Votre question

Processus mysterieux

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
21 Novembre 2009 20:28:27

Bonjour à tous,

J'ai pas mal de petits soucis genre pop up intempestifs, firefox qui plante et tout plein de petites douceurs du meme genre.

J'ai le process dmfmblbs.exe dans le gestionnaire des taches, et ce process n'est pas référencé sur google. Je le soupconne d'etre a l'origine de pas mal de petites saloperies. Il se trouve a:

c:\documents and settings\(My username)\local settings\application data\dmfmblbs.exe

J'ai essayé d'aller voir dans le dossier, mais je ne peux pas afficher les objets cachés (quand j'active dans l'option dans la configuration de l'affichage des dossiers il n'est pas pris en compte); du coup impossible de voir ce qu'il y'a dans ce dossier et pas possible de supprimer manuellement le fichier.exe


Si quelqu'un a une idée sur la démarche a suivre (j'aimerais vraiment éviter de formater), je suis tout ouie :) 

Si vous avez besoin d'un rapport Hijackthis je le posterais.

Merci de votre temps et de votre aide.

bonne soirée.

Autres pages sur : processus mysterieux

a c 295 8 Sécurité
21 Novembre 2009 21:27:22

Bonjour,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    22 Novembre 2009 20:23:52

    Merci de ton aide.

    Voici le Log.txt:








    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Saim at 2009-11-22 20:22:52
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 10 GB (3%) free of 382 GB
    Total RAM: 2046 MB (66% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:22:52 PM, on 11/22/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\UltraMon\UltraMon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\WINDOWS\AdobeR.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\documents and settings\saim\local settings\application data\dmfmblbs.exe
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Plantronics\PerSonoCall\PerSonoCall.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Saim\Mes documents\Téléchargements\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Saim.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [dmfmblbs] "c:\documents and settings\saim\local settings\application data\dmfmblbs.exe" dmfmblbs
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-1757981266-879983540-1801674531-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'postgres')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Dragon Age: Origins - Application de mise à jour (DAUpdaterSvc) - BioWare - c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

    --
    End of file - 8487 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
    FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
    SearchSettings Class - C:\Program Files\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
    FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-03-24 352256]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
    "nwiz"=nwiz.exe /install []
    "UltraMon"=C:\Program Files\UltraMon\UltraMon.exe [2006-10-12 304640]
    "WinampAgent"=C:\Program Files\Winamp\winampa.exe []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
    "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-10-14 185872]
    "AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
    "CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
    "CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]
    "AdobeCS4ServiceManager"=C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
    "RavAV"=C:\WINDOWS\AdobeR.exe [2009-08-17 3514318]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
    "Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
    "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
    "dmfmblbs"=c:\documents and settings\saim\local settings\application data\dmfmblbs.exe [2009-11-19 377856]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
    []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
    C:\Program Files\DNA\btdna.exe [2008-12-15 342848]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdoosoft]
    C:\WINDOWS\system32\olhrwef.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
    C:\Program Files\GameSpy\Comrade\Comrade.exe [2007-06-29 36864]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmfmblbs]
    c:\documents and settings\saim\local settings\application data\dmfmblbs.exe [2009-11-19 377856]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
    C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-22 2772992]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
    C:\program files\ncsoft\launcher\NCLauncher.exe [2009-10-16 38184]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
    C:\Jeux\GTA4\Rockstar Games Social Club\RGSCLauncher.exe [2008-12-14 306088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
    C:\Program Files\Search Settings\SearchSettings.exe [2008-06-12 991584]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 360448]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    C:\Program Files\Steam\Steam.exe [2009-11-21 1217808]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-10-14 185872]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"
    "C:\Jeux\SupCom Fa\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe"="C:\Jeux\SupCom Fa\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance"
    "C:\Jeux\SupCom Fa\GPGNet\GPG.Multiplayer.Client.exe"="C:\Jeux\SupCom Fa\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:D NA"
    "C:\BitTorrent\bittorrent.exe"="C:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\eMule\emule.exe"="C:\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe"="C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
    "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
    "C:\Jeux\TmNationsForever\TmForever.exe"="C:\Jeux\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
    "C:\Program Files\Steam\steamapps\bezouilard\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\bezouilard\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
    "C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1"
    "C:\eMule1\emule.exe"="C:\eMule1\emule.exe:*:Enabled:eMule"
    "C:\Program Files\World of Warcraft\WoW-1.12.0-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\Documents and Settings\Saim\Bureau\WoW-BurningCrusade-enGB-Installer-downloader.exe"="C:\Documents and Settings\Saim\Bureau\WoW-BurningCrusade-enGB-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\Program Files\World of Warcraft\Repair.exe"="C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
    "C:\Documents and Settings\Saim\Bureau\WoW-BurningCrusade-enGB-Installer-downloader(2).exe"="C:\Documents and Settings\Saim\Bureau\WoW-BurningCrusade-enGB-Installer-downloader(2).exe:*:Enabled:Blizzard Downloader"
    "C:\Documents and Settings\Saim\Bureau\WoW-BurningCrusade-frFR-Installer-downloader.exe"="C:\Documents and Settings\Saim\Bureau\WoW-BurningCrusade-frFR-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
    "C:\Documents and Settings\Saim\Bureau\Diablo3-cinematictrailer_fr-FR-downloader.exe"="C:\Documents and Settings\Saim\Bureau\Diablo3-cinematictrailer_fr-FR-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:p nkBstrA"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:p nkBstrB"
    "C:\Program Files\Electronic Arts\Crytek\Crysis Wars\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis Wars\Bin32\Crysis.exe:*:Enabled:Crysis"
    "C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe"="C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe:*:Enabled:D ead Space ™"
    "C:\Program Files\Electronic Arts\Alerte Rouge 3\Data\ra3_1.3.game"="C:\Program Files\Electronic Arts\Alerte Rouge 3\Data\ra3_1.3.game:*:Enabled:Command & Conquer™ Red Alert™ 3"
    "C:\Program Files\Electronic Arts\Alerte Rouge 3\Data\ra3_1.4.game"="C:\Program Files\Electronic Arts\Alerte Rouge 3\Data\ra3_1.4.game:*:Enabled:Command & Conquer™ Red Alert™ 3"
    "C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
    "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
    "C:\Jeux\GTA4\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Jeux\GTA4\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\NCsoft\Exteel (US)\System\Exteel.exe"="C:\Program Files\NCsoft\Exteel (US)\System\Exteel.exe:*:Enabled:Exteel"
    "C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\French\setup.exe"="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\French\setup.exe:*:Enabled:p rogramme d'installation de Kaspersky Anti-Virus 7.0"
    "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
    "C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe"="C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe:*:Enabled:D OW2"
    "C:\Program Files\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe"="C:\Program Files\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe:*:Enabled:o ddworld: Abe's Exoddus"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe"="C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo"
    "C:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe"="C:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:p lants Vs Zombies"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Program Files\Steam\steamapps\common\freedom force\fforce.exe"="C:\Program Files\Steam\steamapps\common\freedom force\fforce.exe:*:Enabled:Freedom Force"
    "C:\Program Files\Activision\X-Men Origins - Wolverine(TM)\Binaries\Wolverine.exe"="C:\Program Files\Activision\X-Men Origins - Wolverine(TM)\Binaries\Wolverine.exe:*:Enabled:X-Men Origins - Wolverine"
    "C:\Program Files\Steam\steamapps\common\eve online\bin\ExeFile.exe"="C:\Program Files\Steam\steamapps\common\eve online\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
    "C:\Program Files\Steam\steamapps\common\defcon\defcon.exe"="C:\Program Files\Steam\steamapps\common\defcon\defcon.exe:*:Enabled:D efcon"
    "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
    "C:\Program Files\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe"="C:\Program Files\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe:*:Enabled:o ddworld: Abe's Oddysee"
    "C:\Program Files\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe"="C:\Program Files\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe:*:Enabled:D ragon Age Origins Application de mise à jour"
    "C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
    "C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe"="C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor"
    "C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"
    "C:\Program Files\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe"="C:\Program Files\Steam\steamapps\common\borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands"
    "C:\Program Files\Steam\steamapps\common\sacrifice\Sacrifice.exe"="C:\Program Files\Steam\steamapps\common\sacrifice\Sacrifice.exe:*:Enabled:Sacrifice"
    "C:\Program Files\Steam\steamapps\common\dragon age origins\bin_ship\DAOrigins.exe"="C:\Program Files\Steam\steamapps\common\dragon age origins\bin_ship\DAOrigins.exe:*:Enabled:D ragon Age: Origins"
    "C:\Program Files\Steam\steamapps\common\dragon age origins\DAOriginsLauncher.exe"="C:\Program Files\Steam\steamapps\common\dragon age origins\DAOriginsLauncher.exe:*:Enabled:D ragon Age: Origins"
    "C:\Program Files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe"="C:\Program Files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:Bioshock"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\NCsoft\Exteel (US)\System\Exteel.exe"="C:\Program Files\NCsoft\Exteel (US)\System\Exteel.exe:*:Enabled:Exteel"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11b8305b-1abe-11dd-bebb-001d7d9e18f6}]
    shell\AutoRun\command - E:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28223492-5349-11dd-bf01-001d7d9e18f6}]
    shell\Auto\command - AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f72e23a-827e-11dd-bf43-001d7d9e18f6}]
    shell\AutoRun\command - F:\w.com
    shell\open\command - F:\w.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2e4de8a-5439-11de-806f-001d7d9e18f6}]
    shell\Auto\command - F:\AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e


    ======List of files/folders created in the last 1 months======

    2009-11-22 20:22:29 ----D---- C:\rsit
    2009-11-17 16:22:07 ----SHD---- C:\Config.Msi
    2009-11-07 10:47:07 ----D---- C:\Documents and Settings\All Users\Application Data\BioWare

    ======List of files/folders modified in the last 1 months======

    2009-11-22 20:22:40 ----D---- C:\WINDOWS\Prefetch
    2009-11-22 20:20:52 ----D---- C:\Program Files\Mozilla Firefox
    2009-11-22 20:05:41 ----D---- C:\Program Files\Steam
    2009-11-22 19:04:35 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-11-22 19:04:25 ----D---- C:\WINDOWS\system32
    2009-11-22 12:11:22 ----D---- C:\WINDOWS\Temp
    2009-11-22 08:32:31 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-11-21 18:03:24 ----RASH---- C:\boot.ini
    2009-11-21 18:03:24 ----A---- C:\WINDOWS\win.ini
    2009-11-21 18:03:24 ----A---- C:\WINDOWS\system.ini
    2009-11-17 20:38:03 ----SHD---- C:\WINDOWS\Installer
    2009-11-17 20:38:01 ----D---- C:\WINDOWS\WinSxS
    2009-11-17 10:42:40 ----D---- C:\WINDOWS
    2009-11-16 17:05:44 ----D---- C:\WINDOWS\system32\DirectX
    2009-11-16 17:05:39 ----HD---- C:\WINDOWS\inf
    2009-11-16 17:05:18 ----RSD---- C:\WINDOWS\assembly
    2009-11-16 15:00:21 ----D---- C:\Program Files\Electronic Arts
    2009-11-07 10:46:37 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2009-11-07 10:46:09 ----D---- C:\Program Files\AGEIA Technologies
    2009-11-06 22:37:56 ----D---- C:\Program Files\FlashGet
    2009-11-06 22:27:50 ----RD---- C:\Program Files
    2009-11-06 22:27:45 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-11-06 22:18:12 ----D---- C:\Downloads
    2009-11-04 15:13:49 ----HD---- C:\Documents and Settings\Saim\Application Data\Bioshock
    2009-10-25 21:55:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 40576]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14720]
    R2 UltraMonUtility;UltraMon Utility Driver; \??\C:\Program Files\Fichiers communs\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys []
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-07 12288]
    R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2007-08-07 98944]
    R3 UltraMonMirror;UltraMonMirror; C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
    S3 ayyyp46i;ayyyp46i; C:\WINDOWS\system32\drivers\ayyyp46i.sys []
    S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
    S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
    S3 s3017bus;Sony Ericsson Device 3017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
    S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
    S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
    S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
    S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS); C:\WINDOWS\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
    S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
    S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM); C:\WINDOWS\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
    S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-01-04 587096]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
    R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-18 75064]
    R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-07-23 189488]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour; c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [2009-11-07 25832]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-12 655624]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
    S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-08-30 3407412]
    S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

    -----------------EOF-----------------
































    Et voici le Info.txt




    info.txt logfile of random's system information tool 1.06 2009-11-22 20:22:34

    ======Uninstall list======

    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    AbiWord 2.6.8-->C:\Program Files\AbiSuite2\UninstallAbiWord2.exe
    Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}
    Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
    Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
    Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
    Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
    Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
    Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
    Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
    Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
    Adobe Creative Suite 4 Master Collection-->C:\Program Files\Fichiers communs\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02\Setup.exe --uninstall=1
    Adobe Creative Suite 4 Master Collection-->MsiExec.exe /I{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}
    Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
    Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
    Adobe Encore CS4 Codecs-->MsiExec.exe /I{FB2A5FCC-B81B-48C2-A009-7804694D83E9}
    Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
    Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
    Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
    Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}
    Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
    Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
    Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
    Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
    Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
    Adobe Premiere Pro CS4 Third Party Content-->MsiExec.exe /I{C938BE91-3BB5-4B84-9EF6-88F0505D0038}
    Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
    Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
    Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
    Adobe Setup-->MsiExec.exe /I{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}
    Adobe Soundbooth CS4 Codecs-->MsiExec.exe /I{52232EF4-CC12-4C21-ABCF-ADB79618302D}
    Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
    Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
    Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
    AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
    AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
    Aion - Collector's Edition-->"C:\Program Files\Steam\steam.exe" steam://uninstall/29670
    AnyCallPoker-->"C:\Poker\AnyCallPoker\_SetupPoker_7996_EN.exe" /uninstall
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    Battlefield Heroes-->"C:\Program Files\EA Games\Battlefield Heroes\uninstaller.exe" "C:\Program Files\EA Games\Battlefield Heroes\Uninstall.xml"
    Bioshock-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7670
    Borderlands-->"C:\Program Files\Steam\steam.exe" steam://uninstall/8980
    Braid-->"C:\Program Files\Steam\steam.exe" steam://uninstall/26800
    Canon MP Navigator EX 2.0-->"C:\Program Files\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 2.0\uninst.ini
    Canon MP630 series MP Drivers-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series /L0x000c
    Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
    Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
    Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
    CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Command & Conquer™ Alerte Rouge 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
    Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
    Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
    Dead Space™-->MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
    Defcon Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/1522
    DirectVobSub (remove only)-->"C:\Program Files\DirectVobSub\uninstall.exe"
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Dragon Age: Origins-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17450
    EA Download Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1036
    eMule-->"C:\eMule1\Uninstall.exe"
    Favorit-->"c:\documents and settings\saim\local settings\application data\dmfmblbs.exe" -uninstall
    FlashGet 1.9.6.1073-->C:\Program Files\FlashGet\uninst.exe
    Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
    Freedom Force-->"C:\Program Files\Steam\steam.exe" steam://uninstall/8880
    GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Holdem Manager-->MsiExec.exe /I{42DE940E-8037-4266-9FBF-5A3AEDA39E96}
    Homeworld2-->C:\Jeux\Homeworld2\uninstall.exe
    HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
    InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    K-Lite Codec Pack 3.8.3 Full BETA-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
    Left 4 Dead 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/550
    Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
    Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
    Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
    Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
    Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
    Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
    Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
    Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
    NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
    NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
    Oddworld: Abe's Exoddus-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15710
    Oddworld: Abe's Oddysee-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15700
    OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
    PerSonoCall Consumer Edition-->MsiExec.exe /I{A5B549D3-953F-4101-A1B9-A1465069B996}
    Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
    Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
    Plants Vs Zombies-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3590
    PlayNC Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
    Poker Cardoza-->"C:\Poker\Poker Cardoza\_SetupPoker(3).exe" /uninstall
    Poker Tracker Version 2.17.02-->"C:\Program Files\Poker Tracker V888\unins000.exe"
    PokerAce Hud (remove only)-->"C:\Program Files\PokerAce Hud\uninstall.exe"
    PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:p okerStars
    PokerStove version 1.21-->"C:\Program Files\PokerStove\unins000.exe"
    Portal-->"C:\Program Files\Steam\steam.exe" steam://uninstall/400
    PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}
    PropagandaPoker-->"C:\Poker\PropagandaPoker\_SetupPoker(5).exe" /uninstall
    Protected Music Converter 1.0.0.19-->"C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
    PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
    Puzzle Quest-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12500
    Quake Live Mozilla Plugin-->MsiExec.exe /I{F5C521B6-1AF2-432C-A061-E79E2141A32F}
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x040c -removeonly
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x40c -removeonly
    Richard Garriott's Tabula Rasa-->C:\Program Files\InstallShield Installation Information\{D27B8331-5815-4F9E-AADB-28A0B188570D}\Setup.exe -runfromtemp -l0x0009 -removeonly
    Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Sacrifice-->"C:\Program Files\Steam\steam.exe" steam://uninstall/38440
    Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
    Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    Sony Ericsson Media Manager 1.1-->MsiExec.exe /X{0096A731-71DB-4969-AF1A-651698B246A5}
    Sony Ericsson PC Suite 3.209.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x040c -removeonly
    SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0009 -removeonly
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
    TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
    Titan Poker-->"C:\Poker\Titan Poker\_SetupPoker(4).exe" /uninstall
    TmNationsForever-->"C:\Jeux\TmNationsForever\unins000.exe"
    Traitement de texte Atlantis-->"C:\Program Files\Atlantis\Atlantis.exe" -ui
    Tunatic-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Tunatic
    UltraMon-->MsiExec.exe /I{E67FF1A2-23C1-4102-84E9-42115F77AD32}
    Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
    VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
    VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
    Victor Chandler-->"C:\Poker\Victor Chandler\_SetupCasino.exe_1d7.exe" /uninstall
    Warhammer 40,000: Dawn of War II-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15620
    Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
    Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    World of Goo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/22000
    World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
    X-Men Origins - Wolverine(TM)-->C:\Program Files\InstallShield Installation Information\{7F0B94C6-828C-4EDE-A86B-ECF4D792B68D}\setup.exe -runfromtemp -l0x0409
    XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

    =====HijackThis Backups=====

    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe [2009-05-25]
    O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe [2009-05-25]
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe [2009-05-25]
    O20 - Winlogon Notify: rw330ext32 - rw330ext32.dll (file missing) [2009-05-25]
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe [2009-05-25]

    ======Hosts File======

    127.0.0.1 adobeereg.com

    ======System event log======

    Computer Name: AQUABLUE
    Event Code: 26
    Message: Application popup : aion.bin - Erreur d'application : L'instruction à "0x1001a40c" emploie l'adresse mémoire "0x7e3d61b3". La mémoire ne peut pas être "written".

    Cliquez sur OK pour terminer le programme.

    Record Number: 3745
    Source Name: Application Popup
    Time Written: 20090913115412.000000+120
    Event Type: Informations
    User:

    Computer Name: AQUABLUE
    Event Code: 26
    Message: Application popup : GameGuard.des - Erreur d'application : L'instruction à "0x1001a40c" emploie l'adresse mémoire "0x7e3d61b3". La mémoire ne peut pas être "written".

    Cliquez sur OK pour terminer le programme.

    Record Number: 3744
    Source Name: Application Popup
    Time Written: 20090913091023.000000+120
    Event Type: Informations
    User:

    Computer Name: AQUABLUE
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service NPPTNT2.

    Record Number: 3743
    Source Name: Service Control Manager
    Time Written: 20090913091023.000000+120
    Event Type: Informations
    User: AQUABLUE\Saim

    Computer Name: AQUABLUE
    Event Code: 7036
    Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.

    Record Number: 3742
    Source Name: Service Control Manager
    Time Written: 20090913085740.000000+120
    Event Type: Informations
    User:

    Computer Name: AQUABLUE
    Event Code: 7036
    Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

    Record Number: 3741
    Source Name: Service Control Manager
    Time Written: 20090913085734.000000+120
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: AQUABLUE
    Event Code: 101
    Message: MsnMsgr (2316) Le moteur de base de données est arrêté.

    Record Number: 9992
    Source Name: ESENT
    Time Written: 20090323132736.000000+060
    Event Type: Informations
    User:

    Computer Name: AQUABLUE
    Event Code: 103
    Message: MsnMsgr (2316) \\.\C:\Documents and Settings\Saim\Local Settings\Application Data\Microsoft\Messenger\dawah@hotmail.fr\SharingMetadata\Working\database_3E08_34D1_834_89C3\dfsr.db: Le moteur de base de données a arrêté une instance (0).

    Record Number: 9991
    Source Name: ESENT
    Time Written: 20090323132736.000000+060
    Event Type: Informations
    User:

    Computer Name: AQUABLUE
    Event Code: 102
    Message: MsnMsgr (2316) \\.\C:\Documents and Settings\Saim\Local Settings\Application Data\Microsoft\Messenger\dawah@hotmail.fr\SharingMetadata\Working\database_3E08_34D1_834_89C3\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

    Record Number: 9990
    Source Name: ESENT
    Time Written: 20090323131512.000000+060
    Event Type: Informations
    User:

    Computer Name: AQUABLUE
    Event Code: 100
    Message: MsnMsgr (2316) Le moteur de base de données 5.01.2600.5512 est démarré.

    Record Number: 9989
    Source Name: ESENT
    Time Written: 20090323131512.000000+060
    Event Type: Informations
    User:

    Computer Name: AQUABLUE
    Event Code: 101
    Message: MsnMsgr (2316) Le moteur de base de données est arrêté.

    Record Number: 9988
    Source Name: ESENT
    Time Written: 20090323131331.000000+060
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Fichiers communs\DivX Shared\
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
    "PROCESSOR_REVISION"=0f0d
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "FP_NO_HOST_CHECK"=NO
    "RGSCLauncher"=C:\Jeux\GTA4\Rockstar Games Social Club
    "RGSC"=C:\Jeux\GTA4\Rockstar Games Social Club\1_0_0_0
    "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
    "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

    -----------------EOF-----------------



    Et encore merci du coup de main :) 

    Contenus similaires
    a c 295 8 Sécurité
    22 Novembre 2009 21:12:55

  • Désinstalle Search Settings.

  • Télécharge UsbFix (de Chiquitine29 & C_XX) sur ton Bureau.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur UsbFix pour l'exécuter.
  • Choisis l'option 1 (Recherche).
  • Laisse travailler l'outil.
  • Poste le rapport UsbFix.txt.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Kaspersky, etc.) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    23 Novembre 2009 22:23:30

    Et voila le rapport:




    ############################## | UsbFix V6.056 |

    User : Saim (Administrateurs) # AQUABLUE
    Update on 23/11/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 22:15:35 | 23/11/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 6.0.2900.5512
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local # 372,6 Go (9,68 Go free) # NTFS
    D:\ -> Disque CD-ROM # 618,06 Mo (0 Mo free) [0305302355] # CDFS
    E:\ -> Disque CD-ROM
    F:\ -> Disque amovible # 7,5 Go (6,99 Go free) # FAT32

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe 644
    C:\WINDOWS\system32\csrss.exe 700
    C:\WINDOWS\system32\winlogon.exe 724
    C:\WINDOWS\system32\services.exe 768
    C:\WINDOWS\system32\lsass.exe 780
    C:\WINDOWS\system32\svchost.exe 956
    C:\WINDOWS\system32\svchost.exe 1024
    C:\WINDOWS\System32\svchost.exe 1120
    C:\WINDOWS\system32\svchost.exe 1160
    C:\WINDOWS\System32\svchost.exe 1208
    C:\WINDOWS\System32\svchost.exe 1356
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe 1400
    C:\WINDOWS\system32\spoolsv.exe 1560
    C:\WINDOWS\Explorer.EXE 1792
    C:\WINDOWS\RTHDCPL.EXE 1920
    C:\Program Files\UltraMon\UltraMon.exe 1964
    C:\WINDOWS\system32\RUNDLL32.EXE 1972
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 1980
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe 2016
    C:\WINDOWS\AdobeR.exe 2036
    C:\Program Files\DAEMON Tools Lite\daemon.exe 172
    C:\documents and settings\saim\local settings\application data\dmfmblbs.exe 192
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 692
    C:\WINDOWS\system32\nvsvc32.exe 964
    C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe 1276
    C:\WINDOWS\system32\PnkBstrA.exe 1336
    C:\WINDOWS\system32\PnkBstrB.exe 1368
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe 1448
    C:\WINDOWS\System32\svchost.exe 1728
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe 2124
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe 2188
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe 2196
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe 2204
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe 2212
    C:\WINDOWS\System32\alg.exe 2584
    C:\Program Files\UltraMon\UltraMonTaskbar.exe 2948
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2328
    C:\Program Files\Windows Live\Contacts\wlcomm.exe 3208
    C:\Program Files\Mozilla Firefox\firefox.exe 3104
    C:\WINDOWS\System32\wbem\wmiprvse.exe 3776

    ################## | Fichiers # Dossiers infectieux |

    C:\Documents and Settings\Saim\RavMonLog
    C:\WINDOWS\AdobeR.exe
    C:\DOCUME~1\Saim\LOCALS~1\Temp\ptu33_tmp.exe
    C:\DOCUME~1\Saim\LOCALS~1\Temp\ptu38_tmp.exe
    C:\DOCUME~1\Saim\LOCALS~1\Temp\utt66.tmp.exe
    C:\autorun.inf
    C:\autorun.inf -> fichier appelé : "C:\n68mqcra.exe" ( Absent ! )
    F:\autorun.inf
    F:\adober.exe

    ################## | Registre # Clés infectieuses |

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "RavAV"
    [HKLM\SOFTWARE\Classes\CLSID\MADOWN]
    [HKCR\CLSID\MADOWN]
    [HKLM\software\microsoft\shared tools\msconfig\startupreg\cdoosoft]
    [HKLM\SYSTEM\CurrentControlSet\Services\AVPsys]
    [HKLM\SYSTEM\ControlSet001\Services\AVPsys]
    [HKLM\SYSTEM\ControlSet002\Services\AVPsys]

    ################## | Registre # Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\{11b8305b-1abe-11dd-bebb-001d7d9e18f6}
    Shell\AutoRun\command =E:\LaunchU3.exe

    HKCU\..\..\Explorer\MountPoints2\{28223492-5349-11dd-bf01-001d7d9e18f6}
    Shell\Auto\command =AdobeR.exe e
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    HKCU\..\..\Explorer\MountPoints2\{2f72e23a-827e-11dd-bf43-001d7d9e18f6}
    Shell\AutoRun\command =F:\w.com
    Shell\open\Command =F:\w.com

    HKCU\..\..\Explorer\MountPoints2\{b2e4de8a-5439-11de-806f-001d7d9e18f6}
    Shell\Auto\command =F:\AdobeR.exe e
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    ################## | Cracks / Keygens / Serials |

    "C:\Documents and Settings\Saim\Mes documents\Downloads\Poker.Tracker.Hold.em.v2.13.01a.Incl.Keygen-CROSSFiRE\FullTiltSetup.exe"
    03/16/2008 06:14 PM |Size 9433557 |Crc32 70778593 |Md5 d132a6653ecc8bfb69d0d61990088436

    "C:\Documents and Settings\Saim\Mes documents\Downloads\Poker.Tracker.Hold.em.v2.13.01a.Incl.Keygen-CROSSFiRE\ubsetup.exe"
    03/16/2008 06:14 PM |Size 7660520 |Crc32 6e94dce0 |Md5 7212858f41aea6d48d65962cd11d9d14


    ################## | ! Fin du rapport # UsbFix V6.056 ! |

    a c 295 8 Sécurité
    23 Novembre 2009 22:25:30

  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur UsbFix présent sur ton Bureau pour le lancer.
  • Choisis l'option 2 (Suppression).
  • Ton Bureau disparaîtra et le PC redémarrera.
  • Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.
  • Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
    24 Novembre 2009 02:47:47

    Et voici:



    ############################## | UsbFix V6.056 |

    User : Saim (Administrateurs) # AQUABLUE
    Update on 23/11/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 02:33:50 | 24/11/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 6.0.2900.5512
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local # 372,6 Go (9,68 Go free) # NTFS
    D:\ -> Disque CD-ROM # 618,06 Mo (0 Mo free) [0305302355] # CDFS
    E:\ -> Disque CD-ROM

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe 644
    C:\WINDOWS\system32\csrss.exe 700
    C:\WINDOWS\system32\winlogon.exe 724
    C:\WINDOWS\system32\services.exe 768
    C:\WINDOWS\system32\lsass.exe 780
    C:\WINDOWS\system32\svchost.exe 956
    C:\WINDOWS\system32\svchost.exe 1024
    C:\WINDOWS\System32\svchost.exe 1120
    C:\WINDOWS\system32\svchost.exe 1160
    C:\WINDOWS\System32\svchost.exe 1208
    C:\WINDOWS\System32\svchost.exe 1356
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe 1400
    C:\WINDOWS\system32\logonui.exe 1424
    C:\WINDOWS\system32\spoolsv.exe 1580
    C:\WINDOWS\system32\userinit.exe 1780
    C:\WINDOWS\Explorer.EXE 1796
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2000
    C:\WINDOWS\system32\nvsvc32.exe 184
    C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe 356
    C:\WINDOWS\system32\PnkBstrA.exe 460
    C:\WINDOWS\system32\PnkBstrB.exe 488
    C:\WINDOWS\System32\svchost.exe 592
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe 696
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe 1256
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe 1292
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe 1312
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe 1332
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe 1340
    C:\WINDOWS\System32\alg.exe 1764
    C:\WINDOWS\System32\wbem\wmiprvse.exe 1788

    ################## | Fichiers # Dossiers infectieux |

    Supprimé ! C:\Documents and Settings\Saim\RavMonLog
    Supprimé ! C:\WINDOWS\AdobeR.exe
    Supprimé ! C:\DOCUME~1\Saim\LOCALS~1\Temp\ptu33_tmp.exe
    Supprimé ! C:\DOCUME~1\Saim\LOCALS~1\Temp\ptu38_tmp.exe
    Supprimé ! C:\DOCUME~1\Saim\LOCALS~1\Temp\utt66.tmp.exe
    C:\autorun.inf -> fichier appelé : "C:\n68mqcra.exe" ( Absent ! )
    Supprimé ! C:\autorun.inf

    ################## | Registre # Clés infectieuses |

    Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "RavAV"
    Supprimé ! [HKLM\SOFTWARE\Classes\CLSID\MADOWN]
    Supprimé ! [HKLM\software\microsoft\shared tools\msconfig\startupreg\cdoosoft]
    Supprimé ! [HKLM\SYSTEM\CurrentControlSet\Services\AVPsys]
    Supprimé ! [HKLM\SYSTEM\ControlSet002\Services\AVPsys]

    ################## | Registre # Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\{11b8305b-1abe-11dd-bebb-001d7d9e18f6}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{28223492-5349-11dd-bf01-001d7d9e18f6}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{2f72e23a-827e-11dd-bf43-001d7d9e18f6}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{b2e4de8a-5439-11de-806f-001d7d9e18f6}\Shell\Auto\Command

    ################## | Listing des fichiers présent |

    [07/15/2008 01:51 PM|---hs----|2421] C:\AlbumArtSmall.jpg
    [07/15/2008 01:51 PM|---hs----|10272] C:\AlbumArt_{00000000-0000-0000-0000-000000000000}_Large.jpg
    [07/15/2008 01:51 PM|---hs----|2421] C:\AlbumArt_{00000000-0000-0000-0000-000000000000}_Small.jpg
    [03/03/2008 08:49 PM|--a------|0] C:\AUTOEXEC.BAT
    [11/21/2009 06:03 PM|-rahs----|212] C:\boot.ini
    [09/07/2002 01:00 AM|-rahs----|4952] C:\Bootfont.bin
    [03/03/2008 08:49 PM|--a------|0] C:\CONFIG.SYS
    [07/15/2008 01:51 PM|---hs----|335] C:\desktop.ini
    [10/13/2006 10:38 AM|--a------|12054] C:\eula.txt
    [07/15/2008 01:51 PM|---hs----|10272] C:\Folder.jpg
    [03/03/2008 08:49 PM|-rahs----|0] C:\IO.SYS
    [03/03/2008 08:49 PM|-rahs----|0] C:\MSDOS.SYS
    [03/04/2008 04:05 PM|-rahs----|47564] C:\NTDETECT.COM
    [12/06/2008 02:37 AM|-rahs----|252240] C:\ntldr
    [02/29/2004 04:44 PM|--a------|52576] C:\orange.bmp
    [?|?|?] C:\pagefile.sys
    [11/24/2009 02:42 AM|--a------|4236] C:\UsbFix.txt
    [04/21/2003 07:23 PM|-r-------|132657] D:\gratuit‚, kan tu nous tien....WMV
    [05/21/2003 08:46 AM|-r-------|647889956] D:\joyeux luron I.mpg

    ################## | Vaccination |

    # C:\autorun.inf -> Dossier créé par UsbFix.

    ################## | Suspect | http://www.virustotal.com |


    ################## | Cracks / Keygens / Serials |

    "C:\Documents and Settings\Saim\Mes documents\Downloads\Poker.Tracker.Hold.em.v2.13.01a.Incl.Keygen-CROSSFiRE\FullTiltSetup.exe"
    03/16/2008 06:14 PM |Size 9433557 |Crc32 70778593 |Md5 d132a6653ecc8bfb69d0d61990088436

    "C:\Documents and Settings\Saim\Mes documents\Downloads\Poker.Tracker.Hold.em.v2.13.01a.Incl.Keygen-CROSSFiRE\ubsetup.exe"
    03/16/2008 06:14 PM |Size 7660520 |Crc32 6e94dce0 |Md5 7212858f41aea6d48d65962cd11d9d14

    a c 295 8 Sécurité
    24 Novembre 2009 02:50:45

  • Relance UsbFix et choisis l'option 5 pour le désinstaller.

  • Télécharge Navilog1 (de IL-MAFIOSO) sur ton Bureau.
  • Double-clique sur Navilog1.exe pour le lancer.
    (Sous Vista, clique droit sur Navilog1 et choisis Exécuter en tant qu'administrateur)
  • Appuie sur 1 puis valide avec Entrée pour choisir Français.
  • Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options.
  • Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix.
  • Patiente le temps du scan. Il te sera peut-être demandé de redémarrer ton PC.
  • Patiente jusqu'au message : *** Scan terminé le ..... ***
  • Le scan fini, le Bloc-notes contenant le rapport sera affiché, poste le rapport dans ta prochaine réponse.
  • Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\cleannavi.txt
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS