Spyware secure et entre de securité windows
Moi
-
DeNisCoOl Messages postés 2871 Statut Membre -
DeNisCoOl Messages postés 2871 Statut Membre -
Bonjour,
Voici je suis également infecté par ces spyware. Voici mon le résultat du rapport de Navilog. Que puis-je supprimer.
Vous seriez super gentil de m'aide.
Un gros merci a l'avance!
Voici mon rapport:
Search Navipromo version 3.5.0 commencé le 2008-03-09 à 18:22:57,57
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16609
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\Windows ***
*** Recherche dossiers dans C:\Program Files ***
C:\Program Files\InternetGameBox trouvé !
*** Recherche dossiers dans C:\ProgramData ***
*** Recherche dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***
...\InternetGameBox trouvé !
*** Recherche dossiers dans c:\users\sebas\appdata\roaming\microsoft\windows\start menu\programs ***
*** Recherche dossiers dans C:\Users\Sebas\AppData\Local\virtualstore\Program Files ***
...\InternetGameBox trouvé !
*** Recherche dossiers dans C:\Users\Sebas\AppData\Roaming ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\Windows\system32 *
* Recherche dans C:\Users\Sebas\AppData\Local\Microsoft *
* Recherche dans C:\Users\Sebas\AppData\Local\virtualstore\windows\system32 *
* Recherche dans C:\Users\Sebas\AppData\Local *
Fichiers suspects :
qmtdrzak.exe trouvé !
qmtdrzak.dat trouvé !
qmtdrzak_nav.dat trouvé !
qmtdrzak_navps.dat trouvé !
*** Recherche fichiers ***
C:\Windows\system32\nvs2.inf trouvé !
*** Recherche clés spécifiques dans le Registre ***
HKEY_CURRENT_USER\Software\Lanconfig trouvé !
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\Windows\system32 :
* Dans C:\Users\Sebas\AppData\Local\Microsoft :
* Dans C:\Users\Sebas\AppData\Local\virtualstore\windows\system32 :
* Dans C:\Users\Sebas\AppData\Local :
qmtdrzak.dat trouvé !
qmtdrzak_nav.dat trouvé !
qmtdrzak_navps.dat trouvé !
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
4)Recherche fichiers connus :
*** Analyse terminée le 2008-03-09 à 18:30:03,51 ***
Voici je suis également infecté par ces spyware. Voici mon le résultat du rapport de Navilog. Que puis-je supprimer.
Vous seriez super gentil de m'aide.
Un gros merci a l'avance!
Voici mon rapport:
Search Navipromo version 3.5.0 commencé le 2008-03-09 à 18:22:57,57
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16609
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\Windows ***
*** Recherche dossiers dans C:\Program Files ***
C:\Program Files\InternetGameBox trouvé !
*** Recherche dossiers dans C:\ProgramData ***
*** Recherche dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***
...\InternetGameBox trouvé !
*** Recherche dossiers dans c:\users\sebas\appdata\roaming\microsoft\windows\start menu\programs ***
*** Recherche dossiers dans C:\Users\Sebas\AppData\Local\virtualstore\Program Files ***
...\InternetGameBox trouvé !
*** Recherche dossiers dans C:\Users\Sebas\AppData\Roaming ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\Windows\system32 *
* Recherche dans C:\Users\Sebas\AppData\Local\Microsoft *
* Recherche dans C:\Users\Sebas\AppData\Local\virtualstore\windows\system32 *
* Recherche dans C:\Users\Sebas\AppData\Local *
Fichiers suspects :
qmtdrzak.exe trouvé !
qmtdrzak.dat trouvé !
qmtdrzak_nav.dat trouvé !
qmtdrzak_navps.dat trouvé !
*** Recherche fichiers ***
C:\Windows\system32\nvs2.inf trouvé !
*** Recherche clés spécifiques dans le Registre ***
HKEY_CURRENT_USER\Software\Lanconfig trouvé !
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\Windows\system32 :
* Dans C:\Users\Sebas\AppData\Local\Microsoft :
* Dans C:\Users\Sebas\AppData\Local\virtualstore\windows\system32 :
* Dans C:\Users\Sebas\AppData\Local :
qmtdrzak.dat trouvé !
qmtdrzak_nav.dat trouvé !
qmtdrzak_navps.dat trouvé !
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
4)Recherche fichiers connus :
*** Analyse terminée le 2008-03-09 à 18:30:03,51 ***
A voir également:
- Spyware secure et entre de securité windows
- Clé de produit windows 10 - Guide
- Mode securite - Guide
- Montage video gratuit windows - Guide
- Windows ne démarre pas - Guide
- Windows movie maker - Télécharger - Montage & Édition
10 réponses
salut Moi,
Pour commencer
- Cliquer sur HiJackThis pour le télécharger sur votre bureau :
- Le tutoriel ici : https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
- Installer le sur un répertoire dédié (pas un dossier temporaire).
- Renommer Hijackthis, pour contrer une éventuelle infection de Vundo.
- Renommer le fichier HiJackThis.exe par exemple en CCM (à chercher dans le répertoire d’installation par exemple C:\Program Files\).
- Pour cela, faire un clic droit sur le fichier HiJackThis.exe et choisir renommer dans la liste.
- Taper CCM et Appuyer sur la touche Entrée.
- Générer un rapport en suivant ces indications :
- Double-clic sur CCM.exe.
- Cliquer sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note , tout sélectionner (Ctrl+A).
- Copier (Ctrl+C) et Coller (Ctrl+V) le rapport dans le prochain message.
Aide : N'hésite pas à consulter l'aide HiJackThis –
Pour faciliter l’archivage des messages, vous pouvez vous identifier avec mot de passe, l’inscription est gratuite.
Ensuite
--------------------
Veiller à ce que le contrôle des comptes utilisateurs (UAC User Account Control sous Vista) soit désactivé
ainsi que votre Anti Virus le temps de la désinfection pour éviter les messages d’alerte intempestifs.
Tu es infecté par l'adware Navipromo/ Magic control
• Faire un double clic sur le raccourci Navilog1 présent sur le bureau
• Au menu principal, Fais le choix 2
Laisse toi guider et patiente.
L'outil va t'informer qu'il va redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais-le toi-même)
• Au redémarrage de ton PC, choisis ta session habituelle.
• Patienter jusqu'au message :
*** Nettoyage Termine le ..... ***
• Le bloc-notes va s'ouvrir.
Sauvegarder le rapport de manière à le retrouver.
Refermer le bloc-notes. Le bureau va réapparaître.
Poste ce rapport dans ta prochaine réponse.
• Réactiver le contrôle des comptes utilisateurs (UAC sous Vista)
PS: Si ton bureau ne réapparaît pas, fais CTRL+Maj+Esc pour ouvrir le gestionnaire de tâches.
Dans le menu fichiers, sélectionne "exécuter".
Tape explorer et valide. Ton bureau va réapparaître.
A+
Denis
Pour commencer
- Cliquer sur HiJackThis pour le télécharger sur votre bureau :
- Le tutoriel ici : https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
- Installer le sur un répertoire dédié (pas un dossier temporaire).
- Renommer Hijackthis, pour contrer une éventuelle infection de Vundo.
- Renommer le fichier HiJackThis.exe par exemple en CCM (à chercher dans le répertoire d’installation par exemple C:\Program Files\).
- Pour cela, faire un clic droit sur le fichier HiJackThis.exe et choisir renommer dans la liste.
- Taper CCM et Appuyer sur la touche Entrée.
- Générer un rapport en suivant ces indications :
- Double-clic sur CCM.exe.
- Cliquer sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note , tout sélectionner (Ctrl+A).
- Copier (Ctrl+C) et Coller (Ctrl+V) le rapport dans le prochain message.
Aide : N'hésite pas à consulter l'aide HiJackThis –
Pour faciliter l’archivage des messages, vous pouvez vous identifier avec mot de passe, l’inscription est gratuite.
Ensuite
--------------------
Veiller à ce que le contrôle des comptes utilisateurs (UAC User Account Control sous Vista) soit désactivé
ainsi que votre Anti Virus le temps de la désinfection pour éviter les messages d’alerte intempestifs.
Tu es infecté par l'adware Navipromo/ Magic control
• Faire un double clic sur le raccourci Navilog1 présent sur le bureau
• Au menu principal, Fais le choix 2
Laisse toi guider et patiente.
L'outil va t'informer qu'il va redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais-le toi-même)
• Au redémarrage de ton PC, choisis ta session habituelle.
• Patienter jusqu'au message :
*** Nettoyage Termine le ..... ***
• Le bloc-notes va s'ouvrir.
Sauvegarder le rapport de manière à le retrouver.
Refermer le bloc-notes. Le bureau va réapparaître.
Poste ce rapport dans ta prochaine réponse.
• Réactiver le contrôle des comptes utilisateurs (UAC sous Vista)
PS: Si ton bureau ne réapparaît pas, fais CTRL+Maj+Esc pour ouvrir le gestionnaire de tâches.
Dans le menu fichiers, sélectionne "exécuter".
Tape explorer et valide. Ton bureau va réapparaître.
A+
Denis
Je te remercie beaucoup de ta réponse! Super
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:57, on 2008-03-09
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Users\Sebastien Cournoyer\AppData\Local\qmtdrzak.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [qmtdrzak] c:\users\sebastien cournoyer\appdata\local\qmtdrzak.exe qmtdrzak
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:57, on 2008-03-09
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Users\Sebastien Cournoyer\AppData\Local\qmtdrzak.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [qmtdrzak] c:\users\sebastien cournoyer\appdata\local\qmtdrzak.exe qmtdrzak
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Voici le rapport de navilog1
Clean Navipromo version 3.5.0 commencé le 2008-03-09 à 21:15:25,10
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16609
Système de fichiers : NTFS
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans C:\Windows\System32 *
* Suppression dans C:\Users\Sebas\AppData\Local\Microsoft *
* Suppression dans C:\Users\Sebas\AppData\Local\virtualstore\windows\system32 *
* Suppression dans C:\Users\Sebas\AppData\Local *
Autres Suppressions :
qmtdrzak.exe trouvé !
Copie qmtdrzak.exe réalisée avec succès !
qmtdrzak.exe supprimé !
qmtdrzak.dat trouvé !
Copie qmtdrzak.dat réalisée avec succès !
qmtdrzak.dat supprimé !
qmtdrzak_nav.dat trouvé !
Copie qmtdrzak_nav.dat réalisée avec succès !
qmtdrzak_nav.dat supprimé !
qmtdrzak_navps.dat trouvé !
Copie qmtdrzak_navps.dat réalisée avec succès !
qmtdrzak_navps.dat supprimé !
*** Suppression dossiers dans C:\Windows ***
*** Suppression dossiers dans C:\Program Files ***
*** Suppression dossiers dans C:\ProgramData ***
*** Suppression dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***
*** Suppression dossiers dans c:\users\sebas\appdata\roaming\microsoft\windows\start menu\programs ***
*** Suppression dossiers dans C:\Users\Sebas\AppData\Local\virtualstore\Program Files ***
...\InternetGameBox ...suppression...
...\InternetGameBox supprimé !
*** Suppression dossiers dans C:\Users\Sebas\AppData\Roaming ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\SEBAST~1\AppData\Local\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans C:\Windows\system32 *
* Dans C:\Users\Sebastien Cournoyer\AppData\Local\Microsoft *
* Dans C:\Users\Sebastien Cournoyer\AppData\Local\virtualstore\windows\system32 *
* Dans C:\Users\Sebastien Cournoyer\AppData\Local *
*** Sauvegarde du Registre vers dossier Backupnavi ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
*** Nettoyage terminé le 2008-03-09 à 21:22:55,83 ***
Clean Navipromo version 3.5.0 commencé le 2008-03-09 à 21:15:25,10
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16609
Système de fichiers : NTFS
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans C:\Windows\System32 *
* Suppression dans C:\Users\Sebas\AppData\Local\Microsoft *
* Suppression dans C:\Users\Sebas\AppData\Local\virtualstore\windows\system32 *
* Suppression dans C:\Users\Sebas\AppData\Local *
Autres Suppressions :
qmtdrzak.exe trouvé !
Copie qmtdrzak.exe réalisée avec succès !
qmtdrzak.exe supprimé !
qmtdrzak.dat trouvé !
Copie qmtdrzak.dat réalisée avec succès !
qmtdrzak.dat supprimé !
qmtdrzak_nav.dat trouvé !
Copie qmtdrzak_nav.dat réalisée avec succès !
qmtdrzak_nav.dat supprimé !
qmtdrzak_navps.dat trouvé !
Copie qmtdrzak_navps.dat réalisée avec succès !
qmtdrzak_navps.dat supprimé !
*** Suppression dossiers dans C:\Windows ***
*** Suppression dossiers dans C:\Program Files ***
*** Suppression dossiers dans C:\ProgramData ***
*** Suppression dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***
*** Suppression dossiers dans c:\users\sebas\appdata\roaming\microsoft\windows\start menu\programs ***
*** Suppression dossiers dans C:\Users\Sebas\AppData\Local\virtualstore\Program Files ***
...\InternetGameBox ...suppression...
...\InternetGameBox supprimé !
*** Suppression dossiers dans C:\Users\Sebas\AppData\Roaming ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\SEBAST~1\AppData\Local\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans C:\Windows\system32 *
* Dans C:\Users\Sebastien Cournoyer\AppData\Local\Microsoft *
* Dans C:\Users\Sebastien Cournoyer\AppData\Local\virtualstore\windows\system32 *
* Dans C:\Users\Sebastien Cournoyer\AppData\Local *
*** Sauvegarde du Registre vers dossier Backupnavi ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
*** Nettoyage terminé le 2008-03-09 à 21:22:55,83 ***
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re,
Navilog a bien travaillé.
--------------------
Relancer HiJackthis cliquer sur Do a scan only et cocher les lignes en gras:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
Comment fixer une ligne: (Merci a Balltrap34 pour cette réalisation vidéo)
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
Fermer toutes tes applications et ton navigateur puis fix checked.
Comme anti spyware vous n'avez que windows defender qui est vraiment moyen, vous devriez installer Spybot.
------------------------
- Cliquer sur Spybot pour télécharger la dernière version 1.5 (septembre 2007)
Après installation cliquer sur Rechercher les Mises à Jour, cocher les MàJ , télécharger les MàJ.
> Redémarrer en mode sans échec : après le bip avant le logo windows tapoter sur la touche F8 (ou F5): image. Si problème : Tuto ici
Redémarrer Spybot, cliquer sur Vérifier tout, Purger les éléments sélectionner, puis ***Vacciner***
Le tutorial très complet http://www.tutoriaux-excalibur.com/spybot.htm (merci excalibur)
--------------------
Je vous conseillerais également Firefox, plus sure, plus rapide et plus souple que IExplorer : http://www.mozilla-europe.org/fr/products/firefox/
* Pour les cookies s'assurer de tout est correctement configurer, Outils / Options / Vie privée >
* Cookies / Les conserver jusqu'à : la fermeture de firefox.
* Vie privée cocher : Toujours effacer mes informations personnelles à la fermeture de Firefox.
Voici un lien pour encore mieux optimiser la vitesse de navigation:
http://www.commentcamarche.net/faq/sujet 852 firefox optimisation ameliorer les performances
ou automatiquement regarder ici:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/31802.html
--------------------
Renvoyer ensuite un autre rapport HJThis
A+
Navilog a bien travaillé.
--------------------
Relancer HiJackthis cliquer sur Do a scan only et cocher les lignes en gras:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
Comment fixer une ligne: (Merci a Balltrap34 pour cette réalisation vidéo)
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
Fermer toutes tes applications et ton navigateur puis fix checked.
Comme anti spyware vous n'avez que windows defender qui est vraiment moyen, vous devriez installer Spybot.
------------------------
- Cliquer sur Spybot pour télécharger la dernière version 1.5 (septembre 2007)
Après installation cliquer sur Rechercher les Mises à Jour, cocher les MàJ , télécharger les MàJ.
> Redémarrer en mode sans échec : après le bip avant le logo windows tapoter sur la touche F8 (ou F5): image. Si problème : Tuto ici
Redémarrer Spybot, cliquer sur Vérifier tout, Purger les éléments sélectionner, puis ***Vacciner***
Le tutorial très complet http://www.tutoriaux-excalibur.com/spybot.htm (merci excalibur)
--------------------
Je vous conseillerais également Firefox, plus sure, plus rapide et plus souple que IExplorer : http://www.mozilla-europe.org/fr/products/firefox/
* Pour les cookies s'assurer de tout est correctement configurer, Outils / Options / Vie privée >
* Cookies / Les conserver jusqu'à : la fermeture de firefox.
* Vie privée cocher : Toujours effacer mes informations personnelles à la fermeture de Firefox.
Voici un lien pour encore mieux optimiser la vitesse de navigation:
http://www.commentcamarche.net/faq/sujet 852 firefox optimisation ameliorer les performances
ou automatiquement regarder ici:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/31802.html
--------------------
Renvoyer ensuite un autre rapport HJThis
A+
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:36:40, on 2008-03-09
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
c:\program files\google\googletoolbar1user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Scan saved at 22:36:40, on 2008-03-09
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
c:\program files\google\googletoolbar1user.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
salut Moi,
Merci pour le rapport HJThis.
As tu exécuté le reste des étapes?
Spybot, Firefox pour votre intérêt mais rien est obligatoire bien entendu ;-)
les lignes fixé avec HJThis ?
Ou en sont les symptômes?
A+
Denis
Merci pour le rapport HJThis.
As tu exécuté le reste des étapes?
Spybot, Firefox pour votre intérêt mais rien est obligatoire bien entendu ;-)
les lignes fixé avec HJThis ?
Ou en sont les symptômes?
A+
Denis
salut Moi,
-Je crois que mon problème est résolu.
sauf cette ligne qui est apparu depuis le premier rapport:
c:\program files\google\googletoolbar1user.exe <=== est ce un programme que tu connais?
---------------------------------
Il faudrait vérifier le fichier dans ce site: https://www.virustotal.com/gui/
Une fois dans le site, copier et coller le chemin du fichier ci dessous, dans le rectangle blanc devant le bouton Parcourir...
c:\program files\google\googletoolbar1user.exe
Ensuite cliquer sur le bouton Envoyer le fichier
Le fichier va être examiner par environ 30 moteur anti virus, il va être mis en file d’attente dans un premier temps, soyez patient, laisser tourner.
Le rapport ne sera complet que si la mention "FINISHED" apparaît sur la droite.
Coller le rapport dans le prochain message.
---------------------------------
-J'insistais car je ne vois rien de changé dans le log HJThis.
Au moins les infections Navipromo ont été éradiqué.
l'UAC était il toujours inactif?
A+
-Je crois que mon problème est résolu.
sauf cette ligne qui est apparu depuis le premier rapport:
c:\program files\google\googletoolbar1user.exe <=== est ce un programme que tu connais?
---------------------------------
Il faudrait vérifier le fichier dans ce site: https://www.virustotal.com/gui/
Une fois dans le site, copier et coller le chemin du fichier ci dessous, dans le rectangle blanc devant le bouton Parcourir...
c:\program files\google\googletoolbar1user.exe
Ensuite cliquer sur le bouton Envoyer le fichier
Le fichier va être examiner par environ 30 moteur anti virus, il va être mis en file d’attente dans un premier temps, soyez patient, laisser tourner.
Le rapport ne sera complet que si la mention "FINISHED" apparaît sur la droite.
Coller le rapport dans le prochain message.
---------------------------------
-J'insistais car je ne vois rien de changé dans le log HJThis.
Au moins les infections Navipromo ont été éradiqué.
l'UAC était il toujours inactif?
A+
Entre temps j'ai du changé l'anti-virus pour antivir parce que Kaspersky était un programne en évaluation. C'est tout ce que j'ai fait. Pour Google toolbar, je croyais que c'était le la barre d'outils de google. Voici le rapport du site :
Virustotal
Fichier googletoolbar3user.exe reçu le 2008.02.29 20:28:39 (CET)
Situation actuelle: terminé
Résultat: 0/32 (0.00%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.29.1 2008.02.29 -
AntiVir 7.6.0.73 2008.02.29 -
Authentium 4.93.8 2008.02.29 -
Avast 4.7.1098.0 2008.02.28 -
AVG 7.5.0.516 2008.02.29 -
BitDefender 7.2 2008.02.29 -
CAT-QuickHeal 9.50 2008.02.29 -
ClamAV 0.92.1 2008.02.29 -
DrWeb 4.44.0.09170 2008.02.29 -
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5574 2008.02.29 -
Ewido 4.0 2008.02.29 -
FileAdvisor 1 2008.02.29 -
Fortinet 3.14.0.0 2008.02.29 -
F-Prot 4.4.2.54 2008.02.28 -
F-Secure 6.70.13260.0 2008.02.29 -
Ikarus T3.1.1.20 2008.02.29 -
Kaspersky 7.0.0.125 2008.02.29 -
McAfee 5242 2008.02.29 -
Microsoft 1.3301 2008.02.29 -
NOD32v2 2912 2008.02.29 -
Norman 5.80.02 2008.02.29 -
Panda 9.0.0.4 2008.02.28 -
Prevx1 V2 2008.02.29 -
Rising 20.33.42.00 2008.02.29 -
Sophos 4.27.0 2008.02.29 -
Sunbelt 3.0.906.0 2008.02.28 -
Symantec 10 2008.02.29 -
TheHacker 6.2.9.229 2008.02.25 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.02.29 -
Webwasher-Gateway 6.6.2 2008.02.29 -
Information additionnelle
File size: 52272 bytes
MD5: 4b7c04f6a3d6ddbd5a0924558b3ea491
SHA1: 12c4b78839d75eba866ae3bd996735a2ad718993
PEiD: -
Virustotal
Fichier googletoolbar3user.exe reçu le 2008.02.29 20:28:39 (CET)
Situation actuelle: terminé
Résultat: 0/32 (0.00%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.29.1 2008.02.29 -
AntiVir 7.6.0.73 2008.02.29 -
Authentium 4.93.8 2008.02.29 -
Avast 4.7.1098.0 2008.02.28 -
AVG 7.5.0.516 2008.02.29 -
BitDefender 7.2 2008.02.29 -
CAT-QuickHeal 9.50 2008.02.29 -
ClamAV 0.92.1 2008.02.29 -
DrWeb 4.44.0.09170 2008.02.29 -
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5574 2008.02.29 -
Ewido 4.0 2008.02.29 -
FileAdvisor 1 2008.02.29 -
Fortinet 3.14.0.0 2008.02.29 -
F-Prot 4.4.2.54 2008.02.28 -
F-Secure 6.70.13260.0 2008.02.29 -
Ikarus T3.1.1.20 2008.02.29 -
Kaspersky 7.0.0.125 2008.02.29 -
McAfee 5242 2008.02.29 -
Microsoft 1.3301 2008.02.29 -
NOD32v2 2912 2008.02.29 -
Norman 5.80.02 2008.02.29 -
Panda 9.0.0.4 2008.02.28 -
Prevx1 V2 2008.02.29 -
Rising 20.33.42.00 2008.02.29 -
Sophos 4.27.0 2008.02.29 -
Sunbelt 3.0.906.0 2008.02.28 -
Symantec 10 2008.02.29 -
TheHacker 6.2.9.229 2008.02.25 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.02.29 -
Webwasher-Gateway 6.6.2 2008.02.29 -
Information additionnelle
File size: 52272 bytes
MD5: 4b7c04f6a3d6ddbd5a0924558b3ea491
SHA1: 12c4b78839d75eba866ae3bd996735a2ad718993
PEiD: -
salut Moi,
Entre temps j'ai du changé l'anti-virus pour antivir parce que Kaspersky était un programne en évaluation.
Après le dernier log HJthis j'imagines?
Mais il faudrait maintenant installer un parefeu car Kaspersky vous protégeait un peu comme un pare feu.
- De nombreuses infections utilisent les ordinateurs infectés comme serveurs distant ou autre gentillesse du genre, usurpation d'identité. Pour contrer ce genre d'attaque il faut un parefeu.
Comme pare feu je conseillerais Sunbelt (ex Kerio), mais il y en a bien d'autre.
Dans les premiers jours, il y aura une période d’apprentissage (à chaque alerte d'un programme connu cocher la case : créer une règle pour cette communication et ne plus me demander)
Bien regarder le tutoriel ICI
Et pour la version la plus récente ICI
------------------
Fichier googletoolbar3user.exe reçu le 2008.02.29 20:28:39 (CET)
googletoolbar3user.exe vraiment bizarre le nom du fichier a changé?
avant il était nommé c:\program files\google\googletoolbar1user.exe <=== écriture de tous les caractères en minuscule bizarre.
Pour Google toolbar, je croyais que c'était le la barre d'outils de google.
Oui celui ci est la barre de tâche Google mais c'est juste le Notifier qui est inutile:
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe <=== lettre majuscule dans le texte pour celui ci.
------------------
l'UAC était il toujours inactif?
Si non il faudrait le désactiver et refixer les lignes avec Hijackthis, car ce ne sont pourtant pas des lignes concernant des services.
------------------
Télécharger OTMoveIt2(de Old_Timer) sur le Bureau. http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Double cliquer sur OTMoveIt2.exe pour le lancer.
Copier la liste de fichier ou de dossier qui se trouve en gras ci-dessous,
et coller-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.
c:\program files\google\
Cliquer sur MoveIt! pour lancer la suppression.
Le résultat apparaîtra dans le cadre Results.
Cliquer sur Exit pour fermer.
Il sera peut-être demander de redémarrer le pc pour achever la suppression.
Si c'est le cas accepter par Yes.
--> Poster le rapport d'OTMoveIt situé dans C:\_OTMoveIt\MovedFiles (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date et l'heure)
A+
Entre temps j'ai du changé l'anti-virus pour antivir parce que Kaspersky était un programne en évaluation.
Après le dernier log HJthis j'imagines?
Mais il faudrait maintenant installer un parefeu car Kaspersky vous protégeait un peu comme un pare feu.
- De nombreuses infections utilisent les ordinateurs infectés comme serveurs distant ou autre gentillesse du genre, usurpation d'identité. Pour contrer ce genre d'attaque il faut un parefeu.
Comme pare feu je conseillerais Sunbelt (ex Kerio), mais il y en a bien d'autre.
Dans les premiers jours, il y aura une période d’apprentissage (à chaque alerte d'un programme connu cocher la case : créer une règle pour cette communication et ne plus me demander)
Bien regarder le tutoriel ICI
Et pour la version la plus récente ICI
------------------
Fichier googletoolbar3user.exe reçu le 2008.02.29 20:28:39 (CET)
googletoolbar3user.exe vraiment bizarre le nom du fichier a changé?
avant il était nommé c:\program files\google\googletoolbar1user.exe <=== écriture de tous les caractères en minuscule bizarre.
Pour Google toolbar, je croyais que c'était le la barre d'outils de google.
Oui celui ci est la barre de tâche Google mais c'est juste le Notifier qui est inutile:
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe <=== lettre majuscule dans le texte pour celui ci.
------------------
l'UAC était il toujours inactif?
Si non il faudrait le désactiver et refixer les lignes avec Hijackthis, car ce ne sont pourtant pas des lignes concernant des services.
------------------
Télécharger OTMoveIt2(de Old_Timer) sur le Bureau. http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Double cliquer sur OTMoveIt2.exe pour le lancer.
Copier la liste de fichier ou de dossier qui se trouve en gras ci-dessous,
et coller-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.
c:\program files\google\
Cliquer sur MoveIt! pour lancer la suppression.
Le résultat apparaîtra dans le cadre Results.
Cliquer sur Exit pour fermer.
Il sera peut-être demander de redémarrer le pc pour achever la suppression.
Si c'est le cas accepter par Yes.
--> Poster le rapport d'OTMoveIt situé dans C:\_OTMoveIt\MovedFiles (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date et l'heure)
A+
Vous allez me chicanner, j'avais oublié de désactiver UAC. Je l'ai fait et redémarrer le portable.
Je vais continuer les opérations que vous m'indiquez en attendant je vour renvoie le résultat du Hijack que j'ai fait après la désactivation du UAC et aussi après le re démarrage de l'ordi. :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:39:07, on 2008-03-10
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Je vais continuer les opérations que vous m'indiquez en attendant je vour renvoie le résultat du Hijack que j'ai fait après la désactivation du UAC et aussi après le re démarrage de l'ordi. :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:39:07, on 2008-03-10
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Le rapport de MovedFiles:
c:\program files\google\Installers moved successfully.
c:\program files\google\GoogleToolbarNotifier\2.0.301.5672 moved successfully.
c:\program files\google\GoogleToolbarNotifier moved successfully.
c:\program files\google\Google Earth\xml moved successfully.
c:\program files\google\Google Earth\res\zw.country moved successfully.
c:\program files\google\Google Earth\res\zm.country moved successfully.
c:\program files\google\Google Earth\res\za.country moved successfully.
c:\program files\google\Google Earth\res\yt.country moved successfully.
c:\program files\google\Google Earth\res\ye.country moved successfully.
c:\program files\google\Google Earth\res\ws.country moved successfully.
c:\program files\google\Google Earth\res\wf.country moved successfully.
c:\program files\google\Google Earth\res\vu.country moved successfully.
c:\program files\google\Google Earth\res\vn.country moved successfully.
c:\program files\google\Google Earth\res\vi.country moved successfully.
c:\program files\google\Google Earth\res\vg.country moved successfully.
c:\program files\google\Google Earth\res\ve.country moved successfully.
c:\program files\google\Google Earth\res\vc.country moved successfully.
c:\program files\google\Google Earth\res\va.country moved successfully.
c:\program files\google\Google Earth\res\uz.country moved successfully.
c:\program files\google\Google Earth\res\uy.country moved successfully.
c:\program files\google\Google Earth\res\us.country moved successfully.
c:\program files\google\Google Earth\res\um.country moved successfully.
c:\program files\google\Google Earth\res\ug.country moved successfully.
c:\program files\google\Google Earth\res\ua.country moved successfully.
c:\program files\google\Google Earth\res\tz.country moved successfully.
c:\program files\google\Google Earth\res\tw.country moved successfully.
c:\program files\google\Google Earth\res\tv.country moved successfully.
c:\program files\google\Google Earth\res\tt.country moved successfully.
c:\program files\google\Google Earth\res\tr.country moved successfully.
c:\program files\google\Google Earth\res\to.country moved successfully.
c:\program files\google\Google Earth\res\tn.country moved successfully.
c:\program files\google\Google Earth\res\tm.country moved successfully.
c:\program files\google\Google Earth\res\tl.country moved successfully.
c:\program files\google\Google Earth\res\tk.country moved successfully.
c:\program files\google\Google Earth\res\tj.country moved successfully.
c:\program files\google\Google Earth\res\th.country moved successfully.
c:\program files\google\Google Earth\res\tg.country moved successfully.
c:\program files\google\Google Earth\res\tf.country moved successfully.
c:\program files\google\Google Earth\res\td.country moved successfully.
c:\program files\google\Google Earth\res\tc.country moved successfully.
c:\program files\google\Google Earth\res\sz.country moved successfully.
c:\program files\google\Google Earth\res\sy.country moved successfully.
c:\program files\google\Google Earth\res\sv.country moved successfully.
c:\program files\google\Google Earth\res\st.country moved successfully.
c:\program files\google\Google Earth\res\sr.country moved successfully.
c:\program files\google\Google Earth\res\so.country moved successfully.
c:\program files\google\Google Earth\res\sn.country moved successfully.
c:\program files\google\Google Earth\res\sm.country moved successfully.
c:\program files\google\Google Earth\res\sl.country moved successfully.
c:\program files\google\Google Earth\res\sk.country moved successfully.
c:\program files\google\Google Earth\res\sj.country moved successfully.
c:\program files\google\Google Earth\res\si.country moved successfully.
c:\program files\google\Google Earth\res\shapes moved successfully.
c:\program files\google\Google Earth\res\sh.country moved successfully.
c:\program files\google\Google Earth\res\sg.country moved successfully.
c:\program files\google\Google Earth\res\se.country moved successfully.
c:\program files\google\Google Earth\res\sd.country moved successfully.
c:\program files\google\Google Earth\res\sc.country moved successfully.
c:\program files\google\Google Earth\res\sb.country moved successfully.
c:\program files\google\Google Earth\res\sa.country moved successfully.
c:\program files\google\Google Earth\res\rw.country moved successfully.
c:\program files\google\Google Earth\res\ru.locale moved successfully.
c:\program files\google\Google Earth\res\ru.country moved successfully.
c:\program files\google\Google Earth\res\rs.country moved successfully.
c:\program files\google\Google Earth\res\ro.country moved successfully.
c:\program files\google\Google Earth\res\re.country moved successfully.
c:\program files\google\Google Earth\res\qa.country moved successfully.
c:\program files\google\Google Earth\res\py.country moved successfully.
c:\program files\google\Google Earth\res\pw.country moved successfully.
c:\program files\google\Google Earth\res\pushpin moved successfully.
c:\program files\google\Google Earth\res\pt.locale moved successfully.
c:\program files\google\Google Earth\res\pt.country moved successfully.
c:\program files\google\Google Earth\res\ps.country moved successfully.
c:\program files\google\Google Earth\res\pr.country moved successfully.
c:\program files\google\Google Earth\res\pn.country moved successfully.
c:\program files\google\Google Earth\res\pm.country moved successfully.
c:\program files\google\Google Earth\res\pl.locale moved successfully.
c:\program files\google\Google Earth\res\pl.country moved successfully.
c:\program files\google\Google Earth\res\pk.country moved successfully.
c:\program files\google\Google Earth\res\ph.country moved successfully.
c:\program files\google\Google Earth\res\pg.country moved successfully.
c:\program files\google\Google Earth\res\pf.country moved successfully.
c:\program files\google\Google Earth\res\pe.country moved successfully.
c:\program files\google\Google Earth\res\pal5 moved successfully.
c:\program files\google\Google Earth\res\pal4 moved successfully.
c:\program files\google\Google Earth\res\pal3 moved successfully.
c:\program files\google\Google Earth\res\pal2 moved successfully.
c:\program files\google\Google Earth\res\paddle moved successfully.
c:\program files\google\Google Earth\res\pa.country moved successfully.
c:\program files\google\Google Earth\res\om.country moved successfully.
c:\program files\google\Google Earth\res\nz.country moved successfully.
c:\program files\google\Google Earth\res\nu.country moved successfully.
c:\program files\google\Google Earth\res\nr.country moved successfully.
c:\program files\google\Google Earth\res\np.country moved successfully.
c:\program files\google\Google Earth\res\no.country moved successfully.
c:\program files\google\Google Earth\res\nl.locale moved successfully.
c:\program files\google\Google Earth\res\nl.country moved successfully.
c:\program files\google\Google Earth\res\ni.country moved successfully.
c:\program files\google\Google Earth\res\ng.country moved successfully.
c:\program files\google\Google Earth\res\nf.country moved successfully.
c:\program files\google\Google Earth\res\ne.country moved successfully.
c:\program files\google\Google Earth\res\nc.country moved successfully.
c:\program files\google\Google Earth\res\na.country moved successfully.
c:\program files\google\Google Earth\res\mz.country moved successfully.
c:\program files\google\Google Earth\res\my.country moved successfully.
c:\program files\google\Google Earth\res\mx.country moved successfully.
c:\program files\google\Google Earth\res\mw.country moved successfully.
c:\program files\google\Google Earth\res\mv.country moved successfully.
c:\program files\google\Google Earth\res\mu.country moved successfully.
c:\program files\google\Google Earth\res\mt.country moved successfully.
c:\program files\google\Google Earth\res\ms.country moved successfully.
c:\program files\google\Google Earth\res\mr.country moved successfully.
c:\program files\google\Google Earth\res\mq.country moved successfully.
c:\program files\google\Google Earth\res\mp.country moved successfully.
c:\program files\google\Google Earth\res\mo.country moved successfully.
c:\program files\google\Google Earth\res\mn.country moved successfully.
c:\program files\google\Google Earth\res\mm.country moved successfully.
c:\program files\google\Google Earth\res\ml.country moved successfully.
c:\program files\google\Google Earth\res\mk.country moved successfully.
c:\program files\google\Google Earth\res\mh.country moved successfully.
c:\program files\google\Google Earth\res\mg.country moved successfully.
c:\program files\google\Google Earth\res\me.country moved successfully.
c:\program files\google\Google Earth\res\md.country moved successfully.
c:\program files\google\Google Earth\res\mc.country moved successfully.
c:\program files\google\Google Earth\res\ma.country moved successfully.
c:\program files\google\Google Earth\res\ly.country moved successfully.
c:\program files\google\Google Earth\res\lv.country moved successfully.
c:\program files\google\Google Earth\res\lu.country moved successfully.
c:\program files\google\Google Earth\res\lt.country moved successfully.
c:\program files\google\Google Earth\res\ls.country moved successfully.
c:\program files\google\Google Earth\res\lr.country moved successfully.
c:\program files\google\Google Earth\res\lk.country moved successfully.
c:\program files\google\Google Earth\res\li.country moved successfully.
c:\program files\google\Google Earth\res\lc.country moved successfully.
c:\program files\google\Google Earth\res\lb.country moved successfully.
c:\program files\google\Google Earth\res\la.country moved successfully.
c:\program files\google\Google Earth\res\kz.country moved successfully.
c:\program files\google\Google Earth\res\ky.country moved successfully.
c:\program files\google\Google Earth\res\kw.country moved successfully.
c:\program files\google\Google Earth\res\kr.country moved successfully.
c:\program files\google\Google Earth\res\kp.country moved successfully.
c:\program files\google\Google Earth\res\ko.locale moved successfully.
c:\program files\google\Google Earth\res\kn.country moved successfully.
c:\program files\google\Google Earth\res\km.country moved successfully.
c:\program files\google\Google Earth\res\ki.country moved successfully.
c:\program files\google\Google Earth\res\kh.country moved successfully.
c:\program files\google\Google Earth\res\kg.country moved successfully.
c:\program files\google\Google Earth\res\ke.country moved successfully.
c:\program files\google\Google Earth\res\jp.country moved successfully.
c:\program files\google\Google Earth\res\jo.country moved successfully.
c:\program files\google\Google Earth\res\jm.country moved successfully.
c:\program files\google\Google Earth\res\je.country moved successfully.
c:\program files\google\Google Earth\res\ja.locale moved successfully.
c:\program files\google\Google Earth\res\it.locale moved successfully.
c:\program files\google\Google Earth\res\it.country moved successfully.
c:\program files\google\Google Earth\res\is.country moved successfully.
c:\program files\google\Google Earth\res\ir.country moved successfully.
c:\program files\google\Google Earth\res\iq.country moved successfully.
c:\program files\google\Google Earth\res\io.country moved successfully.
c:\program files\google\Google Earth\res\in.country moved successfully.
c:\program files\google\Google Earth\res\im.country moved successfully.
c:\program files\google\Google Earth\res\il.country moved successfully.
c:\program files\google\Google Earth\res\ie.country moved successfully.
c:\program files\google\Google Earth\res\id.country moved successfully.
c:\program files\google\Google Earth\res\hu.country moved successfully.
c:\program files\google\Google Earth\res\ht.country moved successfully.
c:\program files\google\Google Earth\res\hr.country moved successfully.
c:\program files\google\Google Earth\res\hn.country moved successfully.
c:\program files\google\Google Earth\res\hm.country moved successfully.
c:\program files\google\Google Earth\res\hk.country moved successfully.
c:\program files\google\Google Earth\res\gy.country moved successfully.
c:\program files\google\Google Earth\res\gw.country moved successfully.
c:\program files\google\Google Earth\res\gu.country moved successfully.
c:\program files\google\Google Earth\res\gt.country moved successfully.
c:\program files\google\Google Earth\res\gs.country moved successfully.
c:\program files\google\Google Earth\res\gr.country moved successfully.
c:\program files\google\Google Earth\res\gq.country moved successfully.
c:\program files\google\Google Earth\res\gp.country moved successfully.
c:\program files\google\Google Earth\res\gn.country moved successfully.
c:\program files\google\Google Earth\res\gm.country moved successfully.
c:\program files\google\Google Earth\res\gl.country moved successfully.
c:\program files\google\Google Earth\res\gi.country moved successfully.
c:\program files\google\Google Earth\res\gh.country moved successfully.
c:\program files\google\Google Earth\res\gg.country moved successfully.
c:\program files\google\Google Earth\res\gf.country moved successfully.
c:\program files\google\Google Earth\res\ge.country moved successfully.
c:\program files\google\Google Earth\res\gd.country moved successfully.
c:\program files\google\Google Earth\res\gb.country moved successfully.
c:\program files\google\Google Earth\res\ga.country moved successfully.
c:\program files\google\Google Earth\res\fr.locale moved successfully.
c:\program files\google\Google Earth\res\fr.country moved successfully.
c:\program files\google\Google Earth\res\fo.country moved successfully.
c:\program files\google\Google Earth\res\fm.country moved successfully.
c:\program files\google\Google Earth\res\fk.country moved successfully.
c:\program files\google\Google Earth\res\fj.country moved successfully.
c:\program files\google\Google Earth\res\fi.country moved successfully.
c:\program files\google\Google Earth\res\et.country moved successfully.
c:\program files\google\Google Earth\res\es.locale moved successfully.
c:\program files\google\Google Earth\res\es.country moved successfully.
c:\program files\google\Google Earth\res\er.country moved successfully.
c:\program files\google\Google Earth\res\en.locale moved successfully.
c:\program files\google\Google Earth\res\eh.country moved successfully.
c:\program files\google\Google Earth\res\eg.country moved successfully.
c:\program files\google\Google Earth\res\ee.country moved successfully.
c:\program files\google\Google Earth\res\ec.country moved successfully.
c:\program files\google\Google Earth\res\dz.country moved successfully.
c:\program files\google\Google Earth\res\do.country moved successfully.
c:\program files\google\Google Earth\res\dm.country moved successfully.
c:\program files\google\Google Earth\res\dk.country moved successfully.
c:\program files\google\Google Earth\res\dj.country moved successfully.
c:\program files\google\Google Earth\res\de.locale moved successfully.
c:\program files\google\Google Earth\res\de.country moved successfully.
c:\program files\google\Google Earth\res\cz.country moved successfully.
c:\program files\google\Google Earth\res\cy.country moved successfully.
c:\program files\google\Google Earth\res\cx.country moved successfully.
c:\program files\google\Google Earth\res\cv.country moved successfully.
c:\program files\google\Google Earth\res\cu.country moved successfully.
c:\program files\google\Google Earth\res\cs.locale moved successfully.
c:\program files\google\Google Earth\res\cr.country moved successfully.
c:\program files\google\Google Earth\res\co.country moved successfully.
c:\program files\google\Google Earth\res\cn.country moved successfully.
c:\program files\google\Google Earth\res\cm.country moved successfully.
c:\program files\google\Google Earth\res\cl.country moved successfully.
c:\program files\google\Google Earth\res\ck.country moved successfully.
c:\program files\google\Google Earth\res\ci.country moved successfully.
c:\program files\google\Google Earth\res\ch.country moved successfully.
c:\program files\google\Google Earth\res\cg.country moved successfully.
c:\program files\google\Google Earth\res\cf.country moved successfully.
c:\program files\google\Google Earth\res\cd.country moved successfully.
c:\program files\google\Google Earth\res\cc.country moved successfully.
c:\program files\google\Google Earth\res\ca.country moved successfully.
c:\program files\google\Google Earth\res\bz.country moved successfully.
c:\program files\google\Google Earth\res\by.country moved successfully.
c:\program files\google\Google Earth\res\bw.country moved successfully.
c:\program files\google\Google Earth\res\bv.country moved successfully.
c:\program files\google\Google Earth\res\bt.country moved successfully.
c:\program files\google\Google Earth\res\bs.country moved successfully.
c:\program files\google\Google Earth\res\br.country moved successfully.
c:\program files\google\Google Earth\res\bo.country moved successfully.
c:\program files\google\Google Earth\res\bn.country moved successfully.
c:\program files\google\Google Earth\res\bm.country moved successfully.
c:\program files\google\Google Earth\res\bj.country moved successfully.
c:\program files\google\Google Earth\res\bi.country moved successfully.
c:\program files\google\Google Earth\res\bh.country moved successfully.
c:\program files\google\Google Earth\res\bg.country moved successfully.
c:\program files\google\Google Earth\res\bf.country moved successfully.
c:\program files\google\Google Earth\res\be.country moved successfully.
c:\program files\google\Google Earth\res\bd.country moved successfully.
c:\program files\google\Google Earth\res\bb.country moved successfully.
c:\program files\google\Google Earth\res\ba.country moved successfully.
c:\program files\google\Google Earth\res\az.country moved successfully.
c:\program files\google\Google Earth\res\ax.country moved successfully.
c:\program files\google\Google Earth\res\aw.country moved successfully.
c:\program files\google\Google Earth\res\au.country moved successfully.
c:\program files\google\Google Earth\res\at.country moved successfully.
c:\program files\google\Google Earth\res\as.country moved successfully.
c:\program files\google\Google Earth\res\ar.locale moved successfully.
c:\program files\google\Google Earth\res\ar.country moved successfully.
c:\program files\google\Google Earth\res\aq.country moved successfully.
c:\program files\google\Google Earth\res\ao.country moved successfully.
c:\program files\google\Google Earth\res\an.country moved successfully.
c:\program files\google\Google Earth\res\am.country moved successfully.
c:\program files\google\Google Earth\res\al.country moved successfully.
c:\program files\google\Google Earth\res\ai.country moved successfully.
c:\program files\google\Google Earth\res\ag.country moved successfully.
c:\program files\google\Google Earth\res\af.country moved successfully.
c:\program files\google\Google Earth\res\ae.country moved successfully.
c:\program files\google\Google Earth\res\ad.country moved successfully.
c:\program files\google\Google Earth\res moved successfully.
c:\program files\google\Google Earth\lang moved successfully.
c:\program files\google\Google Earth\kvw moved successfully.
c:\program files\google\Google Earth\alchemy\optimizations moved successfully.
c:\program files\google\Google Earth\alchemy\ogl moved successfully.
c:\program files\google\Google Earth\alchemy\dx moved successfully.
c:\program files\google\Google Earth\alchemy moved successfully.
c:\program files\google\Google Earth moved successfully.
c:\program files\google\Common\Google Updater moved successfully.
c:\program files\google\Common moved successfully.
c:\program files\google moved successfully.
OTMoveIt2 v1.0.21 log created on 03102008_084634
c:\program files\google\Installers moved successfully.
c:\program files\google\GoogleToolbarNotifier\2.0.301.5672 moved successfully.
c:\program files\google\GoogleToolbarNotifier moved successfully.
c:\program files\google\Google Earth\xml moved successfully.
c:\program files\google\Google Earth\res\zw.country moved successfully.
c:\program files\google\Google Earth\res\zm.country moved successfully.
c:\program files\google\Google Earth\res\za.country moved successfully.
c:\program files\google\Google Earth\res\yt.country moved successfully.
c:\program files\google\Google Earth\res\ye.country moved successfully.
c:\program files\google\Google Earth\res\ws.country moved successfully.
c:\program files\google\Google Earth\res\wf.country moved successfully.
c:\program files\google\Google Earth\res\vu.country moved successfully.
c:\program files\google\Google Earth\res\vn.country moved successfully.
c:\program files\google\Google Earth\res\vi.country moved successfully.
c:\program files\google\Google Earth\res\vg.country moved successfully.
c:\program files\google\Google Earth\res\ve.country moved successfully.
c:\program files\google\Google Earth\res\vc.country moved successfully.
c:\program files\google\Google Earth\res\va.country moved successfully.
c:\program files\google\Google Earth\res\uz.country moved successfully.
c:\program files\google\Google Earth\res\uy.country moved successfully.
c:\program files\google\Google Earth\res\us.country moved successfully.
c:\program files\google\Google Earth\res\um.country moved successfully.
c:\program files\google\Google Earth\res\ug.country moved successfully.
c:\program files\google\Google Earth\res\ua.country moved successfully.
c:\program files\google\Google Earth\res\tz.country moved successfully.
c:\program files\google\Google Earth\res\tw.country moved successfully.
c:\program files\google\Google Earth\res\tv.country moved successfully.
c:\program files\google\Google Earth\res\tt.country moved successfully.
c:\program files\google\Google Earth\res\tr.country moved successfully.
c:\program files\google\Google Earth\res\to.country moved successfully.
c:\program files\google\Google Earth\res\tn.country moved successfully.
c:\program files\google\Google Earth\res\tm.country moved successfully.
c:\program files\google\Google Earth\res\tl.country moved successfully.
c:\program files\google\Google Earth\res\tk.country moved successfully.
c:\program files\google\Google Earth\res\tj.country moved successfully.
c:\program files\google\Google Earth\res\th.country moved successfully.
c:\program files\google\Google Earth\res\tg.country moved successfully.
c:\program files\google\Google Earth\res\tf.country moved successfully.
c:\program files\google\Google Earth\res\td.country moved successfully.
c:\program files\google\Google Earth\res\tc.country moved successfully.
c:\program files\google\Google Earth\res\sz.country moved successfully.
c:\program files\google\Google Earth\res\sy.country moved successfully.
c:\program files\google\Google Earth\res\sv.country moved successfully.
c:\program files\google\Google Earth\res\st.country moved successfully.
c:\program files\google\Google Earth\res\sr.country moved successfully.
c:\program files\google\Google Earth\res\so.country moved successfully.
c:\program files\google\Google Earth\res\sn.country moved successfully.
c:\program files\google\Google Earth\res\sm.country moved successfully.
c:\program files\google\Google Earth\res\sl.country moved successfully.
c:\program files\google\Google Earth\res\sk.country moved successfully.
c:\program files\google\Google Earth\res\sj.country moved successfully.
c:\program files\google\Google Earth\res\si.country moved successfully.
c:\program files\google\Google Earth\res\shapes moved successfully.
c:\program files\google\Google Earth\res\sh.country moved successfully.
c:\program files\google\Google Earth\res\sg.country moved successfully.
c:\program files\google\Google Earth\res\se.country moved successfully.
c:\program files\google\Google Earth\res\sd.country moved successfully.
c:\program files\google\Google Earth\res\sc.country moved successfully.
c:\program files\google\Google Earth\res\sb.country moved successfully.
c:\program files\google\Google Earth\res\sa.country moved successfully.
c:\program files\google\Google Earth\res\rw.country moved successfully.
c:\program files\google\Google Earth\res\ru.locale moved successfully.
c:\program files\google\Google Earth\res\ru.country moved successfully.
c:\program files\google\Google Earth\res\rs.country moved successfully.
c:\program files\google\Google Earth\res\ro.country moved successfully.
c:\program files\google\Google Earth\res\re.country moved successfully.
c:\program files\google\Google Earth\res\qa.country moved successfully.
c:\program files\google\Google Earth\res\py.country moved successfully.
c:\program files\google\Google Earth\res\pw.country moved successfully.
c:\program files\google\Google Earth\res\pushpin moved successfully.
c:\program files\google\Google Earth\res\pt.locale moved successfully.
c:\program files\google\Google Earth\res\pt.country moved successfully.
c:\program files\google\Google Earth\res\ps.country moved successfully.
c:\program files\google\Google Earth\res\pr.country moved successfully.
c:\program files\google\Google Earth\res\pn.country moved successfully.
c:\program files\google\Google Earth\res\pm.country moved successfully.
c:\program files\google\Google Earth\res\pl.locale moved successfully.
c:\program files\google\Google Earth\res\pl.country moved successfully.
c:\program files\google\Google Earth\res\pk.country moved successfully.
c:\program files\google\Google Earth\res\ph.country moved successfully.
c:\program files\google\Google Earth\res\pg.country moved successfully.
c:\program files\google\Google Earth\res\pf.country moved successfully.
c:\program files\google\Google Earth\res\pe.country moved successfully.
c:\program files\google\Google Earth\res\pal5 moved successfully.
c:\program files\google\Google Earth\res\pal4 moved successfully.
c:\program files\google\Google Earth\res\pal3 moved successfully.
c:\program files\google\Google Earth\res\pal2 moved successfully.
c:\program files\google\Google Earth\res\paddle moved successfully.
c:\program files\google\Google Earth\res\pa.country moved successfully.
c:\program files\google\Google Earth\res\om.country moved successfully.
c:\program files\google\Google Earth\res\nz.country moved successfully.
c:\program files\google\Google Earth\res\nu.country moved successfully.
c:\program files\google\Google Earth\res\nr.country moved successfully.
c:\program files\google\Google Earth\res\np.country moved successfully.
c:\program files\google\Google Earth\res\no.country moved successfully.
c:\program files\google\Google Earth\res\nl.locale moved successfully.
c:\program files\google\Google Earth\res\nl.country moved successfully.
c:\program files\google\Google Earth\res\ni.country moved successfully.
c:\program files\google\Google Earth\res\ng.country moved successfully.
c:\program files\google\Google Earth\res\nf.country moved successfully.
c:\program files\google\Google Earth\res\ne.country moved successfully.
c:\program files\google\Google Earth\res\nc.country moved successfully.
c:\program files\google\Google Earth\res\na.country moved successfully.
c:\program files\google\Google Earth\res\mz.country moved successfully.
c:\program files\google\Google Earth\res\my.country moved successfully.
c:\program files\google\Google Earth\res\mx.country moved successfully.
c:\program files\google\Google Earth\res\mw.country moved successfully.
c:\program files\google\Google Earth\res\mv.country moved successfully.
c:\program files\google\Google Earth\res\mu.country moved successfully.
c:\program files\google\Google Earth\res\mt.country moved successfully.
c:\program files\google\Google Earth\res\ms.country moved successfully.
c:\program files\google\Google Earth\res\mr.country moved successfully.
c:\program files\google\Google Earth\res\mq.country moved successfully.
c:\program files\google\Google Earth\res\mp.country moved successfully.
c:\program files\google\Google Earth\res\mo.country moved successfully.
c:\program files\google\Google Earth\res\mn.country moved successfully.
c:\program files\google\Google Earth\res\mm.country moved successfully.
c:\program files\google\Google Earth\res\ml.country moved successfully.
c:\program files\google\Google Earth\res\mk.country moved successfully.
c:\program files\google\Google Earth\res\mh.country moved successfully.
c:\program files\google\Google Earth\res\mg.country moved successfully.
c:\program files\google\Google Earth\res\me.country moved successfully.
c:\program files\google\Google Earth\res\md.country moved successfully.
c:\program files\google\Google Earth\res\mc.country moved successfully.
c:\program files\google\Google Earth\res\ma.country moved successfully.
c:\program files\google\Google Earth\res\ly.country moved successfully.
c:\program files\google\Google Earth\res\lv.country moved successfully.
c:\program files\google\Google Earth\res\lu.country moved successfully.
c:\program files\google\Google Earth\res\lt.country moved successfully.
c:\program files\google\Google Earth\res\ls.country moved successfully.
c:\program files\google\Google Earth\res\lr.country moved successfully.
c:\program files\google\Google Earth\res\lk.country moved successfully.
c:\program files\google\Google Earth\res\li.country moved successfully.
c:\program files\google\Google Earth\res\lc.country moved successfully.
c:\program files\google\Google Earth\res\lb.country moved successfully.
c:\program files\google\Google Earth\res\la.country moved successfully.
c:\program files\google\Google Earth\res\kz.country moved successfully.
c:\program files\google\Google Earth\res\ky.country moved successfully.
c:\program files\google\Google Earth\res\kw.country moved successfully.
c:\program files\google\Google Earth\res\kr.country moved successfully.
c:\program files\google\Google Earth\res\kp.country moved successfully.
c:\program files\google\Google Earth\res\ko.locale moved successfully.
c:\program files\google\Google Earth\res\kn.country moved successfully.
c:\program files\google\Google Earth\res\km.country moved successfully.
c:\program files\google\Google Earth\res\ki.country moved successfully.
c:\program files\google\Google Earth\res\kh.country moved successfully.
c:\program files\google\Google Earth\res\kg.country moved successfully.
c:\program files\google\Google Earth\res\ke.country moved successfully.
c:\program files\google\Google Earth\res\jp.country moved successfully.
c:\program files\google\Google Earth\res\jo.country moved successfully.
c:\program files\google\Google Earth\res\jm.country moved successfully.
c:\program files\google\Google Earth\res\je.country moved successfully.
c:\program files\google\Google Earth\res\ja.locale moved successfully.
c:\program files\google\Google Earth\res\it.locale moved successfully.
c:\program files\google\Google Earth\res\it.country moved successfully.
c:\program files\google\Google Earth\res\is.country moved successfully.
c:\program files\google\Google Earth\res\ir.country moved successfully.
c:\program files\google\Google Earth\res\iq.country moved successfully.
c:\program files\google\Google Earth\res\io.country moved successfully.
c:\program files\google\Google Earth\res\in.country moved successfully.
c:\program files\google\Google Earth\res\im.country moved successfully.
c:\program files\google\Google Earth\res\il.country moved successfully.
c:\program files\google\Google Earth\res\ie.country moved successfully.
c:\program files\google\Google Earth\res\id.country moved successfully.
c:\program files\google\Google Earth\res\hu.country moved successfully.
c:\program files\google\Google Earth\res\ht.country moved successfully.
c:\program files\google\Google Earth\res\hr.country moved successfully.
c:\program files\google\Google Earth\res\hn.country moved successfully.
c:\program files\google\Google Earth\res\hm.country moved successfully.
c:\program files\google\Google Earth\res\hk.country moved successfully.
c:\program files\google\Google Earth\res\gy.country moved successfully.
c:\program files\google\Google Earth\res\gw.country moved successfully.
c:\program files\google\Google Earth\res\gu.country moved successfully.
c:\program files\google\Google Earth\res\gt.country moved successfully.
c:\program files\google\Google Earth\res\gs.country moved successfully.
c:\program files\google\Google Earth\res\gr.country moved successfully.
c:\program files\google\Google Earth\res\gq.country moved successfully.
c:\program files\google\Google Earth\res\gp.country moved successfully.
c:\program files\google\Google Earth\res\gn.country moved successfully.
c:\program files\google\Google Earth\res\gm.country moved successfully.
c:\program files\google\Google Earth\res\gl.country moved successfully.
c:\program files\google\Google Earth\res\gi.country moved successfully.
c:\program files\google\Google Earth\res\gh.country moved successfully.
c:\program files\google\Google Earth\res\gg.country moved successfully.
c:\program files\google\Google Earth\res\gf.country moved successfully.
c:\program files\google\Google Earth\res\ge.country moved successfully.
c:\program files\google\Google Earth\res\gd.country moved successfully.
c:\program files\google\Google Earth\res\gb.country moved successfully.
c:\program files\google\Google Earth\res\ga.country moved successfully.
c:\program files\google\Google Earth\res\fr.locale moved successfully.
c:\program files\google\Google Earth\res\fr.country moved successfully.
c:\program files\google\Google Earth\res\fo.country moved successfully.
c:\program files\google\Google Earth\res\fm.country moved successfully.
c:\program files\google\Google Earth\res\fk.country moved successfully.
c:\program files\google\Google Earth\res\fj.country moved successfully.
c:\program files\google\Google Earth\res\fi.country moved successfully.
c:\program files\google\Google Earth\res\et.country moved successfully.
c:\program files\google\Google Earth\res\es.locale moved successfully.
c:\program files\google\Google Earth\res\es.country moved successfully.
c:\program files\google\Google Earth\res\er.country moved successfully.
c:\program files\google\Google Earth\res\en.locale moved successfully.
c:\program files\google\Google Earth\res\eh.country moved successfully.
c:\program files\google\Google Earth\res\eg.country moved successfully.
c:\program files\google\Google Earth\res\ee.country moved successfully.
c:\program files\google\Google Earth\res\ec.country moved successfully.
c:\program files\google\Google Earth\res\dz.country moved successfully.
c:\program files\google\Google Earth\res\do.country moved successfully.
c:\program files\google\Google Earth\res\dm.country moved successfully.
c:\program files\google\Google Earth\res\dk.country moved successfully.
c:\program files\google\Google Earth\res\dj.country moved successfully.
c:\program files\google\Google Earth\res\de.locale moved successfully.
c:\program files\google\Google Earth\res\de.country moved successfully.
c:\program files\google\Google Earth\res\cz.country moved successfully.
c:\program files\google\Google Earth\res\cy.country moved successfully.
c:\program files\google\Google Earth\res\cx.country moved successfully.
c:\program files\google\Google Earth\res\cv.country moved successfully.
c:\program files\google\Google Earth\res\cu.country moved successfully.
c:\program files\google\Google Earth\res\cs.locale moved successfully.
c:\program files\google\Google Earth\res\cr.country moved successfully.
c:\program files\google\Google Earth\res\co.country moved successfully.
c:\program files\google\Google Earth\res\cn.country moved successfully.
c:\program files\google\Google Earth\res\cm.country moved successfully.
c:\program files\google\Google Earth\res\cl.country moved successfully.
c:\program files\google\Google Earth\res\ck.country moved successfully.
c:\program files\google\Google Earth\res\ci.country moved successfully.
c:\program files\google\Google Earth\res\ch.country moved successfully.
c:\program files\google\Google Earth\res\cg.country moved successfully.
c:\program files\google\Google Earth\res\cf.country moved successfully.
c:\program files\google\Google Earth\res\cd.country moved successfully.
c:\program files\google\Google Earth\res\cc.country moved successfully.
c:\program files\google\Google Earth\res\ca.country moved successfully.
c:\program files\google\Google Earth\res\bz.country moved successfully.
c:\program files\google\Google Earth\res\by.country moved successfully.
c:\program files\google\Google Earth\res\bw.country moved successfully.
c:\program files\google\Google Earth\res\bv.country moved successfully.
c:\program files\google\Google Earth\res\bt.country moved successfully.
c:\program files\google\Google Earth\res\bs.country moved successfully.
c:\program files\google\Google Earth\res\br.country moved successfully.
c:\program files\google\Google Earth\res\bo.country moved successfully.
c:\program files\google\Google Earth\res\bn.country moved successfully.
c:\program files\google\Google Earth\res\bm.country moved successfully.
c:\program files\google\Google Earth\res\bj.country moved successfully.
c:\program files\google\Google Earth\res\bi.country moved successfully.
c:\program files\google\Google Earth\res\bh.country moved successfully.
c:\program files\google\Google Earth\res\bg.country moved successfully.
c:\program files\google\Google Earth\res\bf.country moved successfully.
c:\program files\google\Google Earth\res\be.country moved successfully.
c:\program files\google\Google Earth\res\bd.country moved successfully.
c:\program files\google\Google Earth\res\bb.country moved successfully.
c:\program files\google\Google Earth\res\ba.country moved successfully.
c:\program files\google\Google Earth\res\az.country moved successfully.
c:\program files\google\Google Earth\res\ax.country moved successfully.
c:\program files\google\Google Earth\res\aw.country moved successfully.
c:\program files\google\Google Earth\res\au.country moved successfully.
c:\program files\google\Google Earth\res\at.country moved successfully.
c:\program files\google\Google Earth\res\as.country moved successfully.
c:\program files\google\Google Earth\res\ar.locale moved successfully.
c:\program files\google\Google Earth\res\ar.country moved successfully.
c:\program files\google\Google Earth\res\aq.country moved successfully.
c:\program files\google\Google Earth\res\ao.country moved successfully.
c:\program files\google\Google Earth\res\an.country moved successfully.
c:\program files\google\Google Earth\res\am.country moved successfully.
c:\program files\google\Google Earth\res\al.country moved successfully.
c:\program files\google\Google Earth\res\ai.country moved successfully.
c:\program files\google\Google Earth\res\ag.country moved successfully.
c:\program files\google\Google Earth\res\af.country moved successfully.
c:\program files\google\Google Earth\res\ae.country moved successfully.
c:\program files\google\Google Earth\res\ad.country moved successfully.
c:\program files\google\Google Earth\res moved successfully.
c:\program files\google\Google Earth\lang moved successfully.
c:\program files\google\Google Earth\kvw moved successfully.
c:\program files\google\Google Earth\alchemy\optimizations moved successfully.
c:\program files\google\Google Earth\alchemy\ogl moved successfully.
c:\program files\google\Google Earth\alchemy\dx moved successfully.
c:\program files\google\Google Earth\alchemy moved successfully.
c:\program files\google\Google Earth moved successfully.
c:\program files\google\Common\Google Updater moved successfully.
c:\program files\google\Common moved successfully.
c:\program files\google moved successfully.
OTMoveIt2 v1.0.21 log created on 03102008_084634
Je vous renvoie le rapport hijackt après avoir utiliser movedit:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:35:10, on 2008-03-10
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:35:10, on 2008-03-10
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Je crois que maintenant tout fonctionne à merveille. Depuis que j'ai supprimé l’infection avec Navilog, plus rien. J'ai redémarré souvent l'ordi. et tout est normal. Malheureusement mon fils a du repartir avec son portable. C'est pour ça que je vous ai envoyé immédiatement mes rapports après avoir utiliser Movedit. Pourriez-vous me confirmer quand même si c'est rapport vous satisfait?
Entre temps, je tiens à vous remercier de votre patience et de votre générosité. Un gros merci!!
Moi
Entre temps, je tiens à vous remercier de votre patience et de votre générosité. Un gros merci!!
Moi
Moi,
Tout semble rentré dans l'ordre.
Mais il faudra dire à votre fils de réinstaller Google Earth, il était dans ce répertoire étrange et OtMoveIT l'a enlevé.
Google a des manières étrange de faire, ce répertoire existe en double (c:\program files\google et c:\Program files\Google), ce n'est pas grave mais désolé pour l'erreur.
Bye bye
Tout semble rentré dans l'ordre.
Mais il faudra dire à votre fils de réinstaller Google Earth, il était dans ce répertoire étrange et OtMoveIT l'a enlevé.
Google a des manières étrange de faire, ce répertoire existe en double (c:\program files\google et c:\Program files\Google), ce n'est pas grave mais désolé pour l'erreur.
Bye bye
