Supprimer privaty center

Bonjour,

J'ai suivis tes instructions par contre pas de rapport pour la premiére etape :
merci d'avance
┌───────────────────────────────────────────────────────────────────┐
│ AD-REMOVER 1.1.3.5 BY C_XX - 19:45:21 │ 05/05/2009 │
│───────────────────────────────────────────────────────────────────│
│ │
│ Nettoyage en cours, veuillez patienter le temps de la suppression.│
│ │
│ (\_/) |/ │
│ (^.^) │
│ (")_(") │
└───────────────────────────────────────────────────────────────────┘

Suppression Adwares Connus terminée
Suppression Eorezo terminée
Suppression It's TV terminée
Nettoyage des fichiers temporaires terminé
Scan additionnel terminé






############################## [ UsbFix V3.016 # Cleaning ]

# User : bahida (Administrateurs) # PC-DE-BAHIDA
# Update on 02/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 19:39:04 | 05/05/2009

# Intel(R) Celeron(R) M CPU 520 @ 1.60GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
# Internet Explorer 7.0.6000.16830
# Windows Firewall Status : Disabled

# C:\ # Disque fixe local # 51,14 Go (10,57 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 50,89 Go (47,03 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM # 111,8 Mo (0 Mo free) [Mon disque] # CDFS

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! C:\Windows\system32\tmp.txt

################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{a20c282f-80df-11dc-aeaf-001c26133089}\Shell\Auto\command

################## [ Listing des fichiers présent ]

[04/05/2009 21:38|--a------|3945] - C:\Ad-Report-Scan-04.05.2009.log
[18/09/2006 23:43|--a------|24] - C:\autoexec.bat
[02/11/2006 11:53|-rahs----|438840] - C:\bootmgr
[19/05/2007 00:02|-ra-s----|8192] - C:\BOOTSECT.BAK
[07/05/1999 11:54|--a------|73651] - C:\cahier.txt
[02/05/2009 21:45|--a------|23085] - C:\ComboFix.txt
[18/09/2006 23:43|--a------|10] - C:\config.sys
[28/04/2009 19:48|--a------|5039] - C:\DESINFECTION PRIVACY.txt
[21/08/1998 20:56|--a------|3] - C:\DESSINER.DER
[07/05/1999 11:54|--a------|1522] - C:\DIRECT.ORT
[04/05/2009 22:27|--a------|2826] - C:\fixnavi.txt
[07/05/1999 11:54|--a------|18616] - C:\GRAMM.ORT
[?|?|?] - C:\hiberfil.sys
[16/08/2005 08:49|---------|40960] - C:\junction.exe
[17/04/2000 19:53|--a------|457728] - C:\Ortho.exe
[08/11/1999 15:15|--a------|24358] - C:\ortho.txt
[?|?|?] - C:\pagefile.sys
[15/03/2000 11:12|--a------|358601] - C:\PHRASES.ORT
[29/04/2009 18:52|--a------|748] - C:\rapport PRIVACY.txt
[29/04/2009 18:51|--a------|748] - C:\rapport.txt
[07/05/1999 11:54|--a------|14391] - C:\REGLES.ORT
[15/10/2007 03:47|--ah-----|25600] - C:\rrdd.LOG
[15/10/2007 03:47|--ah-----|0] - C:\rrdd.LOG1
[15/10/2007 03:47|--ah-----|0] - C:\rrdd.LOG2
[27/04/2009 21:03|--a------|335] - C:\spyhunter.fix
[10/12/2008 01:12|--a------|3563] - C:\ST4UNST.LOG
[15/08/1998 19:06|--a------|3] - C:\Tail640.non
[07/05/1999 11:54|--a------|78710] - C:\TITRE.WMF
[05/05/2009 19:41|--a------|4443] - C:\UsbFix.txt
[18/12/2007 23:38|--a------|162] - C:\YServer.txt
[09/09/1999 11:46|--a------|53760] - C:\zlib98gp.dll

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.

################## [ Cracks / Keygens / Serials ]

C:\Users\bahida\Desktop\SmitfraudFix\o4Patch.exe
C:\Users\bahida\Documents\Azureus Downloads\AcdSee_9_Professional\AcdSee 9 Professional\Acdseepro-Keygen.exe
C:\Users\bahida\Documents\Azureus Downloads\Halo Combat Evolved crack\crack.rar

################## [ ! Fin du rapport # UsbFix V3.016 ! ]

Bonjour,

j'ai retrouvé le rapport ad remove



############################## [ UsbFix V3.016 # Cleaning ]

# User : bahida (Administrateurs) # PC-DE-BAHIDA
# Update on 02/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 19:39:04 | 05/05/2009

# Intel(R) Celeron(R) M CPU 520 @ 1.60GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
# Internet Explorer 7.0.6000.16830
# Windows Firewall Status : Disabled

# C:\ # Disque fixe local # 51,14 Go (10,57 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 50,89 Go (47,03 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM # 111,8 Mo (0 Mo free) [Mon disque] # CDFS

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! C:\Windows\system32\tmp.txt

################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{a20c282f-80df-11dc-aeaf-001c26133089}\Shell\Auto\command

################## [ Listing des fichiers présent ]

[04/05/2009 21:38|--a------|3945] - C:\Ad-Report-Scan-04.05.2009.log
[18/09/2006 23:43|--a------|24] - C:\autoexec.bat
[02/11/2006 11:53|-rahs----|438840] - C:\bootmgr
[19/05/2007 00:02|-ra-s----|8192] - C:\BOOTSECT.BAK
[07/05/1999 11:54|--a------|73651] - C:\cahier.txt
[02/05/2009 21:45|--a------|23085] - C:\ComboFix.txt
[18/09/2006 23:43|--a------|10] - C:\config.sys
[28/04/2009 19:48|--a------|5039] - C:\DESINFECTION PRIVACY.txt
[21/08/1998 20:56|--a------|3] - C:\DESSINER.DER
[07/05/1999 11:54|--a------|1522] - C:\DIRECT.ORT
[04/05/2009 22:27|--a------|2826] - C:\fixnavi.txt
[07/05/1999 11:54|--a------|18616] - C:\GRAMM.ORT
[?|?|?] - C:\hiberfil.sys
[16/08/2005 08:49|---------|40960] - C:\junction.exe
[17/04/2000 19:53|--a------|457728] - C:\Ortho.exe
[08/11/1999 15:15|--a------|24358] - C:\ortho.txt
[?|?|?] - C:\pagefile.sys
[15/03/2000 11:12|--a------|358601] - C:\PHRASES.ORT
[29/04/2009 18:52|--a------|748] - C:\rapport PRIVACY.txt
[29/04/2009 18:51|--a------|748] - C:\rapport.txt
[07/05/1999 11:54|--a------|14391] - C:\REGLES.ORT
[15/10/2007 03:47|--ah-----|25600] - C:\rrdd.LOG
[15/10/2007 03:47|--ah-----|0] - C:\rrdd.LOG1
[15/10/2007 03:47|--ah-----|0] - C:\rrdd.LOG2
[27/04/2009 21:03|--a------|335] - C:\spyhunter.fix
[10/12/2008 01:12|--a------|3563] - C:\ST4UNST.LOG
[15/08/1998 19:06|--a------|3] - C:\Tail640.non
[07/05/1999 11:54|--a------|78710] - C:\TITRE.WMF
[05/05/2009 19:41|--a------|4443] - C:\UsbFix.txt
[18/12/2007 23:38|--a------|162] - C:\YServer.txt
[09/09/1999 11:46|--a------|53760] - C:\zlib98gp.dll

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.

################## [ Cracks / Keygens / Serials ]

C:\Users\bahida\Desktop\SmitfraudFix\o4Patch.exe
C:\Users\bahida\Documents\Azureus Downloads\AcdSee_9_Professional\AcdSee 9 Professional\Acdseepro-Keygen.exe
C:\Users\bahida\Documents\Azureus Downloads\Halo Combat Evolved crack\crack.rar

################## [ ! Fin du rapport # UsbFix V3.016 ! ]

Bonjour,
j'ai un probleme avec privzcy center
j'ai execute les premieres etapes que tu indique sur le forum voici les deux rapport log et info
je te remercie de m'indiquer la démarche à suivre pour supprimer privayy center
merci d'avance

info.txt logfile of random's system information tool 1.06 2009-04-27 18:36:56

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.exe" -uninst
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
40000 lettres types & correspondance-->"C:\Program Files\Anuman Interactive\40000 lettres types & correspondance\unins000.exe"
Acer Arcade Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer Crystal Eye webcam-->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x040c -removeonly -u
Acer Crystal Eye webcam-->C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer eAudio Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57265292-228A-41FA-9AEC-4620CBCC2739}\Setup.exe" -uninstall
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x40c -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x40c -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x40c -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x40c -removeonly
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x40c -removeonly
Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
adsl TV-->C:\Program Files\adslTV\Uninstal.exe
ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Azureus-->C:\Program Files\Azureus\Uninstall.exe
BearShare-->C:\Program Files\BearShare Applications\BearShare\UninstallSurvey.exe C:\Program Files\BearShare Applications\BearShare\UnwiseLauncher.exe /A C:\PROGRA~1\BEARSH~1\BEARSH~1\INSTALL.LOG
Big Kahuna Reef 2-->"C:\Program Files\Acer GameZone\Big Kahuna Reef 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef 2\install.log"
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
Cake Mania-->"C:\Program Files\Acer GameZone\Cake Mania\Uninstall.exe" "C:\Program Files\Acer GameZone\Cake Mania\install.log"
CamfrogWEB Advanced ActiveX Plugin (remove only)-->"C:\Program Files\CFWebAdvancedU\Uninstall.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}
Digital Hairdressing Salon-->"C:\Program Files\MyPlayCity.com\Digital Hairdressing Salon\unins000.exe"
Digital Photo Navigator 1.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}\setup.EXE" -l0x9
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dynasty-->"C:\Program Files\Acer GameZone\Dynasty\Uninstall.exe" "C:\Program Files\Acer GameZone\Dynasty\install.log"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
eoEngine 7.0-->"C:\Program Files\EoRezo\unins000.exe"
FreeBot 1.0-->C:\Program Files\FreeBot\uninst.exe
Freeplayer-->C:\Program Files\Freeplayer\Uninstall.exe
Galapago-->"C:\Program Files\Acer GameZone\Galapago\Uninstall.exe" "C:\Program Files\Acer GameZone\Galapago\install.log"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -IAcrZUn32z.inf
HeroCodec-->"C:\Program Files\HeroCodec\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
ItsTV 3.0-->"C:\Program Files\ItsLabel\unins000.exe"
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
Luxor 2-->"C:\Program Files\Acer GameZone\Luxor 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Luxor 2\install.log"
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MyPlayCity Toolbar-->C:\PROGRA~1\MYPLAY~1\UNWISE.EXE C:\PROGRA~1\MYPLAY~1\INSTALL.LOG
Mystery Case Files - Prime Suspects-->"C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\install.log"
Mystery Case Files Ravenhearst-->"C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\install.log"
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
Orthogramme-->C:\Windows\ST4UNST.EXE -n "C:\ST4UNST.LOG"
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PowerCinema NE for Everio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39CEE1F2-12B6-4C50-9131-04BFCA110578}\setup.exe" -uninstall
PowerDirector Express-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Privacy center-->C:\Program Files\Privacy center\uninstall.exe
Quick Zip 4.60.019-->"C:\Program Files\QuickZip4\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Star Defender 3-->"C:\Program Files\Acer GameZone\Star Defender 3\Uninstall.exe" "C:\Program Files\Acer GameZone\Star Defender 3\install.log"
StylORImage-->MsiExec.exe /I{E96D5415-7D76-4115-A7F4-3C0108BF0D09}
Treasures of the Deep-->"C:\Program Files\Acer GameZone\Treasures of the Deep\Uninstall.exe" "C:\Program Files\Acer GameZone\Treasures of the Deep\install.log"
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VideoLAN VLC media player 0.8.6h-->C:\Program Files\adslTV\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Yahoo! Extras-->C:\PROGRA~1\Yahoo!\common\unyext.exe
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\common\YINSTH~1.DLL
Zuma Deluxe-->"C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log"

======Security center information======

AV: avast! antivirus 4.8.1169 [VPS 080412-0]
AV: Norton Internet Security (disabled) (outdated)
FW: Norton Internet Security (disabled)
AS: Windows Defender (outdated)
AS: Norton Internet Security (disabled) (outdated)
AS: avast! antivirus 4.8.1169 [VPS 080412-0]

======System event log======

Computer Name: PC-de-bahida
Event Code: 34001
Message: ICS_IPV6 n'a pas pu configurer la pile IPv6.
Record Number: 214175
Source Name: Microsoft-Windows-SharedAccess_NAT
Time Written: 20090427145255.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-bahida
Event Code: 30013
Message: L'allocateur DHCP s'est désactivé sur l'adresse IP 82.228.140.192, car l'adresse IP est en dehors de l'étendue 192.168.0.0/255.255.255.0 à partir de laquelle les adresses sont allouées aux clients DHCP. Pour activer l'allocateur sur cette adresse IP, modifiez l'étendue pour y intégrer l'adresse IP, ou modifiez l'adresse IP pour qu'elle puisse faire partie de l'étendue.
Record Number: 214176
Source Name: Microsoft-Windows-SharedAccess_NAT
Time Written: 20090427145255.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-bahida
Event Code: 31004
Message: L'agent proxy DNS n'a pas pu allouer 0 octets de mémoire. Ceci peut indiquer que le système n'a plus beaucoup de mémoire virtuelle, ou que le gestionnaire de mémoire a rencontré une erreur interne.
Record Number: 214178
Source Name: Microsoft-Windows-SharedAccess_NAT
Time Written: 20090427145335.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-bahida
Event Code: 7000
Message: Le service AVG Free On-access Scanner Minifilter Driver x86 n'a pas pu démarrer en raison de l'erreur :
Le texte du message associé au numéro 0xAVG Free On-access Scanner Minifilter Driver x86 est introuvable dans le fichier de messages pour Le texte du message associé au numéro 0x%1 est introuvable dans le fichier de messages pour %2..
Record Number: 214198
Source Name: Service Control Manager
Time Written: 20090427152603.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-bahida
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 214200
Source Name: Tcpip
Time Written: 20090427153301.672400-000
Event Type: Avertissement
User:

=====Application event log=====

Computer Name: PC-de-bahida
Event Code: 3011
Message: Le déchargement des chaînes de compteurs de performances pour le service WmiApRpl (WmiApRpl) a échoué. Le premier DWORD de la section Data contient le code d'erreur.
Record Number: 54306
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090427145800.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-bahida
Event Code: 1002
Message: Le programme notepad.exe version 6.0.6000.16386 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 6f0 Heure de début : 01c9c748ec924f13 Heure de fin : 4
Record Number: 54308
Source Name: Application Hang
Time Written: 20090427150303.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-bahida
Event Code: 12290
Message: Avertissement du service de cliché instantané des volumes : ASR writer Error 0x80070565. hr = 0x00000000.

Opération :
Événement OnIdentify
Données du rédacteur en cours de collecte

Contexte :
Contexte d’exécution: ASR Writer
ID de classe du rédacteur: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Nom du rédacteur: ASR Writer
ID d’instance du rédacteur: {4e5b0580-35dd-4ce7-82ad-6332d9ddbc13}
Record Number: 54312
Source Name: VSS
Time Written: 20090427152533.000000-000
Event Type: Avertissement
User:

Computer Name: PC-de-bahida
Event Code: 8193
Message: Échec de la création d’un point de restauration sur le volume (Processus = C:\Users\bahida\AppData\Local\Temp\7zSB24E.tmp\avgsetup.exe ; Description = Installed AVG Free 8.5 ; Hr = 0x81000109).
Record Number: 54314
Source Name: System Restore
Time Written: 20090427152555.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-bahida
Event Code: 1002
Message: Le programme iexplore.exe version 7.0.6000.16830 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 9a4 Heure de début : 01c9c74cb708b973 Heure de fin : 87
Record Number: 54315
Source Name: Application Hang
Time Written: 20090427153213.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: PC-de-bahida
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-BAHIDA$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x260
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Adresse du réseau : -
Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 57941
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081227141138.123332-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-bahida
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-BAHIDA$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x260
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 57942
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081227141138.123332-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-bahida
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 57943
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081227141138.123332-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-bahida
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\eNetHook.dll
Record Number: 57944
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081227141142.772162-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-bahida
Event Code: 5056
Message: Un autotest de chiffrement a été effectué.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-BAHIDA$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Module : ncrypt.dll

Code de retour : 0x0
Record Number: 57945
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081227141143.926569-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=1

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by bahida at 2009-04-27 18:36:17
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 10 GB (19%) free of 52 GB
Total RAM: 1014 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36:44, on 27/04/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Privacy center\pc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\helppane.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\bahida\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WBHZ98H\RSIT[1].exe
C:\Program Files\trend micro\bahida.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - C:\PROGRA~1\PRIVAC~1\tools\sp\spp.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 40\imc.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [qkgkema] "c:\users\bahida\appdata\local\qkgkema.exe" qkgkema
O4 - HKCU\..\Run: [agent.exe] C:\Program Files\Privacy center\agent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10811} (FlyLoader Class) - http://www.flysuite.com/flyword/loaderword_win_fr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8D7F954-BAEB-49F7-93B4-3F3F2FF8A4F8}: NameServer = 85.255.112.67,85.255.112.170
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.67,85.255.112.170
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.67,85.255.112.170
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.67,85.255.112.170
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Bonjour

j'ai suivi tes instructions voici le rapport merci d'avance


SmitFraudFix v2.412

Scan done at 19:37:23,39, 28/04/2009
Run from C:\Users\bahida\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Privacy center\pc.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter3.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\helppane.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\autorun.inf FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\bahida


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\bahida\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\bahida\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\bahida\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="eNetHook.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Carte réseau Broadcom 802.11g
DNS Server Search Order: 85.255.112.67
DNS Server Search Order: 85.255.112.170



»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Bonjour,

j'ai suivi tes instructions :

j'ai lancer le programme smitfraudfix
Par contre j'ai installé le programme MBAM en conchant bien l'option " mettre à jour MBAM" , mais je n'arrive pas à le lancer , quand je veuxSmitFraudFix v2.412

Scan done at 18:51:25,56, 29/04/2009
Run from C:\Users\bahida\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Carte réseau Broadcom 802.11g
DNS Server Search Order: 85.255.112.67
DNS Server Search Order: 85.255.112.170


»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

Description: Carte réseau Broadcom 802.11g
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E8D7F954-BAEB-49F7-93B4-3F3F2FF8A4F8}: DhcpNameServer=212.27.40.240 212.27.40.241


executer le programme la boite de dialogue disparait et rien

voici le premier rapport smithfrzudfix

Merci

Bonjour,

j'ai effectué les mise à jour dans MBAM et fais les scans j'ai redemarrer Windows et le virus semble parti , mon bureau s'affiche normalement
1000 MERCI
Voici les derniers rapports

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2062
Windows 6.0.6000

30/04/2009 20:20:36
mbam-log-2009-04-30 (20-20-36).txt

Type de recherche: Examen rapide
Eléments examinés: 75212
Temps écoulé: 8 minute(s), 38 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 14
Fichier(s) infecté(s): 32

Processus mémoire infecté(s):
C:\Program Files\Privacy center\pc.exe (Rogue.PrivacyCenter) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Program Files\Privacy center\tools\sp\spp.dll (Trojan.FakeAlert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\spp.tiebho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HeroCodecSoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Users\bahida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Privacy center (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privacy center (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Program Files\Privacy center (Rogue.PrivacyCenter) -> Delete on reboot.
C:\Program Files\Privacy center\sounds (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Program Files\Privacy center\tools (Rogue.PrivacyCenter) -> Delete on reboot.
C:\Program Files\Privacy center\tools\sc (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Program Files\Privacy center\tools\sp (Rogue.PrivacyCenter) -> Delete on reboot.
C:\Users\bahida\AppData\Roaming\Privacy center (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Users\bahida\AppData\Roaming\Privacy center\dbases (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Users\bahida\AppData\Roaming\Privacy center\keys (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Users\bahida\AppData\Roaming\Privacy center\temp (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Users\bahida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\HeroCodec (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Privacy center\tools\sp\spp.dll (Trojan.BHO) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privacy center\Privacy center.lnk (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Program Files\Privacy center\pc.exe (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Program Files\Privacy center\uninstall.exe (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Program Files\Privacy center\sounds\1.mp3 (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Program Files\Privacy center\sounds\3.mp3 (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Program Files\Privacy center\tools\sc\ca.crt (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Program Files\Privacy center\tools\sc\libeay32.dll (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Program Files\Privacy center\tools\sc\libssl32.dll (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Program Files\Privacy center\tools\sc\OemWin2k.inf (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Program Files\Privacy center\tools\sc\openvpn.exe (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Program Files\Privacy center\tools\sc\tap0801.sys (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Program Files\Privacy center\tools\sc\tapinstall.exe (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Users\bahida\AppData\Roaming\Privacy center\dbases\cg.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Users\bahida\AppData\Roaming\Privacy center\dbases\mw.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Users\bahida\AppData\Roaming\Privacy center\dbases\rd.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Users\bahida\AppData\Roaming\Privacy center\dbases\sc.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Users\bahida\AppData\Roaming\Privacy center\dbases\sm.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Users\bahida\AppData\Roaming\Privacy center\dbases\sp.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Users\bahida\AppData\Roaming\Privacy center\keys\cg.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Users\bahida\AppData\Roaming\Privacy center\keys\rd.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Users\bahida\AppData\Roaming\Privacy center\keys\sc.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Users\bahida\AppData\Roaming\Privacy center\keys\sp.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Users\bahida\AppData\Roaming\Privacy center\temp\mwactive (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Users\bahida\AppData\Roaming\Privacy center\temp\settings.ini (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Users\bahida\AppData\Roaming\Privacy center\temp\spfilter (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HeroCodec\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\HeroCodec\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-8-3-68-100020955-100026671-100013406-2563.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Windows\System32\gxvxccounter (Trojan.DNSchanger) -> Quarantined and deleted successfully.

Bonjour ,

j'ai suivi tes instructions ci joint le dernier rapport
merci


ComboFix 09-05-02.4 - bahida 02/05/2009 21:35.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.1014.424 [GMT 2:00]
Lancé depuis: c:\users\bahida\Desktop\ComboFix1.exe
* Un nouveau point de restauration a été créé
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\bahida\AppData\Local\qkgkema.dat
c:\users\bahida\AppData\Local\qkgkema.exe
c:\users\bahida\AppData\Local\qkgkema_nav.dat
c:\users\bahida\AppData\Local\qkgkema_navps.dat
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\gxvxckcsibowhwiwyoppdlvbcbpbjxmihovee.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxckpdowewfngvbpsupppckuoekvrpbbobl.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf
d:\recycler\S-8-3-68-100020955-100026671-100013406-2563.com

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((((((( Fichiers créés du 2009-04-02 au 2009-05-02 ))))))))))))))))))))))))))))))))))))
.

2009-04-30 22:20 . 2008-06-20 01:17 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-04-30 22:20 . 2008-06-20 01:18 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-30 22:20 . 2008-06-20 01:17 622080 ----a-w c:\windows\system32\icardagt.exe
2009-04-30 22:20 . 2008-06-20 01:17 11264 ----a-w c:\windows\system32\icardres.dll
2009-04-30 22:20 . 2008-06-20 01:18 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-04-30 22:20 . 2008-06-20 01:18 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-04-30 22:20 . 2008-06-20 01:18 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-04-30 22:08 . 2008-07-27 18:00 96760 ----a-w c:\windows\system32\dfshim.dll
2009-04-30 22:08 . 2008-07-27 18:00 282112 ----a-w c:\windows\system32\mscoree.dll
2009-04-30 22:08 . 2008-07-27 18:00 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-04-30 22:08 . 2008-07-27 18:00 158720 ----a-w c:\windows\system32\mscorier.dll
2009-04-30 22:08 . 2008-07-27 18:00 83968 ----a-w c:\windows\system32\mscories.dll
2009-04-30 19:42 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-30 19:42 . 2009-04-30 19:42 -------- d-----w c:\programdata\Avira
2009-04-30 19:42 . 2009-04-30 19:42 -------- d-----w c:\users\All Users\Avira
2009-04-30 19:42 . 2009-04-30 19:42 -------- d-----w c:\program files\Avira
2009-04-30 18:24 . 2009-04-30 18:24 94 ----a-w c:\users\bahida\AppData\Local\fusioncache.dat
2009-04-30 18:24 . 2009-05-02 18:51 -------- d-----w c:\users\bahida\AppData\Local\ApplicationHistory
2009-04-30 17:53 . 2009-04-30 17:53 -------- d-----w c:\users\bahida\AppData\Roaming\Malwarebytes
2009-04-29 21:16 . 2009-04-30 17:47 -------- d-----w c:\programdata\Bitdefender
2009-04-29 21:16 . 2009-04-30 17:47 -------- d-----w c:\users\All Users\Bitdefender
2009-04-29 21:09 . 2009-04-29 21:09 -------- d-----w c:\users\bahida\AppData\Roaming\BitDefender
2009-04-29 20:53 . 2009-04-29 20:53 -------- d-----w c:\windows\Sun
2009-04-29 20:06 . 2009-05-02 19:12 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-29 19:57 . 2009-04-29 19:57 -------- d-----w c:\windows\system32\logs
2009-04-29 19:56 . 2009-04-29 20:51 -------- d-----w c:\program files\BitDefender
2009-04-29 19:54 . 2009-04-29 19:54 -------- d-----w c:\windows\system32\URTTEMP
2009-04-29 17:44 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-29 17:44 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 17:44 . 2009-04-29 17:44 -------- d-----w c:\programdata\Malwarebytes
2009-04-29 17:44 . 2009-04-29 17:44 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-29 17:44 . 2009-04-30 17:53 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-28 17:49 . 2009-04-28 17:49 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-04-27 19:02 . 2009-04-27 19:03 9987720 ----a-w c:\users\bahida\SpyHunter-Scanner-Install.exe
2009-04-27 18:52 . 2009-04-30 18:54 -------- d-----w c:\program files\Enigma Software Group
2009-04-27 16:36 . 2009-04-27 16:36 -------- d-----w c:\program files\trend micro
2009-04-27 16:36 . 2009-04-27 16:36 -------- d-----w C:\rsit
2009-04-27 15:46 . 2009-04-27 15:46 -------- d-----w C:\VundoFix Backups
2009-04-17 19:40 . 2009-04-17 19:40 682496 ----a-w c:\windows\system32\CDUninst.exe
2009-04-17 06:24 . 2009-02-13 07:26 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-09 06:39 . 2009-05-02 18:51 -------- d-----w c:\users\bahida\Tracing
2009-04-08 18:39 . 2009-04-08 18:39 -------- d-----w c:\program files\Microsoft
2009-04-08 18:39 . 2009-04-08 18:39 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-08 18:39 . 2009-04-08 18:40 -------- d-----w c:\program files\Windows Live
2009-04-08 18:32 . 2009-04-08 18:32 -------- d-----w c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 19:24 . 2007-10-30 20:38 256 ----a-w c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
2009-05-02 19:18 . 2006-11-02 15:48 49864 ----a-w c:\windows\system32\perfh00C.dat
2009-05-02 19:18 . 2006-11-02 15:48 12112 ----a-w c:\windows\system32\perfc00C.dat
2009-05-02 19:17 . 2009-02-23 17:30 1000 ----a-w c:\windows\Tasks\Google Software Updater.job
2009-05-02 19:14 . 2006-11-02 13:01 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-02 19:12 . 2007-05-19 05:58 12 ----a-w c:\windows\bthservsdp.dat
2009-05-02 18:50 . 2009-02-22 18:54 91 ----a-w c:\users\bahida\AppData\Local\qoygqgi.bat
2009-04-30 22:40 . 2007-05-18 19:22 -------- d-----w c:\program files\Microsoft Works
2009-04-30 18:24 . 2008-11-02 15:17 -------- d-----w c:\program files\ItsLabel
2009-04-29 19:58 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat
2009-04-29 19:58 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-29 19:58 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-27 16:50 . 2009-04-27 16:50 29281 ----a-w c:\program files\info privacy.txt
2009-04-27 16:49 . 2009-04-27 16:49 32707 ----a-w c:\program files\log.txt
2009-04-18 01:59 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-09 19:36 . 2008-04-26 21:19 -------- d-----w c:\program files\adslTV
2009-03-21 13:48 . 2007-05-18 17:53 -------- d-----w c:\program files\Common Files\Adobe
2009-03-21 12:36 . 2008-01-12 14:27 -------- d-----w c:\program files\Micro Application
2009-03-21 12:35 . 2007-10-15 01:47 87888 ----a-w c:\users\bahida\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-21 12:26 . 2009-03-21 12:26 -------- d-----w c:\program files\Anuman Interactive
2009-03-21 12:07 . 2007-11-08 19:31 -------- d-----w c:\program files\OpenOffice.org 2.3
2009-03-21 11:59 . 2008-01-19 01:16 -------- d-----w c:\program files\DivX
2009-03-21 11:48 . 2007-10-15 02:05 5000 ----a-w c:\users\bahida\AppData\Local\d3d9caps.dat
2009-03-17 03:16 . 2009-04-17 06:24 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:16 . 2009-04-17 06:24 14848 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-17 06:24 25600 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:24 . 2009-04-17 06:25 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:24 . 2009-04-17 06:25 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:20 . 2009-04-17 06:24 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:19 . 2009-04-17 06:25 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:19 . 2009-04-17 06:25 549888 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:19 . 2009-04-17 06:25 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:16 . 2009-04-17 06:24 56320 ----a-w c:\windows\system32\iesetup.dll
2009-03-03 04:16 . 2009-04-17 06:25 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:16 . 2009-04-17 06:25 53248 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:16 . 2009-04-17 06:25 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-17 06:24 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:16 . 2009-04-17 06:24 52736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-03-03 04:15 . 2009-04-17 06:24 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-03 02:40 . 2009-04-17 06:25 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:08 . 2009-04-17 06:24 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-03 00:44 . 2009-04-17 06:24 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-02-22 15:43 . 2009-01-19 18:17 91 ----a-w c:\users\bahida\AppData\Local\cuwqs.bat
2009-02-13 07:26 . 2009-04-17 06:25 1233408 ----a-w c:\windows\system32\lsasrv.dll
2009-02-13 07:26 . 2009-04-17 06:24 7680 ----a-w c:\windows\system32\lsass.exe
2009-02-09 01:59 . 2009-03-10 21:21 2028032 ----a-w c:\windows\system32\win32k.sys
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2008-12-10 19:00 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-09-17 13:16 . 2008-09-17 13:16 549159 --sha-r c:\program files\Norton2009Reset.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2008-03-04 11:44 1470488 ----a-w c:\program files\MyPlayCity\tbMyPl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2008-03-04 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2008-03-04 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-12 1232896]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-04-10 678672]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-12 457728]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-05-09 1286144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-25 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-11-07 159744]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-03 206952]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"EoEngine"="c:\program files\EoRezo\EoEngine.exe" [2008-09-23 565248]
"ItsTV"="c:\program files\ItsLabel\ItsTV.exe" [2007-04-26 2908160]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-23 4435968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{175F96DF-C5EB-4968-BADF-494A377B8D69}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{BAD7FF1C-D4DB-4057-98D6-127C72DA215C}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{621E5203-CB92-40EF-9357-6625BD813059}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{9EF820B5-1294-45E0-A3B9-185DD8020A5C}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{CBD7AF82-5E11-460C-BEEE-257F2DDCEE19}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{44F855A2-194D-44D4-93A6-4FEB3304BC70}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{51F581FA-D0C8-4FFE-AC54-18E43F77D1E3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{34759A05-D883-40E7-B2E5-C648F4FB1E7D}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{F9B70211-ADDF-46BA-B094-6A5BA4AE9388}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"TCP Query User{37F6C62D-D235-4EA8-A32E-68E64AC3EE3D}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{E2CA8E19-F7B7-4A3A-94A4-50A5BFCDAEA7}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{CA4327AB-CBC8-425B-8A6D-504BE8A02C98}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{3332CF04-3B57-4C27-9C40-823242379066}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{C8534F8F-7CB1-4122-94CF-B92EF022DBDB}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{98C6A5E2-64F9-4255-8A31-8DA38E026F26}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{68097B0D-68A7-4248-840E-EC552C56F8D8}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9F94DB14-B288-437C-9FF4-3ED7DA74143F}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{F1325E50-8171-46A4-9993-E406477CEF70}c:\\program files\\freeplayer\\vlc\\vlc.exe"= UDP:c:\program files\freeplayer\vlc\vlc.exe:VLC media player
"UDP Query User{3F223CF2-EBB4-4472-9C7C-51868C1079FF}c:\\program files\\freeplayer\\vlc\\vlc.exe"= TCP:c:\program files\freeplayer\vlc\vlc.exe:VLC media player
"TCP Query User{4CF3BC16-5AAB-4063-A3EB-BF300D02891B}c:\\program files\\freeplayer\\vlc\\vlc.exe"= UDP:c:\program files\freeplayer\vlc\vlc.exe:VLC media player
"UDP Query User{061B119F-11EE-4BF0-A1A3-34AF453541B1}c:\\program files\\freeplayer\\vlc\\vlc.exe"= TCP:c:\program files\freeplayer\vlc\vlc.exe:VLC media player
"TCP Query User{EE763FFE-FA52-41BC-AE3D-B71F549DE2C0}c:\\program files\\adsltv\\vlc.exe"= UDP:c:\program files\adsltv\vlc.exe:VLC media player
"UDP Query User{6A275145-625D-4583-A520-62AB17469620}c:\\program files\\adsltv\\vlc.exe"= TCP:c:\program files\adsltv\vlc.exe:VLC media player
"TCP Query User{EA6040E6-47F0-4241-B945-D82E529A13E1}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{16BA9355-6752-405C-8521-7863D9004D7A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{76FCB1B8-BC84-4A3B-8D69-F67AACD7FCDB}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{9C77480B-C7CE-420F-BF2F-55AC25DBE21A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{D2FA9416-4AB1-4CB8-A674-AC6A5AADF48B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{A5A09DC0-4539-4E78-BC44-0B638EC95B27}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{C0F318A1-EC69-44F9-8057-6C20CCA292C1}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{51E61927-B635-499F-AD3F-D0532CBABA4C}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{3F4F2CE7-0C68-41AE-9FCC-594DFB7FAD0E}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{62336DC6-BF06-4A50-BD76-01FD4B3658EF}c:\\program files\\adsltv\\adsltv.exe"= UDP:c:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{BEB0302A-4C53-4C35-B437-86C3E859341E}c:\\program files\\adsltv\\adsltv.exe"= TCP:c:\program files\adsltv\adsltv.exe:adsltv
"{385DE7B0-EA29-4305-A3E6-77420369A4B6}"= c:\program files\CyberLink\PowerDirector Express\PDX.EXE:CyberLink PowerDirector Express
"TCP Query User{3FA97BB6-FF18-40FB-BF7D-F5D60C23A04F}c:\\program files\\itslabel\\itstv.exe"= UDP:c:\program files\itslabel\itstv.exe:Application MFC ITSWebTV
"UDP Query User{F7B195BA-CFD6-4A54-B026-CE4B8D750F2F}c:\\program files\\itslabel\\itstv.exe"= TCP:c:\program files\itslabel\itstv.exe:Application MFC ITSWebTV

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 .norton2009Reset;Norton2009 Reset;c:\program files\Norton2009Reset.exe [2008-09-17 549159]
R3 Arrakis3;BitDefender Arrakis Server; [x]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
R3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; [x]
R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-11-21 202872]
S1 aswSP;avast! Self Protection; [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2006-11-02 14:51 13560]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20560]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a20c282f-80df-11dc-aeaf-001c26133089}]
\shell\Auto\command - F:\auto.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\auto.exe
.
Contenu du dossier 'Tâches planifiées'

2009-05-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-31 20:22]

2009-05-02 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-IMC - c:\program files\FriendFinder\FriendFinder Messenger 40\imc.exe
HKCU-Run-qkgkema - c:\users\bahida\appdata\local\qkgkema.exe
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)


.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = google.fr/
mStart Page = hxxp://fr.yahoo.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10811} - hxxp://www.flysuite.com/flyword/loaderword_win_fr.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 21:42
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

? [15056]
? [15064]
Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\eNetHook.dll

- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\eNetHook.dll
.
Heure de fin: 2009-05-02 21:45
ComboFix-quarantined-files.txt 2009-05-02 19:45

Avant-CF: 7 782 449 152 octets libres
Après-CF: 9 239 601 152 octets libres

300 --- E O F --- 2009-04-30 22:43

-------
Bonjour,

J'ai suivi tes instructions parcontre pour l'application navilog elle a buger en cours pas de rapport
Quel antivirus peux tu me conseiller?
mille merci









LOGFILE OF AD-REMOVER 1.1.3.5 | ONLY XP/VISTA -------

Updated by C_XX on 03/05/2009 at 11:10
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

Start at: 21:16:17, 04/05/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows Vista™ Home Premium (version 6.0.6000)
Computer Name: PC-DE-BAHIDA
Current User: bahida - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- E:\ (File System: CDFS)

============ Known Adwares Found ============

.
HKCU\Software\AppDataLow\software\Conduit
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
HKCR\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
.
C:\Program Files\Conduit
C:\Users\bahida\Appdata\LocalLow\Conduit
C:\Users\bahida\AppData\Local\Temp\nsw47CB.tmp
C:\Users\bahida\AppData\Roaming\Microsoft\Windows\Cookies\bahida@atdmt[1].txt
C:\Users\bahida\AppData\Roaming\Microsoft\Windows\Cookies\bahida@bs.serving-sys[1].txt

+-----------------| Eorezo Elements Found:

HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
.
C:\Program Files\EoRezo
C:\Users\bahida\AppData\Roaming\EoRezo
C:\Users\bahida\AppData\Roaming\Microsoft\Windows\Cookies\bahida@ads.eorezo[2].txt
C:\Users\bahida\AppData\Roaming\Microsoft\Windows\Cookies\bahida@eorezo[2].txt

+-----------------| It's TV Elements Found:

HKCU\Software\ItsLabel
HKLM\Software\ItsLabel
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ItsTV_is1
HKU\S-1-5-21-3234030542-3181891243-2995247106-1000\Software\ItsLabel
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ItsTv
.
C:\Program Files\ItsLabel
C:\Users\bahida\AppData\Roaming\ItsLabel
C:\ProgramData\Microsoft\Windows\Startm~1\Programs\ItsLabel

+-----------------| Sweetim Elements Found:

.

+-----------------| Added Scan:

---- Internet Explorer Version 7.0.6000.16830 ----

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\S-1-5-21-3234030542-3181891243-2995247106-1000\..\Internet Explorer\Main]

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://fr.yahoo.com

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://www.lo.st

+---------------------------------------------------------------------------+

3716 Byte(s) - C:\Ad-Report-Scan-04.05.2009.log

1 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
0 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

End at: 21:38:45 | 04/05/2009
.
+-----------------| E.O.F
.




############################## [ UsbFix V3.016 # Scan ]

# User : bahida (Administrateurs) # PC-DE-BAHIDA
# Update on 02/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:43:57 | 04/05/2009

# Intel(R) Celeron(R) M CPU 520 @ 1.60GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
# Internet Explorer 7.0.6000.16830
# Windows Firewall Status : Disabled

# C:\ # Disque fixe local # 51,14 Go (10,59 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 50,89 Go (47,03 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM # 111,8 Mo (0 Mo free) [Mon disque] # CDFS

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wuauclt.exe
C:\Users\bahida\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\Windows\\system32\\blank.htm"
HKCU_Main: "SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="google.fr/"
HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: IAAnotif="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
HKLM_Run: RtHDVCpl=RtHDVCpl.exe
HKLM_Run: LManager=C:\PROGRA~1\LAUNCH~1\LManager.exe
HKLM_Run: eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
HKLM_Run: eAudio="C:\Acer\Empowering Technology\eAudio\eAudio.exe"
HKLM_Run: IgfxTray=C:\Windows\system32\igfxtray.exe
HKLM_Run: HotKeysCmds=C:\Windows\system32\hkcmd.exe
HKLM_Run: Persistence=C:\Windows\system32\igfxpers.exe
HKLM_Run: Apoint=C:\Program Files\Apoint2K\Apoint.exe
HKLM_Run: PLFSet=rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
HKLM_Run: PlayMovie="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
HKLM_Run: Acer Tour Reminder=C:\Acer\AcerTour\Reminder.exe
HKLM_Run: WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
HKLM_Run: EoEngine="C:\Program Files\EoRezo\EoEngine.exe"
HKLM_Run: ItsTV="C:\Program Files\ItsLabel\ItsTV.exe"
HKLM_Run: EverioService="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
HKLM_Run: BitDefender Antiphishing Helper="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
HKLM_Run: avgnt="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKCU_Run: MsnMsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU_Run: ehTray.exe=C:\Windows\ehome\ehTray.exe
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: Acer Tour Reminder=

################## [ Informations ]


################## [ Fichiers # Dossiers infectieux ]

Found ! C:\Windows\system32\tmp.txt

################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{a20c282f-80df-11dc-aeaf-001c26133089}\Shell\Auto\command
HKCU\Software\Microsoft\....\MountPoints2\{a20c282f-80df-11dc-aeaf-001c26133089}\Shell\AutoRun\command

################## [ ! Fin du rapport # UsbFix V3.016 ! ]

Bonjour,

Voici les nouveaux rapports :
merci beaucoup


------- LOGFILE OF AD-REMOVER 1.1.3.5 | ONLY XP/VISTA -------

Updated by C_XX on 03/05/2009 at 11:10
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

Start at: 21:16:17, 04/05/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows Vista™ Home Premium (version 6.0.6000)
Computer Name: PC-DE-BAHIDA
Current User: bahida - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- E:\ (File System: CDFS)

============ Known Adwares Found ============

.
HKCU\Software\AppDataLow\software\Conduit
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
HKCR\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
.
C:\Program Files\Conduit
C:\Users\bahida\Appdata\LocalLow\Conduit
C:\Users\bahida\AppData\Local\Temp\nsw47CB.tmp
C:\Users\bahida\AppData\Roaming\Microsoft\Windows\Cookies\bahida@atdmt[1].txt
C:\Users\bahida\AppData\Roaming\Microsoft\Windows\Cookies\bahida@bs.serving-sys[1].txt

+-----------------| Eorezo Elements Found:

HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
.
C:\Program Files\EoRezo
C:\Users\bahida\AppData\Roaming\EoRezo
C:\Users\bahida\AppData\Roaming\Microsoft\Windows\Cookies\bahida@ads.eorezo[2].txt
C:\Users\bahida\AppData\Roaming\Microsoft\Windows\Cookies\bahida@eorezo[2].txt

+-----------------| It's TV Elements Found:

HKCU\Software\ItsLabel
HKLM\Software\ItsLabel
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ItsTV_is1
HKU\S-1-5-21-3234030542-3181891243-2995247106-1000\Software\ItsLabel
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ItsTv
.
C:\Program Files\ItsLabel
C:\Users\bahida\AppData\Roaming\ItsLabel
C:\ProgramData\Microsoft\Windows\Startm~1\Programs\ItsLabel

+-----------------| Sweetim Elements Found:

.

+-----------------| Added Scan:

---- Internet Explorer Version 7.0.6000.16830 ----

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\S-1-5-21-3234030542-3181891243-2995247106-1000\..\Internet Explorer\Main]

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://fr.yahoo.com

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://www.lo.st

+---------------------------------------------------------------------------+

3716 Byte(s) - C:\Ad-Report-Scan-04.05.2009.log

1 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
0 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

End at: 21:38:45 | 04/05/2009
.
+-----------------|

Logfile of random's system information tool 1.06 (written by random/random)
Run by bahida at 2009-05-06 19:27:45
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 12 GB (22%) free of 52 GB
Total RAM: 1014 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:22, on 06/05/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Users\bahida\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\bahida\Desktop\RSIT.exe
C:\Program Files\trend micro\bahida.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10811} (FlyLoader Class) - http://www.flysuite.com/flyword/loaderword_win_fr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

rig95 : Tu en as d'autres des bonnes blagues de ce genre ?