navigation impossible virus? Fermé

Question

Bonjour,

excusez moi de vous déranger j'aurais souhaiter obtenir un conseil voire une solution a propos d'un soucis que j'ai avec mon pc depuis quelques jours.
je suis sous windows vista et n'arrive tout simplement plus a naviguer a l'aide de mes navigateur après avoir passé plusieurs jour a plancher sur la piste technqique je me suis demandée si il ne s'agissait pas avant tout d'un virus.
et c'est vrai que depuis ces quelques jours je reçoit un message d'erreur ayant pour titre pctsTray.exe indiquant l'absence d'un fichier rtl100.bpl.
et pardessus ça j'ai tenté de désinstaller spyware doctor (qui est apparut dans mon pc je ne sais comment??!!) et je reçoit un message en anglais m'indiquant ces réferences spywaredoctor/unins000.msg

puis-je régler ce problème par moi- même? ou dois-je appeller un technicien d'assistance en informatique?

Ced_King · Answer

Salut, 

- On va vérifier,

- Sous vista, desactives le controle des comptes utilisateurs --> panneau de config --> comptes utilisateur --> desactiver le controle des comptes utilisateurs 

Telecharges RSIT " Random's System Information Tool " sur ton bureau : http://images.malwareremoval.com/random/RSIT.exe 

- Fermes toutes les applications en cours et clic-droit ( executer en tant qu'admin.) sur RSIT.exe 
- Selectionnes " Continue " à l'ecran >> RSIT va analyser le pc et verifier si l'outil hijackthis ( version à jour) est present sur le pc, si ce n'est pas le cas, RSIT le telechargera >> acceptes la license 
- Une fois l'analyse terminée, 2 rapports.txt s'ouvrent, log.txt à l'écran et info.txt dans la barre des taches 
- Postes le contenu des 2 rapports 
. __

hibiscus · Answer

RSIT est actuellement en route. n'ayant pas de connexion actuellement sur le pc défectueux puis-je télécharger hijackthis indépendament ? (je transfert tout ceci a l'aide d'une clef usb)

Ced_King · Answer

OK !!!

Ced_King · Answer

n'ayant pas de connexion actuellement sur le pc défectueux puis-je télécharger hijackthis indépendament ? (je transfert tout ceci a l'aide d'une clef usb)

 pourtant c'est bien avec le pc malade que tu as posté ton message ??

Configuration: Windows vista famillial
Internet Explorer 6.0
.

hibiscus · Answer

voici le log hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:12, on 02/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: []  (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: []  (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

hibiscus · Answer

voici le log info :


info.txt logfile of random's system information tool 1.06 2009-04-02 11:38:51

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acer Arcade Live Main Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\SETUP.exe"  -uninstall
Acer DV Magician-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\SETUP.exe"  -uninstall
Acer DVDivine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\SETUP.exe"  -uninstall
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c  -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x40c  -removeonly
Acer HomeMedia-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\SETUP.exe"  -uninstall
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9  -removeonly
Acer SlideShow DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41581EF5-45A7-11DA-9D78-000129760D75}\SETUP.exe"  -uninstall
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c  -removeonly
Acer VideoMagician-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\SETUP.exe"  -uninstall
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Edition Découverte 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI Uninstaller-->C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
Babylon-->C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Ciel Comptes Personnels 4.0-->MsiExec.exe /I{0A2F400B-5F93-4D3F-92E6-68CCE4D9673B}
Code de la Route - Objectif Examen-->MsiExec.exe /X{39853B6B-FA3D-4040-805D-957CE51C4D0D}
CVitae 2.1.1-->"C:\Program Files\CVitae\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x040c
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Home Media Server 4.2.0.32-->C:\Program Files\SimpleCenter\uninstall.exe
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->MsiExec.exe /I{E5145D2D-793B-4A16-BA42-3F13EEAA7D5E}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
My Web Search (Zwinky)-->rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsbar.dll,O 
NATHAN Vacances CE1 V.1.00 (C:)-->"C:\Nathan Vacances CE1\Uninst.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia Lifeblog 2.5-->MsiExec.exe /I{E94603CA-2996-4154-8EE2-A5FCD4BFB500}
Nokia MTP driver-->MsiExec.exe /I{6D3A2A6C-59CD-4A6D-9516-0A34C393ED95}
Nokia NSeries Content Copier-->MsiExec.exe /X{F779EC8D-6703-4C4A-817C-37B07898E647}
Nokia NSeries Multimedia Player-->MsiExec.exe /I{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}
Nokia NSeries System Utilities-->MsiExec.exe /X{96E94E18-54D6-42C1-8FC4-24DACEDC3395}
Nokia PC Suite-->C:\ProgramData\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_fre_web.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly 
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live OneCare Contrôle parental-->MsiExec.exe /X{3677FD57-D0DE-47CD-942E-99913D04C135}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\common\unyt.exe

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 080827-0]
AS: Spyware Doctor
AS: Windows Defender
AS: avast! antivirus 4.8.1229 [VPS 080827-0]

======System event log======

Computer Name: pc-Extreme
Event Code: 7009
Message: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service PC Tools Auxiliary Service.
Record Number: 142454
Source Name: Service Control Manager
Time Written: 20090402093819.000000-000
Event Type: Erreur
User: 

Computer Name: pc-Extreme
Event Code: 7000
Message: Le service PC Tools Auxiliary Service n'a pas pu démarrer en raison de l'erreur : 
Le service n'a pas répondu assez vite à la demande de lancement ou de contrôle.
Record Number: 142455
Source Name: Service Control Manager
Time Written: 20090402093819.000000-000
Event Type: Erreur
User: 

Computer Name: pc-Extreme
Event Code: 7009
Message: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service PC Tools Security Service.
Record Number: 142456
Source Name: Service Control Manager
Time Written: 20090402093819.000000-000
Event Type: Erreur
User: 

Computer Name: pc-Extreme
Event Code: 7000
Message: Le service PC Tools Security Service n'a pas pu démarrer en raison de l'erreur : 
Le service n'a pas répondu assez vite à la demande de lancement ou de contrôle.
Record Number: 142457
Source Name: Service Control Manager
Time Written: 20090402093819.000000-000
Event Type: Erreur
User: 

Computer Name: pc-Extreme
Event Code: 7023
Message: Le service Windows Live OneCare Contrôle parental s'est arrêté avec l'erreur : 
Une erreur s'est produite lors de la lecture ou de l'écriture dans un fichier.
Record Number: 142480
Source Name: Service Control Manager
Time Written: 20090402093819.000000-000
Event Type: Erreur
User: 

=====Application event log=====

Computer Name: pc-Extreme
Event Code: 1001
Message: Échec de détection du produit ‘{3677FD57-D0DE-47CD-942E-99913D04C135}’, fonctionnalité ‘WebFiltering’ lors de la demande du composant ‘{6D6FC305-112F-4A6C-997E-7AE3216006EC}’
Record Number: 45758
Source Name: MsiInstaller
Time Written: 20090402093703.000000-000
Event Type: Avertissement
User: pc-Extreme\Extreme

Computer Name: pc-Extreme
Event Code: 11706
Message: Produit : Windows Live OneCare Contrôle parental -- Erreur 1706. Aucun package d’installation pour le produit Windows Live OneCare Contrôle parental n’a été trouvé. Recommencez l’installation en utilisant une copie valide du package d’installation ‘fssclient.msi’.
Record Number: 45760
Source Name: MsiInstaller
Time Written: 20090402093707.000000-000
Event Type: Erreur
User: pc-Extreme\Extreme

Computer Name: pc-Extreme
Event Code: 1000
Message: Application défaillante pctsTray.exe, version 5.5.0.106, horodatage 0x2a425e19, module défaillant rtl100.bpl, version 6.0.6001.18000, horodatage 0x4791a7a6, code d’exception 0xc0000135, décalage d’erreur 0x00009cac, ID du processus 0xd48, heure de début de l’application 0x01c9b37693246086.
Record Number: 45766
Source Name: Application Error
Time Written: 20090402093748.000000-000
Event Type: Erreur
User: 

Computer Name: pc-Extreme
Event Code: 20227
Message: CoID={A3BD8CC1-3EE1-48A7-A83B-B4F6E5366722} : L’utilisateur pc-Extreme\Extreme a composé le numéro de la connexion Connexion haut débit. La connexion a échoué. Code d’erreur retourné : 0.
Record Number: 45770
Source Name: RasClient
Time Written: 20090402093814.000000-000
Event Type: Erreur
User: 

Computer Name: pc-Extreme
Event Code: 20227
Message: CoID={68499FB2-CDE7-41E3-892F-8F48DFD5F5AA} : L’utilisateur pc-Extreme\Extreme a composé le numéro de la connexion Connexion haut débit. La connexion a échoué. Code d’erreur retourné : 0.
Record Number: 45774
Source Name: RasClient
Time Written: 20090402093844.000000-000
Event Type: Erreur
User: 

=====Security event log=====

Computer Name: pc-Extreme
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
	ID de sécurité :		S-1-5-18
	Nom du compte :		PC-EXTREME$
	Domaine du compte :		WORKGROUP
	ID d’ouverture de session :		0x3e7

Type d’ouverture de session :			5

Nouvelle ouverture de session :
	ID de sécurité :		S-1-5-18
	Nom du compte :		SYSTEM
	Domaine du compte :		AUTORITE NT
	ID d’ouverture de session :		0x3e7
	GUID d’ouverture de session :		{00000000-0000-0000-0000-000000000000}

Informations sur le processus :
	ID du processus :		0x278
	Nom du processus :		C:\Windows\System32\services.exe

Informations sur le réseau :
	Nom de la station de travail :	
	Adresse du réseau source :	-
	Port source :		-

Informations détaillées sur l’authentification :
	Processus d’ouverture de session :		Advapi  
	Package d’authentification :	Negotiate
	Services en transit :	-
	Nom du package (NTLM uniquement) :	-
	Longueur de la clé :		0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
	- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
	- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
	- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
	- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 25337
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081210220248.766400-000
Event Type: Succès de l'audit
User: 

Computer Name: pc-Extreme
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
	ID de sécurité :		S-1-5-18
	Nom du compte :		SYSTEM
	Domaine du compte :		AUTORITE NT
	ID d’ouverture de session :		0x3e7

Privilèges :		SeAssignPrimaryTokenPrivilege
			SeTcbPrivilege
			SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeAuditPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
Record Number: 25338
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081210220248.766400-000
Event Type: Succès de l'audit
User: 

Computer Name: pc-Extreme
Event Code: 1100
Message: Le service d’enregistrement des événements a été arrêté.
Record Number: 25339
Source Name: Microsoft-Windows-Eventlog
Time Written: 20081210220300.263600-000
Event Type: Succès de l'audit
User: 

Computer Name: pc-Extreme
Event Code: 4634
Message: Fermeture de session d’un compte.

Sujet :
	ID de sécurité :		S-1-5-7
	Nom du compte :		ANONYMOUS LOGON
	Domaine du compte :		AUTORITE NT
	ID du compte :		0x29489

Type d’ouverture de session :			3

Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.
Record Number: 25340
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081210220307.626800-000
Event Type: Succès de l'audit
User: 

Computer Name: pc-Extreme
Event Code: 4616
Message: L’heure du système a été modifiée.

Sujet :
	ID de sécurité :		S-1-5-19
	Nom du compte :		SERVICE LOCAL
	Domaine du compte :		AUTORITE NT
	ID d’ouverture de session :		0x3e5

Informations sur le processus :
	ID du processus :	0x530
	Nom :		C:\Windows\System32\svchost.exe

Heure précédente :		23:03:09 10/12/2008
Nouvelle heure :		23:03:09 10/12/2008

Cet événement est généré lorsque l’heure du système est modifiée. Le changement régulier de l’heure du système est une opération normale de la part du service de temps Windows qui s’exécute avec des privilèges système. Mais, d’autres modifications de l’heure du système peuvent indiquer des tentatives de falsification de l’ordinateur.
Record Number: 25341
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081210220309.451200-000
Event Type: Succès de l'audit
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

hibiscus · Answer

et le log.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Extreme at 2009-04-02 11:38:41
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 14 GB (20%) free of 71 GB
Total RAM: 767 MB (26% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows	asks\Vérifier les mises à jour de Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL [2007-12-10 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL [2007-12-10 405588]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live OneCare Family Safety Browser Helper Class - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll [2007-12-17 56360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-24 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-24 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-25 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-24 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-24 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-06 151552]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL [2007-12-10 405588]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-24 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-23 4423680]
"Acer Tour"= []
"Acer Empowering Technology Monitor"=C:\Acer\Empowering Technology\SysMonitor.exe [2007-01-24 319488]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-02-07 464168]
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"eRecoveryService"= []
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-02-15 151552]
"Apanel"=C:\ACERSW\config\NewSetApanel.cmd []
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [2007-12-10 32838]
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe [2007-12-10 24677]
"Babylon Client"=C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [2007-12-18 3116768]
"NWEReboot"= []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"fssui"=C:\Program Files\Windows Live\Contrôle parental\fssui.exe [2007-12-17 243240]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-24 136600]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-02-01 1103240]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [2005-06-23 57344]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-11 342312]
"sclauncher"=C:\Program Files\SimpleCenter\bin\win\sclauncher.exe [2007-09-07 94208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-02-15 151552]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [2007-12-10 32838]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-16 39408]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption"
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32d541f7-b803-11dc-a1c9-001c2524d069}]
shell\Auto\command - tel.xls.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7fdbbe1-3c0d-11dc-a43c-806e6f6e6963}]
shell\AutoRun\command - E:\Kit.exe


======List of files/folders created in the last 1 months======

2009-04-02 11:38:42 ----D---- C:\Program Files	rend micro
2009-04-02 11:38:41 ----D---- C:sit
2009-04-02 09:38:40 ----A---- C:\Windows
tbtlog.txt
2009-03-26 00:19:52 ----D---- C:\Program Files\Common Files\MainConcept
2009-03-25 22:35:17 ----D---- C:\ProgramData\Messenger Plus!
2009-03-23 21:33:44 ----D---- C:\Program Files\Microsoft Silverlight
2009-03-23 21:32:12 ----D---- C:\Program Files\Microsoft Sync Framework
2009-03-23 21:27:02 ----D---- C:\Program Files\Microsoft
2009-03-23 21:26:40 ----D---- C:\Program Files\Windows Live SkyDrive
2009-03-22 12:05:53 ----D---- C:\Program Files\Common Files\Windows Live
2009-03-22 12:05:00 ----A---- C:\Windows\system32\MRT.INI
2009-03-12 21:37:31 ----A---- C:\Windows\system32\GEARAspi.dll
2009-03-12 21:37:13 ----D---- C:\Program Files\iPod
2009-03-12 21:37:07 ----D---- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-12 21:37:07 ----D---- C:\Program Files\iTunes
2009-03-12 21:34:41 ----D---- C:\Program Files\QuickTime
2009-03-11 11:33:03 ----A---- C:\Windows\system32\wmp.dll
2009-03-11 11:33:01 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-11 11:33:01 ----A---- C:\Windows\system32\spwmp.dll
2009-03-11 11:33:01 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-11 11:32:35 ----A---- C:\Windows\system32\schannel.dll
2009-03-07 12:57:21 ----A---- C:\Windows\system32pcrt4.dll
2009-03-07 12:57:19 ----A---- C:\Windows\system32\pacerprf.dll
2009-03-07 12:56:58 ----A---- C:\Windows\system32\wersvc.dll
2009-03-07 12:56:58 ----A---- C:\Windows\system32\Faultrep.dll
2009-03-07 12:56:46 ----A---- C:\Windows\system32\emdmgmt.dll
2009-03-07 12:56:45 ----A---- C:\Windows\system32\dataclen.dll
2009-03-07 12:56:45 ----A---- C:\Windows\system32\cdd.dll
2009-03-07 12:56:27 ----A---- C:\Windows\system32\vbscript.dll
2009-03-07 12:56:27 ----A---- C:\Windows\system32\jscript.dll
2009-03-07 12:56:26 ----A---- C:\Windows\system32\wshext.dll
2009-03-07 12:56:26 ----A---- C:\Windows\system32\wscript.exe
2009-03-07 12:56:26 ----A---- C:\Windows\system32\scrobj.dll
2009-03-07 12:56:26 ----A---- C:\Windows\system32\cscript.exe
2009-03-07 12:56:25 ----A---- C:\Windows\system32\scrrun.dll
2009-03-07 12:48:47 ----A---- C:\Windows\system32\msshooks.dll
2009-03-07 12:48:45 ----A---- C:\Windows\system32\msscb.dll
2009-03-07 12:48:39 ----A---- C:\Windows\system32	hawbrkr.dll
2009-03-07 12:48:39 ----A---- C:\Windows\system32\srchadmin.dll
2009-03-07 12:48:39 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-03-07 12:48:39 ----A---- C:\Windows\system32\propsys.dll
2009-03-07 12:48:39 ----A---- C:\Windows\system32\propdefs.dll
2009-03-07 12:48:39 ----A---- C:\Windows\system32\msstrc.dll
2009-03-07 12:48:39 ----A---- C:\Windows\system32\mssprxy.dll
2009-03-07 12:48:39 ----A---- C:\Windows\system32\mssitlb.dll
2009-03-07 12:48:39 ----A---- C:\Windows\system32\msshsq.dll
2009-03-07 12:48:39 ----A---- C:\Windows\system32\korwbrkr.dll
2009-03-07 12:48:36 ----A---- C:\Windows\system32\xmlfilter.dll
2009-03-07 12:48:36 ----A---- C:\Windows\system32\wsepno.dll
2009-03-07 12:48:36 ----A---- C:\Windows\system32tffilt.dll
2009-03-07 12:48:36 ----A---- C:\Windows\system32\offfilt.dll
2009-03-07 12:48:36 ----A---- C:\Windows\system32
lhtml.dll
2009-03-07 12:48:36 ----A---- C:\Windows\system32\msscntrs.dll
2009-03-07 12:48:36 ----A---- C:\Windows\system32\mimefilt.dll
2009-03-07 12:48:36 ----A---- C:\Windows\system32\chsbrkr.dll
2009-03-07 12:48:35 ----A---- C:\Windows\system32	query.dll
2009-03-07 12:48:35 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-03-07 12:48:35 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-03-07 12:48:35 ----A---- C:\Windows\system32\mssrch.dll
2009-03-07 12:48:35 ----A---- C:\Windows\system32\chtbrkr.dll
2009-03-07 12:48:34 ----A---- C:\Windows\system32\mssvp.dll
2009-03-07 12:48:34 ----A---- C:\Windows\system32\mssphtb.dll
2009-03-07 12:48:34 ----A---- C:\Windows\system32\mssph.dll
2009-03-06 23:45:07 ----D---- C:\Program Files\Windows Live Safety Center
2009-03-05 21:31:00 ----D---- C:\PerfLogs

======List of files/folders modified in the last 1 months======

2009-04-02 11:38:47 ----D---- C:\Windows\Temp
2009-04-02 11:38:46 ----D---- C:\Windows\Prefetch
2009-04-02 11:38:42 ----RD---- C:\Program Files
2009-04-02 11:37:07 ----SHD---- C:\Windows\Installer
2009-04-02 11:08:17 ----SHD---- C:\System Volume Information
2009-04-02 10:40:33 ----D---- C:\Windows\system32\Tasks
2009-04-02 10:37:22 ----D---- C:\Windows\System32
2009-04-02 10:37:22 ----D---- C:\Windows\inf
2009-04-02 10:37:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-04-02 10:15:54 ----AD---- C:\ProgramData\TEMP
2009-04-02 10:01:50 ----SD---- C:\Users\Extreme\AppData\Roaming\Microsoft
2009-04-02 09:38:40 ----D---- C:\Windows
2009-03-30 17:29:04 ----SHD---- C:\$RECYCLE.BIN
2009-03-30 17:28:30 ----RD---- C:\Users
2009-03-28 20:14:27 ----D---- C:\Windows\system32\drivers
2009-03-26 19:30:43 ----D---- C:\Windows\system32\catroot2
2009-03-26 00:19:52 ----D---- C:\Program Files\Common Files
2009-03-25 23:40:03 ----D---- C:\Users\Extreme\AppData\Roaming\Babylon
2009-03-25 23:38:11 ----D---- C:\Windows\system32\Msdtc
2009-03-25 23:38:07 ----D---- C:\Windows\system32\wbem
2009-03-25 23:37:32 ----D---- C:\Windows\system32\config
2009-03-25 23:37:14 ----DC---- C:\Windows\system32\DRVSTORE
2009-03-25 23:37:14 ----D---- C:\Windows\winsxs
2009-03-25 23:37:14 ----D---- C:\Windows\Tasks
2009-03-25 23:37:14 ----D---- C:\Windows\system32\spool
2009-03-25 23:37:14 ----D---- C:\Program Files\Windows Media Player
2009-03-25 23:37:12 ----HD---- C:\ProgramData
2009-03-25 23:37:12 ----D---- C:\ProgramData\HP Product Assistant
2009-03-25 23:37:12 ----D---- C:\ProgramData\Babylon
2009-03-25 23:37:12 ----D---- C:\Program Files\Windows Live
2009-03-25 23:37:11 ----D---- C:\Program Files\Windows Live Toolbar
2009-03-25 23:37:10 ----D---- C:\Program Files\Spyware Doctor
2009-03-25 23:37:09 ----D---- C:\Program Files\Mozilla Firefox
2009-03-25 23:37:07 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2009-03-25 23:37:07 ----D---- C:\Program Files\Messenger Plus! Live
2009-03-25 23:37:06 ----D---- C:\Program Files\Common Files\microsoft shared
2009-03-25 23:37:06 ----D---- C:\Program Files\Common Files\Ciel
2009-03-25 23:37:06 ----D---- C:\Program Files\Ciel
2009-03-25 23:37:06 ----D---- C:\Program Files\Babylon
2009-03-25 23:37:03 ----D---- C:\Windowsegistration
2009-03-25 23:26:49 ----D---- C:\Windows\system32\catroot
2009-03-25 23:26:31 ----D---- C:\ProgramData\WLInstaller
2009-03-25 22:34:49 ----D---- C:\Users\Extreme\AppData\Roaming\Babylon(275)
2009-03-25 18:22:00 ----D---- C:\Windows\Microsoft.NET
2009-03-25 18:11:06 ----D---- C:\ProgramData\Ciel
2009-03-23 21:37:03 ----RSD---- C:\Windows\assembly
2009-03-23 21:32:02 ----SD---- C:\ProgramData\Microsoft
2009-03-12 21:37:12 ----D---- C:\Program Files\Common Files\Apple
2009-03-12 21:37:07 ----D---- C:\ProgramData\Apple Computer
2009-03-12 17:21:16 ----D---- C:\Program Files\Windows Mail
2009-03-07 13:38:57 ----D---- C:\Windowsescache
2009-03-07 13:19:33 ----D---- C:\Windows\system32\fr-FR
2009-03-07 13:19:33 ----D---- C:\Windows\PolicyDefinitions
2009-03-06 09:35:39 ----D---- C:\Windows\Logs
2009-03-05 21:40:30 ----SHD---- C:\Boot
2009-03-05 21:40:26 ----ASH---- C:\Program Files\desktop.ini
2009-03-05 21:32:07 ----D---- C:\Program Files\Windows Sidebar
2009-03-05 21:32:07 ----D---- C:\Program Files\Windows Calendar
2009-03-05 21:32:07 ----D---- C:\Program Files\Movie Maker
2009-03-05 21:32:06 ----D---- C:\Program Files\Windows Journal
2009-03-05 21:32:06 ----D---- C:\Program Files\Windows Collaboration
2009-03-05 21:32:06 ----D---- C:\Program Files\Internet Explorer
2009-03-05 21:32:05 ----D---- C:\Program Files\Windows Photo Gallery
2009-03-05 21:32:04 ----D---- C:\Program Files\Windows Defender
2009-03-05 21:32:04 ----D---- C:\Program Files\Common Files\System
2009-03-05 21:32:03 ----D---- C:\Windows\servicing
2009-03-05 21:32:03 ----D---- C:\Windows\ehome
2009-03-05 21:31:59 ----D---- C:\Windows\MSAgent
2009-03-05 21:31:58 ----D---- C:\Windows\L2Schemas
2009-03-05 21:31:58 ----D---- C:\Windows\IME
2009-03-05 21:31:58 ----D---- C:\Windows\DigitalLocker
2009-03-05 21:31:57 ----D---- C:\Windows\system32\XPSViewer
2009-03-05 21:31:57 ----D---- C:\Windows\system32\ko-KR
2009-03-05 21:31:57 ----D---- C:\Windows\system32\it-IT
2009-03-05 21:31:57 ----D---- C:\Windows\system32\en-US
2009-03-05 21:31:57 ----D---- C:\Windows\system32\el-GR
2009-03-05 21:31:57 ----D---- C:\Windows\system32\de-DE
2009-03-05 21:31:57 ----D---- C:\Windows\system32\da-DK
2009-03-05 21:31:57 ----D---- C:\Windows\system32\com
2009-03-05 21:31:56 ----D---- C:\Windows\system32\sysprep
2009-03-05 21:31:56 ----D---- C:\Windows\system32\oobe
2009-03-05 21:31:56 ----D---- C:\Windows\system32\migration
2009-03-05 21:31:56 ----D---- C:\Windows\system32\fr
2009-03-05 21:31:55 ----D---- C:\Windows\system32u-RU
2009-03-05 21:31:55 ----D---- C:\Windows\system32\ias
2009-03-05 21:31:55 ----D---- C:\Windows\system32\AdvancedInstallers
2009-03-05 21:31:49 ----D---- C:\Windows\system32\sv-SE
2009-03-05 21:31:49 ----D---- C:\Windows\system32\SLUI
2009-03-05 21:31:49 ----D---- C:\Windows\system32\setup
2009-03-05 21:31:49 ----D---- C:\Windows\system32\pt-PT
2009-03-05 21:31:49 ----D---- C:\Windows\system32\hu-HU
2009-03-05 21:31:49 ----D---- C:\Windows\system32\he-IL
2009-03-05 21:31:49 ----D---- C:\Windows\system32\fi-FI
2009-03-05 21:31:49 ----D---- C:\Windows\system32\cs-CZ
2009-03-05 21:31:47 ----D---- C:\Windows\system32\zh-TW
2009-03-05 21:31:47 ----D---- C:\Windows\system32\zh-CN
2009-03-05 21:31:47 ----D---- C:\Windows\system32o-RO
2009-03-05 21:31:47 ----D---- C:\Windows\system32\pl-PL
2009-03-05 21:31:47 ----D---- C:\Windows\system32\manifeststore
2009-03-05 21:31:47 ----D---- C:\Windows\system32\ja-JP
2009-03-05 21:31:47 ----D---- C:\Windows\system32\es-ES
2009-03-05 21:31:46 ----D---- C:\Windows\system32	r-TR
2009-03-05 21:31:45 ----D---- C:\Windows\system32
l-NL
2009-03-05 21:31:45 ----D---- C:\Windows\system32
b-NO
2009-03-05 21:31:45 ----D---- C:\Windows\system32\ar-SA
2009-03-05 21:31:43 ----D---- C:\Windows\system32\migwiz
2009-03-05 21:31:41 ----D---- C:\Windows\system32\pt-BR
2009-03-05 21:31:13 ----D---- C:\Windows\AppPatch
2009-03-05 21:31:04 ----D---- C:\Windows\Boot
2009-03-05 21:31:02 ----D---- C:\Windows\system32\Boot
2009-03-05 21:22:52 ----D---- C:\Windows\system32\RTCOM
2009-03-05 19:27:50 ----A---- C:\Windows\system32\ifxcardm.dll
2009-03-05 19:27:41 ----A---- C:\Windows\system32\axaltocm.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-08-20 371248]
R1 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2007-12-10 66952]
R1 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2007-12-10 81288]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 2427392]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-26 1761696]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-05-06 6144]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-23 240128]
S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\DRIVERS\usbser.sys [2008-01-19 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-12-29 28672]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-03-14 569344]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-07 457512]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-01-31 53248]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe [2007-12-10 28728]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-04-09 143360]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-03-11 656168]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 fsssvc;Windows Live OneCare Contrôle parental; C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe [2007-12-17 523816]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-02-01 747912]
S2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-02-01 948616]
S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-20 263168]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-16 137200]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Ced_King · Answer

- Telecharges ToolbarSD et enregistres le sur ton bureau : 
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 

- Desactives la garde de ton antivirus et la garde de ton antispyware (si tu en as)

- Lances l'installation en executant le fichier téléchargé 
- Fermes toutes les apllications en cours et cliques-droit sur Toolbarsd.exe 
- Selectionnes la langue et presse la touche ENTREE 
- Selectionnes l'option1 au menu et patientes le temps de la recherche 
- A la fin de la recherche, un rapport C:\TB.txt s'affichera, postes son contenu 
.

hibiscus · Answer

le log toolbar

   -----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : Extreme ( Not Administrator ! )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1229 [VPS 080827-0] 4.8.1229 (Activated)
   C:\ (Local Disk) - NTFS - Total:69 Go (Free:13 Go)
   D:\ (Local Disk) - NTFS - Total:69 Go (Free:66 Go)
   E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
   F:\ (USB)
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)
   J:\ (USB) - FAT - Total:859 Mo (Free:0 Go)
   K:\ (USB) - FAT - Total:967 Mo (Free:0 Go)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [1] ( 02/04/2009|13:02 )

   [ UAC => 0 ]

   -----------\  Recherche de Fichiers / Dossiers ...

   [Service] MyWebSearchService
   C:\Program Files\FunWebProducts
   C:\Program Files\FunWebProducts\ScreenSaver
   C:\Program Files\FunWebProducts\ScreenSaver\Images
   C:\Users\Extreme\AppData\Roaming\MICROS~1\Windows\Cookies\extreme@mywebsearch[2].txt
   C:\Program Files\MyWebSearch
   C:\Program Files\MyWebSearch\bar
   C:\Program Files\MyWebSearch\SrchAstt
   C:\Program Files\MyWebSearch\bar\1.bin
   C:\Program Files\MyWebSearch\bar\2.bin
   C:\Program Files\MyWebSearch\bar\Avatar
   C:\Program Files\MyWebSearch\bar\Game
   C:\Program Files\MyWebSearch\bar\History
   C:\Program Files\MyWebSearch\bar\icons
   C:\Program Files\MyWebSearch\bar\Message
   C:\Program Files\MyWebSearch\bar\Notifier
   C:\Program Files\MyWebSearch\bar\Settings
   C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
   C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
   C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
   C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
   C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
   C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
   C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
   C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
   C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
   C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
   C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
   C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
   C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
   C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
   C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
   C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
   C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
   C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
   C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
   C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE
   C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
   C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
   C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
   C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
   C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
   C:\Program Files\MyWebSearch\bar\icons\CM.ICO
   C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
   C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
   C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
   C:\Program Files\MyWebSearch\bar\icons\WB.ICO
   C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
   C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
   C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
   C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
   C:\Program Files\MyWebSearch\SrchAstt\2.bin
   C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
   C:\Windows\System32\f3PSSavr.scr
   C:\Program Files\Internet Explorer\msimg32.dll
   C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "SEARCH PAGE"="http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/"
   "Local Page"="C:\Windows\system32\blank.htm"
   "SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
   "Search Bar"="https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5"
   "Url"="https://www.msn.com/fr-fr/actualite/"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://fr.yahoo.com/"
   "Default_Page_URL"="https://fr.yahoo.com/"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\Users\Extreme\Desktop\musique\anthony b\Hard Nut To Crack Riddim-Sugar Black & Anthony B - Stress in the Ghetto.mp3


   [ UAC => 1 ]


   1 - "C:\ToolBar SD\TB_1.txt" - 02/04/2009|13:02 - Option : [1]

   -----------\  Fin du rapport a 13:02:29,69

Ced_King · Answer

-Trés bien, Relances ToolbarSD et choisis l'option2

- Laisses l'outil travailler et patientes jusqu'à la fin du scan

- Un rapport TB.txt sera généré, postes son contenu

                                                 -------------------

hibiscus · Answer

-----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : Extreme ( Not Administrator ! )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1229 [VPS 080827-0] 4.8.1229 (Activated)
   C:\ (Local Disk) - NTFS - Total:69 Go (Free:13 Go)
   D:\ (Local Disk) - NTFS - Total:69 Go (Free:66 Go)
   E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
   F:\ (USB)
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [2] ( 02/04/2009|13:12 )

   [ UAC => 1 ]

   -----------\ SUPPRESSION

   Supprime! - [Service] MyWebSearchService
   Supprime! - C:\Program Files\FunWebProducts\ScreenSaver
   Supprime! - C:\Users\Extreme\AppData\Roaming\MICROS~1\Windows\Cookies\extreme@mywebsearch[2].txt
   Echec   ! - C:\Program Files\MyWebSearch\bar
   Supprime! - C:\Program Files\MyWebSearch\SrchAstt
   Echec   ! - C:\Program Files\MyWebSearch\bar\2.bin
   Echec   ! - C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
   Supprime! - C:\Windows\System32\f3PSSavr.scr
   Supprime! - C:\Program Files\Internet Explorer\msimg32.dll
   Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
   Supprime! - C:\Program Files\FunWebProducts
   Echec   ! - C:\Program Files\MyWebSearch

   -----------\ DEUXIEME PASSAGE
 
   Echec   ! - C:\Program Files\MyWebSearch\bar
   Echec   ! - C:\Program Files\MyWebSearch\bar\2.bin
   Echec   ! - C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
   Echec   ! - C:\Program Files\MyWebSearch

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\MyWebSearch
   C:\Program Files\MyWebSearch\bar
   C:\Program Files\MyWebSearch\bar\2.bin
   C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "SEARCH PAGE"="http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/"
   "Local Page"="C:\Windows\system32\blank.htm"
   "SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
   "Search Bar"="https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5"
   "Url"="https://www.msn.com/fr-fr/actualite/"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.msn.com/fr-fr/"
   "Default_Page_URL"="https://fr.yahoo.com/"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\Users\Extreme\Desktop\musique\anthony b\Hard Nut To Crack Riddim-Sugar Black & Anthony B - Stress in the Ghetto.mp3


   [ UAC => 1 ]


   1 - "C:\ToolBar SD\TB_1.txt" - 02/04/2009|13:02 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 02/04/2009|13:13 - Option : [2]

   -----------\  Fin du rapport a 13:13:23,73

Ced_King · Answer

Verifies si l'UAC  ( controle des comptes utilisateur) est bien desactivé, il a du etre reactivé par l'utilisation de ToolBarSD

                                                             ---------------------------
- Execute Hijackthis et fixes les cases devant les lignes suivantes :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*http://f­r.yahoo.com 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://f­r.yahoo.com 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL 
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL 
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL 
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe 
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0 
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart 
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime 
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" 
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe 
 [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe 
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000 
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe 
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe 
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe 




- Et cliques sur Fix Checked puis fermes le programme..

                                                            -------------------------------

Telecharge et installe ccleaner : https://filehippo.com/download_ccleaner/ 
- Durant l'installation, n'installe pas la barre d'outils yahoo et decoche la case " ajouter l'option des mises à jour" 

- Une fois installé, fermes toutes les applications en cours et lance ccleaner 
- clic >> options >> avancé et decoches " effacer les fichiers etc... plus vieux que 48h 
- Selectionne " nettoyeur " >> clic sur Analyse puis nettoyage, puis referme le programme... 

------------------------------ 


• Télécharge OTMoveIt3 (de OldTimer) sur ton Bureau : 
 http://oldtimer.geekstogo.com/OTMoveIt3.exe 
• Cliques-droit ( executer en tant qu'admin..) sur OTMoveIt3.exe afin de le lancer.
. Assure toi que la case "Unregister Dll's and Ocx's soit bien cochée  "
• Copie/colle (Ctrl + c) le texte en gras dans le cadre « Paste Instructions for Items to be Moved » et clique sur Moveit ! : 



:processes 
explorer.exe 
MWSOEMON.EXE 
M3SRCHMN.EXE 

:services
sdAuxService
sdCoreService
MyWebSearchService

:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mount
points2\{b7fdbbe1-3c0d-11dc-a43c-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mount
points2\{32d541f7-b803-11dc-a1c9-001c2524d069}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MyWebSearch Email Plugin"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] 
"My Web Search Bar Search Scope Monitor"=-
"MyWebSearch Email Plugin"=-
"ISTray"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] 
"My Web Search"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}] 

:files
C:\Program Files\MyWebSearch\bar 
C:\Program Files\MyWebSearch\bar\2.bin 
C:\Program Files\MyWebSearch\bar\2.bin 
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL 
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe 
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
C:\Program Files\Spyware Doctor\pctsTray.exe 
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe 
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe  

:commands 
[purity] 
[emptytemp] 
[start explorer] 
[reboot] 




• Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES. 

• Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles 
Le nom du rapport correspond au moment de sa création : date_heure.log 

                                                             ----------------------------
- Tu n'as pas d'antivirus ?

- Supprimes les restes de Norton avec ceci : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

- Norton est une daube, je te propose de prendre Avira antivir, ce qu'il y a de plus performant en antivirus gratuit :

- Telecharges Avira antivir ici :  https://www.avira.com/   - (mets le en français en haut à droite)

- Un tutoriel pour l'installer : https://www.malekal.com/avira-free-security-antivirus-gratuit/ 
                                                                    --------------------------

- Postes le rapport OtmoveIt accompagné d'un nouveau rapport hijackthis

.

Navigation impossible virus?

12 réponses

Discussions similaires