Virus - L'internet ne fonctionne presque plus
DanPaul
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
J'ai un virus qui m'empêche d'utiliser mon internet après 10 minutes environ. Je peux par exemple parler sur MSN ou sur Skype, mais Firefox ou Internet Explorer ne fonctionnent plus. J'ai fait plusieurs tests avec spybot, a-squared et mon antivirus nod32. J'ai mis en quarantaine tous les menaces. Mais ceci n'as pas réglé mon problème d'internet. Voici mon log hijack:
[quote]Logfile of HijackThis v1.99.1
Scan saved at 11:47:08 PM, on 14/03/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp-consumer.my.aol.ca/?icid=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-consumer.my.aol.ca/?icid=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Users\Elie Mitri\Desktop\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - Startup: FIFA 09 Registration.lnk = C:\Program Files\EA Sports\FIFA 09\Support\EAregister.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - igfxdev.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - Unknown owner - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe" -service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe/quote
Pouvez-vous svp me dire comment enlever le virus, car c'est plate de redémarrer mon ordinateur après chaque 10 minutes. Merci
J'ai un virus qui m'empêche d'utiliser mon internet après 10 minutes environ. Je peux par exemple parler sur MSN ou sur Skype, mais Firefox ou Internet Explorer ne fonctionnent plus. J'ai fait plusieurs tests avec spybot, a-squared et mon antivirus nod32. J'ai mis en quarantaine tous les menaces. Mais ceci n'as pas réglé mon problème d'internet. Voici mon log hijack:
[quote]Logfile of HijackThis v1.99.1
Scan saved at 11:47:08 PM, on 14/03/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp-consumer.my.aol.ca/?icid=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-consumer.my.aol.ca/?icid=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Users\Elie Mitri\Desktop\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - Startup: FIFA 09 Registration.lnk = C:\Program Files\EA Sports\FIFA 09\Support\EAregister.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - igfxdev.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - Unknown owner - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe" -service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe/quote
Pouvez-vous svp me dire comment enlever le virus, car c'est plate de redémarrer mon ordinateur après chaque 10 minutes. Merci
A voir également:
- Virus - L'internet ne fonctionne presque plus
- Virus mcafee - Accueil - Piratage
- Gps sans internet - Guide
- Internet explorer - Guide
- Mon pc rame sur internet - Guide
- Complete internet repair - Télécharger - Web & Internet
10 réponses
slt,
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 2. Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
_____________________
scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 2. Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
_____________________
scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Bonjour, voila le rapport de ComboFix:
Merci beaucoup!
ComboFix 09-03-14.02 - Elie Mitri 2009-03-15 15:14:27.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3326.2312 [GMT -4:00]
Running from: c:\users\Elie Mitri\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\pthreadGC2.dll
.
((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.
2009-03-15 15:06 . 2009-03-15 15:06 56 --ah----- c:\windows\System32\ezsidmv.dat
2009-03-15 11:57 . 2009-03-15 11:57 <DIR> d-------- C:\rsit
2009-03-15 11:57 . 2009-03-15 11:57 <DIR> d-------- c:\program files\trend micro
2009-03-15 11:50 . 2009-03-15 11:50 <DIR> d-------- c:\users\Elie Mitri\AppData\Roaming\Malwarebytes
2009-03-15 11:50 . 2009-03-15 11:50 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-15 11:50 . 2009-03-15 11:50 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-15 11:50 . 2009-03-15 11:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-15 11:50 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-15 11:50 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-15 11:43 . 2009-03-15 11:47 <DIR> d-------- C:\ToolBar SD
2009-03-10 22:19 . 2008-12-15 23:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-10 22:19 . 2008-12-16 01:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-10 22:19 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-10 22:19 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-10 22:18 . 2009-02-08 23:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-10 22:18 . 2008-11-27 00:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-07 14:44 . 2009-03-07 19:18 <DIR> d-------- c:\users\Elie Mitri\AppData\Roaming\Hamachi
2009-03-07 14:44 . 2009-03-07 14:44 <DIR> d-------- c:\program files\Hamachi
2009-03-07 14:44 . 2009-03-07 14:44 25,280 --a------ c:\windows\System32\drivers\hamachi.sys
2009-03-04 17:11 . 2009-03-04 17:17 <DIR> d-------- C:\Downloads
2009-03-04 17:10 . 2009-03-04 17:10 <DIR> d-------- c:\program files\BitComet
2009-03-04 16:58 . 2009-03-04 16:58 107,888 --a------ c:\windows\System32\CmdLineExt.dll
2009-03-04 16:56 . 2009-03-04 16:56 <DIR> d-------- c:\windows\System32\xlive
2009-03-04 16:56 . 2009-03-04 16:56 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-03-04 16:33 . 2009-03-04 18:42 <DIR> d-------- c:\program files\a-squared Free
2009-03-04 16:26 . 2009-03-04 19:23 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-03-04 16:26 . 2009-03-04 19:23 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2009-03-04 16:26 . 2009-03-04 16:26 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-04 16:24 . 2009-03-04 16:25 <DIR> d-------- c:\program files\Rockstar Games
2009-03-04 16:16 . 2009-03-04 16:16 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-03-01 23:07 . 2009-03-01 23:07 <DIR> dr-h----- c:\users\Elie Mitri\AppData\Roaming\SecuROM
2009-03-01 15:32 . 2008-02-23 00:38 170,496 --a------ c:\windows\System32\tcpipcfg.dll
2009-03-01 15:32 . 2008-02-22 22:41 22,528 --a------ c:\windows\System32\netiougc.exe
2009-03-01 15:31 . 2009-03-01 15:31 <DIR> d-------- c:\program files\Zone Labs
2009-03-01 15:31 . 2008-11-13 16:18 1,221,008 --a------ c:\windows\System32\zpeng25.dll
2009-03-01 15:30 . 2009-03-01 15:32 <DIR> d-------- c:\windows\System32\ZoneLabs
2009-03-01 15:30 . 2009-03-15 15:07 <DIR> d-------- c:\windows\Internet Logs
2009-03-01 15:30 . 2009-03-01 15:30 <DIR> d-------- c:\users\All Users\CheckPoint
2009-03-01 15:30 . 2009-03-01 15:30 <DIR> d-------- c:\programdata\CheckPoint
2009-03-01 15:30 . 2009-03-15 15:05 348,371 --ah----- c:\windows\System32\drivers\vsconfig.xml
2009-03-01 15:30 . 2008-11-13 16:19 293,776 --a------ c:\windows\System32\drivers\vsdatant.sys
2009-02-28 02:33 . 2009-02-28 02:33 1,108 --a------ c:\windows\System32\ealregsnapshot1.reg
2009-02-28 02:32 . 2009-02-28 02:32 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos
2009-02-28 02:32 . 2009-02-28 02:32 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
2009-02-28 02:32 . 2009-02-28 02:32 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
2009-02-28 02:32 . 2009-02-28 02:32 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures
2009-02-28 02:32 . 2009-02-28 02:32 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
2009-02-28 02:32 . 2009-02-28 02:32 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads
2009-02-28 02:32 . 2009-02-28 02:32 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents
2009-02-22 23:20 . 2009-02-22 23:20 <DIR> d-------- c:\users\Stephanie\AppData\Roaming\ATI
2009-02-22 22:34 . 2009-02-22 22:34 <DIR> d-------- c:\users\Elie Mitri\AppData\Roaming\Sony Corporation
2009-02-22 22:26 . 2009-02-22 22:26 <DIR> d-------- c:\program files\Sony
2009-02-22 18:38 . 2009-02-22 18:38 <DIR> d-------- c:\users\Elie Mitri\AppData\Roaming\ATI
2009-02-22 18:38 . 2009-02-22 18:38 <DIR> d-------- c:\users\All Users\ATI
2009-02-22 18:38 . 2009-02-22 18:38 <DIR> d-------- c:\programdata\ATI
2009-02-22 18:36 . 2009-02-22 18:36 0 --a------ c:\windows\ativpsrm.bin
2009-02-22 18:28 . 2009-02-22 18:30 <DIR> d-------- c:\program files\ATI Technologies
2009-02-22 18:28 . 2009-02-22 20:36 <DIR> d-------- c:\program files\ATI
2009-02-22 18:28 . 2009-02-22 18:28 <DIR> d-------- C:\ATI
2009-02-21 21:53 . 2009-02-21 21:54 <DIR> d-------- c:\program files\Paint.NET
2009-02-21 16:10 . 2009-02-21 16:10 488 --a------ c:\windows\System32\Support.xml
2009-02-20 18:59 . 2009-02-26 16:34 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-20 18:59 . 2009-02-20 18:59 <DIR> d-------- c:\program files\Microsoft Office Outlook Connector
2009-02-20 18:58 . 2009-02-20 18:58 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-02-20 18:58 . 2009-02-06 19:08 55,280 --a------ c:\windows\System32\drivers\fssfltr.sys
2009-02-20 18:56 . 2009-02-20 18:56 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-20 18:56 . 2008-06-25 23:21 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2009-02-20 18:56 . 2008-06-25 23:21 347,648 --a------ c:\windows\System32\WindowsCodecsExt.dll
2009-02-20 01:54 . 2009-02-20 01:54 <DIR> d-------- c:\users\Elie Mitri\AppData\Roaming\Leadertech
2009-02-18 22:03 . 2009-02-18 22:03 <DIR> d-------- c:\users\Elie Mitri\AppData\Roaming\Ubisoft
2009-02-18 21:55 . 2009-03-04 15:59 <DIR> d-------- c:\users\All Users\Ubisoft
2009-02-18 21:55 . 2009-03-04 15:59 <DIR> d-------- c:\programdata\Ubisoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 19:12 --------- d-----w c:\users\Elie Mitri\AppData\Roaming\Skype
2009-03-15 16:59 --------- d-----w c:\program files\Steam
2009-03-15 16:58 --------- d-----w c:\program files\Common Files\Steam
2009-03-15 15:41 --------- d-----w c:\users\Elie Mitri\AppData\Roaming\skypePM
2009-03-15 02:26 351,744 ----a-w c:\windows\Internet Logs\xDB6C49.tmp
2009-03-15 01:12 114,176 ----a-w c:\windows\Internet Logs\xDB6A46.tmp
2009-03-15 00:16 95,232 ----a-w c:\windows\Internet Logs\xDB6D52.tmp
2009-03-15 00:01 106,496 ----a-w c:\windows\Internet Logs\xDB6E1D.tmp
2009-03-15 00:01 1,490,432 ----a-w c:\windows\Internet Logs\xDB6EE9.tmp
2009-03-14 23:41 233,472 ----a-w c:\windows\Internet Logs\xDB6B40.tmp
2009-03-14 16:02 72,192 ----a-w c:\windows\Internet Logs\xDB6F45.tmp
2009-03-14 04:22 870,912 ----a-w c:\windows\Internet Logs\xDB7492.tmp
2009-03-13 03:12 1,007,616 ----a-w c:\windows\Internet Logs\xDB6B9D.tmp
2009-03-13 00:45 2,846,720 ----a-w c:\windows\Internet Logs\xDB7454.tmp
2009-03-12 00:17 2,909,696 ----a-w c:\windows\Internet Logs\xDBBC3C.tmp
2009-03-11 18:23 --------- d-----w c:\programdata\Microsoft Help
2009-03-10 00:19 1,472,512 ----a-w c:\windows\Internet Logs\xDB7261.tmp
2009-03-08 01:25 285,184 ----a-w c:\windows\Internet Logs\xDB6FC2.tmp
2009-03-08 00:45 1,335,808 ----a-w c:\windows\Internet Logs\xDB7186.tmp
2009-03-07 20:05 596,992 ----a-w c:\windows\Internet Logs\xDB7500.tmp
2009-03-07 18:47 3,073,024 ----a-w c:\windows\Internet Logs\xDB6CA6.tmp
2009-03-07 07:10 1,470,348 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-03-05 19:33 2,904,576 ----a-w c:\windows\Internet Logs\xDB73C8.tmp
2009-03-05 04:43 14,952,716 ----a-w c:\windows\Internet Logs\vsmon_on_demand_thread_2009_03_04_23_41_41_full.dmp.zip
2009-03-04 23:22 32,714,069 ----a-w c:\windows\Internet Logs\vsmon_on_demand_thread_2009_03_04_18_17_37_full.dmp.zip
2009-03-04 22:45 --------- d-----w c:\program files\TightVNC
2009-03-04 22:45 --------- d-----w c:\program files\Luxor
2009-03-04 21:00 --------- d-----w c:\users\Elie Mitri\AppData\Roaming\uTorrent
2009-03-04 20:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-04 20:13 --------- d-----w c:\program files\Microsoft Games
2009-03-03 03:55 --------- d-----w c:\program files\HP
2009-03-01 23:01 32,751,759 ----a-w c:\windows\Internet Logs\vsmon_on_demand_thread_2009_03_01_17_59_28_full.dmp.zip
2009-02-27 22:23 --------- d-----w c:\programdata\WildTangent
2009-02-25 20:47 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-25 20:47 111,928 ----a-w c:\windows\System32\PnkBstrB.exe
2009-02-24 23:26 2,255,360 ----a-w c:\windows\System32\x264vfw.dll
2009-02-22 22:21 --------- d-----w c:\programdata\NVIDIA
2009-02-20 22:59 --------- d-----w c:\program files\Microsoft
2009-02-20 22:58 --------- d-----w c:\program files\Windows Live
2009-02-20 18:01 --------- d-----w c:\program files\Common Files\Adobe
2009-02-14 17:07 --------- d-----w c:\programdata\Roxio
2009-02-09 18:56 67,584 ----a-w c:\windows\System32\ff_vfw.dll
2009-02-07 00:03 307,576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 23:52 49,504 ----a-w c:\windows\System32\sirenacm.dll
2009-02-06 21:41 --------- d-----w c:\users\Elie Mitri\AppData\Roaming\InstallShield
2009-02-04 07:29 4,303,360 ----a-w c:\windows\system32\drivers\atikmdag.sys
2009-02-04 05:02 442,368 ----a-w c:\windows\System32\ATIDEMGX.dll
2009-02-04 05:00 43,520 ----a-w c:\windows\System32\ati2edxx.dll
2009-02-04 05:00 348,160 ----a-w c:\windows\System32\atipdlxx.dll
2009-02-04 05:00 274,432 ----a-w c:\windows\System32\Oemdspif.dll
2009-02-04 05:00 159,744 ----a-w c:\windows\System32\atitmmxx.dll
2009-02-04 05:00 11,264 ----a-w c:\windows\System32\atimuixx.dll
2009-02-04 04:59 286,720 ----a-w c:\windows\System32\Ati2evxx.dll
2009-02-04 04:58 729,088 ----a-w c:\windows\System32\Ati2evxx.exe
2009-02-04 04:49 2,391,552 ----a-w c:\windows\System32\atidxx32.dll
2009-02-04 04:43 3,903,488 ----a-w c:\windows\System32\atiumdag.dll
2009-02-04 04:22 4,905,472 ----a-w c:\windows\System32\atiumdva.dll
2009-02-04 04:11 11,366,400 ----a-w c:\windows\System32\atioglxx.dll
2009-02-04 04:07 51,712 ----a-w c:\windows\System32\amdpcom32.dll
2009-02-04 04:07 131,072 ----a-w c:\windows\System32\atiadlxx.dll
2009-02-04 03:53 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-04 03:01 57,344 ----a-w c:\windows\System32\aticalrt.dll
2009-02-04 03:01 53,248 ----a-w c:\windows\System32\aticalcl.dll
2009-02-04 02:58 3,252,224 ----a-w c:\windows\System32\aticaldd.dll
2009-02-01 03:37 --------- d-----w c:\users\Elie Mitri\AppData\Roaming\Yahoo!
2009-02-01 03:37 --------- d-----w c:\program files\FlyGimp Pro
2009-02-01 03:13 --------- d-----w c:\users\Elie Mitri\AppData\Roaming\FlyGimp Pro
2009-02-01 03:05 --------- d-----w c:\program files\Google
2009-01-30 00:50 --------- d-----w c:\users\Stephanie\AppData\Roaming\Roxio
2009-01-30 00:33 --------- d-----w c:\users\Stephanie\AppData\Roaming\Nero
2009-01-23 06:35 --------- d-----w c:\program files\ReflexiveArcade
2009-01-16 23:59 682,280 ----a-w c:\windows\System32\pbsvc.exe
2009-01-16 23:59 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2009-01-16 23:59 22,328 ----a-w c:\users\Elie Mitri\AppData\Roaming\PnkBstrK.sys
2009-01-16 23:41 --------- d-----w c:\program files\Activision
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2009-01-12 20:30 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr
2009-01-05 20:59 174 --sha-w c:\program files\desktop.ini
2009-01-05 20:36 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-05 20:35 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-04 19:11 47,560 ----a-w c:\windows\System32\SPReview.exe
2009-01-04 19:11 152,576 ----a-w c:\windows\System32\SPWizUI.dll
2009-01-04 18:44 83,456 ----a-w c:\windows\System32\wudriver.dll
2009-01-04 18:44 561,688 ----a-w c:\windows\System32\wuapi.dll
2009-01-04 18:44 51,224 ----a-w c:\windows\System32\wuauclt.exe
2009-01-04 18:44 43,544 ----a-w c:\windows\System32\wups2.dll
2009-01-04 18:44 34,328 ----a-w c:\windows\System32\wups.dll
2009-01-04 18:44 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2009-01-04 18:44 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2009-01-04 18:43 31,232 ----a-w c:\windows\System32\wuapp.exe
2009-01-04 18:43 162,064 ----a-w c:\windows\System32\wuwebv.dll
2009-01-04 18:29 249,592 ----a-w c:\windows\System32\cssdll32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-25 1410304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2008-06-03 536576]
c:\users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-05-07 1273856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2299F01F-C91A-457C-B72E-0365A38E1687}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{BC96A6C0-9CBB-4BE5-9033-56696B4F6D36}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{A74E5317-1196-452F-96BF-F03DA7892753}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{4A4BA856-3E92-47BF-9D44-5E4C91294BEC}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{89D13081-7054-4D4F-929C-2AA827F2D024}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{447D9DA3-690F-4F81-BD7F-C7225870C9DE}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{C449C751-CC0C-4F27-AF83-0AA4DF41EEA6}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{5E7CD85A-1E84-4572-B30E-334F82E13D57}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{5C32179F-54B8-49A1-9920-7D9C3C0D4EC3}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{45BEEF07-5D7F-4AC4-B370-59AA55B5CC62}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2D42B8C3-48C3-4F93-906B-A887994DDE3D}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0EAD738F-0CB3-4359-8E87-FDDBCE76158A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{934C80B0-EDDF-4ED8-AD06-2D0927175F05}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{76A5270C-3B3B-45CE-B248-7B6F3F7BF370}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BD004FC9-5A53-4990-B010-A59BADC186DA}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1EBCAF42-DA48-4516-9311-C268A6F9B6D1}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6B5F5443-3035-422C-946F-D1821056C5E4}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3FB32A0C-F6E4-49F2-BA4A-35D69AC6CCD5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9462A794-2CAE-44BC-9495-29176689BB6C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{053153C6-3636-4B1B-AFDB-24E65C4EAC19}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{7F35978C-C498-4861-9285-D5248906AE5E}c:\\program files\\tightvnc\\winvnc.exe"= UDP:c:\program files\tightvnc\winvnc.exe:TightVNC Win32 Server
"UDP Query User{EA237630-8CD7-4138-92A9-5AFC8DD713EE}c:\\program files\\tightvnc\\winvnc.exe"= TCP:c:\program files\tightvnc\winvnc.exe:TightVNC Win32 Server
"TCP Query User{0828EF0F-138C-48B2-80BB-7B39C2F5EB3D}c:\\program files\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\program files\teamviewer\version4\teamviewer.exe:TeamViewer Remote Control Application
"UDP Query User{B8E421E7-3EFF-4663-9B71-29E11A5AC7D6}c:\\program files\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\program files\teamviewer\version4\teamviewer.exe:TeamViewer Remote Control Application
"TCP Query User{DC5E92F6-5F5D-4C9E-BEE5-1872C6C51B70}e:\\elie\\elie games\\fichier counter strike 2007\\hl.exe"= UDP:e:\elie\elie games\fichier counter strike 2007\hl.exe:Half-Life Launcher
"UDP Query User{DE48A9C8-632B-466B-A482-6A6D544D7A10}e:\\elie\\elie games\\fichier counter strike 2007\\hl.exe"= TCP:e:\elie\elie games\fichier counter strike 2007\hl.exe:Half-Life Launcher
"{41D558CD-59D5-4284-B1FD-B3866D80F785}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1B6AD9A6-96D7-46A4-8102-C1C89042F47F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{C2B4FD0A-9647-41D9-B381-A9AE426FEF22}c:\\users\\elie mitri\\desktop\\cs\\counter-strike source\\hl2.exe"= UDP:c:\users\elie mitri\desktop\cs\counter-strike source\hl2.exe:hl2.exe
"UDP Query User{C8B6CE91-3EF8-466D-AF59-94DB84E9697B}c:\\users\\elie mitri\\desktop\\cs\\counter-strike source\\hl2.exe"= TCP:c:\users\elie mitri\desktop\cs\counter-strike source\hl2.exe:hl2.exe
"TCP Query User{4D0E0893-2902-430F-AE07-FF753829AE0F}c:\\games\\cs\\hl2.exe"= UDP:c:\games\cs\hl2.exe:hl2
"UDP Query User{923306AD-CF6D-4F8E-BA4E-241201ADE5C7}c:\\games\\cs\\hl2.exe"= TCP:c:\games\cs\hl2.exe:hl2
"TCP Query User{A3BDA70A-8CB1-4599-99D4-100386A2AED3}e:\\cs\\counter-strike source v34\\33949158840141830115.exe"= UDP:e:\cs\counter-strike source v34\33949158840141830115.exe:33949158840141830115
"UDP Query User{8791D664-368D-42C8-890C-E1F1BEDE0684}e:\\cs\\counter-strike source v34\\33949158840141830115.exe"= TCP:e:\cs\counter-strike source v34\33949158840141830115.exe:33949158840141830115
"TCP Query User{481D9CB7-F95E-448D-9E55-3F4693E52E8F}e:\\cs\\counter-strike source v34\\17916124354150258391.exe"= UDP:e:\cs\counter-strike source v34\17916124354150258391.exe:17916124354150258391
"UDP Query User{A94DD4F5-AB24-4B19-9C6B-37C04B6D81ED}e:\\cs\\counter-strike source v34\\17916124354150258391.exe"= TCP:e:\cs\counter-strike source v34\17916124354150258391.exe:17916124354150258391
"TCP Query User{A5596B79-F2B9-415B-A78D-7A028E38CF54}e:\\cs\\counter-strike source v34\\48515110669229296286.exe"= UDP:e:\cs\counter-strike source v34\48515110669229296286.exe:48515110669229296286
"UDP Query User{6E4B7315-1893-47FB-8222-176A58A7AAA3}e:\\cs\\counter-strike source v34\\48515110669229296286.exe"= TCP:e:\cs\counter-strike source v34\48515110669229296286.exe:48515110669229296286
"TCP Query User{2B55AE2F-976E-46F3-93CA-B56330013043}e:\\cs\\counter-strike source v34\\38393026423928003858.exe"= UDP:e:\cs\counter-strike source v34\38393026423928003858.exe:38393026423928003858
"UDP Query User{0681961E-F673-4CA6-9D5A-BE96F53CFDB4}e:\\cs\\counter-strike source v34\\38393026423928003858.exe"= TCP:e:\cs\counter-strike source v34\38393026423928003858.exe:38393026423928003858
"TCP Query User{C68FA951-32B2-4AE0-B813-3C17F9545AE1}e:\\cs\\counter-strike source v34\\81346272400063252875.exe"= UDP:e:\cs\counter-strike source v34\81346272400063252875.exe:81346272400063252875
"UDP Query User{7406B7F1-E0B0-4FA3-B93C-012ED88422A1}e:\\cs\\counter-strike source v34\\81346272400063252875.exe"= TCP:e:\cs\counter-strike source v34\81346272400063252875.exe:81346272400063252875
"TCP Query User{415EA835-C17A-4BB3-9073-6BCE764420C8}e:\\cs\\counter-strike source v34\\22941706497568633840.exe"= UDP:e:\cs\counter-strike source v34\22941706497568633840.exe:22941706497568633840
"UDP Query User{85279688-EB5B-4D76-BFAB-A0A160A0C386}e:\\cs\\counter-strike source v34\\22941706497568633840.exe"= TCP:e:\cs\counter-strike source v34\22941706497568633840.exe:22941706497568633840
"TCP Query User{8E4E0044-5B99-4742-A2E2-E64180815A5D}e:\\cs\\counter-strike source v34\\16854066660795198322.exe"= UDP:e:\cs\counter-strike source v34\16854066660795198322.exe:16854066660795198322
"UDP Query User{1DD25D75-BCE4-46B1-928C-DF7F5FBA47AB}e:\\cs\\counter-strike source v34\\16854066660795198322.exe"= TCP:e:\cs\counter-strike source v34\16854066660795198322.exe:16854066660795198322
"TCP Query User{C798E1CF-9B98-477B-9516-63A5AC12F708}e:\\cs\\counter-strike source v34\\99390554461221364796.exe"= UDP:e:\cs\counter-strike source v34\99390554461221364796.exe:99390554461221364796
"UDP Query User{53FF6094-E330-468F-9511-A18BADF725A9}e:\\cs\\counter-strike source v34\\99390554461221364796.exe"= TCP:e:\cs\counter-strike source v34\99390554461221364796.exe:99390554461221364796
"TCP Query User{B8C1D881-E360-4062-9102-0FDD47C4EB86}e:\\cs\\counter-strike source v34\\[u]0/u9088728310205217730.exe"= UDP:e:\cs\counter-strike source v34\[u]0/u9088728310205217730.exe:09088728310205217730
"UDP Query User{4636E3E9-5E6C-4AD4-9925-C534BC370672}e:\\cs\\counter-strike source v34\\[u]0/u9088728310205217730.exe"= TCP:e:\cs\counter-strike source v34\[u]0/u9088728310205217730.exe:09088728310205217730
"TCP Query User{3F8978C5-4E2A-49F2-A67C-E32D5BA22C90}e:\\cs\\counter-strike source v34\\83260159795082796316.exe"= UDP:e:\cs\counter-strike source v34\83260159795082796316.exe:83260159795082796316
"UDP Query User{D4028CBA-B8F8-4616-BAEA-2CE19F6D25FC}e:\\cs\\counter-strike source v34\\83260159795082796316.exe"= TCP:e:\cs\counter-strike source v34\83260159795082796316.exe:83260159795082796316
"TCP Query User{8DF26362-028F-49B8-989A-8DAB6B840803}e:\\cs\\counter-strike source v34\\95294722350387123371.exe"= UDP:e:\cs\counter-strike source v34\95294722350387123371.exe:95294722350387123371
"UDP Query User{E45A584C-AB17-43F0-8F7E-CD5756FC689B}e:\\cs\\counter-strike source v34\\95294722350387123371.exe"= TCP:e:\cs\counter-strike source v34\95294722350387123371.exe:95294722350387123371
"TCP Query User{81738489-20F2-4750-92B7-4CFD4572B97F}e:\\cs\\counter-strike source v34\\48981975928770956923.exe"= UDP:e:\cs\counter-strike source v34\48981975928770956923.exe:48981975928770956923
"UDP Query User{C0674B7E-4641-4C55-8E81-A1B604CEC8B9}e:\\cs\\counter-strike source v34\\48981975928770956923.exe"= TCP:e:\cs\counter-strike source v34\48981975928770956923.exe:48981975928770956923
"TCP Query User{E3B02A1F-8149-4AC7-8D0D-735FF6F6FDA1}e:\\cs\\counter-strike source v34\\31296379168375428796.exe"= UDP:e:\cs\counter-strike source v34\31296379168375428796.exe:31296379168375428796
"UDP Query User{CA2987E1-585C-477F-8DC4-E3A50FCF6A91}e:\\cs\\counter-strike source v34\\31296379168375428796.exe"= TCP:e:\cs\counter-strike source v34\31296379168375428796.exe:31296379168375428796
"TCP Query User{F73D3013-D91A-4D00-BDBD-18194536304B}e:\\cs\\counter-strike source v34\\11249599914266370145.exe"= UDP:e:\cs\counter-strike source v34\11249599914266370145.exe:11249599914266370145
"UDP Query User{C31543A0-0067-47B5-8DA4-429A28CD0D6D}e:\\cs\\counter-strike source v34\\11249599914266370145.exe"= TCP:e:\cs\counter-strike source v34\11249599914266370145.exe:11249599914266370145
"TCP Query User{2C04BCFF-8165-4746-96AE-12AF70388B90}e:\\cs\\counter-strike source v34\\94199438078520803756.exe"= UDP:e:\cs\counter-strike source v34\94199438078520803756.exe:94199438078520803756
"UDP Query User{F3434215-B127-4976-8E24-E30BEECFAE58}e:\\cs\\counter-strike source v34\\94199438078520803756.exe"= TCP:e:\cs\counter-strike source v34\94199438078520803756.exe:94199438078520803756
"TCP Query User{4FBE9998-4217-4ACC-9C76-E4DAF6B89833}e:\\cs\\counter-strike source v34\\18989135443996537210.exe"= UDP:e:\cs\counter-strike source v34\18989135443996537210.exe:18989135443996537210
"UDP Query User{EED21AF0-0E95-4BE4-8485-34221DD1D87D}e:\\cs\\counter-strike source v34\\18989135443996537210.exe"= TCP:e:\cs\counter-strike source v34\18989135443996537210.exe:18989135443996537210
"TCP Query User{99B6164A-08BE-48AA-BFC1-C90BC236A259}e:\\cs\\counter-strike source v34\\14159692408153047313.exe"= UDP:e:\cs\counter-strike source v34\14159692408153047313.exe:14159692408153047313
"UDP Query User{4E9CDB08-A366-48EF-9E5D-6018CF5C5909}e:\\cs\\counter-strike source v34\\14159692408153047313.exe"= TCP:e:\cs\counter-strike source v34\14159692408153047313.exe:14159692408153047313
"TCP Query User{0127F186-91CA-44F3-8933-FD3C713AEA7B}e:\\cs\\counter-strike source v34\\[u]0/u5544428560859309994.exe"= UDP:e:\cs\counter-strike source v34\[u]0/u5544428560859309994.exe:05544428560859309994
"UDP Query User{DEB5C333-4122-463A-A174-C2C89702A4FA}e:\\cs\\counter-strike source v34\\[u]0/u5544428560859309994.exe"= TCP:e:\cs\counter-strike source v34\[u]0/u5544428560859309994.exe:05544428560859309994
"TCP Query User{3D27EC02-F06B-4D3A-A5A6-CD3ADE5F0388}e:\\cs\\counter-strike source v34\\43003101739137438430.exe"= UDP:e:\cs\counter-strike source v34\43003101739137438430.exe:43003101739137438430
"UDP Query User{4F87F864-F5D2-44D0-8726-01991B4438EB}e:\\cs\\counter-strike source v34\\43003101739137438430.exe"= TCP:e:\cs\counter-strike source v34\43003101739137438430.exe:43003101739137438430
"TCP Query User{81B3D4D2-BA0B-440D-858E-FCF786E20E26}e:\\cs\\counter-strike source v34\\53475940023818830304.exe"= UDP:e:\cs\counter-strike source v34\53475940023818830304.exe:53475940023818830304
"UDP Query User{38E0B134-91F7-4410-9914-9CA8D7ECFB7D}e:\\cs\\counter-strike source v34\\53475940023818830304.exe"= TCP:e:\cs\counter-strike source v34\53475940023818830304.exe:53475940023818830304
"TCP Query User{283D2EF3-9820-4E85-9003-A1626EEFC493}e:\\cs\\counter-strike source v34\\67373551330401199443.exe"= UDP:e:\cs\counter-strike source v34\67373551330401199443.exe:67373551330401199443
"UDP Query User{96D2A3BB-DB08-403A-B7B4-A7E6CFA2C06B}e:\\cs\\counter-strike source v34\\67373551330401199443.exe"= TCP:e:\cs\counter-strike source v34\67373551330401199443.exe:67373551330401199443
"TCP Query User{4B289C98-2DD4-4AA6-8C20-DE568FF7D9F5}e:\\cs\\counter-strike source v34\\54486191783044625800.exe"= UDP:e:\cs\counter-strike source v34\54486191783044625800.exe:54486191783044625800
"UDP Query User{C2BE92BC-92D5-410B-A547-55B3C56DE50D}e:\\cs\\counter-strike source v34\\54486191783044625800.exe"= TCP:e:\cs\counter-strike source v34\54486191783044625800.exe:54486191783044625800
"TCP Query User{A0204FDA-73CE-4A85-AB9F-044B0A4D1742}c:\\program files\\valve\\counter-strike source\\hl2.exe"= UDP:c:\program files\valve\counter-strike source\hl2.exe:hl2
"UDP Query User{8568AC0E-5075-44DD-9C9F-758028F3F268}c:\\program files\\valve\\counter-strike source\\hl2.exe"= TCP:c:\program files\valve\counter-strike source\hl2.exe:hl2
"{5725E5A1-0E19-4521-91CC-9DC9C1B54E07}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D602B7EB-613E-456B-8F08-55F11A17B02E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C8D1DDDB-4921-4F1A-9350-BD53267554C9}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{674FDB91-46EF-4C76-88E4-4417D5089DE9}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{4CFF2691-EA0F-4E8C-B683-D9043A87C050}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{05094B6F-041E-41DE-BF0C-326195A74A60}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{E8DA7D43-8F58-4A32-8B4B-74955D75A0AB}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{9229F6DF-0C00-4763-84AD-4394C04FC193}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{758F55D2-455C-4A3B-8229-EA4A9358C5D8}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{232F2675-C95D-449D-AF31-F0D650616AFF}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"TCP Query User{6143EAB2-31CD-4C83-BA38-8630753570EF}c:\\program files\\saints row 2\\sr2_pc.exe"= UDP:c:\program files\saints row 2\sr2_pc.exe:SR2_pc
"UDP Query User{0C5FC04F-8CC2-4EE1-8696-3E5AB5C3F1DC}c:\\program files\\saints row 2\\sr2_pc.exe"= TCP:c:\program files\saints row 2\sr2_pc.exe:SR2_pc
"{462EBA69-A869-4343-85CA-B7391AFE2215}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{5CD29809-0FC2-401E-BD87-FE06B907965B}"= TCP:67:0.0.0.0:Service de détection DHCP
"{2737539E-9AEF-4EA4-AA35-C33E1FE532C6}"= UDP:c:\program files\Pure Networks\Network Magic\nmsrvc.exe:Pure Networks Network Magic Service
"{0ABE98FB-77A9-4CC3-AC3A-F856E4B0ABC5}"= TCP:c:\program files\Pure Networks\Network Magic\nmsrvc.exe:Pure Networks Network Magic Service
"{04C12572-9EE2-4907-8BFA-43A1FFB68AA6}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{6B20DBE3-7114-4647-951E-79434C1F7975}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
"{9C6F06F6-928E-4406-A496-34519E32F351}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
"{D97755CB-5EB8-460C-BA5B-E68F87973E54}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2007-10-25 30728]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-10-25 455936]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-03-04 1153368]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2008-12-23 185640]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [2006-05-10 29696]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-20 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44ca9d2a-da8c-11dd-9b32-001d6092981f}]
\shell\adobe\command - goodies\ar405eng.exe
\shell\AutoRun\command - L:\aocsetup.exe /autorun
\shell\log\command - l:\goodies\machine\machine.exe -l
\shell\machine\command - l:\goodies\machine\machine.exe
\shell\setup\command - L:\aocsetup.exe /autorun
\shell\zone\command - l:\goodies\mszone\zonea660.exe
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKCU-Run-Picasa Media Detector - c:\users\Elie Mitri\Desktop\Picasa2\PicasaMediaDetector.exe
HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe
HKLM-Run-HotKeysCmds - c:\windows\system32\hkcmd.exe
HKLM-Run-Persistence - c:\windows\system32\igfxpers.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Elie Mitri\AppData\Roaming\Mozilla\Firefox\Profiles\5qwbzq2b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Elie Mitri\AppData\Roaming\Mozilla\Firefox\Profiles\5qwbzq2b.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 15:17:12
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-03-15 15:18:42
ComboFix-quarantined-files.txt 2009-03-15 19:18:40
Pre-Run: 116,017,700,864 bytes free
Post-Run: 116,311,330,816 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
400 --- E O F --- 2009-03-11 18:24:14
Merci beaucoup!
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)
:files
c:\windows\System32\ezsidmv.dat
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
______________________
l'internet remarche ou pas?
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)
:files
c:\windows\System32\ezsidmv.dat
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
______________________
l'internet remarche ou pas?
Bonjour,
L'internet ne s'est plus arreter depuis que j'ai executer ComboFix, mais il faudrait qu'on attend encore un peu de temps pour etre sur que le probleme est resolu.
Voila 03152009_163919.log:
03152009_163919.res:
Le fichier c:\windows\System32\ezsidmv.dat n'existe plus maintenent. Merci de m'aider.
L'internet ne s'est plus arreter depuis que j'ai executer ComboFix, mais il faudrait qu'on attend encore un peu de temps pour etre sur que le probleme est resolu.
Voila 03152009_163919.log:
========== FILES ========== File move failed. c:\windows\System32\ezsidmv.dat scheduled to be moved on reboot. OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03152009_163919
03152009_163919.res:
To:c:\windows\System32\ezsidmv.dat;From:C:\_OTMoveIt\MovedFiles\03152009_163919\windows\System32\ezsidmv.dat
Le fichier c:\windows\System32\ezsidmv.dat n'existe plus maintenent. Merci de m'aider.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
___________________
pour dernière vérification:
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
___________________
pour dernière vérification:
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
Salut, voila TCleaner.txt:
... et voila le rapport de Panda (Kaspersky marche pas sur Vista et BitDefender n'arrive pas a faire les mise a jours):
Merci beaucup.
[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ] -->- Recherche: C:\Combofix.txt: trouvé ! C:\TB.txt: trouvé ! C:\Combofix: trouvé ! C:\Qoobox: trouvé ! C:\_OtMoveIt: trouvé ! C:\Toolbar SD: trouvé ! C:\Rsit: trouvé ! C:\Program Files\HijackThis: trouvé ! C:\Program Files\HijackThis\HijackThis.exe: trouvé ! C:\Program Files\HijackThis\hijackthis.log: trouvé ! C:\Program Files\trend micro\HijackThis.exe: trouvé ! C:\Program Files\trend micro\hijackthis.log: trouvé ! C:\Users\Elie Mitri\AppData\Local\VirtualStore\Program Files\HijackThis: trouvé ! C:\Users\Elie Mitri\AppData\Local\VirtualStore\Program Files\HijackThis\hijackthis.log: trouvé ! C:\Users\Elie Mitri\Desktop\ComboFix.exe: trouvé ! C:\Users\Elie Mitri\Desktop\ToolBarSD.exe: trouvé ! C:\Users\Elie Mitri\Desktop\OTMoveIt3.exe: trouvé ! C:\Users\Elie Mitri\Desktop\Rsit.exe: trouvé ! --------------------------------- -->- Suppression: C:\Program Files\HijackThis\HijackThis.exe: ERREUR DE SUPPRESSION !! C:\Program Files\trend micro\HijackThis.exe: ERREUR DE SUPPRESSION !! C:\Users\Elie Mitri\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !! C:\Users\Elie Mitri\Desktop\ToolBarSD.exe: supprimé ! C:\Combofix.txt: ERREUR DE SUPPRESSION !! C:\TB.txt: ERREUR DE SUPPRESSION !! C:\Program Files\HijackThis\hijackthis.log: supprimé ! C:\Program Files\trend micro\hijackthis.log: ERREUR DE SUPPRESSION !! C:\Users\Elie Mitri\Desktop\OTMoveIt3.exe: supprimé ! C:\Users\Elie Mitri\Desktop\Rsit.exe: supprimé ! C:\Combofix: supprimé ! C:\Qoobox: supprimé ! C:\_OtMoveIt: supprimé ! C:\Toolbar SD: supprimé ! C:\Rsit: supprimé ! C:\Program Files\HijackThis: ERREUR DE SUPPRESSION !! C:\Users\Elie Mitri\AppData\Local\VirtualStore\Program Files\HijackThis: supprimé !
... et voila le rapport de Panda (Kaspersky marche pas sur Vista et BitDefender n'arrive pas a faire les mise a jours):
;*********************************************************************************************************************************************************************************** ANALYSIS: 2009-03-15 19:57:29 PROTECTIONS: 5 MALWARE: 24 SUSPECTS: 0 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== ESET NOD32 Antivirus 3.0 3.0 Yes Yes ZoneAlarm Anti-Spyware 8.0.065.000 No No ESET NOD32 Antivirus 3.0 3.0 No Yes Spybot - Search and Destroy 1.0.0.6 No No Windows Defender 1.1.1505.0 No Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Cookies\Low\stephanie@casalemedia[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Elie Mitri\AppData\Roaming\Microsoft\Windows\Cookies\Low\elie_mitri@doubleclick[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Cookies\Low\stephanie@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Elie Mitri\AppData\Roaming\Microsoft\Windows\Cookies\Low\elie_mitri@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Cookies\Low\stephanie@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Elie Mitri\AppData\Roaming\Microsoft\Windows\Cookies\elie_mitri@atdmt[2].txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Cookies\Low\stephanie@tradedoubler[1].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Elie Mitri\AppData\Roaming\Microsoft\Windows\Cookies\Low\elie_mitri@fastclick[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Cookies\Low\stephanie@tribalfusion[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Elie Mitri\AppData\Roaming\Microsoft\Windows\Cookies\elie_mitri@mediaplex[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Cookies\Low\stephanie@mediaplex[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Elie Mitri\AppData\Roaming\Microsoft\Windows\Cookies\Low\elie_mitri@xiti[1].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Cookies\Low\stephanie@statcounter[1].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Cookies\stephanie@perf.overture[1].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Elie Mitri\AppData\Roaming\Microsoft\Windows\Cookies\elie_mitri@perf.overture[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Cookies\Low\stephanie@ad.yieldmanager[2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Elie Mitri\AppData\Roaming\Microsoft\Windows\Cookies\Low\elie_mitri@apmebf[2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Cookies\Low\stephanie@apmebf[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Elie Mitri\AppData\Roaming\Microsoft\Windows\Cookies\elie_mitri@serving-sys[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Elie Mitri\AppData\Roaming\Microsoft\Windows\Cookies\Low\elie_mitri@serving-sys[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Cookies\Low\stephanie@serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Elie Mitri\AppData\Roaming\Microsoft\Windows\Cookies\Low\elie_mitri@bs.serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Cookies\Low\stephanie@bs.serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Elie Mitri\AppData\Roaming\Microsoft\Windows\Cookies\elie_mitri@bs.serving-sys[2].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Cookies\Low\stephanie@adtech[1].txt 00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Cookies\Low\stephanie@fl01.ct2.comclick[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Elie Mitri\AppData\Roaming\Microsoft\Windows\Cookies\Low\elie_mitri@advertising[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Cookies\Low\stephanie@advertising[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Elie Mitri\AppData\Roaming\Microsoft\Windows\Cookies\elie_mitri@ads.pointroll[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Cookies\stephanie@ads.pointroll[1].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Cookies\Low\stephanie@overture[1].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Elie Mitri\AppData\Roaming\Microsoft\Windows\Cookies\Low\elie_mitri@bluestreak[2].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Cookies\Low\stephanie@bluestreak[2].txt 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Cookies\Low\stephanie@adultfriendfinder[2].txt 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Elie Mitri\AppData\Roaming\Microsoft\Windows\Cookies\Low\elie_mitri@smartadserver[1].txt 01185375 Application/Psexec.A HackTools No 0 Yes No C:\WINDOWS\PSEXESVC.EXE 03738695 Generic Malware Virus/Trojan No 0 Yes Yes E:\Elie\Downloads\Nero.8.Ultra Edition.v8.2.8.0.Incl.Keymaker\Nero.8.Ultra Edition.v8.2.8.0.Incl.Keymaker\keymaker.exe ;=================================================================================================================================================================================== SUSPECTS Sent Location ɫ39 ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description ɫ39 ;=================================================================================================================================================================================== ;===================================================================================================================================================================================
Merci beaucup.
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)
:files
C:\WINDOWS\PSEXESVC.EXE
E:\Elie\Downloads\Nero.8.Ultra Edition.v8.2.8.0.Incl.Keymaker\Nero.8.Ultra Edition.v8.2.8.0.Incl.Keymaker\keymaker.exe
c:\windows\System32\ezsidmv.dat
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\trend micro\HijackThis.exe
C:\Users\Elie Mitri\Desktop\ComboFix.exe
C:\TB.txt
C:\Program Files\trend micro\hijackthis.log
C:\Program Files\HijackThis
:commands
[purity]
[emptytemp]
[start explorer]
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
___________________________
Télécharge ToolsCleaner sur ton bureau.
--> https://www.commentcamarche.net/telecharger/ 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
voilà cela devrait etre bon!
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)
:files
C:\WINDOWS\PSEXESVC.EXE
E:\Elie\Downloads\Nero.8.Ultra Edition.v8.2.8.0.Incl.Keymaker\Nero.8.Ultra Edition.v8.2.8.0.Incl.Keymaker\keymaker.exe
c:\windows\System32\ezsidmv.dat
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\trend micro\HijackThis.exe
C:\Users\Elie Mitri\Desktop\ComboFix.exe
C:\TB.txt
C:\Program Files\trend micro\hijackthis.log
C:\Program Files\HijackThis
:commands
[purity]
[emptytemp]
[start explorer]
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
___________________________
Télécharge ToolsCleaner sur ton bureau.
--> https://www.commentcamarche.net/telecharger/ 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
voilà cela devrait etre bon!
Voila le rapport de OTMoveIt:
Et voila le rapport de ToolsCleaner:
Je l'ai fait une deuxième fois:
========== FILES ========== C:\WINDOWS\PSEXESVC.EXE moved successfully. File/Folder E:\Elie\Downloads\Nero.8.Ultra Edition.v8.2.8.0.Incl.Keymaker\Nero.8.Ultra Edition.v8.2.8.0.Incl.Keymaker\keymaker.exe not found. c:\windows\System32\ezsidmv.dat moved successfully. C:\Program Files\HijackThis\HijackThis.exe moved successfully. C:\Program Files\trend micro\hijackthis.exe moved successfully. C:\Users\Elie Mitri\Desktop\ComboFix.exe moved successfully. C:\TB.txt moved successfully. C:\Program Files\trend micro\hijackthis.log moved successfully. C:\Program Files\HijackThis moved successfully. ========== COMMANDS ========== File delete failed. C:\Users\ELIEMI~1\AppData\Local\Temp\logger.log scheduled to be deleted on reboot. File delete failed. C:\Users\ELIEMI~1\AppData\Local\Temp\~DF5478.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. File delete failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be deleted on reboot. File delete failed. C:\Windows\temp\ZLT03e12.TMP scheduled to be deleted on reboot. Windows Temp folder emptied. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03162009_165720 Files moved on Reboot... C:\Users\ELIEMI~1\AppData\Local\Temp\logger.log moved successfully. C:\Users\ELIEMI~1\AppData\Local\Temp\~DF5478.tmp moved successfully. File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot. File C:\Windows\temp\ZLT03e12.TMP not found!
Et voila le rapport de ToolsCleaner:
[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ] -->- Recherche: C:\Combofix.txt: trouvé ! C:\_OtMoveIt: trouvé ! C:\Users\Elie Mitri\Desktop\OTMoveIt3.exe: trouvé ! C:\_OTMoveIt\MovedFiles\03162009_165720\TB.txt: trouvé ! C:\_OTMoveIt\MovedFiles\03162009_165720\Program Files\HijackThis: trouvé ! C:\_OTMoveIt\MovedFiles\03162009_165720\Program Files\HijackThis\HijackThis.exe: trouvé ! C:\_OTMoveIt\MovedFiles\03162009_165720\Program Files\HijackThis\hijackthis.log: trouvé ! C:\_OTMoveIt\MovedFiles\03162009_165720\Program Files\trend micro\HijackThis.exe: trouvé ! C:\_OTMoveIt\MovedFiles\03162009_165720\Program Files\trend micro\hijackthis.log: trouvé ! C:\_OTMoveIt\MovedFiles\03162009_165720\Users\Elie Mitri\Desktop\ComboFix.exe: trouvé ! --------------------------------- -->- Suppression: C:\_OTMoveIt\MovedFiles\03162009_165720\Program Files\HijackThis\HijackThis.exe: supprimé ! C:\_OTMoveIt\MovedFiles\03162009_165720\Program Files\trend micro\HijackThis.exe: supprimé ! C:\_OTMoveIt\MovedFiles\03162009_165720\Users\Elie Mitri\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !! C:\Combofix.txt: ERREUR DE SUPPRESSION !! C:\Users\Elie Mitri\Desktop\OTMoveIt3.exe: supprimé ! C:\_OTMoveIt\MovedFiles\03162009_165720\TB.txt: ERREUR DE SUPPRESSION !! C:\_OTMoveIt\MovedFiles\03162009_165720\Program Files\HijackThis\hijackthis.log: supprimé ! C:\_OTMoveIt\MovedFiles\03162009_165720\Program Files\trend micro\hijackthis.log: supprimé ! C:\_OtMoveIt: ERREUR DE SUPPRESSION !! C:\_OTMoveIt\MovedFiles\03162009_165720\Program Files\HijackThis: supprimé ! Fichiers temporaires nettoyés ! Corbeille vidée!
Je l'ai fait une deuxième fois:
[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ] -->- Recherche: C:\Combofix.txt: trouvé ! C:\_OtMoveIt: trouvé ! C:\_OTMoveIt\MovedFiles\03162009_165720\TB.txt: trouvé ! C:\_OTMoveIt\MovedFiles\03162009_165720\Users\Elie Mitri\Desktop\ComboFix.exe: trouvé ! --------------------------------- -->- Suppression: C:\_OTMoveIt\MovedFiles\03162009_165720\Users\Elie Mitri\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !! C:\Combofix.txt: supprimé ! C:\_OTMoveIt\MovedFiles\03162009_165720\TB.txt: supprimé ! C:\_OtMoveIt: supprimé !
TB.txt:
malwarebit:
log.txt:
info.txt:
<code>info.txt logfile of random's system information tool 1.05 2009-03-15 11:57:39
======Uninstall list======
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Adventures\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chessmaster Challenge\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash - Flo on the Go\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest 2 - Tournament Edition\Uninstall.exe"
-->"C:\Program Files\HP Games\Luxor 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Poker Superstars 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\SpongeBob SquarePants 3D Obstacle Odyssey\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Swarm\Uninstall.exe"
-->"C:\Program Files\HP Games\Tank-o-Box\Uninstall.exe"
-->"C:\Program Files\HP Games\The Treasures of Montezuma\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->C:\Program Files\InstallShield Installation Information\{2460923D-1AA6-47FE-A375-76308780D20F}\setup.exe -runfromtemp -l0x0009
-->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{B2C4A8C4-AA20-425D-9FEE-C78039238C81}\setup.exe -runfromtemp -l0x0009 -removeonly
-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
7-Zip 4.20-->"C:\Program Files\7-Zip\Uninstall.exe"
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Antidote RX v2-->MsiExec.exe /X{A474EA56-5DBD-4181-8230-806A4762EA7F}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
a-squared Free 4.0-->"C:\Program Files\a-squared Free\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
BitComet 1.09-->C:\Program Files\BitComet\uninst.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
CrossLoop 2.41-->"C:\Program Files\CrossLoop\unins000.exe"
Day of Defeat: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/300
DVDx-->"C:\Program Files\DVDx\unins000.exe"
EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
ESET NOD32 Antivirus-->MsiExec.exe /I{944BFDEB-868F-4943-A37C-2852C7D9824A}
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x040c -removeonly
Half-Life 2: Deathmatch-->"C:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Lost Coast-->"C:\Program Files\Steam\steam.exe" steam://uninstall/340
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Active Support Library 32 bit components-->MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor-->MsiExec.exe /X{0DDA7620-4F8B-43B3-8828-CA5EE292FA3B}
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel® Viiv™ Software-->MsiExec.exe /X{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B} /qb!
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
K-Lite Codec Pack 4.7.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech Gaming Software 5.02-->MsiExec.exe /X{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}
LOOXIS Faceworx 1.0-->"c:\LOOXIS\Faceworx\uninst\unins000.exe"
Luxor-->"C:\Program Files\Luxor\ReflexiveArcade\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Age of Empires II: The Conquerors Expansion-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{59E4543A-D49D-4489-B445-473D763C79AF}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Music Transfer-->C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe -runfromtemp -l0x0009 -removeonly
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{14AF024E-2E3B-49D0-A175-D1C1A06B155A}\setup.exe -runfromtemp -l0x0009 -removeonly
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Nero 8 Micro v8.0.3.0-->"C:\Program Files\Nero\unins000.exe"
NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
Picasa 3-->"C:\Users\Elie Mitri\Desktop\Google\Picasa3\Uninstall.exe"
Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
ROCKIT PRO DJ 4.1-->C:\SoftJock\RockitProDJ41\uninst.exe
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x040c -removeonly
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Snapfish Picture Mover-->MsiExec.exe /X{029B5901-1F27-4347-9923-E8ACC8F54E15}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
TightVNC 1.3.9-->"C:\Program Files\TightVNC\unins000.exe"
Tom Clancy's Splinter Cell Double Agent-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAD1691A-FA24-4B95-9009-3257B8440ECC}\setup.exe" -l0x9 -removeonly
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
======Security center information======
AV: ESET NOD32 Antivirus 3.0
FW: ZoneAlarm Firewall
AS: ZoneAlarm Anti-Spyware (outdated)
AS: ESET NOD32 Antivirus 3.0
AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows Defender
System event log
Computer Name: ElieMitri-PC
Event Code: 1103
Message: Your computer was successfully assigned an address from the network, and it can now connect to other computers.
Record Number: 44265
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090315154751.000000-000
Event Type: Information
User:
Computer Name: ElieMitri-PC
Event Code: 1103
Message: Your computer was successfully assigned an address from the network, and it can now connect to other computers.
Record Number: 44266
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090315154958.000000-000
Event Type: Information
User:
Merci beaucoup.