Trojan.DNS.Changer
Hors ligneSauu_ Le 28/03/2009 à 21:34 Profil de Sauu_ Configuration de Sauu_

Bonjour à tous

Bon, voilà je vous explique mon problème en ce moment. Je reçois énormément de problème concernant les sites plus Forumactif & ses sites je ne peut plus y accéder il me donne ce genre de message, je vous ai fait une capture d'écran :



Et, on ma fait comprendre que cela est non un problème de DNS, mais un problème d'un virus, on m'a seulement dit de l'infecter et j'ai besoin de vous =)

Merci D'avance.
Hors ligneMister_masque Le 28/03/2009 à 21:36 Profil de Mister_masque Configuration de Mister_masque

Bonsoir Sauuu

On va résoudre le problème



# 1 - Recherche de l'infection



Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique sur Continue à l'écran Disclaimer en laissant les valeurs par défaut
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.


--> Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les deux rapports sont également sauvegardés dans le dossier: C:\rsit\




Rapport attendu:

  1. Rapport log.txt
  2. Rapport info.txt





@+

--
Hors ligneSauu_ Le 28/03/2009 à 21:46 Profil de Sauu_ Configuration de Sauu_

Le log.txt est :

rELogfile of random's system information tool 1.06 (written by random/random)
Run by Sofiane at 2009-03-28 21:37:15
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 331 GB (71%) free of 466 GB
Total RAM: 3070 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:25, on 28/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
C:\Users\Karim\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Users\Karim\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Program Files\aMSN\bin\wish.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\WerFault.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
C:\Users\Sofiane\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Sofiane\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Program Files\aMSN\bin\wish.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sofiane\Downloads\Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Sofiane.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cndt
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\ezShellStart.exe
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LiveUpdate] "C:\Program Files\Samsung\Samsung PC Studio 3\\Update\Copyer.exe" -R
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [IDLE REGS] "C:\ProgramData\signsitesite.mn9dhgl"
O4 - HKCU\..\Run: [bait deaf idle setup] "C:\ProgramData\bird axis rdr.6zodhm"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-2804074658-88166761-2368711641-1004\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Karim')
O4 - HKUS\S-1-5-21-2804074658-88166761-2368711641-1004\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Karim')
O4 - S-1-5-21-2804074658-88166761-2368711641-1004 Startup: Outil de notification Live Search.lnk = C:\Users\Karim\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe (User 'Karim')
O4 - S-1-5-21-2804074658-88166761-2368711641-1004 User Startup: Outil de notification Live Search.lnk = C:\Users\Karim\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe (User 'Karim')
O4 - Startup: Outil de notification Live Search.lnk = [:}\  NOTIFI~1.EXE
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O4 - Global Startup: WiFi Station.lnk = C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0115F91-6316-46AB-A979-08758F378A01}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12766 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Security Scan for Sofiane.job
C:\Windows\tasks\User_Feed_Synchronization-{3206AAC3-5E11-4376-8A3E-DB495A53F13A}.job
C:\Windows\tasks\User_Feed_Synchronization-{38BE2F77-4A32-4FFB-87D2-2699B9A80477}.job
C:\Windows\tasks\User_Feed_Synchronization-{6563EB78-F546-4614-9BBB-D2F33057362F}.job
C:\Windows\tasks\User_Feed_Synchronization-{703A9396-09E8-4ECC-8E9A-16BB22F6C3FB}.job
C:\Windows\tasks\User_Feed_Synchronization-{E556F6BD-9B73-49F1-81F8-98D4A4DD6FAC}.job
C:\Windows\tasks\User_Feed_Synchronization-{FB77C40B-B64C-4B99-A14B-60D463CE7E05}.job
C:\Windows\tasks\User_Feed_Synchronization-{FC697467-23F9-40DF-90AE-5B3E4FDDA422}.job
C:\Windows\tasks\User_Feed_Synchronization-{FDADC885-E8B2-4E5F-B0A9-9F88931390CF}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [2008-09-22 66888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-09-27 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
Kiwee Toolbar - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll [2009-02-10 277648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-04-07 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll []
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-09-22 161096]
{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - Kiwee Toolbar - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll [2009-02-10 277648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-07-03 6266880]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-04-07 132760]
""= []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-09-27 185872]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"NSLauncher"=C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [2007-09-07 3100672]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [2005-06-23 57344]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"LiveUpdate"=C:\Program Files\Samsung\Samsung PC Studio 3\\Update\Copyer.exe [2006-04-13 262144]
"KiweeHook"=C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe [2009-02-10 56456]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"HPADVISOR"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-04-14 972128]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []
"ares"=C:\Program Files\Ares\Ares.exe -h []
"IDLE REGS"=C:\ProgramData\signsitesite.mn9dhgl [2008-08-20 348176]
"bait deaf idle setup"=C:\ProgramData\bird axis rdr.6zodhm [2008-08-20 303120]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"AdobeBridge"= []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SnagIt 9.lnk - C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WiFiStation.exe

C:\Users\Sofiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Outil de notification Live Search.lnk - C:\Users\Sofiane\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\system32\EZUPBH~1.DLL [2008-08-30 49152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit -
.js - open -

======List of files/folders created in the last 1 months======

2009-03-28 21:37:15 ----D---- C:\rsit
2009-03-28 21:37:15 ----D---- C:\Program Files\trend micro
2009-03-27 19:25:53 ----D---- C:\Windows\Sun
2009-03-26 17:11:57 ----A---- C:\Windows\system32\gaopdxmmcqxoxt.dll
2009-03-09 13:10:28 ----A---- C:\Windows\system32\aswBoot.exe
2009-03-09 12:33:17 ----A---- C:\Windows\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2009-03-28 21:37:25 ----D---- C:\Windows\Prefetch
2009-03-28 21:37:20 ----D---- C:\Windows\Temp
2009-03-28 21:37:15 ----D---- C:\Program Files
2009-03-28 21:02:23 ----D---- C:\Program Files\Mozilla Firefox
2009-03-28 19:13:36 ----D---- C:\Windows\tracing
2009-03-28 18:00:26 ----D---- C:\Windows\System32
2009-03-28 18:00:26 ----D---- C:\Windows\inf
2009-03-28 18:00:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-03-28 17:56:45 ----D---- C:\Users\Sofiane\AppData\Roaming\dvdcss
2009-03-28 11:39:33 ----SHD---- C:\System Volume Information
2009-03-27 20:37:50 ----D---- C:\Windows\system32\catroot2
2009-03-27 19:25:53 ----D---- C:\Windows
2009-03-27 18:46:04 ----D---- C:\ProgramData\MemoOptionLess
2009-03-27 18:31:58 ----D---- C:\Program Files\Circle Developement
2009-03-27 12:40:47 ----D---- C:\RECYCLER
2009-03-27 01:15:03 ----D---- C:\Windows\system32\drivers
2009-03-25 13:41:48 ----D---- C:\Users\Sofiane\AppData\Roaming\LimeWire
2009-03-23 19:06:28 ----D---- C:\Users\Sofiane\AppData\Roaming\FileZilla
2009-03-21 18:32:06 ----RSD---- C:\Windows\Fonts
2009-03-20 21:00:16 ----D---- C:\temp
2009-03-20 18:00:25 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-03-20 18:00:00 ----D---- C:\Program Files\Norton Security Scan
2009-03-19 22:12:17 ----D---- C:\Windows\Tasks
2009-03-19 22:12:17 ----D---- C:\Windows\system32\Tasks
2009-03-09 13:10:27 ----D---- C:\Program Files\Alwil Software

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-26 3520512]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2152088]
R3 netr73;Hercules Wireless USB Dongle Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 256000]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-01-29 1042464]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\Windows\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\Windows\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2008-01-21 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2008-01-25 132128]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2007-10-12 13312]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AGWinService;AG Windows Service; C:\Program Files\AGI\common\win32\PythonService.exe [2009-02-10 10240]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-02-25 655360]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-03-14 94208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-02-08 212480]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-03 72704]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-08 655624]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

info.txt est :

info.txt logfile of random's system information tool 1.06 2009-03-28 21:37:27

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Bricks of Egypt\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Digby's Donuts\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Gem Shop\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Sudoku Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Treasure Island\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
Adobe® Photoshop® Album Edition Découverte 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
aMSN 0.97.2-->C:\Program Files\aMSN\uninstall.exe
AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Catalyst Control Center - Branding-->MsiExec.exe /I{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe"  -uninstall
CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Dofus 1.26.0-->C:\Program Files\Dofus\uninstall.exe
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Favorit-->c:\users\mohamed\appdata\local\zlqcgbd.bat
FileZilla Client 3.1.3-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Free Video to JPG Converter version 1.2-->"C:\Program Files\DVDVideoSoft\Free Video to JPG Converter\unins000.exe"
freshplay-->"C:\Program Files\freshplay\Uninstall.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Hercules WiFi Station-->C:\Program Files\InstallShield Installation Information\{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}\setup.exe -runfromtemp -l0x040c -removeonly
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{E0810CC2-4B5B-4439-B1D0-452306AF2D64}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}\setup.exe" -l0x9  -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1476612-02D6-42A3-BDC1-E292B4115738}\setup.exe" -l0x9  -removeonly
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor-->MsiExec.exe /X{f32502b5-5b64-4882-bf61-77f23edcac4f}
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
IziSpot 4-->MsiExec.exe /X{78DEE332-4FE2-469F-9CF7-F54C47E11F21}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kiwee Toolbar-->"C:\Program Files\AGI\common\bootstrapper.exe" -uninstall"\"C:/Program Files/AGI/Python25\pythonw.exe\" \"C:\Program Files\AGI\common\pyagcore\installer.pyc\" -u KiweeToolbar"
k-lite-code-->"C:\Program Files\Internet Download Manager\un_Internet Download Manager_12345.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe"  -uninstall
LightScribe System Software  1.12.37.1-->MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}
LimeWire PRO 4.17.1-->"C:\Program Files\LimeWire\uninstall.exe"
Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
Magic Desktop-->C:\Windows\system32\ezMDUninstall.exe
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{3B160861-7250-451E-B5EE-8B92BF30A710}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 3.5.02-->MsiExec.exe /I{0DE7211B-A7CB-4112-8D62-142A0EBDFAD9}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /X{CBDE9C7D-CF52-4558-B23E-B66359CB586A}
Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}
Nokia Lifeblog 2.5-->MsiExec.exe /I{E94603CA-2996-4154-8EE2-A5FCD4BFB500}
Nokia NSeries Content Copier-->MsiExec.exe /X{F779EC8D-6703-4C4A-817C-37B07898E647}
Nokia NSeries Multimedia Player-->MsiExec.exe /I{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}
Nokia NSeries Music Manager-->MsiExec.exe /I{F89E5AD8-AE47-49B5-B9F9-C498791E6255}
Nokia NSeries One Touch Access-->MsiExec.exe /I{F4EE8763-EAA8-4BC1-8594-8501F5F00414}
Nokia NSeries System Utilities-->MsiExec.exe /X{96E94E18-54D6-42C1-8FC4-24DACEDC3395}
Nokia Nseries Video Manager-->MsiExec.exe /X{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}
Nokia Software Launcher-->MsiExec.exe /I{A8C856AD-63CD-4613-AA29-E6C85607EA06}
Nokia Software Updater-->MsiExec.exe /X{0332234E-09D1-4B74-A5F3-73E34BA29F5B}
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{E579F5FB-D9C9-43A6-8DCF-67B9573C2E7C}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{E579F5FB-D9C9-43A6-8DCF-67B9573C2E7C}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
Nvu 1.0-->"C:\Program Files\Nvu\unins000.exe"
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Outils de diagnostic du matériel-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Panneau de configuration MobileMe-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
PC Connectivity Solution-->MsiExec.exe /I{6094AB91-4CC8-498E-9DFF-134CC0B159DE}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
PlayMP3z-->C:\Program Files\PlayMP3z\uninstall.exe
Popsicle-->"C:\Users\Public\Documents\Popsicle\unins000.exe"
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe"  -uninstall
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe"  -removeonly
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
SAMSUNG CDMA Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c  -removeonly
Samsung PC Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c  -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
SnagIt 9-->MsiExec.exe /I{2FADA80A-5D89-4CC8-9ED7-445527754A83}
Solution de clavier multimédia amélioré-->C:\HP\KBD\Install.exe /u
SopCast 3.0.1-->C:\Program Files\SopCast\uninst.exe
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
TVUPlayer 2.4.1.0-->C:\Program Files\TVUPlayer\uninst.exe
Uninstall 1.0.0.0-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vodafone WCDMA Composite Device Drive Software-->C:\Windows\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
WinAVI Video Converter 8.0-->"C:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: PC-de-elhady
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 118745
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090328165522.077534-000
Event Type: Erreur
User:

Computer Name: PC-de-elhady
Event Code: 1003
Message:
Record Number: 118746
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090328165523.000000-000
Event Type: Avertissement
User:

Computer Name: PC-de-elhady
Event Code: 1002
Message: Le bail de l'adresse IP 192.168.1.3 pour la carte réseau dont l'adresse réseau est 0008D3366763 a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a envoyé un message DHCPNACK).
Record Number: 118747
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090328165523.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-elhady
Event Code: 1001
Message: Le réseau n'a attribué aucune adresse à votre ordinateur (par le serveur DHCP) pour la carte réseau avec l'adresse réseau 0008D3366763. Il s'est produit l'erreur suivante :
L'opération a été annulée par l'utilisateur.. Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP).
Record Number: 118750
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090328165535.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-elhady
Event Code: 7024
Message: Le service Service KtmRm pour Distributed Transaction Coordinator s'est arrêté avec l'erreur service particulière 2147942438 (0x80070026).
Record Number: 118834
Source Name: Service Control Manager
Time Written: 20090328165726.000000-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: PC-de-elhady
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2804074658-88166761-2368711641-1002_Classes:
Process 996 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2804074658-88166761-2368711641-1002_CLASSES

Record Number: 52784
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090328133406.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-elhady
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 52807
Source Name: Microsoft-Windows-WMI
Time Written: 20090328152943.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-elhady
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 52834
Source Name: Microsoft-Windows-WMI
Time Written: 20090328162717.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-elhady
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 52861
Source Name: Microsoft-Windows-WMI
Time Written: 20090328165539.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-elhady
Event Code: 1000
Message: Application défaillante SnagIt32.exe, version 9.0.1.126, horodatage 0x48d85366, module défaillant agcutils.dll, version 1.0.0.1, horodatage 0x48dbd973, code d’exception 0xc0000005, décalage d’erreur 0x000038d7, ID du processus 0x1384, heure de début de l’application 0x01c9afd901fe0870.
Record Number: 52873
Source Name: Application Error
Time Written: 20090328200109.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: PC-de-elhady
Event Code: 5032
Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.

Code d’erreur :     2
Record Number: 33348
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090114200406.565302-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-elhady
Event Code: 5032
Message: Le Pare-feu Windows n’a pas pu notifier l’utilisateur qu’il a empêché une application d’accepter des connexions entrantes sur le réseau.

Code d’erreur :     2
Record Number: 33349
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090114200406.565302-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-elhady
Event Code: 4634
Message: Fermeture de session d’un compte.

Sujet :
     ID de sécurité :          S-1-5-21-2804074658-88166761-2368711641-1004
     Nom du compte :          Karim
     Domaine du compte :          PC-de-elhady
     ID du compte :          0x1b322a

Type d’ouverture de session :               2

Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.
Record Number: 33350
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090114200414.661702-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-elhady
Event Code: 4634
Message: Fermeture de session d’un compte.

Sujet :
     ID de sécurité :          S-1-5-21-2804074658-88166761-2368711641-1004
     Nom du compte :          Karim
     Domaine du compte :          PC-de-elhady
     ID du compte :          0x1b3204

Type d’ouverture de session :               2

Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.
Record Number: 33351
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090114200414.661702-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-elhady
Event Code: 4647
Message: Fermeture de session initiée par l’utilisateur :

Sujet :
     ID de sécurité :          S-1-5-21-2804074658-88166761-2368711641-1002
     Nom du compte :          Sofiane
     Domaine du compte :          PC-de-elhady
     ID d’ouverture de session :          0x8a0115

Cet événement est généré lorsqu’une fermeture de session est initiée, mais que le nombre de références du jeton n’étant pas zéro, la session ouverte ne peut pas être supprimée. Aucune autre activité initiée par l’utilisateur ne peut se produire. Cet événement peut être interprété comme un événement de fermeture de session.
Record Number: 33352
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090114202803.294202-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=HPD
"PCBRAND"=Pavilion
"MSWorksProductCode"={3B160861-7250-451E-B5EE-8B92BF30A710}
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------
Hors ligneMister_masque Le 28/03/2009 à 22:02 Profil de Mister_masque Configuration de Mister_masque

Salut,

On commence :

Désinstalle le programme suivant :

Favorit
Circle Developement
PlayMP3z
Freshplay


Si tu ne trouves pas un de ces programme, continue.


# 1 - TOOLBAR S&D



Télécharge Toolbar S&D sur ton Bureau.

  • Clique droit sur l'icône ToolBarSD.exe >> Exécuter en tant qu'administrateur
  • Appuye sur la touche "F", valide avec Entrée, puis sur la touche "1", puis de nouveau sur la touche Entrée pour lancer la recherche
  • Si tu as un problème, consulte ce tutoriel (en image): Toobar S&D Ne fait que la partie Recherche - Option 1



    Colle le rapport ici, pour cela :
  • Menu Édition / Sélectionner Tout
  • Menu Édition / copier
  • Ici dans un nouveau message : clic droit / coller






# 2 - LOP S&D



Télécharge LOP S&D sur ton Bureau

- Clique droit sur l'icône ToolBarSD.exe >> Exécuter en tant qu'administrateur
- Sélectionne le français avec la touche "F" et appuie sur Entrée.
- Un message de confirmation apparait, clique sur "Ok"
- Sélectionne l'option 1 (Recherche) et appuie sur la touche Entrée.
- La recherche s'effectue, patiente.

Le rapport LopR.txt s'ouvre, poste le.



Rapport attendu:

  1. Rapport Toolbar S&D
  2. Rapport Lop S&D




@+

--
Hors ligneSauu_ Le 29/03/2009 à 11:28 Profil de Sauu_ Configuration de Sauu_

Voila,je l'ai fait par contre j'ai pas réussi à trouver Circle Developement


# 1 - TOOLBAR S&D


   -----------\\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : Sofiane ( Not Administrator ! )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total:455 Go (Free:322 Go)
   D:\ (Local Disk) - NTFS - Total:10 Go (Free:1 Go)
   E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)
   J:\ (USB)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [1] ( 29/03/2009|11:21 )

   [ UAC => 0 ]

   -----------\\  Recherche de Fichiers / Dossiers ...

   C:\ProgramData\Kiwee Toolbar
   C:\ProgramData\Kiwee Toolbar\config
   C:\ProgramData\Kiwee Toolbar\images
   C:\ProgramData\Kiwee Toolbar\config\content_a.xml
   C:\ProgramData\Kiwee Toolbar\config\content_ie.xml
   C:\ProgramData\Kiwee Toolbar\config\content_m.xml
   C:\ProgramData\Kiwee Toolbar\config\content_y.xml
   C:\ProgramData\Kiwee Toolbar\config\logger.xml
   C:\ProgramData\Kiwee Toolbar\config\toolbarIE.xml
   C:\ProgramData\Kiwee Toolbar\config\toolbarIM_a.xml
   C:\ProgramData\Kiwee Toolbar\config\toolbarIM_m.xml
   C:\ProgramData\Kiwee Toolbar\config\toolbarIM_y.xml
   C:\ProgramData\Kiwee Toolbar\images\allow.bmp
   C:\ProgramData\Kiwee Toolbar\images\block.bmp
   C:\ProgramData\Kiwee Toolbar\images\dontsend.bmp
   C:\ProgramData\Kiwee Toolbar\images\im_toolbardropdownmenu.bmp
   C:\ProgramData\Kiwee Toolbar\images\im_toolbarsHelprolloverbase.bmp
   C:\ProgramData\Kiwee Toolbar\images\im_toolbarsm1rolloverbase.bmp
   C:\ProgramData\Kiwee Toolbar\images\im_toolbarsm1rolloverbase_bg.bmp
   C:\ProgramData\Kiwee Toolbar\images\im_toolbarsm1rolloverbase_dp.bmp
   C:\ProgramData\Kiwee Toolbar\images\im_toolbarsm2rolloverbase.bmp
   C:\ProgramData\Kiwee Toolbar\images\im_toolbarstextrollover.bmp
   C:\ProgramData\Kiwee Toolbar\images\kiwee_iconX16.ico
   C:\ProgramData\Kiwee Toolbar\images\kiwee_iconX48.ico
   C:\ProgramData\Kiwee Toolbar\images\send.bmp
   C:\ProgramData\Kiwee Toolbar\images\toolbar_eg.bmp
   C:\ProgramData\Kiwee Toolbar\images\toolbar_emoticons.bmp
   C:\ProgramData\Kiwee Toolbar\images\toolbar_eyeglass.bmp
   C:\ProgramData\Kiwee Toolbar\images\toolbar_gear.bmp
   C:\ProgramData\Kiwee Toolbar\images\toolbar_images.bmp
   C:\ProgramData\Kiwee Toolbar\images\toolbar_kiwee.bmp
   C:\ProgramData\Kiwee Toolbar\images\toolbar_msnlogo.bmp
   C:\ProgramData\Kiwee Toolbar\images\toolbar_news.bmp
   C:\ProgramData\Kiwee Toolbar\images\toolbar_text.bmp
   C:\ProgramData\Kiwee Toolbar\images\toolbar_videos.bmp
   C:\ProgramData\Kiwee Toolbar\images\toolbar_webshots.bmp
   C:\ProgramData\Kiwee Toolbar\images\toolbar_winks.bmp
   C:\ProgramData\Kiwee Toolbar\images\X.bmp
   C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Kiwee Toolbar
   C:\Program Files\Kiwee Toolbar
   C:\Program Files\Kiwee Toolbar\2.8.167
   C:\Program Files\Kiwee Toolbar\2.8.167\AGTBCore.dll
   C:\Program Files\Kiwee Toolbar\2.8.167\AolIMToolbar.dll
   C:\Program Files\Kiwee Toolbar\2.8.167\firefox
   C:\Program Files\Kiwee Toolbar\2.8.167\FlashCOM.dll
   C:\Program Files\Kiwee Toolbar\2.8.167\KiweeCommonCtrls.dll
   C:\Program Files\Kiwee Toolbar\2.8.167\KiweeContentHost.dll
   C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
   C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIMToolbar.dll
   C:\Program Files\Kiwee Toolbar\2.8.167\KiweeTBCore.dll
   C:\Program Files\Kiwee Toolbar\2.8.167\KiweeTBCore.tlb
   C:\Program Files\Kiwee Toolbar\2.8.167\kiweetoolbar.zip
   C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
   C:\Program Files\Kiwee Toolbar\2.8.167\mfc80u.dll
   C:\Program Files\Kiwee Toolbar\2.8.167\Microsoft.VC80.CRT.manifest
   C:\Program Files\Kiwee Toolbar\2.8.167\Microsoft.VC80.MFC.manifest
   C:\Program Files\Kiwee Toolbar\2.8.167\msimg32.dll
   C:\Program Files\Kiwee Toolbar\2.8.167\MsnIMToolbar.dll
   C:\Program Files\Kiwee Toolbar\2.8.167\msvcp80.dll
   C:\Program Files\Kiwee Toolbar\2.8.167\msvcr80.dll
   C:\Program Files\Kiwee Toolbar\2.8.167\RemoteLib.dll
   C:\Program Files\Kiwee Toolbar\2.8.167\Riched20.dll
   C:\Program Files\Kiwee Toolbar\2.8.167\firefox\chrome
   C:\Program Files\Kiwee Toolbar\2.8.167\firefox\chrome.manifest
   C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components
   C:\Program Files\Kiwee Toolbar\2.8.167\firefox\defaults
   C:\Program Files\Kiwee Toolbar\2.8.167\firefox\firefox.xpi
   C:\Program Files\Kiwee Toolbar\2.8.167\firefox\install.rdf
   C:\Program Files\Kiwee Toolbar\2.8.167\firefox\META-INF
   C:\Program Files\Kiwee Toolbar\2.8.167\firefox\chrome\kiweetoolbar.jar
   C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\AGCore.js
   C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\AGCore.xpt
   C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\KiweeSearchHistory.js
   C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\SearchProtection.js
   C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\SearchProtection.xpt
   C:\Program Files\Kiwee Toolbar\2.8.167\firefox\defaults\preferences
   C:\Program Files\Kiwee Toolbar\2.8.167\firefox\defaults\preferences\defaults.js
   C:\Program Files\Kiwee Toolbar\2.8.167\firefox\META-INF\manifest.mf
   C:\Program Files\Kiwee Toolbar\2.8.167\firefox\META-INF\zigbert.rsa
   C:\Program Files\Kiwee Toolbar\2.8.167\firefox\META-INF\zigbert.sf
   C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\PlayMP3z
   C:\Program Files\VMNToolbar
   C:\Program Files\VMNToolbar\install.ico
   C:\Program Files\VMNToolbar\tbuninstall.exe
   C:\Program Files\VMNToolbar\toolbar.ini

   -----------\\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="http://fr.msn.com/"
   "Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cndt"
   "Local Page"="C:\\Windows\\system32\\blank.htm"
   "Search Page"="http://www.google.com"
   "Search Bar"="http://www.google.com/ie"
   "Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cndt"
   "Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cndt"
   "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
   "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"


   --------------------\\  Recherche d'autres infections

   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{C0115F91-6316-46AB-A979-08758F378A01}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    DhcpNameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{C0115F91-6316-46AB-A979-08758F378A01}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    DhcpNameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{C0115F91-6316-46AB-A979-08758F378A01}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    DhcpNameServer    REG_SZ    85.255.112.39,85.255.112.40
   ==> WAREOUT <==

   --------------------\\  Cracks & Keygens ..

   C:\Users\Sofiane\Downloads\Documents\LimeWire\Saved\sims 2 (+ keygen by ARN).zip


   [ UAC => 1 ]


   1 - "C:\ToolBar SD\TB_1.txt" - 29/03/2009|11:22 - Option : [1]

   -----------\\  Fin du rapport a 11:22:03,18


# 1 - LOP S&D



   --------------------\\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : Sofiane ( Not Administrator ! )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total:455 Go (Free:322 Go)
   D:\ (Local Disk) - NTFS - Total:10 Go (Free:1 Go)
   E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)
   J:\ (USB)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [1] ( 29/03/2009|11:25 )

   [ UAC => 1 ]

   --------------------\\  Listing des dossiers dans Local

   [25/02/2009|00:54] C:\Users\Sofiane\AppData\Local\Adobe
   [18/08/2008|00:13] C:\Users\Sofiane\AppData\Local\AOL
   [31/08/2008|16:27] C:\Users\Sofiane\AppData\Local\Apple
   [24/09/2008|15:26] C:\Users\Sofiane\AppData\Local\Apple Computer
   [18/08/2008|00:11] C:\Users\Sofiane\AppData\Local\Application Data
   [28/08/2008|18:28] C:\Users\Sofiane\AppData\Local\Ares
   [18/08/2008|00:12] C:\Users\Sofiane\AppData\Local\ATI
   [08/01/2009|16:51] C:\Users\Sofiane\AppData\Local\d3d9caps.dat
   [28/03/2009|18:56] C:\Users\Sofiane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
   [21/03/2009|19:58] C:\Users\Sofiane\AppData\Local\GDIPFONTCACHEV1.DAT
   [22/02/2009|11:50] C:\Users\Sofiane\AppData\Local\Google
   [31/08/2008|19:40] C:\Users\Sofiane\AppData\Local\Hewlett-Packard
   [18/08/2008|00:11] C:\Users\Sofiane\AppData\Local\Historique
   [25/12/2008|01:55] C:\Users\Sofiane\AppData\Local\HP Guide
   [28/03/2009|22:59] C:\Users\Sofiane\AppData\Local\IconCache.db
   [18/08/2008|00:11] C:\Users\Sofiane\AppData\Local\Menu D‚marrer
   [04/12/2008|23:43] C:\Users\Sofiane\AppData\Local\Microsoft
   [09/11/2008|02:08] C:\Users\Sofiane\AppData\Local\Microsoft Games
   [10/11/2008|22:20] C:\Users\Sofiane\AppData\Local\Microsoft Help
   [12/09/2008|17:17] C:\Users\Sofiane\AppData\Local\MigWiz
   [31/08/2008|16:21] C:\Users\Sofiane\AppData\Local\Mozilla
   [07/09/2008|16:25] C:\Users\Sofiane\AppData\Local\Seven Zip
   [25/01/2009|21:42] C:\Users\Sofiane\AppData\Local\TechSmith
   [29/03/2009|11:25] C:\Users\Sofiane\AppData\Local\Temp
   [18/08/2008|00:11] C:\Users\Sofiane\AppData\Local\Temporary Internet Files
   [23/12/2008|20:24] C:\Users\Sofiane\AppData\Local\TVU Networks
   [29/08/2008|20:44] C:\Users\Sofiane\AppData\Local\VirtualStore
   [08/02/2009|00:22] C:\Users\Sofiane\AppData\Local\WinAVI

   --------------------\\  Tâches planifiées dans C:\Windows\tasks

   [28/03/2009 23:02][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{703A9396-09E8-4ECC-8E9A-16BB22F6C3FB}.job
   [27/03/2009 19:00][--a------] C:\Windows\tasks\Norton Security Scan for Sofiane.job
   [29/03/2009 11:25][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{38BE2F77-4A32-4FFB-87D2-2699B9A80477}.job
   [28/03/2009 13:00][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{6563EB78-F546-4614-9BBB-D2F33057362F}.job
   [29/03/2009 11:25][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{FC697467-23F9-40DF-90AE-5B3E4FDDA422}.job
   [28/03/2009 13:22][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{FB77C40B-B64C-4B99-A14B-60D463CE7E05}.job
   [28/03/2009 15:18][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{FDADC885-E8B2-4E5F-B0A9-9F88931390CF}.job
   [29/03/2009 11:25][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{E556F6BD-9B73-49F1-81F8-98D4A4DD6FAC}.job
   [29/03/2009 11:25][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{3206AAC3-5E11-4376-8A3E-DB495A53F13A}.job
   [29/03/2009 11:16][--ah-----] C:\Windows\tasks\SA.DAT
   [29/03/2009 01:28][--a------] C:\Windows\tasks\SCHEDLGU.TXT

   --------------------\\  Listing des dossiers dans C:\ProgramData
  
   [29/10/2008|20:41] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
   [08/12/2008|11:56] C:\ProgramData\Adobe
   [03/12/2008|21:24] C:\ProgramData\Adobe Systems
   [10/02/2009|20:26] C:\ProgramData\agi
   [30/11/2008|19:31] C:\ProgramData\aHisoft
   [16/05/2008|13:32] C:\ProgramData\AOL
   [31/08/2008|16:26] C:\ProgramData\Apple
   [29/10/2008|20:41] C:\ProgramData\Apple Computer
   [02/11/2006|15:02] C:\ProgramData\Application Data
   [16/05/2008|13:14] C:\ProgramData\ATI
   [20/08/2008|21:39] C:\ProgramData\bird axis rdr.6zodhm
   [17/08/2008|08:17] C:\ProgramData\Bureau
   [14/12/2008|17:28] C:\ProgramData\CyberLink
   [02/11/2006|15:02] C:\ProgramData\Desktop
   [02/11/2006|15:02] C:\ProgramData\Documents
   [30/12/2008|15:16] C:\ProgramData\Downloaded Installations
   [17/08/2008|08:17] C:\ProgramData\Favoris
   [02/11/2006|15:02] C:\ProgramData\Favorites
   [09/01/2009|02:35] C:\ProgramData\FLEXnet
   [22/02/2009|11:50] C:\ProgramData\Google
   [17/08/2008|08:21] C:\ProgramData\Hewlett-Packard
   [07/10/2008|14:35] C:\ProgramData\Htm Support Bait Deaf
   [29/11/2008|23:41] C:\ProgramData\Installations
   [08/01/2009|17:05] C:\ProgramData\Kaspersky Lab
   [21/09/2008|15:42] C:\ProgramData\Kaspersky Lab Setup Files
   [10/02/2009|20:26] C:\ProgramData\Kiwee Toolbar
   [31/12/2008|23:38] C:\ProgramData\LauncherAccess.dt
   [07/09/2008|11:28] C:\ProgramData\LightScribe
   [09/11/2008|00:15] C:\ProgramData\Macromedia
   [27/03/2009|19:46] C:\ProgramData\MemoOptionLess
   [17/08/2008|08:17] C:\ProgramData\Menu D‚marrer
   [21/08/2008|16:27] C:\ProgramData\Messenger Plus!
   [06/01/2009|13:51] C:\ProgramData\Microsoft
   [13/02/2009|15:19] C:\ProgramData\Microsoft Help
   [17/08/2008|08:17] C:\ProgramData\ModŠles
   [16/05/2008|13:22] C:\ProgramData\muvee Technologies
   [30/11/2008|03:26] C:\ProgramData\Nokia
   [29/11/2008|16:19] C:\ProgramData\PC Suite
   [16/05/2008|13:27] C:\ProgramData\PC-Doctor
   [16/05/2008|13:27] C:\ProgramData\PC-Doctor 5 for Windows
   [20/08/2008|21:39] C:\ProgramData\signsitesite.eqxix4
   [20/08/2008|21:39] C:\ProgramData\signsitesite.mn9dhgl
   [02/11/2006|15:02] C:\ProgramData\Start Menu
   [30/09/2008|23:51] C:\ProgramData\Symantec
   [25/01/2009|21:42] C:\ProgramData\TechSmith
   [30/11/2008|17:32] C:\ProgramData\TEMP
   [02/11/2006|15:02] C:\ProgramData\Templates
   [21/12/2008|17:01] C:\ProgramData\TVU Networks
   [14/10/2008|22:18] C:\ProgramData\WildTangent
   [23/02/2009|12:31] C:\ProgramData\WLInstaller

   --------------------\\  Listing des dossiers dans C:\Program Files

   [08/12/2008|11:56] C:\Program Files\Adobe
   [10/02/2009|20:26] C:\Program Files\AGI
   [09/03/2009|14:10] C:\Program Files\Alwil Software
   [23/02/2009|12:36] C:\Program Files\aMSN
   [24/09/2008|14:49] C:\Program Files\Apple Software Update
   [16/05/2008|13:10] C:\Program Files\ATI
   [16/05/2008|13:11] C:\Program Files\ATI Technologies
   [24/09/2008|14:40] C:\Program Files\Bonjour
   [27/03/2009|19:31] C:\Program Files\Circle Developement
   [20/02/2009|17:40] C:\Program Files\Common Files
   [16/05/2008|13:22] C:\Program Files\CyberLink
   [07/02/2009|17:18] C:\Program Files\Dofus
   [20/02/2009|17:40] C:\Program Files\DVDVideoSoft
   [30/08/2008|18:02] C:\Program Files\EasyBits For Kids
   [17/08/2008|08:17] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
   [27/09/2008|16:42] C:\Program Files\FileZilla FTP Client
   [22/02/2009|16:44] C:\Program Files\Google
   [17/08/2008|09:07] C:\Program Files\Hercules
   [28/10/2008|12:16] C:\Program Files\Hewlett-Packard
   [24/10/2008|18:28] C:\Program Files\HP
   [16/05/2008|13:32] C:\Program Files\HP Games
   [31/12/2008|23:01] C:\Program Files\InstallShield Installation Information
   [26/09/2008|23:26] C:\Program Files\Internet Download Manager
   [31/08/2008|16:27] C:\Program Files\Internet Explorer
   [29/10/2008|20:41] C:\Program Files\iPod
   [29/10/2008|20:41] C:\Program Files\iTunes
   [08/02/2009|00:23] C:\Program Files\Jasc Software Inc
   [16/05/2008|13:23] C:\Program Files\Java
   [08/01/2009|14:47] C:\Program Files\Kaspersky Lab
   [10/02/2009|20:26] C:\Program Files\Kiwee Toolbar
   [22/01/2009|13:04] C:\Program Files\LimeWire
   [16/11/2008|13:48] C:\Program Files\Macromedia
   [09/11/2008|12:47] C:\Program Files\Ma‹do Production
   [20/08/2008|21:39] C:\Program Files\Messenger Plus! Live
   [08/01/2009|18:02] C:\Program Files\Microsoft
   [09/11/2008|12:44] C:\Program Files\Microsoft FrontPage Express
   [02/11/2006|14:37] C:\Program Files\Microsoft Games
   [21/09/2008|12:19] C:\Program Files\Microsoft Office
   [08/01/2009|18:06] C:\Program Files\Microsoft Office Outlook Connector
   [06/01/2009|13:53] C:\Program Files\Microsoft Silverlight
   [17/08/2008|09:41] C:\Program Files\Microsoft SQL Server Compact Edition
   [06/01/2009|13:51] C:\Program Files\Microsoft Sync Framework
   [21/09/2008|12:19] C:\Program Files\Microsoft Visual Studio
   [21/09/2008|12:16] C:\Program Files\Microsoft Visual Studio 8
   [21/09/2008|12:19] C:\Program Files\Microsoft Works
   [21/09/2008|12:18] C:\Program Files\Microsoft.NET
   [16/05/2008|22:55] C:\Program Files\Movie Maker
   [29/03/2009|11:17] C:\Program Files\Mozilla Firefox
   [21/09/2008|20:10] C:\Program Files\MP3 Player Utilities 3.5.02
   [21/09/2008|12:19] C:\Program Files\MSBuild
   [30/11/2008|19:08] C:\Program Files\MSXML 4.0
   [16/05/2008|13:22] C:\Program Files\muvee Technologies
   [29/11/2008|23:46] C:\Program Files\Nokia
   [20/03/2009|19:00] C:\Program Files\Norton Security Scan
   [16/11/2008|13:31] C:\Program Files\Notepad++
   [05/10/2008|15:50] C:\Program Files\Nvu
   [17/08/2008|08:21] C:\Program Files\Online Services
   [29/11/2008|16:15] C:\Program Files\PC Connectivity Solution
   [16/05/2008|13:40] C:\Program Files\PC-Doctor 5 for Windows
   [17/12/2008|22:58] C:\Program Files\PhotoFiltre
   [20/02/2009|17:39] C:\Program Files\PhotoScape
   [01/11/2008|14:24] C:\Program Files\QuickTime
   [27/09/2008|20:57] C:\Program Files\Real
   [16/05/2008|13:12] C:\Program Files\Realtek
   [02/11/2006|14:37] C:\Program Files\Reference Assemblies
   [24/09/2008|14:41] C:\Program Files\Safari
   [31/12/2008|23:40] C:\Program Files\Samsung
   [21/12/2008|18:25] C:\Program Files\SopCast
   [25/01/2009|21:42] C:\Program Files\TechSmith
   [28/03/2009|22:37] C:\Program Files\trend micro
   [21/12/2008|17:01] C:\Program Files\TVUPlayer
   [02/11/2006|15:01] C:\Program Files\Uninstall Information
   [13/10/2008|17:27] C:\Program Files\VideoLAN
   [17/09/2008|09:27] C:\Program Files\Visicom Media
   [17/09/2008|09:31] C:\Program Files\vmntoolbar
   [08/02/2009|00:33] C:\Program Files\WinAVI Video Converter
   [16/05/2008|22:55] C:\Program Files\Windows Calendar
   [16/05/2008|22:55] C:\Program Files\Windows Collaboration
   [16/05/2008|22:55] C:\Program Files\Windows Defender
   [16/05/2008|22:55] C:\Program Files\Windows Journal
   [23/02/2009|10:29] C:\Program Files\Windows Live
   [08/01/2009|18:01] C:\Program Files\Windows Live SkyDrive
   [08/01/2009|18:05] C:\Program Files\Windows Live Toolbar
   [13/02/2009|15:18] C:\Program Files\Windows Mail
   [16/05/2008|22:55] C:\Program Files\Windows Media Player
   [17/08/2008|08:17] C:\Program Files\Windows NT
   [16/05/2008|22:55] C:\Program Files\Windows Photo Gallery
   [16/05/2008|22:55] C:\Program Files\Windows Sidebar
   [25/10/2008|13:29] C:\Program Files\WindowsUpdate
   [30/10/2008|05:52] C:\Program Files\WinRAR

   --------------------\\  Listing des dossiers dans C:\Program Files\Common Files

   [08/12/2008|11:55] C:\Program Files\Common Files\Adobe
   [08/12/2008|11:53] C:\Program Files\Common Files\Adobe AIR
   [03/12/2008|08:42] C:\Program Files\Common Files\Adobe Systems Shared
   [24/09/2008|14:46] C:\Program Files\Common Files\Apple
   [21/09/2008|12:19] C:\Program Files\Common Files\DESIGNER
   [20/02/2009|17:40] C:\Program Files\Common Files\DVDVideoSoft
   [16/05/2008|13:38] C:\Program Files\Common Files\InstallShield
   [16/05/2008|13:23] C:\Program Files\Common Files\Java
   [16/05/2008|13:22] C:\Program Files\Common Files\LightScribe
   [16/05/2008|13:22] C:\Program Files\Common Files\LS Getting Started
   [16/11/2008|13:48] C:\Program Files\Common Files\Macromedia
   [08/12/2008|11:51] C:\Program Files\Common Files\Macrovision Shared
   [08/01/2009|18:02] C:\Program Files\Common Files\microsoft shared
   [16/05/2008|13:22] C:\Program Files\Common Files\muvee Technologies
   [29/11/2008|23:42] C:\Program Files\Common Files\Nokia
   [29/11/2008|16:18] C:\Program Files\Common Files\PCSuite
   [27/09/2008|20:57] C:\Program Files\Common Files\Real
   [02/11/2006|13:18] C:\Program Files\Common Files\Services
   [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
   [20/03/2009|19:00] C:\Program Files\Common Files\Symantec Shared
   [08/01/2009|18:06] C:\Program Files\Common Files\System
   [06/01/2009|13:40] C:\Program Files\Common Files\Windows Live
   [17/08/2008|09:39] C:\Program Files\Common Files\WindowsLiveInstaller
   [27/09/2008|20:57] C:\Program Files\Common Files\xing shared

   --------------------\\  Process

   ( 79 Processes )

   ... OK !

   --------------------\\  Recherche avec S_Lop

   C:\ProgramData\bird axis rdr.6zodhm
   C:\ProgramData\signsitesite.eqxix4
   C:\ProgramData\signsitesite.mn9dhgl

   --------------------\\  Recherche de Fichiers / Dossiers Lop

   C:\ProgramData\Htm Support Bait Deaf
   C:\Users\Sofiane\AppData\Local\Temp\nsf77E0.tmp
   C:\Users\Sofiane\AppData\Local\Temp\NSSstub.txt
   C:\Program Files\Circle Developement

   --------------------\\  Verification du Registre

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "bait deaf idle setup"="\"C:\\ProgramData\\bird axis rdr.6zodhm\""
   "IDLE REGS"="\"C:\\ProgramData\\signsitesite.mn9dhgl\""

   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

   --------------------\\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\\  Recherche de fichiers avec Catchme

   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-03-29 11:25:44
   Windows 6.0.6001 Service Pack 1 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 35

   --------------------\\  Recherche d'autres infections

   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{C0115F91-6316-46AB-A979-08758F378A01}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    DhcpNameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{C0115F91-6316-46AB-A979-08758F378A01}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    DhcpNameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{C0115F91-6316-46AB-A979-08758F378A01}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    DhcpNameServer    REG_SZ    85.255.112.39,85.255.112.40
   ==> WAREOUT <==

   --------------------\\  Cracks & Keygens ..

   C:\Users\Sofiane\Downloads\Documents\LimeWire\Saved\sims 2 (+ keygen by ARN).zip


   [F:2256][D:212]-> C:\Users\Sofiane\AppData\Local\Temp
   [F:57][D:1]-> C:\Users\Sofiane\AppData\Roaming\MICROS~1\Windows\Cookies
   [F:502][D:11]-> C:\Users\Sofiane\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
   [F:283][D:18]-> C:\$Recycle.Bin

   1 - "C:\Lop SD\LopR_1.txt" - 29/03/2009|11:28 - Option : [1]

   --------------------\\  Fin du rapport a 11:28:23
   [ UAC => 1 ]
Hors ligneMister_masque Le 29/03/2009 à 12:10 Profil de Mister_masque Configuration de Mister_masque

Salut

On élimine la vermine :


Désactive l'UAC de Vista

  • Clique sur Démarrer >> Panneau de Configuration
  • Clique sur Affichage Classique dans le menu de gauche et double clique sur l'icone Comptes d'utilisateur


  • Clique ensuite sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
  • Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur
  • Redémarre l'ordinateur (Important)



Aide: Tutoriel en image sur Zebulon.fr



# 2 - TOOLBAR S&D



Relance Toolbar S&D en tant qu'administrateur et sélectionne cette fois l'option 2


# 3 - LOP S&D




Relance LOP S&D en tant qu'administrateur et sélectionne cette fois l'option 2




# 4 - Suppression Trojan.DNS



Télécharge SmitFraudFix

Clique droit >> Executer en tant qu'administrateur

Pour effectuer une recherche, ouvre le dossier SmitFraudfix puis double-clique sur l'icône de SmitFraudfix.
Fait défiler grâce à la touche "Espace" jusqu'au menu, sélectionne l'option 1 (Recherche) avec la touche 1 et valide avec la touche Entrée.
Rapport.txt va s'afficher, poste son contenu sur le forum.



Rapport attendu:

  1. Rapport Lop S&D (Option 2)
  2. Rapport Toolbar S&D (option 2)
  3. Rapport SmitFraudFix

--
Hors ligneSauu_ Le 29/03/2009 à 12:33 Profil de Sauu_ Configuration de Sauu_

Voici le rapport du toolbar :


   -----------\\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : Sofiane ( Not Administrator ! )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total:455 Go (Free:322 Go)
   D:\ (Local Disk) - NTFS - Total:10 Go (Free:1 Go)
   E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)
   J:\ (USB)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [2] ( 29/03/2009|12:25 )

   [ UAC => 0 ]

   -----------\\ SUPPRESSION

   Supprime! - C:\ProgramData\Kiwee Toolbar\config
   Supprime! - C:\ProgramData\Kiwee Toolbar\images
   Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Kiwee Toolbar
   Supprime! - C:\Program Files\Kiwee Toolbar\2.8.167
   Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\PlayMP3z
   Supprime! - C:\Program Files\VMNToolbar\install.ico
   Supprime! - C:\Program Files\VMNToolbar\tbuninstall.exe
   Supprime! - C:\Program Files\VMNToolbar\toolbar.ini
   Supprime! - C:\ProgramData\Kiwee Toolbar
   Supprime! - C:\Program Files\Kiwee Toolbar
   Supprime! - C:\Program Files\VMNToolbar

   -----------\\  Recherche de Fichiers / Dossiers ...


   -----------\\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="http://fr.msn.com/"
   "Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cndt"
   "Local Page"="C:\\Windows\\system32\\blank.htm"
   "Search Page"="http://www.google.com"
   "Search Bar"="http://www.google.com/ie"
   "Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="http://www.msn.com/"
   "Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cndt"
   "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
   "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"


   --------------------\\  Recherche d'autres infections

   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{C0115F91-6316-46AB-A979-08758F378A01}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    DhcpNameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{C0115F91-6316-46AB-A979-08758F378A01}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    DhcpNameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{C0115F91-6316-46AB-A979-08758F378A01}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    DhcpNameServer    REG_SZ    85.255.112.39,85.255.112.40
   ==> WAREOUT <==

   --------------------\\  Cracks & Keygens ..

   C:\Users\Sofiane\Downloads\Documents\LimeWire\Saved\sims 2 (+ keygen by ARN).zip


   [ UAC => 1 ]


   1 - "C:\ToolBar SD\TB_1.txt" - 29/03/2009|11:22 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 29/03/2009|12:28 - Option : [2]

   -----------\\  Fin du rapport a 12:28:03,69

Voici, le rapport du lop :


   --------------------\\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : Sofiane ( Not Administrator ! )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total:455 Go (Free:322 Go)
   D:\ (Local Disk) - NTFS - Total:10 Go (Free:1 Go)
   E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)
   J:\ (USB)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [2] ( 29/03/2009|12:25 )

   [ UAC => 0 ]


   \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

   Supprime! - C:\Users\Sofiane\AppData\Local\Temp\nsf77E0.tmp
   Supprime! - C:\Users\Sofiane\AppData\Local\Temp\NSSstub.txt
   Supprime! - C:\ProgramData\bird axis rdr.6zodhm
   Supprime! - C:\ProgramData\signsitesite.eqxix4
   Supprime! - C:\ProgramData\signsitesite.mn9dhgl
   Supprime! - C:\ProgramData\Htm Support Bait Deaf
   Supprime! - C:\Program Files\Circle Developement
   -
   [ Fichier Hosts ] .. Restaure!

   \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


   --------------------\\  Listing des dossiers dans Local

   [25/02/2009|00:54] C:\Users\Sofiane\AppData\Local\Adobe
   [18/08/2008|00:13] C:\Users\Sofiane\AppData\Local\AOL
   [31/08/2008|16:27] C:\Users\Sofiane\AppData\Local\Apple
   [24/09/2008|15:26] C:\Users\Sofiane\AppData\Local\Apple Computer
   [18/08/2008|00:11] C:\Users\Sofiane\AppData\Local\Application Data
   [28/08/2008|18:28] C:\Users\Sofiane\AppData\Local\Ares
   [18/08/2008|00:12] C:\Users\Sofiane\AppData\Local\ATI
   [08/01/2009|16:51] C:\Users\Sofiane\AppData\Local\d3d9caps.dat
   [29/03/2009|12:00] C:\Users\Sofiane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
   [21/03/2009|19:58] C:\Users\Sofiane\AppData\Local\GDIPFONTCACHEV1.DAT
   [22/02/2009|11:50] C:\Users\Sofiane\AppData\Local\Google
   [31/08/2008|19:40] C:\Users\Sofiane\AppData\Local\Hewlett-Packard
   [18/08/2008|00:11] C:\Users\Sofiane\AppData\Local\Historique
   [25/12/2008|01:55] C:\Users\Sofiane\AppData\Local\HP Guide
   [29/03/2009|12:20] C:\Users\Sofiane\AppData\Local\IconCache.db
   [18/08/2008|00:11] C:\Users\Sofiane\AppData\Local\Menu D‚marrer
   [04/12/2008|23:43] C:\Users\Sofiane\AppData\Local\Microsoft
   [09/11/2008|02:08] C:\Users\Sofiane\AppData\Local\Microsoft Games
   [10/11/2008|22:20] C:\Users\Sofiane\AppData\Local\Microsoft Help
   [12/09/2008|17:17] C:\Users\Sofiane\AppData\Local\MigWiz
   [31/08/2008|16:21] C:\Users\Sofiane\AppData\Local\Mozilla
   [07/09/2008|16:25] C:\Users\Sofiane\AppData\Local\Seven Zip
   [25/01/2009|21:42] C:\Users\Sofiane\AppData\Local\TechSmith
   [29/03/2009|12:25] C:\Users\Sofiane\AppData\Local\Temp
   [18/08/2008|00:11] C:\Users\Sofiane\AppData\Local\Temporary Internet Files
   [23/12/2008|20:24] C:\Users\Sofiane\AppData\Local\TVU Networks
   [29/08/2008|20:44] C:\Users\Sofiane\AppData\Local\VirtualStore
   [08/02/2009|00:22] C:\Users\Sofiane\AppData\Local\WinAVI

   --------------------\\  Tâches planifiées dans C:\Windows\tasks

   [28/03/2009 23:02][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{703A9396-09E8-4ECC-8E9A-16BB22F6C3FB}.job
   [27/03/2009 19:00][--a------] C:\Windows\tasks\Norton Security Scan for Sofiane.job
   [29/03/2009 12:25][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{38BE2F77-4A32-4FFB-87D2-2699B9A80477}.job
   [28/03/2009 13:00][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{6563EB78-F546-4614-9BBB-D2F33057362F}.job
   [29/03/2009 12:25][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{FC697467-23F9-40DF-90AE-5B3E4FDDA422}.job
   [28/03/2009 13:22][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{FB77C40B-B64C-4B99-A14B-60D463CE7E05}.job
   [28/03/2009 15:18][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{FDADC885-E8B2-4E5F-B0A9-9F88931390CF}.job
   [29/03/2009 12:25][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{E556F6BD-9B73-49F1-81F8-98D4A4DD6FAC}.job
   [29/03/2009 12:25][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{3206AAC3-5E11-4376-8A3E-DB495A53F13A}.job
   [29/03/2009 12:21][--ah-----] C:\Windows\tasks\SA.DAT
   [29/03/2009 12:20][--a------] C:\Windows\tasks\SCHEDLGU.TXT

   --------------------\\  Listing des dossiers dans C:\ProgramData
  
   [29/10/2008|20:41] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
   [08/12/2008|11:56] C:\ProgramData\Adobe
   [03/12/2008|21:24] C:\ProgramData\Adobe Systems
   [10/02/2009|20:26] C:\ProgramData\agi
   [30/11/2008|19:31] C:\ProgramData\aHisoft
   [16/05/2008|13:32] C:\ProgramData\AOL
   [31/08/2008|16:26] C:\ProgramData\Apple
   [29/10/2008|20:41] C:\ProgramData\Apple Computer
   [02/11/2006|15:02] C:\ProgramData\Application Data
   [16/05/2008|13:14] C:\ProgramData\ATI
   [17/08/2008|08:17] C:\ProgramData\Bureau
   [14/12/2008|17:28] C:\ProgramData\CyberLink
   [02/11/2006|15:02] C:\ProgramData\Desktop
   [02/11/2006|15:02] C:\ProgramData\Documents
   [30/12/2008|15:16] C:\ProgramData\Downloaded Installations
   [17/08/2008|08:17] C:\ProgramData\Favoris
   [02/11/2006|15:02] C:\ProgramData\Favorites
   [09/01/2009|02:35] C:\ProgramData\FLEXnet
   [22/02/2009|11:50] C:\ProgramData\Google
   [17/08/2008|08:21] C:\ProgramData\Hewlett-Packard
   [29/11/2008|23:41] C:\ProgramData\Installations
   [08/01/2009|17:05] C:\ProgramData\Kaspersky Lab
   [21/09/2008|15:42] C:\ProgramData\Kaspersky Lab Setup Files
   [31/12/2008|23:38] C:\ProgramData\LauncherAccess.dt
   [07/09/2008|11:28] C:\ProgramData\LightScribe
   [09/11/2008|00:15] C:\ProgramData\Macromedia
   [27/03/2009|19:46] C:\ProgramData\MemoOptionLess
   [17/08/2008|08:17] C:\ProgramData\Menu D‚marrer
   [21/08/2008|16:27] C:\ProgramData\Messenger Plus!
   [06/01/2009|13:51] C:\ProgramData\Microsoft
   [13/02/2009|15:19] C:\ProgramData\Microsoft Help
   [17/08/2008|08:17] C:\ProgramData\ModŠles
   [16/05/2008|13:22] C:\ProgramData\muvee Technologies
   [30/11/2008|03:26] C:\ProgramData\Nokia
   [29/11/2008|16:19] C:\ProgramData\PC Suite
   [16/05/2008|13:27] C:\ProgramData\PC-Doctor
   [16/05/2008|13:27] C:\ProgramData\PC-Doctor 5 for Windows
   [02/11/2006|15:02] C:\ProgramData\Start Menu
   [30/09/2008|23:51] C:\ProgramData\Symantec
   [25/01/2009|21:42] C:\ProgramData\TechSmith
   [30/11/2008|17:32] C:\ProgramData\TEMP
   [02/11/2006|15:02] C:\ProgramData\Templates
   [21/12/2008|17:01] C:\ProgramData\TVU Networks
   [14/10/2008|22:18] C:\ProgramData\WildTangent
   [23/02/2009|12:31] C:\ProgramData\WLInstaller

   --------------------\\  Listing des dossiers dans C:\Program Files

   [08/12/2008|11:56] C:\Program Files\Adobe
   [10/02/2009|20:26] C:\Program Files\AGI
   [09/03/2009|14:10] C:\Program Files\Alwil Software
   [23/02/2009|12:36] C:\Program Files\aMSN
   [24/09/2008|14:49] C:\Program Files\Apple Software Update
   [16/05/2008|13:10] C:\Program Files\ATI
   [16/05/2008|13:11] C:\Program Files\ATI Technologies
   [24/09/2008|14:40] C:\Program Files\Bonjour
   [20/02/2009|17:40] C:\Program Files\Common Files
   [16/05/2008|13:22] C:\Program Files\CyberLink
   [07/02/2009|17:18] C:\Program Files\Dofus
   [20/02/2009|17:40] C:\Program Files\DVDVideoSoft
   [30/08/2008|18:02] C:\Program Files\EasyBits For Kids
   [17/08/2008|08:17] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
   [27/09/2008|16:42] C:\Program Files\FileZilla FTP Client
   [22/02/2009|16:44] C:\Program Files\Google
   [17/08/2008|09:07] C:\Program Files\Hercules
   [28/10/2008|12:16] C:\Program Files\Hewlett-Packard
   [24/10/2008|18:28] C:\Program Files\HP
   [16/05/2008|13:32] C:\Program Files\HP Games
   [31/12/2008|23:01] C:\Program Files\InstallShield Installation Information
   [26/09/2008|23:26] C:\Program Files\Internet Download Manager
   [31/08/2008|16:27] C:\Program Files\Internet Explorer
   [29/10/2008|20:41] C:\Program Files\iPod
   [29/10/2008|20:41] C:\Program Files\iTunes
   [08/02/2009|00:23] C:\Program Files\Jasc Software Inc
   [16/05/2008|13:23] C:\Program Files\Java
   [08/01/2009|14:47] C:\Program Files\Kaspersky Lab
   [29/03/2009|12:25] C:\Program Files\Kiwee Toolbar
   [22/01/2009|13:04] C:\Program Files\LimeWire
   [16/11/2008|13:48] C:\Program Files\Macromedia
   [09/11/2008|12:47] C:\Program Files\Ma‹do Production
   [20/08/2008|21:39] C:\Program Files\Messenger Plus! Live
   [08/01/2009|18:02] C:\Program Files\Microsoft
   [09/11/2008|12:44] C:\Program Files\Microsoft FrontPage Express
   [02/11/2006|14:37] C:\Program Files\Microsoft Games
   [21/09/2008|12:19] C:\Program Files\Microsoft Office
   [08/01/2009|18:06] C:\Program Files\Microsoft Office Outlook Connector
   [06/01/2009|13:53] C:\Program Files\Microsoft Silverlight
   [17/08/2008|09:41] C:\Program Files\Microsoft SQL Server Compact Edition
   [06/01/2009|13:51] C:\Program Files\Microsoft Sync Framework
   [21/09/2008|12:19] C:\Program Files\Microsoft Visual Studio
   [21/09/2008|12:16] C:\Program Files\Microsoft Visual Studio 8
   [21/09/2008|12:19] C:\Program Files\Microsoft Works
   [21/09/2008|12:18] C:\Program Files\Microsoft.NET
   [16/05/2008|22:55] C:\Program Files\Movie Maker
   [29/03/2009|12:24] C:\Program Files\Mozilla Firefox
   [21/09/2008|20:10] C:\Program Files\MP3 Player Utilities 3.5.02
   [21/09/2008|12:19] C:\Program Files\MSBuild
   [30/11/2008|19:08] C:\Program Files\MSXML 4.0
   [16/05/2008|13:22] C:\Program Files\muvee Technologies
   [29/11/2008|23:46] C:\Program Files\Nokia
   [20/03/2009|19:00] C:\Program Files\Norton Security Scan
   [16/11/2008|13:31] C:\Program Files\Notepad++
   [05/10/2008|15:50] C:\Program Files\Nvu
   [17/08/2008|08:21] C:\Program Files\Online Services
   [29/11/2008|16:15] C:\Program Files\PC Connectivity Solution
   [16/05/2008|13:40] C:\Program Files\PC-Doctor 5 for Windows
   [17/12/2008|22:58] C:\Program Files\PhotoFiltre
   [20/02/2009|17:39] C:\Program Files\PhotoScape
   [01/11/2008|14:24] C:\Program Files\QuickTime
   [27/09/2008|20:57] C:\Program Files\Real
   [16/05/2008|13:12] C:\Program Files\Realtek
   [02/11/2006|14:37] C:\Program Files\Reference Assemblies
   [24/09/2008|14:41] C:\Program Files\Safari
   [31/12/2008|23:40] C:\Program Files\Samsung
   [21/12/2008|18:25] C:\Program Files\SopCast
   [25/01/2009|21:42] C:\Program Files\TechSmith
   [28/03/2009|22:37] C:\Program Files\trend micro
   [21/12/2008|17:01] C:\Program Files\TVUPlayer
   [02/11/2006|15:01] C:\Program Files\Uninstall Information
   [13/10/2008|17:27] C:\Program Files\VideoLAN
   [17/09/2008|09:27] C:\Program Files\Visicom Media
   [29/03/2009|12:25] C:\Program Files\vmntoolbar
   [08/02/2009|00:33] C:\Program Files\WinAVI Video Converter
   [16/05/2008|22:55] C:\Program Files\Windows Calendar
   [16/05/2008|22:55] C:\Program Files\Windows Collaboration
   [16/05/2008|22:55] C:\Program Files\Windows Defender
   [16/05/2008|22:55] C:\Program Files\Windows Journal
   [23/02/2009|10:29] C:\Program Files\Windows Live
   [08/01/2009|18:01] C:\Program Files\Windows Live SkyDrive
   [08/01/2009|18:05] C:\Program Files\Windows Live Toolbar
   [13/02/2009|15:18] C:\Program Files\Windows Mail
   [16/05/2008|22:55] C:\Program Files\Windows Media Player
   [17/08/2008|08:17] C:\Program Files\Windows NT
   [16/05/2008|22:55] C:\Program Files\Windows Photo Gallery
   [16/05/2008|22:55] C:\Program Files\Windows Sidebar
   [25/10/2008|13:29] C:\Program Files\WindowsUpdate
   [30/10/2008|05:52] C:\Program Files\WinRAR

   --------------------\\  Listing des dossiers dans C:\Program Files\Common Files

   [08/12/2008|11:55] C:\Program Files\Common Files\Adobe
   [08/12/2008|11:53] C:\Program Files\Common Files\Adobe AIR
   [03/12/2008|08:42] C:\Program Files\Common Files\Adobe Systems Shared
   [24/09/2008|14:46] C:\Program Files\Common Files\Apple
   [21/09/2008|12:19] C:\Program Files\Common Files\DESIGNER
   [20/02/2009|17:40] C:\Program Files\Common Files\DVDVideoSoft
   [16/05/2008|13:38] C:\Program Files\Common Files\InstallShield
   [16/05/2008|13:23] C:\Program Files\Common Files\Java
   [16/05/2008|13:22] C:\Program Files\Common Files\LightScribe
   [16/05/2008|13:22] C:\Program Files\Common Files\LS Getting Started
   [16/11/2008|13:48] C:\Program Files\Common Files\Macromedia
   [08/12/2008|11:51] C:\Program Files\Common Files\Macrovision Shared
   [08/01/2009|18:02] C:\Program Files\Common Files\microsoft shared
   [16/05/2008|13:22] C:\Program Files\Common Files\muvee Technologies
   [29/11/2008|23:42] C:\Program Files\Common Files\Nokia
   [29/11/2008|16:18] C:\Program Files\Common Files\PCSuite
   [27/09/2008|20:57] C:\Program Files\Common Files\Real
   [02/11/2006|13:18] C:\Program Files\Common Files\Services
   [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
   [20/03/2009|19:00] C:\Program Files\Common Files\Symantec Shared
   [08/01/2009|18:06] C:\Program Files\Common Files\System
   [06/01/2009|13:40] C:\Program Files\Common Files\Windows Live
   [17/08/2008|09:39] C:\Program Files\Common Files\WindowsLiveInstaller
   [27/09/2008|20:57] C:\Program Files\Common Files\xing shared

   --------------------\\  Process

   ( 80 Processes )

   ... OK !

   --------------------\\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !

   --------------------\\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé !

   --------------------\\  Verification du Registre

   ..... OK !

   --------------------\\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\\  Recherche de fichiers avec Catchme

   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-03-29 12:25:52
   Windows 6.0.6001 Service Pack 1 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 35

   --------------------\\  Recherche d'autres infections

   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{C0115F91-6316-46AB-A979-08758F378A01}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    DhcpNameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{C0115F91-6316-46AB-A979-08758F378A01}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    DhcpNameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{C0115F91-6316-46AB-A979-08758F378A01}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    NameServer    REG_SZ    85.255.112.39,85.255.112.40
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}]
    DhcpNameServer    REG_SZ    85.255.112.39,85.255.112.40
   ==> WAREOUT <==

   --------------------\\  Cracks & Keygens ..

   C:\Users\Sofiane\Downloads\Documents\LimeWire\Saved\sims 2 (+ keygen by ARN).zip


   [F:2245][D:209]-> C:\Users\Sofiane\AppData\Local\Temp
   [F:57][D:1]-> C:\Users\Sofiane\AppData\Roaming\MICROS~1\Windows\Cookies
   [F:522][D:11]-> C:\Users\Sofiane\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
   [F:283][D:18]-> C:\$Recycle.Bin

   1 - "C:\Lop SD\LopR_1.txt" - 29/03/2009|11:28 - Option : [1]
   2 - "C:\Lop SD\LopR_2.txt" - 29/03/2009|12:29 - Option : [2]

   --------------------\\  Fin du rapport a 12:29:44
   [ UAC => 1 ]

Voici celle du SmitFraudFix

SmitFraudFix v2.405

Scan done at 12:32:10,96, 29/03/2009
Run from C:\Users\Sofiane\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
C:\Users\Sofiane\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Sofiane\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\conime.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\hp\kbd\kbd.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Sofiane


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Sofiane\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Sofiane\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\Users\Sofiane\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\freshplay FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Sofiane\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\ezShellStart.exe"
"Windows Shell (ezShellStart)"="C:\\Windows\\system32\\userinit.exe,"


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Hercules Wireless G USB #2
DNS Server Search Order: 85.255.112.39
DNS Server Search Order: 85.255.112.40

HKLM\SYSTEM\CCS\Services\Tcpip\..\{793D74F7-36A3-41B5-97BE-6217427F1D1A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C0115F91-6316-46AB-A979-08758F378A01}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C0115F91-6316-46AB-A979-08758F378A01}: NameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}: DhcpNameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}: NameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CS1\Services\Tcpip\..\{793D74F7-36A3-41B5-97BE-6217427F1D1A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C0115F91-6316-46AB-A979-08758F378A01}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C0115F91-6316-46AB-A979-08758F378A01}: NameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}: DhcpNameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}: NameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CS3\Services\Tcpip\..\{793D74F7-36A3-41B5-97BE-6217427F1D1A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C0115F91-6316-46AB-A979-08758F378A01}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C0115F91-6316-46AB-A979-08758F378A01}: NameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}: DhcpNameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}: NameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.112.39,85.255.112.40


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Hors ligneMister_masque Le 29/03/2009 à 13:04 Profil de Mister_masque Configuration de Mister_masque

Salut,

Derniere ligne droite
Je pense que ce crack est infecté :

C:\Users\Sofiane\Downloads\Documents\LimeWire\Saved\sims 2 (+ keygen by ARN).zip

Je te rapelle que le crack d'un logiciel est illégale & un vecteur d'infection évident
Ne sachant pas si il est infecté ou pas, je te conseille de le supprimer.


# 5 - Suppression de l'infection



Télécharge, installe et met à jour MalwareBytes.
Aide: Un tutorial de MalwareBytes est disponible
Fait un examen complet de tout les lecteurs. Clique sur "Afficher les résultats" puis sur "Supprimer la sélection" et poste le rapport.


@+
--
Hors ligneSauu_ Le 29/03/2009 à 13:24 Profil de Sauu_ Configuration de Sauu_

SmitFraudFix v2.405

Scan done at 13:11:09,01, 29/03/2009
Run from C:\Users\Sofiane\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Hercules Wireless G USB #2
DNS Server Search Order: 85.255.112.39
DNS Server Search Order: 85.255.112.40

HKLM\SYSTEM\CCS\Services\Tcpip\..\{793D74F7-36A3-41B5-97BE-6217427F1D1A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C0115F91-6316-46AB-A979-08758F378A01}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C0115F91-6316-46AB-A979-08758F378A01}: NameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}: DhcpNameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}: NameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CS1\Services\Tcpip\..\{793D74F7-36A3-41B5-97BE-6217427F1D1A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C0115F91-6316-46AB-A979-08758F378A01}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C0115F91-6316-46AB-A979-08758F378A01}: NameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}: DhcpNameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}: NameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CS3\Services\Tcpip\..\{793D74F7-36A3-41B5-97BE-6217427F1D1A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C0115F91-6316-46AB-A979-08758F378A01}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C0115F91-6316-46AB-A979-08758F378A01}: NameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}: DhcpNameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C561E060-3B3C-486D-8A20-28D2DE67FE04}: NameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.112.39,85.255.112.40

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

HKLM\SYSTEM\CCS\Services\Tcpip\..\{793D74F7-36A3-41B5-97BE-6217427F1D1A}: DhcpNameServer=192.168.1.1



Tiens :)
Hors ligneMister_masque Le 29/03/2009 à 14:29 Profil de Mister_masque Configuration de Mister_masque

Reuh,

Poste le rapport MalwareBytes

@+
--
Vous avez résolu votre problème avec VIC ? Faites-le savoir sur les réseaux sociaux !
Vulgarisation-informatique.com
Cours en informatique & tutoriels