Fenêtres pub intempestives...
charlydereims
Messages postés
1
Statut
Membre
-
Destrio5 Messages postés 99820 Statut Modérateur -
Destrio5 Messages postés 99820 Statut Modérateur -
Bonjour,
et merci d'avance pour votre aide !!!
Voilà, je me trouve chez mes beaux-parents qui ne s'y connaissent pas vraiment en informatique.
Ils se plaignent actuellement de fenêtres pub qui s'ouvrent de manière intempestive.
Serviable, je me suis alors proposé pour y jeter un coup d'oeil et je me suis vite apperçu de la présence de Messenger + live sur leur pc.
Biens sûr, leur fils a installé cet add-on, je vous le donne en mille, avec le satané sponsor.
J'ai donc désinstallé ce foutu sponsor mais rien n'y fait, les fenêtres prennent toujours le pc d'assaut, et le pire c'est qu'il ne s'agit pas QUE de fenêtres "CiD", il y en a même qui s'affichent sur la page en cours d'utilisation, obligeant à appuyer sur le bouton "Précédent" pour revenir où on en était...Bref un peu la galère, ne serait ce que pour rédiger un post, vous l'imaginez !
Alors, de ce fait, quelqu'un aurait-il une idée pour virer ce (Malware?)... Malware's byte peut-être ? Je préfère m'en remettre à vous plutôt que de faire une bêtise sans savoir...
Merci d'avance!
et merci d'avance pour votre aide !!!
Voilà, je me trouve chez mes beaux-parents qui ne s'y connaissent pas vraiment en informatique.
Ils se plaignent actuellement de fenêtres pub qui s'ouvrent de manière intempestive.
Serviable, je me suis alors proposé pour y jeter un coup d'oeil et je me suis vite apperçu de la présence de Messenger + live sur leur pc.
Biens sûr, leur fils a installé cet add-on, je vous le donne en mille, avec le satané sponsor.
J'ai donc désinstallé ce foutu sponsor mais rien n'y fait, les fenêtres prennent toujours le pc d'assaut, et le pire c'est qu'il ne s'agit pas QUE de fenêtres "CiD", il y en a même qui s'affichent sur la page en cours d'utilisation, obligeant à appuyer sur le bouton "Précédent" pour revenir où on en était...Bref un peu la galère, ne serait ce que pour rédiger un post, vous l'imaginez !
Alors, de ce fait, quelqu'un aurait-il une idée pour virer ce (Malware?)... Malware's byte peut-être ? Je préfère m'en remettre à vous plutôt que de faire une bêtise sans savoir...
Merci d'avance!
A voir également:
- Fenêtres pub intempestives...
- Supprimer pub youtube - Accueil - Streaming
- Stop pub gratuit - Télécharger - Divers Utilitaires
- Supprimer la pub - Guide
- Pdf xchange viewer ouvrir plusieurs fenetres - Forum Windows 10
- Musique pub italienne lalala - Forum Musique / Radio / Clip
20 réponses
Salut,
- Télécharge HijackThis v2.0.2 sur ton Bureau.
- Double-clique sur HJTInstall afin de lancer l'installation.
- Clique sur Install ensuite sur I Accept.
- Clique sur Do a system scan and save a logfile.
- Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.
- Télécharge HijackThis v2.0.2 sur ton Bureau.
- Double-clique sur HJTInstall afin de lancer l'installation.
- Clique sur Install ensuite sur I Accept.
- Clique sur Do a system scan and save a logfile.
- Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.
si c'est sur internet que tu as ca je te conseille vivement de telecharger firefox (le 3)
javais autant de problemes si pas plus avec internet exploreur et maintenant tout va BIEN !! :-)
javais autant de problemes si pas plus avec internet exploreur et maintenant tout va BIEN !! :-)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Il ne faut JAMAIS essayer de désinstaller Internet Explorer.
Lien pour Firefox :
http://www.mozilla-europe.org/fr/firefox/
Lien pour Firefox :
http://www.mozilla-europe.org/fr/firefox/
charlydereims ---> On va s'occuper de ton infection Lop/Swizzor (Pubs CiD) avant ton rogue.
---> Désactive l'UAC le temps de la désinfection :
http://www.commentcamarche.net/faq/sujet 8343 vista desactiver l uac
---> Télécharge Lop S&D sur ton Bureau.
---> Double-clique dessus pour lancer l'installation.
---> Clique droit sur le raccourci Lop S&D présent sur ton Bureau et choisis Exécuter en tant qu'administrateur.
---> Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).
---> Patiente jusqu'à la fin du scan.
---> Poste le rapport généré (C:\lopR.txt).
---> Désactive l'UAC le temps de la désinfection :
http://www.commentcamarche.net/faq/sujet 8343 vista desactiver l uac
---> Télécharge Lop S&D sur ton Bureau.
---> Double-clique dessus pour lancer l'installation.
---> Clique droit sur le raccourci Lop S&D présent sur ton Bureau et choisis Exécuter en tant qu'administrateur.
---> Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).
---> Patiente jusqu'à la fin du scan.
---> Poste le rapport généré (C:\lopR.txt).
Voilà voilà !!!
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) CPU 420 @ 1.60GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : nbfkbqsd ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:35 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 02/11/2008|20:49 )
[ UAC => 0 ]
--------------------\\ Listing des dossiers dans Local
[22/12/2007|14:33] C:\Users\nbfkbqsd\AppData\Local\Adobe
[18/11/2007|16:49] C:\Users\nbfkbqsd\AppData\Local\Application Data
[02/10/2008|10:14] C:\Users\nbfkbqsd\AppData\Local\Ares
[25/05/2008|00:41] C:\Users\nbfkbqsd\AppData\Local\d3d9caps.dat
[15/10/2008|13:22] C:\Users\nbfkbqsd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[24/07/2008|22:22] C:\Users\nbfkbqsd\AppData\Local\GDIPFONTCACHEV1.DAT
[18/04/2008|22:12] C:\Users\nbfkbqsd\AppData\Local\Google
[18/11/2007|16:49] C:\Users\nbfkbqsd\AppData\Local\Historique
[02/11/2008|20:17] C:\Users\nbfkbqsd\AppData\Local\IconCache.db
[04/09/2008|15:12] C:\Users\nbfkbqsd\AppData\Local\Microsoft
[25/11/2007|16:06] C:\Users\nbfkbqsd\AppData\Local\Microsoft Games
[10/01/2008|22:39] C:\Users\nbfkbqsd\AppData\Local\PowerCinema
[02/11/2008|20:46] C:\Users\nbfkbqsd\AppData\Local\Temp
[18/11/2007|16:49] C:\Users\nbfkbqsd\AppData\Local\Temporary Internet Files
[25/12/2007|14:55] C:\Users\nbfkbqsd\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[31/10/2008 21:35][--a------] C:\Windows\tasks\Norton Internet Security - Run Full System Scan - nbfkbqsd.job
[02/11/2008 20:19][--ah-----] C:\Windows\tasks\SA.DAT
[02/11/2008 20:18][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[13/01/2006|03:39] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[13/01/2006|03:22] C:\ProgramData\Adobe
[02/11/2006|13:59] C:\ProgramData\Application Data
[18/11/2007|16:45] C:\ProgramData\Bureau
[07/10/2008|13:58] C:\ProgramData\CyberLink
[02/11/2006|13:59] C:\ProgramData\Desktop
[02/11/2006|13:59] C:\ProgramData\Documents
[25/12/2007|22:49] C:\ProgramData\does dog two city
[21/03/2008|20:12] C:\ProgramData\dog grid help
[25/12/2007|22:49] C:\ProgramData\Dvd logo four.vsog7py
[18/11/2007|17:12] C:\ProgramData\eSobi
[18/11/2007|16:45] C:\ProgramData\Favoris
[02/11/2006|13:59] C:\ProgramData\Favorites
[20/04/2008|23:14] C:\ProgramData\Google
[25/11/2007|15:57] C:\ProgramData\HP
[24/11/2007|21:38] C:\ProgramData\HPSSUPPLY
[24/12/2007|17:14] C:\ProgramData\hpzinstall.log
[23/06/2007|21:39] C:\ProgramData\InstallShield
[18/11/2007|16:45] C:\ProgramData\Menu D‚marrer
[25/05/2008|20:40] C:\ProgramData\Messenger Plus!
[23/06/2007|21:30] C:\ProgramData\Microsoft
[16/10/2008|07:51] C:\ProgramData\Microsoft Help
[18/11/2007|16:45] C:\ProgramData\ModŠles
[20/01/2008|18:13] C:\ProgramData\QuickTime
[21/04/2008|00:35] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|13:59] C:\ProgramData\Start Menu
[16/03/2008|19:19] C:\ProgramData\Symantec
[02/11/2006|13:59] C:\ProgramData\Templates
[06/01/2008|18:48] C:\ProgramData\Tooljumpjump.0yauc
[25/12/2007|22:48] C:\ProgramData\Tooljumpjump.2ka2bg3
[25/12/2007|22:48] C:\ProgramData\Tooljumpjump.ddjms
[06/01/2008|20:15] C:\ProgramData\Tooljumpjump.ktc3iux
[06/01/2008|18:04] C:\ProgramData\Tooljumpjump.m30l1c
[06/01/2008|19:54] C:\ProgramData\Tooljumpjump.oi9un3b
[06/01/2008|17:42] C:\ProgramData\Tooljumpjump.qfl8ao
[06/01/2008|19:32] C:\ProgramData\Tooljumpjump.t943zam
[06/01/2008|19:10] C:\ProgramData\Tooljumpjump.wh73v
[06/01/2008|18:26] C:\ProgramData\Tooljumpjump.zu5jzkj
[24/11/2007|22:37] C:\ProgramData\WEBREG
[21/04/2008|17:16] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[23/06/2007|21:39] C:\Program Files\Acer Inc
[13/01/2006|03:39] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[13/01/2006|03:22] C:\Program Files\Adobe
[24/05/2008|22:50] C:\Program Files\Ares
[18/08/2008|20:24] C:\Program Files\AV9
[23/12/2007|18:19] C:\Program Files\Common Files
[13/01/2006|04:07] C:\Program Files\Cyberlink
[20/01/2008|18:12] C:\Program Files\eMedia Starter Guitar Lessons
[18/11/2007|16:45] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[20/08/2008|19:57] C:\Program Files\GIMP-2.0
[24/07/2008|22:21] C:\Program Files\Guitar Pro 5
[24/11/2007|21:35] C:\Program Files\Hewlett-Packard
[24/11/2007|21:38] C:\Program Files\HP
[21/04/2008|00:19] C:\Program Files\InstallShield Installation Information
[02/11/2008|18:54] C:\Program Files\Internet Explorer
[21/04/2008|01:12] C:\Program Files\Messenger Plus! Live
[02/11/2006|13:35] C:\Program Files\Microsoft Games
[13/01/2006|03:38] C:\Program Files\Microsoft Office
[11/09/2008|05:42] C:\Program Files\Microsoft Works
[13/01/2006|03:36] C:\Program Files\Microsoft.NET
[02/11/2008|18:54] C:\Program Files\Movie Maker
[02/11/2006|13:35] C:\Program Files\MSBuild
[22/12/2007|18:54] C:\Program Files\MSXML 4.0
[13/01/2006|04:02] C:\Program Files\NewTech Infosystems
[29/07/2008|08:38] C:\Program Files\Norton Internet Security
[13/01/2006|03:28] C:\Program Files\Realtek
[02/11/2006|13:35] C:\Program Files\Reference Assemblies
[28/07/2008|21:27] C:\Program Files\Sierra On-Line
[18/11/2007|16:49] C:\Program Files\SiS VGA Utilities
[21/04/2008|00:16] C:\Program Files\Spybot - Search & Destroy
[22/12/2007|18:12] C:\Program Files\Symantec
[02/11/2008|19:51] C:\Program Files\Trend Micro
[02/11/2006|13:58] C:\Program Files\Uninstall Information
[16/06/2008|19:51] C:\Program Files\VideoLAN
[02/11/2008|18:54] C:\Program Files\Windows Calendar
[02/11/2008|18:54] C:\Program Files\Windows Collaboration
[02/11/2008|18:54] C:\Program Files\Windows Defender
[21/04/2008|01:09] C:\Program Files\Windows Live
[02/11/2008|18:54] C:\Program Files\Windows Mail
[02/11/2008|18:54] C:\Program Files\Windows Media Player
[18/11/2007|16:45] C:\Program Files\Windows NT
[02/11/2008|18:54] C:\Program Files\Windows Photo Gallery
[02/11/2008|18:54] C:\Program Files\Windows Sidebar
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[13/01/2006|03:22] C:\Program Files\Common Files\Adobe
[13/01/2006|03:36] C:\Program Files\Common Files\DESIGNER
[24/11/2007|21:35] C:\Program Files\Common Files\Hewlett-Packard
[24/11/2007|21:38] C:\Program Files\Common Files\HP
[23/06/2007|21:38] C:\Program Files\Common Files\InstallShield
[13/01/2006|04:01] C:\Program Files\Common Files\LightScribe
[08/08/2008|12:08] C:\Program Files\Common Files\microsoft shared
[13/01/2006|04:01] C:\Program Files\Common Files\muvee Technologies
[13/01/2006|04:02] C:\Program Files\Common Files\NewTech Infosystems
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[20/02/2008|14:24] C:\Program Files\Common Files\Symantec Shared
[02/11/2008|18:54] C:\Program Files\Common Files\System
[25/12/2007|00:38] C:\Program Files\Common Files\WindowsLiveInstaller
--------------------\\ Process
( 69 Processes )
iexplore.exe ~ [PID:2072]
iexplore.exe ~ [PID:4296]
--------------------\\ Recherche avec S_Lop
C:\ProgramData\Tooljumpjump.0yauc
C:\ProgramData\Tooljumpjump.ddjms
C:\ProgramData\Tooljumpjump.wh73v
C:\ProgramData\Tooljumpjump.m30l1c
C:\ProgramData\Tooljumpjump.qfl8ao
C:\ProgramData\Dvd logo four.vsog7py
C:\ProgramData\Tooljumpjump.2ka2bg3
C:\ProgramData\Tooljumpjump.ktc3iux
C:\ProgramData\Tooljumpjump.oi9un3b
C:\ProgramData\Tooljumpjump.t943zam
C:\ProgramData\Tooljumpjump.zu5jzkj
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\ProgramData\does dog two city
C:\ProgramData\does dog two city\Seek Up.exe
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"scr internet"="\"C:\\ProgramData\\Tooljumpjump.ktc3iux\""
"two city internet heck"="\"C:\\ProgramData\\Dvd logo four.vsog7py\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 20:50:17
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 213
--------------------\\ Recherche d'autres infections
--------------------\\ ROGUES ..
C:\PROGRA~1\AV9
[F:4228][D:97]-> C:\Users\nbfkbqsd\AppData\Local\Temp
[F:42][D:1]-> C:\Users\nbfkbqsd\AppData\Roaming\MICROS~1\Windows\Cookies
[F:193][D:5]-> C:\Users\nbfkbqsd\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:15][D:3]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 02/11/2008|20:52 - Option : [1]
--------------------\\ Fin du rapport a 20:52:31
[ UAC => 1 ]
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) CPU 420 @ 1.60GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : nbfkbqsd ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:35 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 02/11/2008|20:49 )
[ UAC => 0 ]
--------------------\\ Listing des dossiers dans Local
[22/12/2007|14:33] C:\Users\nbfkbqsd\AppData\Local\Adobe
[18/11/2007|16:49] C:\Users\nbfkbqsd\AppData\Local\Application Data
[02/10/2008|10:14] C:\Users\nbfkbqsd\AppData\Local\Ares
[25/05/2008|00:41] C:\Users\nbfkbqsd\AppData\Local\d3d9caps.dat
[15/10/2008|13:22] C:\Users\nbfkbqsd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[24/07/2008|22:22] C:\Users\nbfkbqsd\AppData\Local\GDIPFONTCACHEV1.DAT
[18/04/2008|22:12] C:\Users\nbfkbqsd\AppData\Local\Google
[18/11/2007|16:49] C:\Users\nbfkbqsd\AppData\Local\Historique
[02/11/2008|20:17] C:\Users\nbfkbqsd\AppData\Local\IconCache.db
[04/09/2008|15:12] C:\Users\nbfkbqsd\AppData\Local\Microsoft
[25/11/2007|16:06] C:\Users\nbfkbqsd\AppData\Local\Microsoft Games
[10/01/2008|22:39] C:\Users\nbfkbqsd\AppData\Local\PowerCinema
[02/11/2008|20:46] C:\Users\nbfkbqsd\AppData\Local\Temp
[18/11/2007|16:49] C:\Users\nbfkbqsd\AppData\Local\Temporary Internet Files
[25/12/2007|14:55] C:\Users\nbfkbqsd\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[31/10/2008 21:35][--a------] C:\Windows\tasks\Norton Internet Security - Run Full System Scan - nbfkbqsd.job
[02/11/2008 20:19][--ah-----] C:\Windows\tasks\SA.DAT
[02/11/2008 20:18][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[13/01/2006|03:39] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[13/01/2006|03:22] C:\ProgramData\Adobe
[02/11/2006|13:59] C:\ProgramData\Application Data
[18/11/2007|16:45] C:\ProgramData\Bureau
[07/10/2008|13:58] C:\ProgramData\CyberLink
[02/11/2006|13:59] C:\ProgramData\Desktop
[02/11/2006|13:59] C:\ProgramData\Documents
[25/12/2007|22:49] C:\ProgramData\does dog two city
[21/03/2008|20:12] C:\ProgramData\dog grid help
[25/12/2007|22:49] C:\ProgramData\Dvd logo four.vsog7py
[18/11/2007|17:12] C:\ProgramData\eSobi
[18/11/2007|16:45] C:\ProgramData\Favoris
[02/11/2006|13:59] C:\ProgramData\Favorites
[20/04/2008|23:14] C:\ProgramData\Google
[25/11/2007|15:57] C:\ProgramData\HP
[24/11/2007|21:38] C:\ProgramData\HPSSUPPLY
[24/12/2007|17:14] C:\ProgramData\hpzinstall.log
[23/06/2007|21:39] C:\ProgramData\InstallShield
[18/11/2007|16:45] C:\ProgramData\Menu D‚marrer
[25/05/2008|20:40] C:\ProgramData\Messenger Plus!
[23/06/2007|21:30] C:\ProgramData\Microsoft
[16/10/2008|07:51] C:\ProgramData\Microsoft Help
[18/11/2007|16:45] C:\ProgramData\ModŠles
[20/01/2008|18:13] C:\ProgramData\QuickTime
[21/04/2008|00:35] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|13:59] C:\ProgramData\Start Menu
[16/03/2008|19:19] C:\ProgramData\Symantec
[02/11/2006|13:59] C:\ProgramData\Templates
[06/01/2008|18:48] C:\ProgramData\Tooljumpjump.0yauc
[25/12/2007|22:48] C:\ProgramData\Tooljumpjump.2ka2bg3
[25/12/2007|22:48] C:\ProgramData\Tooljumpjump.ddjms
[06/01/2008|20:15] C:\ProgramData\Tooljumpjump.ktc3iux
[06/01/2008|18:04] C:\ProgramData\Tooljumpjump.m30l1c
[06/01/2008|19:54] C:\ProgramData\Tooljumpjump.oi9un3b
[06/01/2008|17:42] C:\ProgramData\Tooljumpjump.qfl8ao
[06/01/2008|19:32] C:\ProgramData\Tooljumpjump.t943zam
[06/01/2008|19:10] C:\ProgramData\Tooljumpjump.wh73v
[06/01/2008|18:26] C:\ProgramData\Tooljumpjump.zu5jzkj
[24/11/2007|22:37] C:\ProgramData\WEBREG
[21/04/2008|17:16] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[23/06/2007|21:39] C:\Program Files\Acer Inc
[13/01/2006|03:39] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[13/01/2006|03:22] C:\Program Files\Adobe
[24/05/2008|22:50] C:\Program Files\Ares
[18/08/2008|20:24] C:\Program Files\AV9
[23/12/2007|18:19] C:\Program Files\Common Files
[13/01/2006|04:07] C:\Program Files\Cyberlink
[20/01/2008|18:12] C:\Program Files\eMedia Starter Guitar Lessons
[18/11/2007|16:45] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[20/08/2008|19:57] C:\Program Files\GIMP-2.0
[24/07/2008|22:21] C:\Program Files\Guitar Pro 5
[24/11/2007|21:35] C:\Program Files\Hewlett-Packard
[24/11/2007|21:38] C:\Program Files\HP
[21/04/2008|00:19] C:\Program Files\InstallShield Installation Information
[02/11/2008|18:54] C:\Program Files\Internet Explorer
[21/04/2008|01:12] C:\Program Files\Messenger Plus! Live
[02/11/2006|13:35] C:\Program Files\Microsoft Games
[13/01/2006|03:38] C:\Program Files\Microsoft Office
[11/09/2008|05:42] C:\Program Files\Microsoft Works
[13/01/2006|03:36] C:\Program Files\Microsoft.NET
[02/11/2008|18:54] C:\Program Files\Movie Maker
[02/11/2006|13:35] C:\Program Files\MSBuild
[22/12/2007|18:54] C:\Program Files\MSXML 4.0
[13/01/2006|04:02] C:\Program Files\NewTech Infosystems
[29/07/2008|08:38] C:\Program Files\Norton Internet Security
[13/01/2006|03:28] C:\Program Files\Realtek
[02/11/2006|13:35] C:\Program Files\Reference Assemblies
[28/07/2008|21:27] C:\Program Files\Sierra On-Line
[18/11/2007|16:49] C:\Program Files\SiS VGA Utilities
[21/04/2008|00:16] C:\Program Files\Spybot - Search & Destroy
[22/12/2007|18:12] C:\Program Files\Symantec
[02/11/2008|19:51] C:\Program Files\Trend Micro
[02/11/2006|13:58] C:\Program Files\Uninstall Information
[16/06/2008|19:51] C:\Program Files\VideoLAN
[02/11/2008|18:54] C:\Program Files\Windows Calendar
[02/11/2008|18:54] C:\Program Files\Windows Collaboration
[02/11/2008|18:54] C:\Program Files\Windows Defender
[21/04/2008|01:09] C:\Program Files\Windows Live
[02/11/2008|18:54] C:\Program Files\Windows Mail
[02/11/2008|18:54] C:\Program Files\Windows Media Player
[18/11/2007|16:45] C:\Program Files\Windows NT
[02/11/2008|18:54] C:\Program Files\Windows Photo Gallery
[02/11/2008|18:54] C:\Program Files\Windows Sidebar
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[13/01/2006|03:22] C:\Program Files\Common Files\Adobe
[13/01/2006|03:36] C:\Program Files\Common Files\DESIGNER
[24/11/2007|21:35] C:\Program Files\Common Files\Hewlett-Packard
[24/11/2007|21:38] C:\Program Files\Common Files\HP
[23/06/2007|21:38] C:\Program Files\Common Files\InstallShield
[13/01/2006|04:01] C:\Program Files\Common Files\LightScribe
[08/08/2008|12:08] C:\Program Files\Common Files\microsoft shared
[13/01/2006|04:01] C:\Program Files\Common Files\muvee Technologies
[13/01/2006|04:02] C:\Program Files\Common Files\NewTech Infosystems
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[20/02/2008|14:24] C:\Program Files\Common Files\Symantec Shared
[02/11/2008|18:54] C:\Program Files\Common Files\System
[25/12/2007|00:38] C:\Program Files\Common Files\WindowsLiveInstaller
--------------------\\ Process
( 69 Processes )
iexplore.exe ~ [PID:2072]
iexplore.exe ~ [PID:4296]
--------------------\\ Recherche avec S_Lop
C:\ProgramData\Tooljumpjump.0yauc
C:\ProgramData\Tooljumpjump.ddjms
C:\ProgramData\Tooljumpjump.wh73v
C:\ProgramData\Tooljumpjump.m30l1c
C:\ProgramData\Tooljumpjump.qfl8ao
C:\ProgramData\Dvd logo four.vsog7py
C:\ProgramData\Tooljumpjump.2ka2bg3
C:\ProgramData\Tooljumpjump.ktc3iux
C:\ProgramData\Tooljumpjump.oi9un3b
C:\ProgramData\Tooljumpjump.t943zam
C:\ProgramData\Tooljumpjump.zu5jzkj
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\ProgramData\does dog two city
C:\ProgramData\does dog two city\Seek Up.exe
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"scr internet"="\"C:\\ProgramData\\Tooljumpjump.ktc3iux\""
"two city internet heck"="\"C:\\ProgramData\\Dvd logo four.vsog7py\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 20:50:17
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 213
--------------------\\ Recherche d'autres infections
--------------------\\ ROGUES ..
C:\PROGRA~1\AV9
[F:4228][D:97]-> C:\Users\nbfkbqsd\AppData\Local\Temp
[F:42][D:1]-> C:\Users\nbfkbqsd\AppData\Roaming\MICROS~1\Windows\Cookies
[F:193][D:5]-> C:\Users\nbfkbqsd\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:15][D:3]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 02/11/2008|20:52 - Option : [1]
--------------------\\ Fin du rapport a 20:52:31
[ UAC => 1 ]
---> Relance Lop S&D.
---> Choisis cette fois-ci l'option 2 (Suppression).
---> Ne ferme pas la fenêtre lors de la suppression !
---> Poste le rapport généré (C:\lopR.txt).
---> Choisis cette fois-ci l'option 2 (Suppression).
---> Ne ferme pas la fenêtre lors de la suppression !
---> Poste le rapport généré (C:\lopR.txt).
Ok alors tout va bien...
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) CPU 420 @ 1.60GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : nbfkbqsd ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:35 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 02/11/2008|20:59 )
[ UAC => 1 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\ProgramData\does dog two city\Seek Up.exe
Supprime! - C:\ProgramData\Tooljumpjump.0yauc
Supprime! - C:\ProgramData\Tooljumpjump.ddjms
Supprime! - C:\ProgramData\Tooljumpjump.wh73v
Supprime! - C:\ProgramData\Tooljumpjump.m30l1c
Supprime! - C:\ProgramData\Tooljumpjump.qfl8ao
Supprime! - C:\ProgramData\Dvd logo four.vsog7py
Supprime! - C:\ProgramData\Tooljumpjump.2ka2bg3
Supprime! - C:\ProgramData\Tooljumpjump.ktc3iux
Supprime! - C:\ProgramData\Tooljumpjump.oi9un3b
Supprime! - C:\ProgramData\Tooljumpjump.t943zam
Supprime! - C:\ProgramData\Tooljumpjump.zu5jzkj
Supprime! - C:\ProgramData\does dog two city
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans Local
[22/12/2007|14:33] C:\Users\nbfkbqsd\AppData\Local\Adobe
[18/11/2007|16:49] C:\Users\nbfkbqsd\AppData\Local\Application Data
[02/10/2008|10:14] C:\Users\nbfkbqsd\AppData\Local\Ares
[25/05/2008|00:41] C:\Users\nbfkbqsd\AppData\Local\d3d9caps.dat
[15/10/2008|13:22] C:\Users\nbfkbqsd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[24/07/2008|22:22] C:\Users\nbfkbqsd\AppData\Local\GDIPFONTCACHEV1.DAT
[18/04/2008|22:12] C:\Users\nbfkbqsd\AppData\Local\Google
[18/11/2007|16:49] C:\Users\nbfkbqsd\AppData\Local\Historique
[02/11/2008|20:17] C:\Users\nbfkbqsd\AppData\Local\IconCache.db
[04/09/2008|15:12] C:\Users\nbfkbqsd\AppData\Local\Microsoft
[25/11/2007|16:06] C:\Users\nbfkbqsd\AppData\Local\Microsoft Games
[10/01/2008|22:39] C:\Users\nbfkbqsd\AppData\Local\PowerCinema
[02/11/2008|20:59] C:\Users\nbfkbqsd\AppData\Local\Temp
[18/11/2007|16:49] C:\Users\nbfkbqsd\AppData\Local\Temporary Internet Files
[25/12/2007|14:55] C:\Users\nbfkbqsd\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[31/10/2008 21:35][--a------] C:\Windows\tasks\Norton Internet Security - Run Full System Scan - nbfkbqsd.job
[02/11/2008 20:19][--ah-----] C:\Windows\tasks\SA.DAT
[02/11/2008 20:18][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[13/01/2006|03:39] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[13/01/2006|03:22] C:\ProgramData\Adobe
[02/11/2006|13:59] C:\ProgramData\Application Data
[18/11/2007|16:45] C:\ProgramData\Bureau
[07/10/2008|13:58] C:\ProgramData\CyberLink
[02/11/2006|13:59] C:\ProgramData\Desktop
[02/11/2006|13:59] C:\ProgramData\Documents
[21/03/2008|20:12] C:\ProgramData\dog grid help
[18/11/2007|17:12] C:\ProgramData\eSobi
[18/11/2007|16:45] C:\ProgramData\Favoris
[02/11/2006|13:59] C:\ProgramData\Favorites
[20/04/2008|23:14] C:\ProgramData\Google
[25/11/2007|15:57] C:\ProgramData\HP
[24/11/2007|21:38] C:\ProgramData\HPSSUPPLY
[24/12/2007|17:14] C:\ProgramData\hpzinstall.log
[23/06/2007|21:39] C:\ProgramData\InstallShield
[18/11/2007|16:45] C:\ProgramData\Menu D‚marrer
[25/05/2008|20:40] C:\ProgramData\Messenger Plus!
[23/06/2007|21:30] C:\ProgramData\Microsoft
[16/10/2008|07:51] C:\ProgramData\Microsoft Help
[18/11/2007|16:45] C:\ProgramData\ModŠles
[20/01/2008|18:13] C:\ProgramData\QuickTime
[21/04/2008|00:35] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|13:59] C:\ProgramData\Start Menu
[16/03/2008|19:19] C:\ProgramData\Symantec
[02/11/2006|13:59] C:\ProgramData\Templates
[24/11/2007|22:37] C:\ProgramData\WEBREG
[21/04/2008|17:16] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[23/06/2007|21:39] C:\Program Files\Acer Inc
[13/01/2006|03:39] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[13/01/2006|03:22] C:\Program Files\Adobe
[18/08/2008|20:24] C:\Program Files\AV9
[23/12/2007|18:19] C:\Program Files\Common Files
[13/01/2006|04:07] C:\Program Files\Cyberlink
[20/01/2008|18:12] C:\Program Files\eMedia Starter Guitar Lessons
[18/11/2007|16:45] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[20/08/2008|19:57] C:\Program Files\GIMP-2.0
[24/07/2008|22:21] C:\Program Files\Guitar Pro 5
[24/11/2007|21:35] C:\Program Files\Hewlett-Packard
[24/11/2007|21:38] C:\Program Files\HP
[21/04/2008|00:19] C:\Program Files\InstallShield Installation Information
[02/11/2008|18:54] C:\Program Files\Internet Explorer
[21/04/2008|01:12] C:\Program Files\Messenger Plus! Live
[02/11/2006|13:35] C:\Program Files\Microsoft Games
[13/01/2006|03:38] C:\Program Files\Microsoft Office
[11/09/2008|05:42] C:\Program Files\Microsoft Works
[13/01/2006|03:36] C:\Program Files\Microsoft.NET
[02/11/2008|18:54] C:\Program Files\Movie Maker
[02/11/2006|13:35] C:\Program Files\MSBuild
[22/12/2007|18:54] C:\Program Files\MSXML 4.0
[13/01/2006|04:02] C:\Program Files\NewTech Infosystems
[29/07/2008|08:38] C:\Program Files\Norton Internet Security
[13/01/2006|03:28] C:\Program Files\Realtek
[02/11/2006|13:35] C:\Program Files\Reference Assemblies
[28/07/2008|21:27] C:\Program Files\Sierra On-Line
[18/11/2007|16:49] C:\Program Files\SiS VGA Utilities
[21/04/2008|00:16] C:\Program Files\Spybot - Search & Destroy
[22/12/2007|18:12] C:\Program Files\Symantec
[02/11/2008|19:51] C:\Program Files\Trend Micro
[02/11/2006|13:58] C:\Program Files\Uninstall Information
[16/06/2008|19:51] C:\Program Files\VideoLAN
[02/11/2008|18:54] C:\Program Files\Windows Calendar
[02/11/2008|18:54] C:\Program Files\Windows Collaboration
[02/11/2008|18:54] C:\Program Files\Windows Defender
[21/04/2008|01:09] C:\Program Files\Windows Live
[02/11/2008|18:54] C:\Program Files\Windows Mail
[02/11/2008|18:54] C:\Program Files\Windows Media Player
[18/11/2007|16:45] C:\Program Files\Windows NT
[02/11/2008|18:54] C:\Program Files\Windows Photo Gallery
[02/11/2008|18:54] C:\Program Files\Windows Sidebar
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[13/01/2006|03:22] C:\Program Files\Common Files\Adobe
[13/01/2006|03:36] C:\Program Files\Common Files\DESIGNER
[24/11/2007|21:35] C:\Program Files\Common Files\Hewlett-Packard
[24/11/2007|21:38] C:\Program Files\Common Files\HP
[23/06/2007|21:38] C:\Program Files\Common Files\InstallShield
[13/01/2006|04:01] C:\Program Files\Common Files\LightScribe
[08/08/2008|12:08] C:\Program Files\Common Files\microsoft shared
[13/01/2006|04:01] C:\Program Files\Common Files\muvee Technologies
[13/01/2006|04:02] C:\Program Files\Common Files\NewTech Infosystems
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[20/02/2008|14:24] C:\Program Files\Common Files\Symantec Shared
[02/11/2008|18:54] C:\Program Files\Common Files\System
[25/12/2007|00:38] C:\Program Files\Common Files\WindowsLiveInstaller
--------------------\\ Process
( 65 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 21:00:03
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 213
--------------------\\ Recherche d'autres infections
--------------------\\ ROGUES ..
C:\PROGRA~1\AV9
[F:4229][D:98]-> C:\Users\nbfkbqsd\AppData\Local\Temp
[F:44][D:1]-> C:\Users\nbfkbqsd\AppData\Roaming\MICROS~1\Windows\Cookies
[F:300][D:5]-> C:\Users\nbfkbqsd\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:15][D:3]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 02/11/2008|20:52 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 02/11/2008|21:02 - Option : [2]
--------------------\\ Fin du rapport a 21:02:40
[ UAC => 1 ]
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) CPU 420 @ 1.60GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : nbfkbqsd ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Activated)
Firewall : Norton Internet Security 2007 (Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:35 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 02/11/2008|20:59 )
[ UAC => 1 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\ProgramData\does dog two city\Seek Up.exe
Supprime! - C:\ProgramData\Tooljumpjump.0yauc
Supprime! - C:\ProgramData\Tooljumpjump.ddjms
Supprime! - C:\ProgramData\Tooljumpjump.wh73v
Supprime! - C:\ProgramData\Tooljumpjump.m30l1c
Supprime! - C:\ProgramData\Tooljumpjump.qfl8ao
Supprime! - C:\ProgramData\Dvd logo four.vsog7py
Supprime! - C:\ProgramData\Tooljumpjump.2ka2bg3
Supprime! - C:\ProgramData\Tooljumpjump.ktc3iux
Supprime! - C:\ProgramData\Tooljumpjump.oi9un3b
Supprime! - C:\ProgramData\Tooljumpjump.t943zam
Supprime! - C:\ProgramData\Tooljumpjump.zu5jzkj
Supprime! - C:\ProgramData\does dog two city
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans Local
[22/12/2007|14:33] C:\Users\nbfkbqsd\AppData\Local\Adobe
[18/11/2007|16:49] C:\Users\nbfkbqsd\AppData\Local\Application Data
[02/10/2008|10:14] C:\Users\nbfkbqsd\AppData\Local\Ares
[25/05/2008|00:41] C:\Users\nbfkbqsd\AppData\Local\d3d9caps.dat
[15/10/2008|13:22] C:\Users\nbfkbqsd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[24/07/2008|22:22] C:\Users\nbfkbqsd\AppData\Local\GDIPFONTCACHEV1.DAT
[18/04/2008|22:12] C:\Users\nbfkbqsd\AppData\Local\Google
[18/11/2007|16:49] C:\Users\nbfkbqsd\AppData\Local\Historique
[02/11/2008|20:17] C:\Users\nbfkbqsd\AppData\Local\IconCache.db
[04/09/2008|15:12] C:\Users\nbfkbqsd\AppData\Local\Microsoft
[25/11/2007|16:06] C:\Users\nbfkbqsd\AppData\Local\Microsoft Games
[10/01/2008|22:39] C:\Users\nbfkbqsd\AppData\Local\PowerCinema
[02/11/2008|20:59] C:\Users\nbfkbqsd\AppData\Local\Temp
[18/11/2007|16:49] C:\Users\nbfkbqsd\AppData\Local\Temporary Internet Files
[25/12/2007|14:55] C:\Users\nbfkbqsd\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[31/10/2008 21:35][--a------] C:\Windows\tasks\Norton Internet Security - Run Full System Scan - nbfkbqsd.job
[02/11/2008 20:19][--ah-----] C:\Windows\tasks\SA.DAT
[02/11/2008 20:18][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[13/01/2006|03:39] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[13/01/2006|03:22] C:\ProgramData\Adobe
[02/11/2006|13:59] C:\ProgramData\Application Data
[18/11/2007|16:45] C:\ProgramData\Bureau
[07/10/2008|13:58] C:\ProgramData\CyberLink
[02/11/2006|13:59] C:\ProgramData\Desktop
[02/11/2006|13:59] C:\ProgramData\Documents
[21/03/2008|20:12] C:\ProgramData\dog grid help
[18/11/2007|17:12] C:\ProgramData\eSobi
[18/11/2007|16:45] C:\ProgramData\Favoris
[02/11/2006|13:59] C:\ProgramData\Favorites
[20/04/2008|23:14] C:\ProgramData\Google
[25/11/2007|15:57] C:\ProgramData\HP
[24/11/2007|21:38] C:\ProgramData\HPSSUPPLY
[24/12/2007|17:14] C:\ProgramData\hpzinstall.log
[23/06/2007|21:39] C:\ProgramData\InstallShield
[18/11/2007|16:45] C:\ProgramData\Menu D‚marrer
[25/05/2008|20:40] C:\ProgramData\Messenger Plus!
[23/06/2007|21:30] C:\ProgramData\Microsoft
[16/10/2008|07:51] C:\ProgramData\Microsoft Help
[18/11/2007|16:45] C:\ProgramData\ModŠles
[20/01/2008|18:13] C:\ProgramData\QuickTime
[21/04/2008|00:35] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|13:59] C:\ProgramData\Start Menu
[16/03/2008|19:19] C:\ProgramData\Symantec
[02/11/2006|13:59] C:\ProgramData\Templates
[24/11/2007|22:37] C:\ProgramData\WEBREG
[21/04/2008|17:16] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[23/06/2007|21:39] C:\Program Files\Acer Inc
[13/01/2006|03:39] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[13/01/2006|03:22] C:\Program Files\Adobe
[18/08/2008|20:24] C:\Program Files\AV9
[23/12/2007|18:19] C:\Program Files\Common Files
[13/01/2006|04:07] C:\Program Files\Cyberlink
[20/01/2008|18:12] C:\Program Files\eMedia Starter Guitar Lessons
[18/11/2007|16:45] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[20/08/2008|19:57] C:\Program Files\GIMP-2.0
[24/07/2008|22:21] C:\Program Files\Guitar Pro 5
[24/11/2007|21:35] C:\Program Files\Hewlett-Packard
[24/11/2007|21:38] C:\Program Files\HP
[21/04/2008|00:19] C:\Program Files\InstallShield Installation Information
[02/11/2008|18:54] C:\Program Files\Internet Explorer
[21/04/2008|01:12] C:\Program Files\Messenger Plus! Live
[02/11/2006|13:35] C:\Program Files\Microsoft Games
[13/01/2006|03:38] C:\Program Files\Microsoft Office
[11/09/2008|05:42] C:\Program Files\Microsoft Works
[13/01/2006|03:36] C:\Program Files\Microsoft.NET
[02/11/2008|18:54] C:\Program Files\Movie Maker
[02/11/2006|13:35] C:\Program Files\MSBuild
[22/12/2007|18:54] C:\Program Files\MSXML 4.0
[13/01/2006|04:02] C:\Program Files\NewTech Infosystems
[29/07/2008|08:38] C:\Program Files\Norton Internet Security
[13/01/2006|03:28] C:\Program Files\Realtek
[02/11/2006|13:35] C:\Program Files\Reference Assemblies
[28/07/2008|21:27] C:\Program Files\Sierra On-Line
[18/11/2007|16:49] C:\Program Files\SiS VGA Utilities
[21/04/2008|00:16] C:\Program Files\Spybot - Search & Destroy
[22/12/2007|18:12] C:\Program Files\Symantec
[02/11/2008|19:51] C:\Program Files\Trend Micro
[02/11/2006|13:58] C:\Program Files\Uninstall Information
[16/06/2008|19:51] C:\Program Files\VideoLAN
[02/11/2008|18:54] C:\Program Files\Windows Calendar
[02/11/2008|18:54] C:\Program Files\Windows Collaboration
[02/11/2008|18:54] C:\Program Files\Windows Defender
[21/04/2008|01:09] C:\Program Files\Windows Live
[02/11/2008|18:54] C:\Program Files\Windows Mail
[02/11/2008|18:54] C:\Program Files\Windows Media Player
[18/11/2007|16:45] C:\Program Files\Windows NT
[02/11/2008|18:54] C:\Program Files\Windows Photo Gallery
[02/11/2008|18:54] C:\Program Files\Windows Sidebar
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[13/01/2006|03:22] C:\Program Files\Common Files\Adobe
[13/01/2006|03:36] C:\Program Files\Common Files\DESIGNER
[24/11/2007|21:35] C:\Program Files\Common Files\Hewlett-Packard
[24/11/2007|21:38] C:\Program Files\Common Files\HP
[23/06/2007|21:38] C:\Program Files\Common Files\InstallShield
[13/01/2006|04:01] C:\Program Files\Common Files\LightScribe
[08/08/2008|12:08] C:\Program Files\Common Files\microsoft shared
[13/01/2006|04:01] C:\Program Files\Common Files\muvee Technologies
[13/01/2006|04:02] C:\Program Files\Common Files\NewTech Infosystems
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[20/02/2008|14:24] C:\Program Files\Common Files\Symantec Shared
[02/11/2008|18:54] C:\Program Files\Common Files\System
[25/12/2007|00:38] C:\Program Files\Common Files\WindowsLiveInstaller
--------------------\\ Process
( 65 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 21:00:03
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 213
--------------------\\ Recherche d'autres infections
--------------------\\ ROGUES ..
C:\PROGRA~1\AV9
[F:4229][D:98]-> C:\Users\nbfkbqsd\AppData\Local\Temp
[F:44][D:1]-> C:\Users\nbfkbqsd\AppData\Roaming\MICROS~1\Windows\Cookies
[F:300][D:5]-> C:\Users\nbfkbqsd\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:15][D:3]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 02/11/2008|20:52 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 02/11/2008|21:02 - Option : [2]
--------------------\\ Fin du rapport a 21:02:40
[ UAC => 1 ]
---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
:files
C:\ProgramData\dog grid help
C:\PROGRA~1\AV9
:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
http://oldtimer.geekstogo.com/OTMoveIt3.exe
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
:files
C:\ProgramData\dog grid help
C:\PROGRA~1\AV9
:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
Voilà, ça a nécessité un redémarrage...
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\ProgramData\dog grid help moved successfully.
C:\PROGRA~1\AV9 moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11022008_210937
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\ProgramData\dog grid help moved successfully.
C:\PROGRA~1\AV9 moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11022008_210937
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
C'est fait !!!
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1357
Windows 6.0.6001 Service Pack 1
02/11/2008 21:54:20
mbam-log-2008-11-02 (21-54-20).txt
Type de recherche: Examen rapide
Eléments examinés: 43856
Temps écoulé: 3 minute(s), 53 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c80b7ff6-ce60-4079-935e-520c045c30a6} (Adware.EGDAccess) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\22561488614025309363925456504324 (Rogue.Antivirus) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1357
Windows 6.0.6001 Service Pack 1
02/11/2008 21:54:20
mbam-log-2008-11-02 (21-54-20).txt
Type de recherche: Examen rapide
Eléments examinés: 43856
Temps écoulé: 3 minute(s), 53 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c80b7ff6-ce60-4079-935e-520c045c30a6} (Adware.EGDAccess) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\22561488614025309363925456504324 (Rogue.Antivirus) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
---> Relance MBAM, va dans Quarantaine et supprime tout.
---> Supprime Lop S&D et OTMoveIt3.
---> Supprime les dossiers Lop SD et _OTMoveIt situés dans C:\
---> Poste un nouveau rapport HijackThis.
---> Supprime Lop S&D et OTMoveIt3.
---> Supprime les dossiers Lop SD et _OTMoveIt situés dans C:\
---> Poste un nouveau rapport HijackThis.
Ouf ! on en voit le bout ça va ad même beaucoup mieux !!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:58, on 02/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\nbfkbqsd\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\nbfkbqsd\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [scr internet] "C:\ProgramData\Tooljumpjump.ktc3iux"
O4 - HKCU\..\Run: [two city internet heck] "C:\ProgramData\Dvd logo four.vsog7py"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [22561488614025309363925456504324] C:\Program Files\AV9\av2009.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\nbfkbqsd\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:58, on 02/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\nbfkbqsd\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\nbfkbqsd\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [scr internet] "C:\ProgramData\Tooljumpjump.ktc3iux"
O4 - HKCU\..\Run: [two city internet heck] "C:\ProgramData\Dvd logo four.vsog7py"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [22561488614025309363925456504324] C:\Program Files\AV9\av2009.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\nbfkbqsd\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
"Scan saved at 19:52:58, on 02/11/2008"
---> C'est le rapport de tout à l'heure. Pour lancer HijackThis, clique droit sur le raccourci puis choisis Exécuter en tant qu'administrateur.
---> C'est le rapport de tout à l'heure. Pour lancer HijackThis, clique droit sur le raccourci puis choisis Exécuter en tant qu'administrateur.
Oops ! lol désolé !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:38, on 02/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\nbfkbqsd\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\nbfkbqsd\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\nbfkbqsd\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:38, on 02/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\nbfkbqsd\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\nbfkbqsd\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\nbfkbqsd\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
Il reste des traces, tu devrais en repasser un coup :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe
salut destrio5. impossible de mettre vista a jour. voici raport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:23, on 28/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://moteur.chat-land.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:23, on 28/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://moteur.chat-land.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:23, on 28/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://moteur.chat-land.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
- Java pas à jour.
- Traces de l'antivirus Norton.
http://www.microsoft.com/downloads/details.aspx?FamilyID=b0c7136d-5ebb-413b-89c9-cb3d06d12674&displaylang=fr
---> Java :
https://www.java.com/fr/download/manual.jsp
---> Outil de désinstallation Norton :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe
Merci pour ta reponse !
Désolé pour le retard mais j'ai dû leur installer le service pack et le pc rame beaucoup...
De plus il semble infecté par un certain av2009.exe...
Voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:58, on 02/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\nbfkbqsd\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\nbfkbqsd\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [scr internet] "C:\ProgramData\Tooljumpjump.ktc3iux"
O4 - HKCU\..\Run: [two city internet heck] "C:\ProgramData\Dvd logo four.vsog7py"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [22561488614025309363925456504324] C:\Program Files\AV9\av2009.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\nbfkbqsd\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe