Votre question

Probleme avec olhrwef.exe (trojan)

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
25 Mai 2009 23:30:31

Bonjour à vous :) 

Je pense avoir choppé un virus bien chiant.. L'exe olhrwef.exe apparait dans l'onglet démarrage de msconfig. Il est situé dans le repertoire system32 mais il n'apparait pas dans l'explorer, et il n'est pas caché. J'ai installé avhast mais il ne détecte rien. Le seul symptome que j'ai détecté est l'apparition d'un message d'erreur des que je lance msn disant que windows live communications platform doit fermer, ce qui entraine la déconnection d'msn.

J'ai essayé de fix le process avec hijackthis mais il est toujours là.

Quelqu'un a t'il déjà rencontré ce truc infame? :) 

Autres pages sur : probleme olhrwef exe trojan

a c 295 8 Sécurité
26 Mai 2009 00:11:13

Bonjour,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    m
    0
    l
    26 Mai 2009 00:25:22

    Log.txt







    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Saim at 2009-05-26 00:23:46
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 11 GB (3%) free of 382 GB
    Total RAM: 2046 MB (45% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:23:54 AM, on 05/26/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\UltraMon\UltraMon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    c:\program files\steam\steamapps\fennec\portal\hl2.exe
    C:\Program Files\Steam\GameOverlayUI.exe
    C:\Documents and Settings\Saim\Bureau\RSIT.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\Saim.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-1757981266-879983540-1801674531-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'postgres')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 8605 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
    FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
    SearchSettings Class - C:\Program Files\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
    FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-03-24 352256]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
    "nwiz"=nwiz.exe /install []
    "UltraMon"=C:\Program Files\UltraMon\UltraMon.exe [2006-10-12 304640]
    "WinampAgent"=C:\Program Files\Winamp\winampa.exe []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
    "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-10-14 185872]
    "AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
    "MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 172544]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
    "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
    C:\Program Files\DNA\btdna.exe [2008-12-16 342848]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdoosoft]
    C:\WINDOWS\system32\olhrwef.exe [2009-05-25 106104]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
    C:\Program Files\GameSpy\Comrade\Comrade.exe [2007-06-29 36864]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
    C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-22 2772992]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
    C:\program files\ncsoft\launcher\NCLauncher.exe [2008-12-14 38128]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
    C:\Jeux\GTA4\Rockstar Games Social Club\RGSCLauncher.exe [2008-12-14 306088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
    C:\Program Files\Search Settings\SearchSettings.exe [2008-06-12 991584]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 360448]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    C:\Program Files\Steam\Steam.exe [2009-05-19 1217784]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-10-14 185872]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"
    "C:\Jeux\SupCom Fa\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe"="C:\Jeux\SupCom Fa\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance"
    "C:\Jeux\SupCom Fa\GPGNet\GPG.Multiplayer.Client.exe"="C:\Jeux\SupCom Fa\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:D NA"
    "C:\BitTorrent\bittorrent.exe"="C:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\eMule\emule.exe"="C:\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe"="C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
    "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
    "C:\Jeux\TmNationsForever\TmForever.exe"="C:\Jeux\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
    "C:\Program Files\Steam\steamapps\bezouilard\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\bezouilard\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
    "C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1"
    "C:\eMule1\emule.exe"="C:\eMule1\emule.exe:*:Enabled:eMule"
    "C:\Program Files\World of Warcraft\WoW-1.12.0-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\Documents and Settings\Saim\Bureau\WoW-BurningCrusade-enGB-Installer-downloader.exe"="C:\Documents and Settings\Saim\Bureau\WoW-BurningCrusade-enGB-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\Program Files\World of Warcraft\Repair.exe"="C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
    "C:\Documents and Settings\Saim\Bureau\WoW-BurningCrusade-enGB-Installer-downloader(2).exe"="C:\Documents and Settings\Saim\Bureau\WoW-BurningCrusade-enGB-Installer-downloader(2).exe:*:Enabled:Blizzard Downloader"
    "C:\Documents and Settings\Saim\Bureau\WoW-BurningCrusade-frFR-Installer-downloader.exe"="C:\Documents and Settings\Saim\Bureau\WoW-BurningCrusade-frFR-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
    "C:\Documents and Settings\Saim\Bureau\Diablo3-cinematictrailer_fr-FR-downloader.exe"="C:\Documents and Settings\Saim\Bureau\Diablo3-cinematictrailer_fr-FR-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:p nkBstrA"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:p nkBstrB"
    "C:\Program Files\Electronic Arts\Crytek\Crysis Wars\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis Wars\Bin32\Crysis.exe:*:Enabled:Crysis"
    "C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe"="C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe:*:Enabled:D ead Space ™"
    "C:\Program Files\Electronic Arts\Alerte Rouge 3\Data\ra3_1.3.game"="C:\Program Files\Electronic Arts\Alerte Rouge 3\Data\ra3_1.3.game:*:Enabled:Command & Conquer™ Red Alert™ 3"
    "C:\Program Files\Electronic Arts\Alerte Rouge 3\Data\ra3_1.4.game"="C:\Program Files\Electronic Arts\Alerte Rouge 3\Data\ra3_1.4.game:*:Enabled:Command & Conquer™ Red Alert™ 3"
    "C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
    "C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:left4dead"
    "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
    "C:\Jeux\GTA4\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Jeux\GTA4\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
    "C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
    "C:\Program Files\NCsoft\Exteel (US)\System\Exteel.exe"="C:\Program Files\NCsoft\Exteel (US)\System\Exteel.exe:*:Enabled:Exteel"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\French\setup.exe"="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\French\setup.exe:*:Enabled:p rogramme d'installation de Kaspersky Anti-Virus 7.0"
    "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
    "C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe"="C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe:*:Enabled:D OW2"
    "C:\Program Files\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe"="C:\Program Files\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe:*:Enabled:o ddworld: Abe's Exoddus"
    "C:\Program Files\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe"="C:\Program Files\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe:*:Enabled:o ddworld: Abe's Oddysee"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Steam\steamapps\common\peggle deluxe\Peggle.exe"="C:\Program Files\Steam\steamapps\common\peggle deluxe\Peggle.exe:*:Enabled:p eggle Deluxe"
    "C:\Program Files\Steam\steamapps\common\peggle nights\PeggleNights.exe"="C:\Program Files\Steam\steamapps\common\peggle nights\PeggleNights.exe:*:Enabled:p eggle Nights"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe"="C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo"
    "C:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe"="C:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:p lants Vs Zombies"
    "C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe"="C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\NCsoft\Exteel (US)\System\Exteel.exe"="C:\Program Files\NCsoft\Exteel (US)\System\Exteel.exe:*:Enabled:Exteel"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11b8305b-1abe-11dd-bebb-001d7d9e18f6}]
    shell\AutoRun\command - E:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28223492-5349-11dd-bf01-001d7d9e18f6}]
    shell\Auto\command - AdobeR.exe e
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f72e23a-827e-11dd-bf43-001d7d9e18f6}]
    shell\AutoRun\command - F:\w.com
    shell\open\command - F:\w.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b64f6f8-e960-11dc-997a-806d6172696f}]
    shell\AutoRun\command - C:\n68mqcra.exe
    shell\open\command - C:\n68mqcra.exe


    ======List of files/folders created in the last 1 months======

    2009-05-26 00:23:46 ----D---- C:\rsit
    2009-05-25 23:12:38 ----D---- C:\Program Files\Trend Micro
    2009-05-25 23:10:39 ----D---- C:\Documents and Settings\Saim\Application Data\Malwarebytes
    2009-05-25 23:10:33 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-05-25 22:41:31 ----D---- C:\Program Files\Fichiers communs\PC Tools
    2009-05-25 22:41:25 ----D---- C:\Program Files\Spyware Doctor
    2009-05-25 21:16:17 ----A---- C:\WINDOWS\system32\aswBoot.exe
    2009-05-25 21:16:13 ----D---- C:\Program Files\Alwil Software
    2009-05-25 12:20:08 ----RSH---- C:\n68mqcra.exe
    2009-05-25 12:19:41 ----RSH---- C:\WINDOWS\system32\nmdfgds1.dll
    2009-05-25 12:19:00 ----RSH---- C:\WINDOWS\system32\olhrwef.exe
    2009-05-25 12:19:00 ----RSH---- C:\WINDOWS\system32\nmdfgds0.dll
    2009-05-13 02:17:20 ----D---- C:\Documents and Settings\All Users\Application Data\2DBoy
    2009-05-12 08:33:42 ----D---- C:\Documents and Settings\Saim\Application Data\Braid

    ======List of files/folders modified in the last 1 months======

    2009-05-25 23:44:04 ----D---- C:\Program Files\Steam
    2009-05-25 23:42:56 ----RD---- C:\Program Files
    2009-05-25 23:42:56 ----D---- C:\WINDOWS\system32\drivers
    2009-05-25 23:16:29 ----RASH---- C:\boot.ini
    2009-05-25 23:16:29 ----A---- C:\WINDOWS\win.ini
    2009-05-25 23:16:29 ----A---- C:\WINDOWS\system.ini
    2009-05-25 22:59:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-05-25 22:52:52 ----D---- C:\WINDOWS\system32
    2009-05-25 22:52:31 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-05-25 22:50:40 ----D---- C:\WINDOWS
    2009-05-25 22:46:44 ----D---- C:\WINDOWS\Temp
    2009-05-25 22:43:17 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-05-25 22:41:31 ----D---- C:\Program Files\Fichiers communs
    2009-05-25 22:37:09 ----D---- C:\Program Files\Mozilla Firefox
    2009-05-25 22:35:29 ----D---- C:\WINDOWS\Prefetch
    2009-05-25 22:34:59 ----D---- C:\WINDOWS\system32\config
    2009-05-25 21:18:24 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-05-25 12:19:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-05-20 06:15:58 ----D---- C:\Documents and Settings\Saim\Application Data\BitTorrent
    2009-05-12 16:00:39 ----HD---- C:\WINDOWS\inf
    2009-05-12 08:33:38 ----D---- C:\WINDOWS\system32\DirectX
    2009-05-06 14:33:39 ----D---- C:\Program Files\FlashGet
    2009-05-04 14:14:16 ----D---- C:\eMule1
    2009-04-29 20:50:41 ----D---- C:\Poker

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 40576]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14720]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
    R2 UltraMonUtility;UltraMon Utility Driver; \??\C:\Program Files\Fichiers communs\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys []
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-07 12288]
    R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2007-08-07 98944]
    R3 UltraMonMirror;UltraMonMirror; C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S3 alf3yadn;alf3yadn; C:\WINDOWS\system32\drivers\alf3yadn.sys []
    S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
    S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files\NCsoft\Exteel (US)\System\GameGuard\dump_wmimmc.sys []
    S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
    S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
    S3 s3017bus;Sony Ericsson Device 3017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
    S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
    S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
    S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
    S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS); C:\WINDOWS\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
    S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
    S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM); C:\WINDOWS\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
    S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-01-04 587096]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
    R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-09-29 66872]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
    S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
    S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

    -----------------EOF-----------------



























    Info.txt























    info.txt logfile of random's system information tool 1.06 2009-05-26 00:23:57

    ======Uninstall list======

    -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
    AnyCallPoker-->"C:\Poker\AnyCallPoker\_SetupPoker_7996_EN.exe" /uninstall
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Bioshock-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7670
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    Braid-->"C:\Program Files\Steam\steam.exe" steam://uninstall/26800
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Command & Conquer™ Alerte Rouge 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
    Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
    Crysis WARHEAD(R)-->"C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe" REMOVE=TRUE MODIFY=FALSE
    Crysis WARHEAD(R)-->C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
    Crysis Wars(R)-->"C:\Documents and Settings\All Users\Application Data\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}\setup.exe" REMOVE=TRUE MODIFY=FALSE
    Crysis Wars(R)-->C:\Documents and Settings\All Users\Application Data\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}\setup.exe
    Dead Space™-->MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
    DirectVobSub (remove only)-->"C:\Program Files\DirectVobSub\uninstall.exe"
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    EA Download Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1036
    eMule-->"C:\eMule1\Uninstall.exe"
    FlashGet 1.9.6.1073-->C:\Program Files\FlashGet\uninst.exe
    Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
    GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
    Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Holdem Manager-->MsiExec.exe /I{42DE940E-8037-4266-9FBF-5A3AEDA39E96}
    Homeworld2-->C:\Jeux\Homeworld2\uninstall.exe
    HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    king.com (remove only)-->"C:\WINDOWS\king-uninstall.exe"
    K-Lite Codec Pack 3.8.3 Full BETA-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
    Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
    Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
    Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
    Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
    Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
    Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
    Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
    NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
    NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
    Oddworld: Abe's Exoddus-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15710
    Oddworld: Abe's Oddysee-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15700
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Peggle Deluxe-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3480
    Peggle Nights-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3540
    PerSonoCall Consumer Edition-->MsiExec.exe /I{A5B549D3-953F-4101-A1B9-A1465069B996}
    Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
    Plants Vs Zombies-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3590
    PlayNC Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
    Poker Cardoza-->"C:\Poker\Poker Cardoza\_SetupPoker(3).exe" /uninstall
    Poker Tracker Version 2.17.02-->"C:\Program Files\Poker Tracker V888\unins000.exe"
    PokerAce Hud (remove only)-->"C:\Program Files\PokerAce Hud\uninstall.exe"
    PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:p okerStars
    PokerStove version 1.21-->"C:\Program Files\PokerStove\unins000.exe"
    Portal-->"C:\Program Files\Steam\steam.exe" steam://uninstall/400
    PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}
    PropagandaPoker-->"C:\Poker\PropagandaPoker\_SetupPoker(5).exe" /uninstall
    Protected Music Converter 1.0.0.19-->"C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
    PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x040c -removeonly
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x40c -removeonly
    Richard Garriott's Tabula Rasa-->C:\Program Files\InstallShield Installation Information\{D27B8331-5815-4F9E-AADB-28A0B188570D}\Setup.exe -runfromtemp -l0x0009 -removeonly
    Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
    Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    Sony Ericsson Media Manager 1.1-->MsiExec.exe /X{0096A731-71DB-4969-AF1A-651698B246A5}
    Sony Ericsson PC Suite 3.209.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x040c -removeonly
    SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0009 -removeonly
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
    Titan Poker-->"C:\Poker\Titan Poker\_SetupPoker(4).exe" /uninstall
    TmNationsForever-->"C:\Jeux\TmNationsForever\unins000.exe"
    Tunatic-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Tunatic
    UltraMon-->MsiExec.exe /I{E67FF1A2-23C1-4102-84E9-42115F77AD32}
    Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
    VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
    Warhammer 40,000: Dawn of War II-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15620
    Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
    Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    World of Goo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/22000
    World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
    XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

    =====HijackThis Backups=====

    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe [2009-05-25]
    O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe [2009-05-25]
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe [2009-05-25]
    O20 - Winlogon Notify: rw330ext32 - rw330ext32.dll (file missing) [2009-05-25]
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe [2009-05-25]

    ======Security center information======

    AV: avast! antivirus 4.8.1335 [VPS 090525-0]

    ======System event log======

    Computer Name: AQUABLUE
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

    Record Number: 5
    Source Name: Service Control Manager
    Time Written: 20090521183506.000000+120
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: AQUABLUE
    Event Code: 7036
    Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.

    Record Number: 4
    Source Name: Service Control Manager
    Time Written: 20090521183506.000000+120
    Event Type: Informations
    User:

    Computer Name: AQUABLUE
    Event Code: 1002
    Message: Le bail de l'adresse IP 192.168.0.1 pour la carte réseau dont l'adresse réseau est 001D7D9E18F6
    a été refusé par le serveur DHCP 192.168.0.254 (celui-ci a envoyé un message DHCPNACK).

    Record Number: 3
    Source Name: Dhcp
    Time Written: 20090521183449.000000+120
    Event Type: erreur
    User:

    Computer Name: AQUABLUE
    Event Code: 6005
    Message: Le service d'Enregistrement d'événement a démarré.

    Record Number: 2
    Source Name: EventLog
    Time Written: 20090521183448.000000+120
    Event Type: Informations
    User:

    Computer Name: AQUABLUE
    Event Code: 6009
    Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

    Record Number: 1
    Source Name: EventLog
    Time Written: 20090521183448.000000+120
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: AQUABLUE
    Event Code: 12001
    Message:
    Record Number: 9420
    Source Name: usnjsvc
    Time Written: 20090228125059.000000+060
    Event Type:
    User:

    Computer Name: AQUABLUE
    Event Code: 0
    Message:
    Record Number: 9419
    Source Name: iPod Service
    Time Written: 20090228124641.000000+060
    Event Type: Informations
    User:

    Computer Name: AQUABLUE
    Event Code: 0
    Message: Server started and accepting connections


    Record Number: 9418
    Source Name: PostgreSQL
    Time Written: 20090228124640.000000+060
    Event Type: Informations
    User:

    Computer Name: AQUABLUE
    Event Code: 1800
    Message: Le service Centre de sécurité Windows a démarré.

    Record Number: 9417
    Source Name: SecurityCenter
    Time Written: 20090228124620.000000+060
    Event Type: Informations
    User:

    Computer Name: AQUABLUE
    Event Code: 0
    Message: 2009-02-28 12:46:20 CET LOG: loaded library "$libdir/plugins/plugin_debugger.dll"


    Record Number: 9416
    Source Name: PostgreSQL
    Time Written: 20090228124620.000000+060
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
    "PROCESSOR_REVISION"=0f0d
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "FP_NO_HOST_CHECK"=NO
    "RGSCLauncher"=C:\Jeux\GTA4\Rockstar Games Social Club
    "RGSC"=C:\Jeux\GTA4\Rockstar Games Social Club\1_0_0_0
    "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
    "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

    -----------------EOF-----------------












































    Merci de ton aide :) 
    m
    0
    l
    Contenus similaires
    a c 295 8 Sécurité
    26 Mai 2009 00:39:12

  • Télécharge UsbFix (de C_XX & Chiquitine29) sur ton Bureau.
  • Lance l'installation avec les paramètres par défaut.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur le raccourci UsbFix sur ton Bureau.
  • Choisis l'option 1 (Recherche).
  • Laisse travailler l'outil.
  • Poste le rapport UsbFix.txt.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    m
    0
    l
    26 Mai 2009 00:42:32

    Je pense que le virus vient d'une clef que j'ai branchée ce matin.. Elle n'était pas a moi et je suis a peu pres sur que le virus se trouvait dessus.

    Je preferais l'éradiquer du pc plutot que du support usb...

    encore merci pour le coup de main :) 
    m
    0
    l
    a c 295 8 Sécurité
    26 Mai 2009 00:46:18

    Citation :
    Je preferais l'éradiquer du pc

    ---> UsbFix le fait.
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS