble\Uninstall.exe
No-IP.com DUC (remove only)-->"C:\Program Files (x86)\No-IP\DUC20.exe" -uninstall
Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe
NVIDIA PhysX-->MsiExec.exe /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
NysIRC v2.05-->"C:\Program Files (x86)\NysIRC\unins000.exe"
OpenAL-->"C:\Program Files (x86)\OpenAL\oalinst.exe" /U
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PC Probe II-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x40c
PL-2303 Vista Driver Installer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}\setup.exe" -l0x9 -removeonly
PSP Video 9 4.07-->d:\Program Files (x86)\Red Kawa\Video Converter App\uninstaller.exe
Python 2.6.1-->MsiExec.exe /I{9CC89170-000B-457D-91F1-53691F85B223}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek AC'97 Audio-->Alcrmv64.exe -r -m
recfree Toolbar-->C:\PROGRA~2\recfree\UNWISE.EXE C:\PROGRA~2\recfree\INSTALL.LOG
S4 League_EU-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D96021A9-B290-4783-B019-0E4000DA84CE}\Setup.exe" -l0x9
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files (x86)\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung PC Studio 3-->"C:\Program Files (x86)\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
SecondLife (remove only)-->"d:\Program Files (x86)\SecondLife\uninst.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SpeedSim-->C:\Program Files (x86)\SpeedSim\uninst.exe
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 2 RC2-->"C:\Program Files (x86)\Teamspeak2_RC2\unins000.exe"
TeamViewer 4-->C:\Program Files (x86)\TeamViewer\Version4\uninstall.exe
ThundeReXScripT_V5FinaL-->d:\ThundeReXScripT_V5FinaL\Uninstal.exe
Tor (remove only)-->"C:\Program Files (x86)\Tor\Uninstall.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
VC Runtimes MSI-->MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}
Virtual DJ - Atomix Productions-->D:\PROGRA~1\VIRTUA~1\UNWISE.EXE D:\PROGRA~1\VIRTUA~1\INSTALL.LOG
VLC media player 0.9.8a-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Vuze-->C:\Program Files (x86)\Vuze\uninstall.exe
Watson-->MsiExec.exe /I{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live OneCare safety scanner-->"C:\Program Files (x86)\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
YouTube Downloader App 1.02-->C:\Program Files (x86)\Regensoft\Downloader App\uninstaller.exe
YouTube Downloader Suite V2.1.0-->"D:\Program Files (x86)\Apowersoft\YouTube Downloader Suite\unins000.exe"

======Hosts File======

127.0.0.1 update.bitdefender.com127.0.0.1 update.bitdefender.com127.0.0.1 update.bitdefender.com127.0.0.1 update.bitdefender.com127.0.0.1 update.bitdefender.com

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Rom1-PC
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB961501(Security Update) n’est pas applicable à ce système.
Record Number: 108435
Source Name: Microsoft-Windows-Servicing
Time Written: 20090623192626.000000-000
Event Type: Avertissement
User: NT AUTHORITY\SYSTEM

Computer Name: Rom1-PC
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB961501(Security Update) n’est pas applicable à ce système.
Record Number: 108436
Source Name: Microsoft-Windows-Servicing
Time Written: 20090623192626.000000-000
Event Type: Avertissement
User: NT AUTHORITY\SYSTEM

Computer Name: Rom1-PC
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB967632(Update) n’est pas applicable à ce système.
Record Number: 108476
Source Name: Microsoft-Windows-Servicing
Time Written: 20090623193022.000000-000
Event Type: Avertissement
User: NT AUTHORITY\SYSTEM

Computer Name: Rom1-PC
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB967632(Update) n’est pas applicable à ce système.
Record Number: 108477
Source Name: Microsoft-Windows-Servicing
Time Written: 20090623193022.000000-000
Event Type: Avertissement
User: NT AUTHORITY\SYSTEM

Computer Name: Rom1-PC
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB967632(Update) n’est pas applicable à ce système.
Record Number: 108478
Source Name: Microsoft-Windows-Servicing
Time Written: 20090623193022.000000-000
Event Type: Avertissement
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Rom1-PC
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-3277550768-3320579636-2742006690-1000:
Process 3084 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3277550768-3320579636-2742006690-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 3084 (\Device\HarddiskVolume1\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3277550768-3320579636-2742006690-1000\Software\Microsoft\Windows\CurrentVersion\Explorer

Record Number: 17411
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090623183826.000000-000
Event Type: Avertissement
User: NT AUTHORITY\SYSTEM

Computer Name: Rom1-PC
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 17429
Source Name: Microsoft-Windows-WMI
Time Written: 20090623184113.000000-000
Event Type: Erreur
User:

Computer Name: Rom1-PC
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 17458
Source Name: Microsoft-Windows-WMI
Time Written: 20090623190825.000000-000
Event Type: Erreur
User:

Computer Name: Rom1-PC
Event Code: 4113
Message: AntiVir a détecté dans le fichier D:\Program Files (x86)\Apowersoft\YouTube Downloader Suite\YouTubeDownloaderSuite.exe un code suspect avec la désignation 'TR/Dropper.Gen'!
Record Number: 17462
Source Name: Avira AntiVir
Time Written: 20090623192052.000000-000
Event Type: Avertissement
User: NT AUTHORITY\SYSTEM

Computer Name: Rom1-PC
Event Code: 4113
Message: AntiVir a détecté dans le fichier D:\Program Files (x86)\Apowersoft\YouTube Downloader Suite\YouTubeDownloaderSuite.exe un code suspect avec la désignation 'TR/Dropper.Gen'!
Record Number: 17463
Source Name: Avira AntiVir
Time Written: 20090623192057.000000-000
Event Type: Avertissement
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Rom1-PC
Event Code: 4907
Message: Les paramètres d’audit sur l’objet ont changé.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : ROM1-PC$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Objet :
Serveur de l’objet : Security
Type d’objet : File
Nom de l’objet : C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Reserved_Words.help.txt
ID du handle : 0xee4

Informations sur le processus :
ID du processus : 0x384
Nom du processus : C:\Windows\servicing\TrustedInstaller.exe

Paramètres d’audit :
Descripteur de sécurité d’origine :
Nouveau descripteur de sécurité : S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 22331
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090412073925.313686-000
Event Type: Succès de l'audit
User:

Computer Name: Rom1-PC
Event Code: 4907
Message: Les paramètres d’audit sur l’objet ont changé.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : ROM1-PC$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Objet :
Serveur de l’objet : Security
Type d’objet : File
Nom de l’objet : C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_If.help.txt
ID du handle : 0xf90

Informations sur le processus :
ID du processus : 0x384
Nom du processus : C:\Windows\servicing\TrustedInstaller.exe

Paramètres d’audit :
Descripteur de sécurité d’origine :
Nouveau descripteur de sécurité : S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 22332
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090412073925.342981-000
Event Type: Succès de l'audit
User:

Computer Name: Rom1-PC
Event Code: 4907
Message: Les paramètres d’audit sur l’objet ont changé.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : ROM1-PC$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Objet :
Serveur de l’objet : Security
Type d’objet : File
Nom de l’objet : C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Where.help.txt
ID du handle : 0xba0

Informations sur le processus :
ID du processus : 0x384
Nom du processus : C:\Windows\servicing\TrustedInstaller.exe

Paramètres d’audit :
Descripteur de sécurité d’origine :
Nouveau descripteur de sécurité : S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 22333
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090412073925.350793-000
Event Type: Succès de l'audit
User:

Computer Name: Rom1-PC
Event Code: 4907
Message: Les paramètres d’audit sur l’objet ont changé.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : ROM1-PC$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Objet :
Serveur de l’objet : Security
Type d’objet : File
Nom de l’objet : C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Object.help.txt
ID du handle : 0x858

Informations sur le processus :
ID du processus : 0x384
Nom du processus : C:\Windows\servicing\TrustedInstaller.exe

Paramètres d’audit :
Descripteur de sécurité d’origine :
Nouveau descripteur de sécurité : S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 22334
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090412073925.358605-000
Event Type: Succès de l'audit
User:

Computer Name: Rom1-PC
Event Code: 4907
Message: Les paramètres d’audit sur l’objet ont changé.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : ROM1-PC$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Objet :
Serveur de l’objet : Security
Type d’objet : File
Nom de l’objet : C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Ref.help.txt
ID du handle : 0xee4

Informations sur le processus :
ID du processus : 0x384
Nom du processus : C:\Windows\servicing\TrustedInstaller.exe

Paramètres d’audit :
Descripteur de sécurité d’origine :
Nouveau descripteur de sécurité : S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 22335
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090412073925.371299-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;d:\Program Files (x86)\Samsung\Samsung PC Studio 3;C:\Program Files (x86);C:\Program Files (x86)\QuickTime\QTSystem\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=AMD64 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Avec l'option "L"

Ceci ferme le programme , .. Que faire ?

Il n'y a pas cette option dans "Autres Reglages" ..


Que puis je faire ?

Toujours le meme soucis ..

Sinon plus le processus qui se lance Merci :)

Mais pour antivir ca vient de ou ?

Aucune idée, fais quand même le scan ;)

Scan lancé je mettrait tout ca demain ..


Un grand merci à toi du delais de tes reponses ,

Et de tes réponses nettes et claires :) ! :)

Réinstalle AntiVir et retente un scan.