Virus, spybot bloqué

mati62 -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour, je suis infecté par des virus, avast et spybot sont inactif, pouvez vous m'aider?
Voici la copie du scan de hijackthis. D'avance merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:21, on 25/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\documents and settings\géricom\local settings\application data\xdmps.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\GRICOM~1\LOCALS~1\Temp\2420un38.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Géricom\Local Settings\Temporary Internet Files\Content.IE5\87ZV2K9X\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Earn2Life Bar - {93344865-74BD-4873-BE65-56539D41A65C} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BrainStim] C:\Program Files\SubliSoft\SubliSoft.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [acuxcuxb] c:\documents and settings\géricom\local settings\application data\acuxcuxb.exe acuxcuxb
O4 - HKCU\..\Run: [docqergl] "c:\documents and settings\géricom\local settings\application data\docqergl.exe" docqergl
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [xdmps] "c:\documents and settings\géricom\local settings\application data\xdmps.exe" xdmps
O4 - HKCU\..\Run: [be8x5jzu.exe] C:\DOCUME~1\GRICOM~1\LOCALS~1\Temp\be8x5jzu.exe
O4 - HKCU\..\Run: [2420un38.exe] C:\WINDOWS\system32\2420un38.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - http://france.intercasino.com/ (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - http://france.intercasino.com/ (file missing) (HKCU)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_1_0.cab
O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} (Earn2Life Bar) - https://www.e2l-net.com/plugin/Earn2Life.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C2483F7-E85D-4FE4-A1E6-F7DA199C83CC}: NameServer = 85.255.112.67,85.255.112.170
O17 - HKLM\System\CCS\Services\Tcpip\..\{25BA1E29-0624-43E5-BA47-21D7F56EEDC5}: NameServer = 85.255.112.67,85.255.112.170
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.67,85.255.112.170
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C2483F7-E85D-4FE4-A1E6-F7DA199C83CC}: NameServer = 85.255.112.67,85.255.112.170
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.67,85.255.112.170
O17 - HKLM\System\CS4\Services\Tcpip\..\{0C2483F7-E85D-4FE4-A1E6-F7DA199C83CC}: NameServer = 85.255.112.67,85.255.112.170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.67,85.255.112.170
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows MSI - Unknown owner - \\?\globalrootC:\WINDOWS\system32\msihost.exe (file missing)

--
End of file - 10316 bytes
Configuration: Windows XP Internet Explorer 6.0

34 réponses

  • 1
  • 2
  1. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
     
    Bonjour

    - télecharge WORT http://pc-system.fr/ (dj QUIOU) sur le Bureau.

    - redémarre ton PC pour passer en mode sans échec (touche F8 au démarrage )

    -Double-clique sur le fichier WORT.exe (si tu es sous Vista: clic droit/ executer en tant qu'administrateur, en ayant pris soin de désactiver l'UAC avant) et sélectionne le bureau à l'aide du bouton "Browse".

    -Suis les instructions et double-clique sur le fichier WareOut_Removal_Tool.bat qui vient d'être créé sur le Bureau.(si tu es sous Vista: clic droit/ executer en tant qu'administrateur, en ayant pris soin de désactiver l'UAC avant)

    -Sélectionne l'option 1 et valide par entrée.

    - A la fin de l'analyse, poste le contenu du rapport qui s'affiche à l'écran
    1
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt
    il y a du boulot!!!!

    tu es détourné en ukraine
    et tu as des rootkits ....

    télécharge GenProc http://www.genproc.com/GenProc.exe

    double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt toptitbal,

    je te laisse la main !
    0
  4. totobetourne Messages postés 5677 Statut Membre 65
     
    differentes infections.fait deja cela .il faudrait faire attention a quoi tu cliques, c est rempli d infection.

    1)1)Télécharge WORT de pc-system.fr(team sécurité MH)
    http://pc-system.fr/

    Crée un dossier C:\WORT et dézippe le dedans
    Installe les fichiers en cliquant sur WORT.exe

    redémarre en mode sans échec(pour cela,redémarre ton PC,avant que l'icône Windows apparaisse,tapote la touche [F8] ou [F5],ensuite,choisis dans le panneau "Démarrer en mode sans échec" puis appuye sur la touche [Enter])

    Ouvre le dossier et clique sur WareOut_Removal_Tool.bat
    Choisis l'option 1
    Un rapport serat créé;Il sera enregistré dans C:\WORT\WORT_report.txt
    si le tool te propose d'éxécuter le fichier WORTregfix.reg, accepte en cliquant deux fois de suite sur "OUI".
    Redémarre en mode normal et poste le rapport.

    tutoriel d'aide ici

    relance le tool en cliquant sur WareOut_Removal_Tool.bat

    choisis l'option 6 et laisse travailler le tool

    2)pour voir télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. mati62
     
    Voici le rapport de wort;

    ===== Rapport WareOut Removal Tool =====

    version 3.6.2

    analyse effectuée le 25/08/2009 à 16:07:50,59

    Résultats de l'analyse :
    ========================

    ~~~~ Recherche d'infections dans C:\ ~~~~

    ~~~~ Recherche d'infections dans C:\Program Files\ ~~~~

    ~~~~ Recherche d'infections dans C:\WINDOWS\system\ ~~~~

    ~~~~ Recherche d'infections dans C:\WINDOWS\system32\ ~~~~

    ~~~~ Recherche d'infections dans C:\WINDOWS\system32\drivers\ ~~~~

    ~~~~ Recherche d'infections dans C:\Documents and Settings\G‚ricom\Application Data\ ~~~~

    ~~~~ Recherche d'infections dans C:\Documents and Settings\G‚ricom\Bureau\ ~~~~

    ~~~~ Recherche de détournement de DNS ~~~~

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.112.67,85.255.112.170
    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0C2483F7-E85D-4FE4-A1E6-F7DA199C83CC}]
    NameServer REG_SZ 85.255.112.67,85.255.112.170
    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{25BA1E29-0624-43E5-BA47-21D7F56EEDC5}]
    NameServer REG_SZ 85.255.112.67,85.255.112.170
    DhcpNameServer REG_SZ 85.255.112.67,85.255.112.170
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.112.67,85.255.112.170
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0C2483F7-E85D-4FE4-A1E6-F7DA199C83CC}]
    NameServer REG_SZ 85.255.112.67,85.255.112.170
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{25BA1E29-0624-43E5-BA47-21D7F56EEDC5}]
    NameServer REG_SZ 85.255.112.67,85.255.112.170
    DhcpNameServer REG_SZ 85.255.112.67,85.255.112.170
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.112.67,85.255.112.170
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Tcpip\Parameters\Interfaces\{0C2483F7-E85D-4FE4-A1E6-F7DA199C83CC}]
    NameServer REG_SZ 85.255.112.67,85.255.112.170
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Tcpip\Parameters\Interfaces\{25BA1E29-0624-43E5-BA47-21D7F56EEDC5}]
    NameServer REG_SZ 85.255.112.67,85.255.112.170
    DhcpNameServer REG_SZ 85.255.112.67,85.255.112.170

    ~~~~ Recherche de Rootkits ~~~~

    _______________________________________________________________________

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-25 16:08:05
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    _______________________________________________________________________

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    System REG_SZ

    ~~~~ Recherche d'infections dans C:\DOCUME~1\GRICOM~1\LOCALS~1\Temp\ ~~~~

    ~~~~ Recherche d'infections dans C:\Documents and Settings\G‚ricom\Start Menu\Programs\ ~~~~

    ~~~~ Nettoyage du registre ~~~~

    ~~~~ Tentative de réparation des entrées suivantes: ~~~~

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] = "System"

    [HKLM\SYSTEM\CurrentControlSet\Services\Windows Tribute Service]
    [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Windows Tribute Service]

    ~~~~ Vérification: ~~~~

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    System REG_SZ

    _________________________________

    développé par http://pc-system.fr
    _________________________________

    Je continue avec cette meme application avec l'option 6 et pas au 2)
    0
  7. totobetourne Messages postés 5677 Statut Membre 65
     
    oui et colle le rapport. apres tu feras combo fix
    0
  8. mati62
     
    il n'y a pas d'option 6, seulement 4, a quoi correspond l'option 6
    0
  9. totobetourne Messages postés 5677 Statut Membre 65
     
    fait l option suppression.
    0
  10. mati62
     
    Voici le scan de comboFix

    ComboFix 09-08-24.06 - Géricom 27/08/2009 2:48.2.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1007.734 [GMT 2:00]
    Running from: c:\documents and settings\Géricom\Bureau\ComboFix.exe
    AV: avast! antivirus 4.8.1335 [VPS 090826-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\qpyhw5ce.exe
    .
    ---- Previous Run -------
    .
    c:\documents and settings\All Users\Bureau\WebMediaPlayer.lnk
    c:\documents and settings\Géricom\Local Settings\Application Data\acuxcuxb.dat
    c:\documents and settings\Géricom\Local Settings\Application Data\acuxcuxb_nav.dat
    c:\documents and settings\Géricom\Local Settings\Application Data\acuxcuxb_navps.dat
    c:\documents and settings\Géricom\Local Settings\Application Data\docqergl.dat
    c:\documents and settings\Géricom\Local Settings\Application Data\docqergl_nav.dat
    c:\documents and settings\Géricom\Local Settings\Application Data\docqergl_navps.dat
    c:\documents and settings\Géricom\Local Settings\Application Data\oqcwemk.dat
    c:\documents and settings\Géricom\Local Settings\Application Data\oqcwemk_navps.dat
    c:\documents and settings\Géricom\Local Settings\Application Data\xdmps.dat
    c:\documents and settings\Géricom\Local Settings\Application Data\xdmps.exe
    c:\documents and settings\Géricom\Local Settings\Application Data\xdmps_nav.dat
    c:\documents and settings\Géricom\Local Settings\Application Data\xdmps_navps.dat
    c:\program files\webmediaplayer\resources\wmp_translation_file.xml
    c:\program files\webmediaplayer\skins\classic.skn
    c:\program files\webmediaplayer\sqlite3.dll
    c:\program files\webmediaplayer\uninst.exe
    c:\windows\1016z5eal14259.bin
    c:\windows\1039zro53ae.ocx
    c:\windows\10580not-a-vi5zs79.exe
    c:\windows\1093zvirus4855.ocx
    c:\windows\11777not9a-vz5us2eb.ocx
    c:\windows\1196thre5z27090.dll
    c:\windows\11fzt9reat15206.exe
    c:\windows\12599vizus357.bin
    c:\windows\13195spy24z.dll
    c:\windows\1349zhac5tool335.dll
    c:\windows\1395doznloade53219.exe
    c:\windows\139z5s5y57c.bin
    c:\windows\1459downlozder817.dll
    c:\windows\145z9vir5sec.ocx
    c:\windows\14644s9amzot53f.bin
    c:\windows\14c2vir9195z.ocx
    c:\windows\15425zpambot9af.exe
    c:\windows\1557s5za9902.dll
    c:\windows\15604szam5ot96f.ocx
    c:\windows\15916no9-a-virzs326.exe
    c:\windows\15z8ad59are2172.bin
    c:\windows\1648troj95z.cpl
    c:\windows\16634hz9ktool554.dll
    c:\windows\1695z59ojaa.cpl
    c:\windows\170z65p9mbot38.ocx
    c:\windows\1734notza-vir95350.ocx
    c:\windows\17595zr9j585.dll
    c:\windows\17853zot-a-vi59s8e.dll
    c:\windows\183109ozm425.dll
    c:\windows\187z1hack5oo94b4.dll
    c:\windows\18975wzrm352.ocx
    c:\windows\189zthi5f62.dll
    c:\windows\189zworm5fc5.exe
    c:\windows\18f0thief294z5.ocx
    c:\windows\1923hacktoo979z5.exe
    c:\windows\1924addwzr5937.ocx
    c:\windows\19515tr5jz98.dll
    c:\windows\19557zot-9-virus584.bin
    c:\windows\19591zpy598.ocx
    c:\windows\19805spamb5t9z9.bin
    c:\windows\1985vir9z55.ocx
    c:\windows\1999zr295.bin
    c:\windows\19f5spzrse1350.dll
    c:\windows\1c55zddware15059.ocx
    c:\windows\1e91tzie51316.cpl
    c:\windows\1z350no5-a-9irus1fe.cpl
    c:\windows\1z3759r5j793.dll
    c:\windows\1z3baddw5re23049.exe
    c:\windows\1z419s5y599.cpl
    c:\windows\20520hacktool5a9z.ocx
    c:\windows\2079ha9k5zol5ed.cpl
    c:\windows\20949sz57dd.exe
    c:\windows\20a35tza91571.dll
    c:\windows\20as9eaz21695.dll
    c:\windows\21321v5ru910bz.ocx
    c:\windows\21924w5rz93f.cpl
    c:\windows\21972not-azvi5us696.cpl
    c:\windows\21995szy744.bin
    c:\windows\21d9sparze5941.ocx
    c:\windows\22217not-a-vir955ez.cpl
    c:\windows\2252threat590z2.cpl
    c:\windows\22583hackzool9ff.dll
    c:\windows\22z395roj1f1.ocx
    c:\windows\232619orm5z5.dll
    c:\windows\23379ir5485z.bin
    c:\windows\23537spamboz988.dll
    c:\windows\23568not-a-virus9z45.cpl
    c:\windows\2359zown9oade5899.exe
    c:\windows\2395stealz019.dll
    c:\windows\2445zh9ef915.cpl
    c:\windows\24669virz59c9.cpl
    c:\windows\2473stezl9905.dll
    c:\windows\24b9t9r5at94z.cpl
    c:\windows\24z43not-9-v5rus710.exe
    c:\windows\25102not-a9vi5uz7f1.exe
    c:\windows\2534bazkd9or1714.exe
    c:\windows\254espyw9rez38.exe
    c:\windows\25527hack9ool2ze5.cpl
    c:\windows\2559zspambot565.exe
    c:\windows\25692szy657.exe
    c:\windows\25872hacktool192z.exe
    c:\windows\25975virzs556.dll
    c:\windows\259z7no5-a-virus98.cpl
    c:\windows\25beadzware1339.bin
    c:\windows\25z5steal3298.exe
    c:\windows\25z709ot-a-virus511.ocx
    c:\windows\26179tr9z5f1.cpl
    c:\windows\2635hack9ool61z.ocx
    c:\windows\26406not-a-v9ru5z39.dll
    c:\windows\264915irus5z7.exe
    c:\windows\270z9vir5s39.cpl
    c:\windows\279475pz3f9.bin
    c:\windows\28130zi95s698.dll
    c:\windows\28369zor545d.cpl
    c:\windows\28695worz2d39.ocx
    c:\windows\2906zspambot5a7.cpl
    c:\windows\29234s9az5ot1ae.cpl
    c:\windows\29310haczt5o96f0.ocx
    c:\windows\2947vir251z.cpl
    c:\windows\29685hacktoz91a3.ocx
    c:\windows\2969wzr538c.exe
    c:\windows\29711hackt9olzf95.bin
    c:\windows\29945troz725.bin
    c:\windows\2996hacktool7b5z.bin
    c:\windows\29z955py3ef.dll
    c:\windows\2a9fdo9zloader1165.ocx
    c:\windows\2b46d95nloader1609z.dll
    c:\windows\2c49sp5r9e261z.ocx
    c:\windows\2f53tzi9f279.ocx
    c:\windows\2z169tro590.bin
    c:\windows\2z197worm425.dll
    c:\windows\2z224w9rm67b5.bin
    c:\windows\2z2545p9733.exe
    c:\windows\2z7949o5m750.cpl
    c:\windows\2z898spy5f45.bin
    c:\windows\2z947s5y7c7.cpl
    c:\windows\2z9829orm75c.ocx
    c:\windows\301965pa9bot5zf.exe
    c:\windows\30415zi9us125.bin
    c:\windows\30636hacktozl1895.dll
    c:\windows\30929h5ck9ool5f3z.dll
    c:\windows\30958hackt9zl108.ocx
    c:\windows\30z4sp5rse1298.bin
    c:\windows\310b5h9eatz6963.ocx
    c:\windows\31559ha9ktozl605.cpl
    c:\windows\315z9hief2032.cpl
    c:\windows\3187zd5ware1559.ocx
    c:\windows\31959virus1az.dll
    c:\windows\31z9v5ruse5.bin
    c:\windows\31zfaddwar95187.ocx
    c:\windows\321f5hrzat26993.cpl
    c:\windows\32481zirus92c5.dll
    c:\windows\32d1backdoor9544z.dll
    c:\windows\32z52wo5m927.exe
    c:\windows\3374ad9zare28295.exe
    c:\windows\339bbaczdo5r750.exe
    c:\windows\33c49oznload5r1835.exe
    c:\windows\33e2tzrea519472.bin
    c:\windows\342adownlzader9538.dll
    c:\windows\356av9z21465.ocx
    c:\windows\35a5downloadez2961.bin
    c:\windows\35c9th9ef1z95.cpl
    c:\windows\3659vzr2559.ocx
    c:\windows\36cbsp9ware3055z.ocx
    c:\windows\36z69ddwa5e1979.exe
    c:\windows\3813vzr9564.bin
    c:\windows\384zspy599.cpl
    c:\windows\38dspzwa5e594.dll
    c:\windows\39121zroj3915.dll
    c:\windows\391dviz19245.bin
    c:\windows\3925virus977z.dll
    c:\windows\39565wzrm755.cpl
    c:\windows\39c2sp5zse9374.ocx
    c:\windows\3az5addwa9e2721.bin
    c:\windows\3c05za5k9oor3153.bin
    c:\windows\3c47downl5ad9r12z7.ocx
    c:\windows\3d6cz9wnloader5955.dll
    c:\windows\3z12troj7595.dll
    c:\windows\3z1th9eat25151.bin
    c:\windows\3z757hack9ool45e.exe
    c:\windows\3z9fthie52293.exe
    c:\windows\42z2thi5f955.ocx
    c:\windows\4346tz9ef2575.cpl
    c:\windows\44059parse220z.ocx
    c:\windows\4480zo5m979.dll
    c:\windows\44f0v9rz445.dll
    c:\windows\454cth9efz61.bin
    c:\windows\455ebackdzo91902.dll
    c:\windows\47f9vi9305z5.bin
    c:\windows\4925vir1759z.ocx
    c:\windows\496zth5ef207.cpl
    c:\windows\4989pamzot555.dll
    c:\windows\4998vizu5998.cpl
    c:\windows\49d2thrzat9580.cpl
    c:\windows\49d4steaz1850.exe
    c:\windows\4a0ethreat157z69.dll
    c:\windows\4a24addw9ze1516.dll
    c:\windows\4ad8zddwar91581.exe
    c:\windows\4ccz5i9540.ocx
    c:\windows\4e49stzal5478.dll
    c:\windows\50709ormzec.bin
    c:\windows\5093spa9bot6z7.bin
    c:\windows\5099backdooz2936.ocx
    c:\windows\517aa5dwaze25089.dll
    c:\windows\5211s9arse5z2.bin
    c:\windows\5215hief9z92.exe
    c:\windows\52199spambot4z6.dll
    c:\windows\524zteal2879.bin
    c:\windows\52a9thre5z7075.exe
    c:\windows\52ba9zdware2046.dll
    c:\windows\52c3stza56139.ocx
    c:\windows\52c5s9zrse1600.bin
    c:\windows\52eabackdooz19519.ocx
    c:\windows\52z7vi9191.dll
    c:\windows\5346v59111z.dll
    c:\windows\5409ztro9793.exe
    c:\windows\54114hackt9ol7c7z.dll
    c:\windows\550cszars9576.exe
    c:\windows\5542dowzload9r6485.dll
    c:\windows\555ead9wzre1343.cpl
    c:\windows\55c9threa52z855.bin
    c:\windows\565429irus11cz.cpl
    c:\windows\568fad9za5e16.bin
    c:\windows\5697azdware16539.cpl
    c:\windows\5699troz1f85.dll
    c:\windows\57641w9rz7f5.cpl
    c:\windows\5794sza5se2565.cpl
    c:\windows\57ezadd59re585.ocx
    c:\windows\58268tr9j61bz.ocx
    c:\windows\593znot-a9virus1c5.ocx
    c:\windows\5949zir2099.bin
    c:\windows\5960s5ars9z005.cpl
    c:\windows\5980zir1945.exe
    c:\windows\5988azdwa5e1559.exe
    c:\windows\599backdzor22735.bin
    c:\windows\59z84not-a-viru967.dll
    c:\windows\5d55sp9wzre560.dll
    c:\windows\5f0bsparse239z.dll
    c:\windows\5fb5st9al5249z.exe
    c:\windows\5z05threat116639.bin
    c:\windows\5z31sp5mbot29f.ocx
    c:\windows\5z6d5pyware9347.exe
    c:\windows\5z775spy1da9.dll
    c:\windows\5z77ad9ware2020.cpl
    c:\windows\5z980spya9.dll
    c:\windows\6059szeal985.cpl
    c:\windows\6217notz5-vi9us537.cpl
    c:\windows\629d5hiefz198.exe
    c:\windows\644ddownload5rz349.bin
    c:\windows\6550sparse914z.exe
    c:\windows\656bs5ea92042z.cpl
    c:\windows\65d1zir2893.cpl
    c:\windows\65z3b9ckdoor831.exe
    c:\windows\6638b9ckdoo5310z.cpl
    c:\windows\6681zd95are2021.ocx
    c:\windows\66959ddzare1198.cpl
    c:\windows\6699threat58z5.dll
    c:\windows\674edownload9r2z65.exe
    c:\windows\6939ziru5120.cpl
    c:\windows\694fa5dware9z27.bin
    c:\windows\6a69thi5f99z5.bin
    c:\windows\6b98backdoo5z351.ocx
    c:\windows\6bz9add5are1462.exe
    c:\windows\6e40sze953263.exe
    c:\windows\6z55spyware13959.ocx
    c:\windows\6z95spywa9e2550.exe
    c:\windows\6zdst5al17289.cpl
    c:\windows\724259ckdoor273z.exe
    c:\windows\731bdownload5rz0879.cpl
    c:\windows\7363s5ywar91z12.dll
    c:\windows\7459acktooz2a5.ocx
    c:\windows\7537virus3a9z.ocx
    c:\windows\7587z9oj4625.cpl
    c:\windows\7588zpyware3940.bin
    c:\windows\7595notza-vi9us2aa.dll
    c:\windows\768baczd9o51800.exe
    c:\windows\77359hiz52842.exe
    c:\windows\7769szy5ar91888.ocx
    c:\windows\789cspywa9e255z.ocx
    c:\windows\78b2down5oade9z531.bin
    c:\windows\79985roj753z.cpl
    c:\windows\7aa6tzr5at135059.ocx
    c:\windows\7b35th9eat7z66.dll
    c:\windows\7bde9ddwar5930z.dll
    c:\windows\7c6d9tealz8185.dll
    c:\windows\7cd6back5zor1590.bin
    c:\windows\7d95v9r9z8.ocx
    c:\windows\7e29vir2z895.bin
    c:\windows\7f9spyware94z5.dll
    c:\windows\7z9dd9wnloader2915.dll
    c:\windows\7zc4st95l2099.ocx
    c:\windows\8829t5oj2z9.bin
    c:\windows\8857n9t-a-virus7az.dll
    c:\windows\8ezv5r9326.dll
    c:\windows\8f5th9eat7601z.bin
    c:\windows\9040a5dwaze1211.bin
    c:\windows\9075z5roj10c.ocx
    c:\windows\91a1spyware1582z.dll
    c:\windows\9250sz52269.ocx
    c:\windows\932105irzs92.bin
    c:\windows\93422tz5j42a.bin
    c:\windows\93573spy1a7z.dll
    c:\windows\9364z9y657.ocx
    c:\windows\93725pz773.dll
    c:\windows\939virzs57.bin
    c:\windows\93b8steaz21975.ocx
    c:\windows\94529wzr56b6.exe
    c:\windows\9472backdo5rz993.cpl
    c:\windows\94852not-a-viruz58a.dll
    c:\windows\95282wo5m6d2z.cpl
    c:\windows\95468spa5zot263.ocx
    c:\windows\95605not-a-virusz00.exe
    c:\windows\95d9zhief1224.ocx
    c:\windows\95f1spy5zre2558.cpl
    c:\windows\95f5ir2z75.dll
    c:\windows\96059spa5botz7.ocx
    c:\windows\96515ackdzor1065.ocx
    c:\windows\9653spyware1z36.ocx
    c:\windows\96795or9zbb.exe
    c:\windows\9769do5nloadzr962.exe
    c:\windows\9803th5ef21z1.exe
    c:\windows\983359zm498.cpl
    c:\windows\9894not-a-virzs665.ocx
    c:\windows\9898zvir5s7a5.bin
    c:\windows\99166wor542z.ocx
    c:\windows\9948zwo5m1b3.ocx
    c:\windows\9977hac5toolz53.dll
    c:\windows\9ebdowzl9ader30965.cpl
    c:\windows\9z560w5rm6fa.exe
    c:\windows\9z57threat1353.exe
    c:\windows\a3kebook.ini
    c:\windows\akebook.ini
    c:\windows\ANS2000.INI
    c:\windows\b4fspy9are2559z.ocx
    c:\windows\bbdb95kzoor1708.cpl
    c:\windows\c19azdwa9e31895.dll
    c:\windows\c50spy9are51z.ocx
    c:\windows\d99virz509.exe
    c:\windows\df5zparse6779.bin
    c:\windows\dz9vi91535.bin
    c:\windows\f95thrzat13145.dll
    c:\windows\fz2ste5l9779.dll
    c:\windows\Installer\b91bf.msp
    c:\windows\Installer\b91d3.msp
    c:\windows\Installer\b91e6.msp
    c:\windows\system32\10402vir591zb.exe
    c:\windows\system32\10581w9rm1z5.bin
    c:\windows\system32\10950s5y6e9z.exe
    c:\windows\system32\109965pz7e2.ocx
    c:\windows\system32\10z39sp9mbo5160.cpl
    c:\windows\system32\1113vizus2519.exe
    c:\windows\system32\11314zr953a.dll
    c:\windows\system32\11745viru9267z.cpl
    c:\windows\system32\11854v9rusz8d5.cpl
    c:\windows\system32\11dbs9y5are286z.dll
    c:\windows\system32\11ebspazse25499.bin
    c:\windows\system32\1226vir295z.ocx
    c:\windows\system32\1250not-a-vz9us57b.cpl
    c:\windows\system32\1262s5am9oz517.cpl
    c:\windows\system32\12638ha95tool6zb.exe
    c:\windows\system32\12859wo9mz685.exe
    c:\windows\system32\12z97h5cktool667.ocx
    c:\windows\system32\13156vir9szf.exe
    c:\windows\system32\13199h9cktozl356.ocx
    c:\windows\system32\13389worz4569.dll
    c:\windows\system32\136zs5yware349.dll
    c:\windows\system32\139z7tro56e0.dll
    c:\windows\system32\14059spa9bzt4975.exe
    c:\windows\system32\14750spa5bzt394.ocx
    c:\windows\system32\14z95spambot28c.dll
    c:\windows\system32\150249ot-a-zirus349.bin
    c:\windows\system32\15095spy4z0.dll
    c:\windows\system32\15601zroj139.cpl
    c:\windows\system32\1589zir332.exe
    c:\windows\system32\15939hacktool5bz9.ocx
    c:\windows\system32\15z02sp95445.cpl
    c:\windows\system32\16250wz9m23f.cpl
    c:\windows\system32\1675not-a-virus9z7.bin
    c:\windows\system32\16791noz-a-9irus56a5.dll
    c:\windows\system32\17129wor9z645.exe
    c:\windows\system32\171509orm5z5.bin
    c:\windows\system32\17288vzrus49c5.ocx
    c:\windows\system32\17414h9cktozla5.bin
    c:\windows\system32\175849ackt5ol5ze.cpl
    c:\windows\system32\17593hz9ktool146.dll
    c:\windows\system32\17878no5-a-viz9s384.ocx
    c:\windows\system32\1841not-a-virz915a.ocx
    c:\windows\system32\18456wozm791.cpl
    c:\windows\system32\185239py7az5.bin
    c:\windows\system32\186zviru9255.exe
    c:\windows\system32\18977vzr5s674.exe
    c:\windows\system32\19032szy589.bin
    c:\windows\system32\19055zot-a-virus5b9.ocx
    c:\windows\system32\19086spambz95e4.dll
    c:\windows\system32\19095worm31z.exe
    c:\windows\system32\19111worm751z.dll
    c:\windows\system32\1924zroj5b8.exe
    c:\windows\system32\1928z5py99.exe
    c:\windows\system32\19334not-a-vi9u5538z.cpl
    c:\windows\system32\1947zp5ware409.dll
    c:\windows\system32\19522sp54z0.bin
    c:\windows\system32\195fthzef1933.cpl
    c:\windows\system32\19635n5z-a-viru935d.cpl
    c:\windows\system32\197349irus5z.bin
    c:\windows\system32\19839tr5j30z.bin
    c:\windows\system32\19869troz653.cpl
    c:\windows\system32\1b4thzef25759.exe
    c:\windows\system32\1c09zi522429.exe
    c:\windows\system32\1deadowz9oa5er2856.ocx
    c:\windows\system32\1e8z9e5l939.cpl
    c:\windows\system32\1z390hack59ol4e5.ocx
    c:\windows\system32\1z936hacktool95.cpl
    c:\windows\system32\1zeastea51926.ocx
    c:\windows\system32\20174ha5ktool449z.ocx
    c:\windows\system32\2019z95y215.cpl
    c:\windows\system32\20665hacktool5z9.dll
    c:\windows\system32\207bthrezt208995.exe
    c:\windows\system32\20974spazb5t943.cpl
    c:\windows\system32\214faddwa5e9128z.exe
    c:\windows\system32\21679h5cktool6z4.bin
    c:\windows\system32\21999spamb5z35f.ocx
    c:\windows\system32\22967sp5zbot2de.ocx
    c:\windows\system32\22z99tr5j739.bin
    c:\windows\system32\22z9sparse5185.bin
    c:\windows\system32\22zbthi5f559.exe
    c:\windows\system32\2300ad5zare1849.cpl
    c:\windows\system32\23263wo954ez.cpl
    c:\windows\system32\23755sp9mzot155.dll
    c:\windows\system32\23916t5oz453.exe
    c:\windows\system32\241715ot-a-vi9zs401.exe
    c:\windows\system32\2420un38.exe
    c:\windows\system32\243zno5-a-vir9s6b7.exe
    c:\windows\system32\24479not-a-ziru947a5.exe
    c:\windows\system32\247z7worm955.ocx
    c:\windows\system32\24859spambot45z.exe
    c:\windows\system32\2486zs5y6b9.exe
    c:\windows\system32\248z6hackt9ol4f5.dll
    c:\windows\system32\248zb5ckdo9r1958.exe
    c:\windows\system32\2495addwzre1932.bin
    c:\windows\system32\25045hackt9olzf3.bin
    c:\windows\system32\250ds5yware19z7.exe
    c:\windows\system32\251spywa9e299z.ocx
    c:\windows\system32\252039irzs3d2.cpl
    c:\windows\system32\2527a9dwa5z1385.dll
    c:\windows\system32\25285zorm392.exe
    c:\windows\system32\25354vi9usz11.exe
    c:\windows\system32\25357troj7za9.bin
    c:\windows\system32\2551sp9z5e533.exe
    c:\windows\system32\25548zacktoo922.exe
    c:\windows\system32\2590spazse109.dll
    c:\windows\system32\259dv9z84.cpl
    c:\windows\system32\2641z5oj3529.ocx
    c:\windows\system32\26488zr5j91d.ocx
    c:\windows\system32\26504tr5z23e9.ocx
    c:\windows\system32\26654not-azvir9s71f.dll
    c:\windows\system32\26706ha5ktzol956.dll
    c:\windows\system32\26897spambz514b.exe
    c:\windows\system32\268fthrzat28759.cpl
    c:\windows\system32\2704not-a59irusz3.ocx
    c:\windows\system32\27205spamb9t3fz.dll
    c:\windows\system32\277fvirz9559.ocx
    c:\windows\system32\27941vi95s3az.cpl
    c:\windows\system32\27989tr5j2z5.dll
    c:\windows\system32\28381s5y6fz9.dll
    c:\windows\system32\28554hacktozl945.bin
    c:\windows\system32\289735pzm9ot662.exe
    c:\windows\system32\28a5baz9do5r2205.exe
    c:\windows\system32\29031spy5e5z.cpl
    c:\windows\system32\29070h5cztool707.ocx
    c:\windows\system32\292not-a5virusze.dll
    c:\windows\system32\295345ro9z27.cpl
    c:\windows\system32\295675orm914z.exe
    c:\windows\system32\295bspar5e9z84.exe
    c:\windows\system32\2989add5zre66.cpl
    c:\windows\system32\2990zt5oj3219.exe
    c:\windows\system32\2b97s5ezl2767.cpl
    c:\windows\system32\2d015hrea919272z.ocx
    c:\windows\system32\2d9f95ckzoor2794.ocx
    c:\windows\system32\2e319zreat206795.cpl
    c:\windows\system32\2e5zth9eat25972.dll
    c:\windows\system32\2z54s5eal2923.ocx
    c:\windows\system32\2z594wor94a7.exe
    c:\windows\system32\2z8695pambot7a3.bin
    c:\windows\system32\2zdf95r1454.ocx
    c:\windows\system32\302d9p5rse3204z.ocx
    c:\windows\system32\3055s5y19z.ocx
    c:\windows\system32\30830t59j722z.ocx
    c:\windows\system32\30851spamboz1539.dll
    c:\windows\system32\30985ir450z.bin
    c:\windows\system32\3099vizus5c9.bin
    c:\windows\system32\31655spambo52z99.cpl
    c:\windows\system32\32255zirus7df9.ocx
    c:\windows\system32\326t59zat29629.bin
    c:\windows\system32\32z23v5rus99c.exe
    c:\windows\system32\330dthizf975.exe
    c:\windows\system32\3353s9arsez52.ocx
    c:\windows\system32\34czt5reat3695.cpl
    c:\windows\system32\3556thrz5t21962.dll
    c:\windows\system32\35d69pyware75z.cpl
    c:\windows\system32\35dctzief1908.ocx
    c:\windows\system32\35e89ddwaz53254.exe
    c:\windows\system32\3665dzwnloa9er5358.dll
    c:\windows\system32\36b1spa5sz15599.dll
    c:\windows\system32\3752w9zm3d5.cpl
    c:\windows\system32\3755not-azviru9238.ocx
    c:\windows\system32\375bzir9385.cpl
    c:\windows\system32\3909hackzoo51c0.bin
    c:\windows\system32\395vzr3139.bin
    c:\windows\system32\3978a9dwarz1557.dll
    c:\windows\system32\3978spz159.dll
    c:\windows\system32\39z55worm150.cpl
    c:\windows\system32\3b39threa597z0.ocx
    c:\windows\system32\3b7dst95z3144.dll
    c:\windows\system32\3z155hre9t19699.cpl
    c:\windows\system32\3z27no9-a-vir5s44.bin
    c:\windows\system32\4041vi59sz91.exe
    c:\windows\system32\40c4vi5z509.bin
    c:\windows\system32\41a0vzr91265.dll
    c:\windows\system32\42z4downl9ader1655.ocx
    c:\windows\system32\4432sp5mboz659.cpl
    c:\windows\system32\4522sparse925z.bin
    c:\windows\system32\4526thrzat99955.bin
    c:\windows\system32\4529worm398z.exe
    c:\windows\system32\452zack9oor2691.dll
    c:\windows\system32\4555ba9kdoor1880z.dll
    c:\windows\system32\45afvir798z.bin
    c:\windows\system32\45ddst9az3112.ocx
    c:\windows\system32\45fedzwnl5ader359.cpl
    c:\windows\system32\46f5st9alz189.ocx
    c:\windows\system32\47f9ba5kdoor2757z.cpl
    c:\windows\system32\494zaddwa5e2002.ocx
    c:\windows\system32\4955downzoader95.dll
    c:\windows\system32\49b2vir185z.cpl
    c:\windows\system32\4beba5kdozr9022.exe
    c:\windows\system32\4bfast5az29139.ocx
    c:\windows\system32\4edspar9e27z45.bin
    c:\windows\system32\4f95tea91z52.dll
    c:\windows\system32\4z1fthief5569.exe
    c:\windows\system32\5106zownlo5der9880.cpl
    c:\windows\system32\5112threa9z9340.bin
    c:\windows\system32\51892worm49z.bin
    c:\windows\system32\5324vzr9s3b3.cpl
    c:\windows\system32\538bszarse5099.exe
    c:\windows\system32\53912szambot493.dll
    c:\windows\system32\53fzownloade9898.cpl
    c:\windows\system32\5435szy4429.dll
    c:\windows\system32\5451backdoo9641z.exe
    c:\windows\system32\54662zirus956.exe
    c:\windows\system32\5491nzt-a-vi5us33d.ocx
    c:\windows\system32\550stealz339.exe
    c:\windows\system32\555da9dware2399z.exe
    c:\windows\system32\555zdownloader2459.cpl
    c:\windows\system32\55c19ddwzre974.exe
    c:\windows\system32\55f9downlzader1519.exe
    c:\windows\system32\56585zreat4920.exe
    c:\windows\system32\56z8addw9re2255.cpl
    c:\windows\system32\56zd5pywa9e1754.cpl
    c:\windows\system32\573519iruz21b.ocx
    c:\windows\system32\5772sp95d4z.bin
    c:\windows\system32\577ds9arsez256.dll
    c:\windows\system32\57998sp963z.bin
    c:\windows\system32\579zbackdo5r29619.cpl
    c:\windows\system32\5827zwo9m493.exe
    c:\windows\system32\585py99z.bin
    c:\windows\system32\5873hacktoo95a8z.cpl
    c:\windows\system32\58889szy69.ocx
    c:\windows\system32\58a7spazse9269.cpl
    c:\windows\system32\5919ste5l1081z.cpl
    c:\windows\system32\591fb9zkdoo5540.bin
    c:\windows\system32\591zvir448.ocx
    c:\windows\system32\594ethizf9945.bin
    c:\windows\system32\59568worm17z.ocx
    c:\windows\system32\596vir1459z.exe
    c:\windows\system32\59786vzrusc9.exe
    c:\windows\system32\59bzvir552.bin
    c:\windows\system32\59dabackdoor5219z.ocx
    c:\windows\system32\59virus5z4.exe
    c:\windows\system32\5a93virz49.dll
    c:\windows\system32\5a9spar5e321z.dll
    c:\windows\system32\5ae1backd9oz2160.exe
    c:\windows\system32\5b37backd9or1855z.exe
    c:\windows\system32\5b39steal60z.bin
    c:\windows\system32\5b93addw9re132z.exe
    c:\windows\system32\5be5add9aze297.cpl
    c:\windows\system32\5c49do5nzoader445.dll
    c:\windows\system32\5c9d9iz1101.cpl
    c:\windows\system32\5c9eth5ef2337z.ocx
    c:\windows\system32\5d08t5zeat29658.exe
    c:\windows\system32\5d1dbac9dz5r2679.dll
    c:\windows\system32\5d59thz9f2732.exe
    c:\windows\system32\5e2thzef9995.ocx
    c:\windows\system32\5f92sparse1z94.cpl
    c:\windows\system32\5fbd5hie964z.bin
    c:\windows\system32\5z099tea5881.exe
    c:\windows\system32\5z5threa916748.ocx
    c:\windows\system32\5z778trojfc9.bin
    c:\windows\system32\5z79sparse3839.ocx
    c:\windows\system32\5zb85ir1890.exe
    c:\windows\system32\6089spyz95.bin
    c:\windows\system32\6199w5rm3fz.bin
    c:\windows\system32\61e9sparse155z.exe
    c:\windows\system32\62eaad9zar51326.bin
    c:\windows\system32\6415zddw9re1992.ocx
    c:\windows\system32\6451spa9se2z92.dll
    c:\windows\system32\645cthreat1z9975.dll
    c:\windows\system32\64b9ste5l1z56.dll
    c:\windows\system32\6556spa9se555z.exe
    c:\windows\system32\659dbackdoor509z.exe
    c:\windows\system32\65z0downloader27695.exe
    c:\windows\system32\65z9thr9at4953.ocx
    c:\windows\system32\669fthie5z605.ocx
    c:\windows\system32\671abackdzor595.exe
    c:\windows\system32\6758thrzat168429.cpl
    c:\windows\system32\6821th9zf2590.ocx
    c:\windows\system32\68519zckdoor5854.ocx
    c:\windows\system32\695dvirz75.bin
    c:\windows\system32\69b2ba9zdoor2554.dll
    c:\windows\system32\69cfbazkdo5r1013.dll
    c:\windows\system32\6c79spars520z8.bin
    c:\windows\system32\6e0f5zr1069.exe
    c:\windows\system32\6e575a9kdoorz180.dll
    c:\windows\system32\6ec9downlozd5r912.cpl
    c:\windows\system32\6ez1v5r27079.bin
    c:\windows\system32\6f859pyware1328z.bin
    c:\windows\system32\71359roj47z.bin
    c:\windows\system32\7191d5wnzoad9r529.ocx
    c:\windows\system32\72075ot-a-ziru9480.exe
    c:\windows\system32\737cs5eal13z79.dll
    c:\windows\system32\73z3v5r1968.dll
    c:\windows\system32\7453steal394z.ocx
    c:\windows\system32\7559virz0099.ocx
    c:\windows\system32\7591spz5475.cpl
    c:\windows\system32\75feback9ozr748.bin
    c:\windows\system32\76289ir3z65.cpl
    c:\windows\system32\76z25pa9se938.cpl
    c:\windows\system32\774zste5l1849.cpl
    c:\windows\system32\7799z5r990.dll
    c:\windows\system32\786zs5ea91404.cpl
    c:\windows\system32\7895s5z9bot772.ocx
    c:\windows\system32\7adzvir5379.ocx
    c:\windows\system32\7bfdd9znl5ader3047.dll
    c:\windows\system32\7d5fstealz969.exe
    c:\windows\system32\7dzack9o5r1630.bin
    c:\windows\system32\7f3avirz597.dll
    c:\windows\system32\7f63back9oor1451z.dll
    c:\windows\system32\7z769ro5249.exe
    c:\windows\system32\8054t9oz745.cpl
    c:\windows\system32\8402ha5k9ozl6b9.ocx
    c:\windows\system32\8946wzr52c1.ocx
    c:\windows\system32\8d4thre5z90999.bin
    c:\windows\system32\8d9add5arez9439.ocx
    c:\windows\system32\8e3thre9t20757z.cpl
    c:\windows\system32\8z925roj691.ocx
    c:\windows\system32\90045trojez.exe
    c:\windows\system32\9153no5-a-vzrus38e.exe
    c:\windows\system32\92431hzck5ool22c.ocx
    c:\windows\system32\93589zy47a.cpl
    c:\windows\system32\93a3thzef1596.cpl
    c:\windows\system32\93z71hackt5ol6f9.cpl
    c:\windows\system32\95504zirus227.dll
    c:\windows\system32\96345hacktooz1b5.ocx
    c:\windows\system32\96594hzcktool530.ocx
    c:\windows\system32\995w9rz40d.dll
    c:\windows\system32\99z6worm2af5.cpl
    c:\windows\system32\9ae3addwar51z09.bin
    c:\windows\system32\9b85thief2372z.dll
    c:\windows\system32\9bzs5ars91170.cpl
    c:\windows\system32\9d0zvir2531.exe
    c:\windows\system32\9f3zspyware1125.exe
    c:\windows\system32\9zbthreat25634.exe
    c:\windows\system32\9zd5vir375.bin
    c:\windows\system32\9zfsparse1581.ocx
    c:\windows\system32\a4zvir5169.dll
    c:\windows\system32\a6zaddware1539.dll
    c:\windows\system32\cf9back5ooz1451.exe
    c:\windows\system32\d9zth5ef236.cpl
    c:\windows\system32\e74vi59965z.bin
    c:\windows\system32\ebbthrea519z37.dll
    c:\windows\system32\ESQULpfmklolwopxcyrelkaspgvbrcpuygmho.dll
    c:\windows\system32\ESQULumdpdqdddypgxftcqhjkxmkfbspcvdih.dll
    c:\windows\system32\f41zpa9se5579.exe
    c:\windows\system32\fz9vir265.ocx
    c:\windows\system32\z0356not-a-v5ru977a.ocx
    c:\windows\system32\z053thief191.bin
    c:\windows\system32\z0913spambo53a1.bin
    c:\windows\system32\z09305orm239.dll
    c:\windows\system32\z169ad5ware11169.cpl
    c:\windows\system32\z1940vir5s5b.dll
    c:\windows\system32\z2575wo9m475.bin
    c:\windows\system32\z3014not9a-vir5s2e8.ocx
    c:\windows\system32\z3d8vir2559.exe
    c:\windows\system32\z45119o5m58b.exe
    c:\windows\system32\z5015py936.exe
    c:\windows\system32\z516troj2359.ocx
    c:\windows\system32\z54sparse974.exe
    c:\windows\system32\z55ddownloa5er21019.ocx
    c:\windows\system32\z5978spambot7b6.ocx
    c:\windows\system32\z5bt9i5f88.cpl
    c:\windows\system32\z5d69ir5703.bin
    c:\windows\system32\z6479worm50d.exe
    c:\windows\system32\z6c89p5rse1325.dll
    c:\windows\system32\z79thie5580.ocx
    c:\windows\system32\z7f3ste5l25279.dll
    c:\windows\system32\z8599ot-a-vir5s4e2.bin
    c:\windows\system32\z8925ir3090.dll
    c:\windows\system32\z8f65ir7869.bin
    c:\windows\system32\z9325worm565.bin
    c:\windows\system32\z9997s5ambotc3.ocx
    c:\windows\system32\za8b59eal3037.dll
    c:\windows\system32\zd55ddwa9e1213.dll
    c:\windows\z1065wor97a5.exe
    c:\windows\z1439wor515e.dll
    c:\windows\z311wo9568.ocx
    c:\windows\z3548spamb5t498.ocx
    c:\windows\z4351spy915.cpl
    c:\windows\z53eback5o9r525.dll
    c:\windows\z575hack5ool14a9.bin
    c:\windows\z590ste5l2983.cpl
    c:\windows\z5cfa9dware868.ocx
    c:\windows\z6f4addware5169.cpl
    c:\windows\z6f6dow95oader1779.dll
    c:\windows\z7575h9cktool3725.cpl
    c:\windows\z7582s9yf9.ocx
    c:\windows\z8894ha59tool1fc.bin
    c:\windows\z8939spy358.cpl
    c:\windows\z89ha9kt5ol6cf.bin
    c:\windows\z9603spy69e5.ocx
    c:\windows\zaa95ownloader1668.exe
    c:\windows\zb5dv9r974.ocx
    c:\windows\zb97th5ef83.exe
    c:\windows\zbe05d9ware1820.exe
    c:\windows\zbf5spy5are23229.dll
    c:\windows\zc63a95ware406.cpl
    c:\windows\zd36backdo9r1751.cpl
    c:\windows\zdasteal1590.ocx
    c:\windows\zf5vir729.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Legacy_ESQULSERV.SYS
    -------\Service_Boonty Games
    -------\Service_ESQULserv.sys

    ((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
    .

    2009-08-27 00:04 . 2009-08-27 00:04 -------- d-----w- c:\program files\SaveDefense Software
    2009-08-25 14:01 . 2009-08-25 14:08 -------- d-----w- C:\WORT
    2009-08-24 23:39 . 2009-08-24 23:39 84992 ----a-w- c:\windows\system32\msihost.exe
    2009-08-14 11:32 . 2004-08-05 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
    2009-08-14 09:58 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-27 00:43 . 2008-08-11 20:45 753836 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2009-08-27 00:43 . 2008-08-11 20:45 64235552 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-08-25 22:04 . 2009-08-25 22:05 1348096 ----a-w- c:\windows\Internet Logs\xDB57.tmp
    2009-08-25 22:04 . 2009-08-25 22:05 248320 ----a-w- c:\windows\Internet Logs\xDB56.tmp
    2009-08-25 00:47 . 2009-08-25 12:12 2328064 ----a-w- c:\windows\Internet Logs\xDB55.tmp
    2009-08-13 19:25 . 2007-06-19 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-08-05 09:00 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-07-27 01:25 . 2009-07-27 12:52 1299456 ----a-w- c:\windows\Internet Logs\xDB53.tmp
    2009-07-27 00:22 . 2009-07-27 12:52 1299456 ----a-w- c:\windows\Internet Logs\xDB54.tmp
    2009-07-24 17:44 . 2009-07-24 17:44 -------- d-----w- c:\program files\Microsoft Games
    2009-07-24 11:02 . 2007-11-20 14:18 16238303 ----a-w- c:\windows\Internet Logs\tvDebug.zip
    2009-07-18 21:57 . 2009-07-18 21:55 -------- d-----w- c:\program files\Free Download Manager
    2009-07-18 18:06 . 2009-07-18 18:05 -------- d-----w- c:\program files\Java
    2009-07-18 18:02 . 2009-07-18 18:02 -------- d-----w- c:\program files\Fichiers communs\Java
    2009-07-17 19:03 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-17 02:25 . 2009-07-17 10:15 1279488 ----a-w- c:\windows\Internet Logs\xDB51.tmp
    2009-07-17 02:22 . 2009-07-17 10:15 1279488 ----a-w- c:\windows\Internet Logs\xDB52.tmp
    2009-07-13 21:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-13 21:13 . 2009-07-13 21:14 1405440 ----a-w- c:\windows\Internet Logs\xDB4F.tmp
    2009-07-13 20:57 . 2009-07-13 21:14 1405440 ----a-w- c:\windows\Internet Logs\xDB50.tmp
    2009-07-12 19:54 . 2009-07-13 10:09 3706880 ----a-w- c:\windows\Internet Logs\xDB4E.tmp
    2009-07-11 17:18 . 2007-07-25 22:26 -------- d-----w- c:\program files\Cyanide
    2009-07-11 16:35 . 2009-07-11 16:35 65536 ----a-w- c:\windows\system32\VDPersns.dat
    2009-07-11 16:17 . 2009-07-11 16:17 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
    2009-07-11 14:42 . 2009-06-30 09:58 -------- d-----w- c:\program files\iTunes
    2009-07-11 14:42 . 2009-06-30 09:59 -------- d-----w- c:\program files\iPod
    2009-07-11 14:42 . 2008-10-20 01:40 -------- d-----w- c:\program files\Fichiers communs\Apple
    2009-07-11 14:41 . 2009-06-30 09:54 -------- d-----w- c:\program files\QuickTime
    2009-07-11 14:40 . 2009-06-30 07:59 -------- d-----w- c:\program files\Bonjour
    2009-07-11 14:39 . 2009-05-14 09:34 -------- d-----w- c:\program files\BetClic Poker
    2009-07-11 14:38 . 2009-06-09 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
    2009-07-11 09:11 . 2009-07-11 09:11 529839 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_2009_07_11_06_03_44_full.dmp.zip
    2009-07-05 19:57 . 2009-07-05 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive
    2009-07-05 19:33 . 2008-05-22 07:48 -------- d-----w- c:\program files\Sports Interactive
    2009-06-30 09:59 . 2009-06-30 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-06-30 08:35 . 2009-06-30 08:35 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
    2009-06-26 16:50 . 2004-08-05 12:00 670720 ----a-w- c:\windows\system32\wininet.dll
    2009-06-26 16:50 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-25 22:25 . 2009-05-25 04:59 3532 ----a-w- C:\drmHeader.bin
    2009-06-25 08:26 . 2004-08-05 12:00 736768 ----a-w- c:\windows\system32\lsasrv.dll
    2009-06-25 08:26 . 2004-08-05 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
    2009-06-25 08:26 . 2004-08-05 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
    2009-06-25 08:26 . 2004-08-05 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
    2009-06-25 08:26 . 2004-08-05 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-06-25 08:26 . 2004-08-05 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2009-06-24 11:18 . 2004-08-05 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-16 14:40 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-15 10:44 . 2004-08-05 12:00 78848 ----a-w- c:\windows\system32\telnet.exe
    2009-06-10 14:14 . 2004-08-05 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-10 07:21 . 2007-06-06 10:26 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2009-06-10 06:15 . 2004-08-05 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
    2009-06-06 20:09 . 2004-08-05 12:00 49054 ----a-w- c:\windows\system32\perfc00C.dat
    2009-06-06 20:09 . 2004-08-05 12:00 368314 ----a-w- c:\windows\system32\perfh00C.dat
    2009-06-06 18:47 . 2007-06-06 10:30 76507 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-06-03 19:10 . 2004-08-05 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll
    2009-06-02 14:07 . 2009-06-02 14:07 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2008-11-18 12:21 . 2008-11-18 12:21 1287872 ----a-w- c:\program files\WoW-2.3.0.7561-frFR-downloader.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{93344865-74BD-4873-BE65-56539D41A65C}"= "c:\windows\Downloaded Program Files\Earn2Life.dll" [2008-03-20 307200]

    [HKEY_CLASSES_ROOT\clsid\{93344865-74bd-4873-be65-56539d41a65c}]
    [HKEY_CLASSES_ROOT\Earn2Life.LeadBar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{92F9C4A2-C2A5-41f6-9829-49B8C6FF0709}]
    [HKEY_CLASSES_ROOT\Earn2Life.LeadBar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "SaveDefense"="c:\program files\SaveDefense Software\SaveDefense\SaveDefense.exe" [2009-08-26 666112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-07 98304]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_17\bin\jusched.exe" [2008-11-10 75264]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-6 113664]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Conference\\Conference.dll"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=

    R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [06/06/2007 14:09 191092]
    R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [06/06/2007 14:09 6100]
    S0 FVDSCSI;FVDSCSI;c:\windows\system32\DRIVERS\fvdscsi.sys --> c:\windows\system32\DRIVERS\fvdscsi.sys [?]
    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/12/2008 23:34 28544]
    S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/04/2009 11:25 114768]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/04/2009 11:25 20560]
    S2 SaveDefenseSvc;SaveDefense Security Service;c:\program files\SaveDefense Software\SaveDefense\SaveDefenseSvc.exe [26/08/2009 12:01 37376]
    S2 Windows MSI;Windows MSI;\\?\c:\windows\system32\msihost.exe [25/08/2009 01:39 84992]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]
    S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\GRICOM~1\LOCALS~1\Temp\mdxgthkn.sys --> c:\docume~1\GRICOM~1\LOCALS~1\Temp\mdxgthkn.sys [?]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - PXHELP20
    .
    Contents of the 'Scheduled Tasks' folder
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-docqergl - c:\documents and settings\géricom\local settings\application data\docqergl.exe
    HKCU-Run-xdmps - c:\documents and settings\géricom\local settings\application data\xdmps.exe
    HKCU-Run-2420un38.exe - c:\windows\system32\2420un38.exe
    HKCU-Run-qpyhw5ce.exe - c:\windows\system32\qpyhw5ce.exe
    HKLM-Run-TkBellExe - c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
    HKLM-Run-BrainStim - c:\program files\SubliSoft\SubliSoft.exe
    HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
    HKLM-Run-EoEngine - (no file)
    Notify-WgaLogon - (no file)

    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.fr/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: {{07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - {93344865-74BD-4873-BE65-56539D41A65C} - c:\windows\Downloaded Program Files\Earn2Life.dll
    Trusted Zone: tradedoubler.com\www
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
    DPF: {93344865-74BD-4873-BE65-56539D41A65C} - hxxp://www.earn2life.com/plugin/Earn2Life.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-27 03:02
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2009-08-27 3:09
    ComboFix-quarantined-files.txt 2009-08-27 01:08

    Pre-Run: 33 589 440 512 octets libres
    Post-Run: 35 006 435 328 octets libres

    922 --- E O F --- 2009-08-26 00:30
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Pour fusionner:

    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    _______________

    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Driver::
    SaveDefenseSvc
    SaveDefense Security Service
    mdxgthkn
    File::
    c:\docume~1\GRICOM~1\LOCALS~1\Temp\mdxgthkn.sys
    c:\program files\SaveDefense Software\SaveDefense
    c:\docume~1\GRICOM~1\LOCALS~1\Temp\mdxgthkn.sys
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SaveDefense"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  12. mati62
     
    voici le rapport;

    ComboFix 09-08-24.06 - GÈricom 27/08/2009 17:20.4.1 - NTFSx86 MINIMAL
    Microsoft Windows XP …dition familiale 5.1.2600.3.1252.33.1036.18.1007.822 [GMT 2:00]
    Running from: c:\documents and settings\GÈricom\Bureau\ComboFix.exe
    Command switches used :: c:\documents and settings\GÈricom\Bureau\CFScript.txt
    AV: avast! antivirus 4.8.1335 [VPS 090826-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    "c:\docume~1\GRICOM~1\LOCALS~1\Temp\mdxgthkn.sys"
    "c:\program files\SaveDefense Software\SaveDefense"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MDXGTHKN
    -------\Legacy_SAVEDEFENSESVC
    -------\Service_mdxgthkn
    -------\Service_SaveDefenseSvc
    -------\Legacy_MDXGTHKN

    ((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
    .

    2009-08-27 00:04 . 2009-08-27 00:04 -------- d-----w- c:\program files\SaveDefense Software
    2009-08-25 14:01 . 2009-08-25 14:08 -------- d-----w- C:\WORT
    2009-08-24 23:39 . 2009-08-24 23:39 84992 ----a-w- c:\windows\system32\msihost.exe
    2009-08-14 11:32 . 2004-08-05 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
    2009-08-14 09:58 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2009-08-05 09:00 . 2009-08-05 09:00 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-27 15:16 . 2008-08-11 20:45 754340 --sha-w- c:\windows\system32\drivers\fidbox.idx
    2009-08-27 15:16 . 2008-08-11 20:45 64278560 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-08-27 14:09 . 2009-08-27 14:09 52523 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_08_27_15_04_32_small.dmp.zip
    2009-08-25 22:04 . 2009-08-25 22:05 1348096 ----a-w- c:\windows\Internet Logs\xDB57.tmp
    2009-08-25 22:04 . 2009-08-25 22:05 248320 ----a-w- c:\windows\Internet Logs\xDB56.tmp
    2009-08-25 00:47 . 2009-08-25 12:12 2328064 ----a-w- c:\windows\Internet Logs\xDB55.tmp
    2009-08-13 19:25 . 2007-06-19 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-08-05 09:00 . 2004-08-05 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-07-27 01:25 . 2009-07-27 12:52 1299456 ----a-w- c:\windows\Internet Logs\xDB53.tmp
    2009-07-27 00:22 . 2009-07-27 12:52 1299456 ----a-w- c:\windows\Internet Logs\xDB54.tmp
    2009-07-24 17:44 . 2009-07-24 17:44 -------- d-----w- c:\program files\Microsoft Games
    2009-07-24 11:02 . 2007-11-20 14:18 16238303 ----a-w- c:\windows\Internet Logs\tvDebug.zip
    2009-07-18 21:57 . 2009-07-18 21:55 -------- d-----w- c:\program files\Free Download Manager
    2009-07-18 18:06 . 2009-07-18 18:05 -------- d-----w- c:\program files\Java
    2009-07-18 18:02 . 2009-07-18 18:02 -------- d-----w- c:\program files\Fichiers communs\Java
    2009-07-17 19:03 . 2004-08-05 12:00 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-17 02:25 . 2009-07-17 10:15 1279488 ----a-w- c:\windows\Internet Logs\xDB51.tmp
    2009-07-17 02:22 . 2009-07-17 10:15 1279488 ----a-w- c:\windows\Internet Logs\xDB52.tmp
    2009-07-13 21:43 . 2004-08-05 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-13 21:13 . 2009-07-13 21:14 1405440 ----a-w- c:\windows\Internet Logs\xDB4F.tmp
    2009-07-13 20:57 . 2009-07-13 21:14 1405440 ----a-w- c:\windows\Internet Logs\xDB50.tmp
    2009-07-12 19:54 . 2009-07-13 10:09 3706880 ----a-w- c:\windows\Internet Logs\xDB4E.tmp
    2009-07-11 17:18 . 2007-07-25 22:26 -------- d-----w- c:\program files\Cyanide
    2009-07-11 16:35 . 2009-07-11 16:35 65536 ----a-w- c:\windows\system32\VDPersns.dat
    2009-07-11 16:17 . 2009-07-11 16:17 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
    2009-07-11 14:42 . 2009-06-30 09:58 -------- d-----w- c:\program files\iTunes
    2009-07-11 14:42 . 2009-06-30 09:59 -------- d-----w- c:\program files\iPod
    2009-07-11 14:42 . 2008-10-20 01:40 -------- d-----w- c:\program files\Fichiers communs\Apple
    2009-07-11 14:41 . 2009-06-30 09:54 -------- d-----w- c:\program files\QuickTime
    2009-07-11 14:40 . 2009-06-30 07:59 -------- d-----w- c:\program files\Bonjour
    2009-07-11 14:39 . 2009-05-14 09:34 -------- d-----w- c:\program files\BetClic Poker
    2009-07-11 14:38 . 2009-06-09 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
    2009-07-11 09:11 . 2009-07-11 09:11 529839 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_2009_07_11_06_03_44_full.dmp.zip
    2009-07-05 19:57 . 2009-07-05 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive
    2009-07-05 19:33 . 2008-05-22 07:48 -------- d-----w- c:\program files\Sports Interactive
    2009-06-30 09:59 . 2009-06-30 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-06-30 08:35 . 2009-06-30 08:35 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
    2009-06-26 16:50 . 2004-08-05 12:00 670720 ------w- c:\windows\system32\wininet.dll
    2009-06-26 16:50 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-25 22:25 . 2009-05-25 04:59 3532 ----a-w- C:\drmHeader.bin
    2009-06-25 08:26 . 2004-08-05 12:00 736768 ----a-w- c:\windows\system32\lsasrv.dll
    2009-06-25 08:26 . 2004-08-05 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
    2009-06-25 08:26 . 2004-08-05 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
    2009-06-25 08:26 . 2004-08-05 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
    2009-06-25 08:26 . 2004-08-05 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-06-25 08:26 . 2004-08-05 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2009-06-24 11:18 . 2004-08-05 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-16 14:40 . 2004-08-05 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-15 10:44 . 2004-08-05 12:00 78848 ----a-w- c:\windows\system32\telnet.exe
    2009-06-10 14:14 . 2004-08-05 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-10 07:21 . 2007-06-06 10:26 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2009-06-10 06:15 . 2004-08-05 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
    2009-06-06 20:09 . 2004-08-05 12:00 49054 ----a-w- c:\windows\system32\perfc00C.dat
    2009-06-06 20:09 . 2004-08-05 12:00 368314 ----a-w- c:\windows\system32\perfh00C.dat
    2009-06-06 18:47 . 2007-06-06 10:30 76507 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-06-03 19:10 . 2004-08-05 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll
    2009-06-02 14:07 . 2009-06-02 14:07 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2008-11-18 12:21 . 2008-11-18 12:21 1287872 ----a-w- c:\program files\WoW-2.3.0.7561-frFR-downloader.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{93344865-74BD-4873-BE65-56539D41A65C}"= "c:\windows\Downloaded Program Files\Earn2Life.dll" [2008-03-20 307200]

    [HKEY_CLASSES_ROOT\clsid\{93344865-74bd-4873-be65-56539d41a65c}]
    [HKEY_CLASSES_ROOT\Earn2Life.LeadBar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{92F9C4A2-C2A5-41f6-9829-49B8C6FF0709}]
    [HKEY_CLASSES_ROOT\Earn2Life.LeadBar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-07 98304]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_17\bin\jusched.exe" [2008-11-10 75264]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu DÇmarrer\Programmes\DÇmarrage\
    Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-6 113664]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Conference\\Conference.dll"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=

    R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [06/06/2007 14:09 191092]
    R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [06/06/2007 14:09 6100]
    S0 FVDSCSI;FVDSCSI;c:\windows\system32\DRIVERS\fvdscsi.sys --> c:\windows\system32\DRIVERS\fvdscsi.sys [?]
    S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/12/2008 23:34 28544]
    S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/04/2009 11:25 114768]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/04/2009 11:25 20560]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.fr/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Tout tÈlÈcharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: TÈlÈcharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: TÈlÈcharger la sÈlection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: TÈlÈcharger la vidÈo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: {{07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - {93344865-74BD-4873-BE65-56539D41A65C} - c:\windows\Downloaded Program Files\Earn2Life.dll
    Trusted Zone: tradedoubler.com\www
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
    DPF: {93344865-74BD-4873-BE65-56539D41A65C} - hxxp://www.earn2life.com/plugin/Earn2Life.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-27 17:31
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(1420)
    c:\windows\system32\eappprxy.dll
    .
    Completion time: 2009-08-27 17:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-27 15:44
    ComboFix2.txt 2009-08-27 01:09

    Pre-Run: 35†039†887†360 octets libres
    Post-Run: 34†987†536†384 octets libres

    177 --- E O F --- 2009-08-26 00:30
    0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire le fichier SaveDefense Software

    en suivant le lien

    c:\program files\SaveDefense Software

    remets un rapport rsit et dis tes soucis actuels
    0
  14. mati62
     
    quand je redemarre l'ordi, window ne s'ouvre plus normalement, meme en mode sans echec
    0
  15. mati62
     
    non dsl en mode sans echec je peux l'ouvrir
    0
  16. mati62
     
    tu veux un nouveau rapport de comboFix ou de hijackthis?
    0
  17. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    RSIT je veux

    et dis nous comment va ton pc

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
  18. mati62
     
    ok je fais la manip, mais pour l'instant je n'ai plus acces a window normalement, seulement en mode sans echec...
    0
  19. mati62
     
    voila le rapport log:

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by GÈricom at 2009-08-27 23:22:39
    Microsoft Windows XP …dition familiale Service Pack 3
    System drive C: has 33 GB (35%) free of 95 GB
    Total RAM: 1007 MB (81% free)

    HijackThis download failed

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
    EoBho Class - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll [2008-11-10 452088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
    FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2009-03-02 98304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {93344865-74BD-4873-BE65-56539D41A65C} - Earn2Life Bar - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll [2008-03-20 307200]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-10-08 155648]
    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-10-08 126976]
    "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-05-07 98304]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-05-07 536576]
    "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-12-13 919016]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
    "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe [2008-11-10 75264]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

    C:\Documents and Settings\All Users\Menu DÈmarrer\Programmes\DÈmarrage
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxsrvc.dll [2004-10-08 344064]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\Conference\Conference.dll"="C:\Program Files\Conference\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    ======List of files/folders created in the last 1 months======

    2009-08-27 23:22:39 ----D---- C:\rsit
    2009-08-27 23:22:39 ----D---- C:\Program Files\trend micro
    2009-08-27 18:44:29 ----SHD---- C:\RECYCLER
    2009-08-27 17:46:01 ----D---- C:\WINDOWS\temp
    2009-08-27 17:45:59 ----A---- C:\ComboFix.txt
    2009-08-26 02:30:13 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
    2009-08-25 16:33:16 ----A---- C:\WINDOWS\zip.exe
    2009-08-25 16:33:16 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-08-25 16:33:16 ----A---- C:\WINDOWS\SWSC.exe
    2009-08-25 16:33:16 ----A---- C:\WINDOWS\SWREG.exe
    2009-08-25 16:33:16 ----A---- C:\WINDOWS\sed.exe
    2009-08-25 16:33:16 ----A---- C:\WINDOWS\PEV.exe
    2009-08-25 16:33:16 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-08-25 16:33:16 ----A---- C:\WINDOWS\grep.exe
    2009-08-25 16:33:13 ----D---- C:\WINDOWS\ERDNT
    2009-08-25 16:33:07 ----D---- C:\Qoobox
    2009-08-25 16:04:27 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-08-25 16:01:27 ----D---- C:\WORT
    2009-08-25 01:39:33 ----A---- C:\WINDOWS\system32\msihost.exe
    2009-08-14 17:43:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
    2009-08-14 13:33:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
    2009-08-14 13:32:20 ----A---- C:\WINDOWS\system32\wmpns.dll
    2009-08-14 13:32:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
    2009-08-13 21:26:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
    2009-08-13 21:26:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
    2009-08-13 21:26:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
    2009-08-13 21:26:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
    2009-08-13 21:24:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
    2009-08-13 21:22:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
    2009-08-13 21:21:52 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
    2009-07-29 03:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$

    ======List of files/folders modified in the last 1 months======

    2009-08-27 23:22:39 ----RD---- C:\Program Files
    2009-08-27 18:02:03 ----HD---- C:\WINDOWS\inf
    2009-08-27 18:02:00 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-08-27 17:46:02 ----D---- C:\WINDOWS\system32
    2009-08-27 17:46:01 ----D---- C:\WINDOWS
    2009-08-27 17:31:36 ----A---- C:\WINDOWS\system.ini
    2009-08-27 17:30:23 ----D---- C:\WINDOWS\system32\drivers
    2009-08-27 17:29:28 ----D---- C:\WINDOWS\system32\config
    2009-08-27 17:24:48 ----D---- C:\WINDOWS\AppPatch
    2009-08-27 17:24:28 ----D---- C:\Program Files\Fichiers communs
    2009-08-27 17:16:50 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-08-27 17:13:29 ----D---- C:\WINDOWS\Internet Logs
    2009-08-27 16:59:13 ----D---- C:\WINDOWS\Prefetch
    2009-08-27 03:06:02 ----SD---- C:\WINDOWS\Tasks
    2009-08-25 16:44:54 ----SHD---- C:\WINDOWS\Installer
    2009-08-25 16:27:47 ----D---- C:\Documents and Settings\GÈricom\Application Data\Free Download Manager
    2009-08-25 14:58:54 ----D---- C:\WINDOWS\Debug
    2009-08-25 14:58:53 ----D---- C:\WINDOWS\Minidump
    2009-08-14 17:43:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-08-14 17:42:36 ----HD---- C:\WINDOWS\$hf_mig$
    2009-08-14 13:33:37 ----D---- C:\Program Files\Outlook Express
    2009-08-13 21:25:58 ----D---- C:\Config.Msi
    2009-08-13 21:25:57 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-08-05 11:00:38 ----A---- C:\WINDOWS\system32\mswebdvd.dll
    2009-07-30 02:49:14 ----A---- C:\WINDOWS\system32\MRT.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2004-02-12 191092]
    R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2004-01-28 6100]
    R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-05-07 182688]
    R3 usbccgp;Pilote parent gÈnÈrique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrÙleur d'hÙte amÈliorÈ Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Pilote miniport de contrÙleur hÙte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
    S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
    S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
    S1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    S1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
    S1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2003-04-28 50816]
    S1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2007-12-13 394952]
    S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
    S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
    S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
    S3 fsRamDsk;RamDisk Drive Service; C:\WINDOWS\System32\Drivers\fsRamDsk.sys [2004-09-22 37409]
    S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
    S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-10-08 752093]
    S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    S3 NIC1394;Pilote rÈseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    S3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet ‡ base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    S3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2004-07-23 159488]
    S3 w22n51;Pilote Intel(R) PRO/Wireless 2200 Adapter pour Windows XP; C:\WINDOWS\system32\DRIVERS\w22n51.sys [2004-06-23 3147776]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
    S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
    S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
    S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-12-13 75304]
    S2 Windows MSI;Windows MSI; \\?\globalroot\systemroot\system32\msihost.exe [2009-08-25 84992]
    S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
    S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
    S3 iPod Service;Service de líiPod; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
    S3 WMPNetworkSvc;Service Partage rÈseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

    -----------------EOF-----------------

    et la le rapport info

    info.txt logfile of random's system information tool 1.06 2009-08-27 23:22:44

    ======Uninstall list======

    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    32 Vegas Casino-->"C:\Casino\32 Vegas Casino\_setup_casino.exe" /uninstall
    7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe"
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c
    Adobe Reader 8.1.2 - FranÁais-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
    Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    BetClic Poker-->C:\PROGRA~1\BETCLI~1\UNWISE.EXE C:\PROGRA~1\BETCLI~1\INSTALL.LOG
    Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
    Casino Tropez-->"C:\Casino\Casino Tropez\_SetupCasino[1].exe" /uninstall
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    CM 03-04-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F71C0208-1D32-439D-9257-F90F0BAACE6A} /l1036
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
    Cycling Manager 3-->C:\Program Files\Cyanide\Cycling Manager 3\Uninstall.exe
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Dragon NaturallySpeaking 7.1-->C:\Program Files\InstallShield Installation Information\{6675E71B-9843-4971-BC15-18AB52801134}\setup.exe
    DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
    Earn2Life Toolbar-->RunDll32 "C:\WINDOWS\Downloaded Program Files\Earn2Life.dll",Uninstall
    e-Carte Bleue Banque Populaire-->"C:\Program Files\InstallShield Installation Information\{B0900CB5-8EC0-43B4-9DAC-A32FE52DC864}\setup.exe" -runfromtemp -l0x040c -removeonly
    Football Manager 2009-->"C:\Program Files\Sports Interactive\Football Manager 2009\Uninstall_Football Manager 2009\Uninstall Football Manager 2009.exe"
    Free Download Manager 3.0-->C:\Program Files\Free Download Manager\uninst.exe
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
    iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
    J2SE Runtime Environment 5.0 Update 17-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150170}
    Lecteur Windows Media†11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}
    Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Mise ‡ jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
    Mise ‡ jour de sÈcuritÈ pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
    Mise ‡ jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise ‡ jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise ‡ jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mise ‡ jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Mise ‡ jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
    Mise ‡ jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
    O2Micro MemoryCardBus Windows Driver-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{015D937D-9D52-45A4-BDAA-2413938C0564} /l1033
    Odebit MultimÈdia V3.2-->"C:\Program Files\Odebit MultimÈdia\V3.2\unins000.exe"
    Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
    PKR-->"C:\Program Files\PKR\uninstall-pkr.exe"
    PPC Keyword Generator 1.0 (Beta)-->"C:\Program Files\PPC Keyword Generator\unins000.exe"
    PronoFoot Expert Plus 3.21-->"C:\Program Files\PronoFoot Expert Plus\unins000.exe"
    QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
    RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\SETUP.EXE" -l0x40c REMOVE
    Roulette Sniper Version 2.0-->MsiExec.exe /I{91FA5123-41A2-401D-9A60-7A0E075A9A5E}
    SaveDefense-->"C:\Program Files\SaveDefense Software\SaveDefense\uninstall.exe"
    SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe"
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
    Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
    Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
    Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
    Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
    Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
    Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
    Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
    Update for Outlook 2007 Junk Email Filter (kb972691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AA020E6E-E2FB-45EF-B732-2400E2296742}
    VIA Audio Driver Setup Program-->RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -y-f"C:\PROGRA~1\VIAudioi\SBASetup\Uninst.isu"
    VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows Casino-->"C:\Casino\Windows Casino\_SetupCasino[1].exe" /uninstall
    Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack†3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

    ======Security center information======

    AV: avast! antivirus 4.8.1335 [VPS 090826-0] (disabled)
    FW: ZoneAlarm Firewall (disabled)

    ======System event log======

    Computer Name: G-1CF5BB80BF604
    Event Code: 4201
    Message: Le systËme a dÈtectÈ que la carte rÈseau \DEVICE\TCPIP_{0C2483F7-E85D-4FE4-A1E6-F7DA199C83CC} Ètait connectÈe au rÈseau,
    et a lancÈ une opÈration normale sur la carte rÈseau.

    Record Number: 188931
    Source Name: Tcpip
    Time Written: 20090823123739.000000+120
    Event Type: Informations
    User:

    Computer Name: G-1CF5BB80BF604
    Event Code: 4201
    Message: Le systËme a dÈtectÈ que la carte rÈseau \DEVICE\TCPIP_{0C2483F7-E85D-4FE4-A1E6-F7DA199C83CC} Ètait connectÈe au rÈseau,
    et a lancÈ une opÈration normale sur la carte rÈseau.

    Record Number: 188930
    Source Name: Tcpip
    Time Written: 20090823123734.000000+120
    Event Type: Informations
    User:

    Computer Name: G-1CF5BB80BF604
    Event Code: 4201
    Message: Le systËme a dÈtectÈ que la carte rÈseau \DEVICE\TCPIP_{0C2483F7-E85D-4FE4-A1E6-F7DA199C83CC} Ètait connectÈe au rÈseau,
    et a lancÈ une opÈration normale sur la carte rÈseau.

    Record Number: 188929
    Source Name: Tcpip
    Time Written: 20090823123729.000000+120
    Event Type: Informations
    User:

    Computer Name: G-1CF5BB80BF604
    Event Code: 4202
    Message: Le systËme a dÈtectÈ que la carte rÈseau \DEVICE\TCPIP_{0C2483F7-E85D-4FE4-A1E6-F7DA199C83CC} Ètait dÈconnectÈe du rÈseau,
    et la configuration rÈseau de la carte a ÈtÈ abandonnÈe. Si la carte
    rÈseau n'Ètait pas dÈconnectÈe, ceci peut indiquer un disfonctionnement.
    Contactez le fabricant pour des pilotes mis ‡ jour.

    Record Number: 188928
    Source Name: Tcpip
    Time Written: 20090823123704.000000+120
    Event Type: Informations
    User:

    Computer Name: G-1CF5BB80BF604
    Event Code: 4201
    Message: Le systËme a dÈtectÈ que la carte rÈseau \DEVICE\TCPIP_{0C2483F7-E85D-4FE4-A1E6-F7DA199C83CC} Ètait connectÈe au rÈseau,
    et a lancÈ une opÈration normale sur la carte rÈseau.

    Record Number: 188927
    Source Name: Tcpip
    Time Written: 20090823123644.000000+120
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: G-1CF5BB80BF604
    Event Code: 103
    Message: msnmsgr (2568) \\.\C:\Documents and Settings\GÈricom\Local Settings\Application Data\Microsoft\Messenger\mathieu_cocquerel@hotmail.com\SharingMetadata\Working\database_A6C4_BABC_C4BA_8DD5\dfsr.db: Le moteur de base de donnÈes a arrÍtÈ une instance (0).

    Record Number: 7602
    Source Name: ESENT
    Time Written: 20090414000000.000000+120
    Event Type: Informations
    User:

    Computer Name: G-1CF5BB80BF604
    Event Code: 102
    Message: msnmsgr (2568) \\.\C:\Documents and Settings\GÈricom\Local Settings\Application Data\Microsoft\Messenger\mathieu_cocquerel@hotmail.com\SharingMetadata\Working\database_A6C4_BABC_C4BA_8DD5\dfsr.db: Le moteur de base de donnÈes a dÈmarrÈ une nouvelle instance (0).

    Record Number: 7601
    Source Name: ESENT
    Time Written: 20090413234437.000000+120
    Event Type: Informations
    User:

    Computer Name: G-1CF5BB80BF604
    Event Code: 100
    Message: msnmsgr (2568) Le moteur de base de donnÈes 5.01.2600.2780 est dÈmarrÈ.

    Record Number: 7600
    Source Name: ESENT
    Time Written: 20090413234437.000000+120
    Event Type: Informations
    User:

    Computer Name: G-1CF5BB80BF604
    Event Code: 101
    Message: msnmsgr (2568) Le moteur de base de donnÈes est arrÍtÈ.

    Record Number: 7599
    Source Name: ESENT
    Time Written: 20090413234300.000000+120
    Event Type: Informations
    User:

    Computer Name: G-1CF5BB80BF604
    Event Code: 103
    Message: msnmsgr (2568) \\.\C:\Documents and Settings\GÈricom\Local Settings\Application Data\Microsoft\Messenger\mathieu_cocquerel@hotmail.com\SharingMetadata\Working\database_A6C4_BABC_C4BA_8DD5\dfsr.db: Le moteur de base de donnÈes a arrÍtÈ une instance (0).

    Record Number: 7598
    Source Name: ESENT
    Time Written: 20090413234300.000000+120
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\PROGRAM FILES\ZONE LABS\ZONEALARM\MAILFRONTIER;C:\PROGRAM FILES\QUICKTIME\QTSYSTEM;C:\PROGRA~1\FARSTONE\VIRTUA~1;
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
    "PROCESSOR_REVISION"=0d08
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "tvdumpflags"=8
    "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
    "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
    "SAFEBOOT_OPTION"=MINIMAL

    -----------------EOF-----------------
    0
  20. mati62
     
    je ne peux tjrs pas ouvrir window normalement, j'ai un ecran noir. Seul le mode sans echec marche. Dois je faire autre chose pour les virus?
    0
  • 1
  • 2